From 10df9b50dd7b597080544f02228c852ec78a3ccf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20S=C3=BC=C3=9Fenguth?= Date: Mon, 23 Aug 2021 12:09:32 +0200 Subject: [PATCH] Removed unnecessary files, Added autofocus to login form --- misc/move/exim4.conf | 2100 --------------------- misc/move/exim4.filter | 2 - misc/move/foot_filter/Makefile | 14 - misc/move/foot_filter/foot_filter.c | 2685 --------------------------- misc/move/mlmmj-footer-receive | 8 - misc/move/screenshot_0.png | Bin 25200 -> 0 bytes misc/move/screenshot_1.png | Bin 79648 -> 0 bytes misc/smarty/templates_en/login.tpl | 2 +- 8 files changed, 1 insertion(+), 4810 deletions(-) delete mode 100644 misc/move/exim4.conf delete mode 100644 misc/move/exim4.filter delete mode 100644 misc/move/foot_filter/Makefile delete mode 100644 misc/move/foot_filter/foot_filter.c delete mode 100755 misc/move/mlmmj-footer-receive delete mode 100644 misc/move/screenshot_0.png delete mode 100644 misc/move/screenshot_1.png diff --git a/misc/move/exim4.conf b/misc/move/exim4.conf deleted file mode 100644 index 5c0be82..0000000 --- a/misc/move/exim4.conf +++ /dev/null @@ -1,2100 +0,0 @@ -##################################################### -### main/01_exim4-config_listmacrosdefs -##################################################### -###################################################################### -# Runtime configuration file for Exim 4 (Debian Packaging) # -###################################################################### - -###################################################################### -# /etc/exim4/exim4.conf.template is only used with the non-split -# configuration scheme. -# /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs is only used -# with the split configuration scheme. -# If you find this comment anywhere else, somebody copied it there. -# Documentation about the Debian exim4 configuration scheme can be -# found in /usr/share/doc/exim4-base/README.Debian.gz. -###################################################################### - -###################################################################### -# MAIN CONFIGURATION SETTINGS # -###################################################################### - -system_filter = /etc/exim4/exim4.filter -MLMMJ_HOME=/var/spool/mlmmj/$domain -domainlist mlmmj_domains = lsearch;/var/spool/mlmmj/passwords.txt -delay_warning_condition = ${if match_domain{$domain}{+mlmmj_domains}{no}{yes}} - -# Just for reference and scripts. -# On Debian systems, the main binary is installed as exim4 to avoid -# conflicts with the exim 3 packages. -exim_path = /usr/sbin/exim4 - -# Macro defining the main configuration directory. -# We do not use absolute paths. -.ifndef CONFDIR -CONFDIR = /etc/exim4 -.endif - -# debconf-driven macro definitions get inserted after this line -UPEX4CmacrosUPEX4C = 1 - -# Create domain and host lists for relay control -# '@' refers to 'the name of the local host' - -# List of domains considered local for exim. Domains not listed here -# need to be deliverable remotely. -domainlist local_domains = MAIN_LOCAL_DOMAINS - -# List of recipient domains to relay _to_. Use this list if you're - -# for example - fallback MX or mail gateway for domains. -domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS : +mlmmj_domains - -# List of sender networks (IP addresses) to _unconditionally_ relay -# _for_. If you intend to be SMTP AUTH server, you do not need to enter -# anything here. -hostlist relay_from_hosts = localhost - -# Decide which domain to use to add to all unqualified addresses. -# If MAIN_PRIMARY_HOSTNAME_AS_QUALIFY_DOMAIN is defined, the primary -# hostname is used. If not, but MAIN_QUALIFY_DOMAIN is set, the value -# of MAIN_QUALIFY_DOMAIN is used. If both macros are not defined, -# the first line of /etc/mailname is used. -.ifndef MAIN_PRIMARY_HOSTNAME_AS_QUALIFY_DOMAIN -.ifndef MAIN_QUALIFY_DOMAIN -qualify_domain = ETC_MAILNAME -.else -qualify_domain = MAIN_QUALIFY_DOMAIN -.endif -.endif - -# listen on all all interfaces? -.ifdef MAIN_LOCAL_INTERFACES -local_interfaces = MAIN_LOCAL_INTERFACES -.endif - -.ifndef LOCAL_DELIVERY -# The default transport, set in /etc/exim4/update-exim4.conf.conf, -# defaulting to mail_spool. See CONFDIR/conf.d/transport/ for possibilities -LOCAL_DELIVERY=mail_spool -.endif - -# The gecos field in /etc/passwd holds not only the name. see passwd(5). -gecos_pattern = ^([^,:]*) -gecos_name = $1 - -# define macros to be used in acl/30_exim4-config_check_rcpt to check -# recipient local parts for strange characters. - -# This macro definition really should be in -# acl/30_exim4-config_check_rcpt but cannot be there due to -# http://www.exim.org/bugzilla/show_bug.cgi?id=101 as of exim 4.62. - -# These macros are documented in acl/30_exim4-config_check_rcpt, -# can be changed here or overridden by a locally added configuration -# file as described in README.Debian chapter 2.1.2 - -.ifndef CHECK_RCPT_LOCAL_LOCALPARTS -CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?] -.endif - -.ifndef CHECK_RCPT_REMOTE_LOCALPARTS -CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./ -.endif - -# always log tls_peerdn as we use TLS for outgoing connects by default -.ifndef MAIN_LOG_SELECTOR -MAIN_LOG_SELECTOR = +tls_peerdn -.endif -##################################################### -### end main/01_exim4-config_listmacrosdefs -##################################################### -##################################################### -### main/02_exim4-config_options -##################################################### - -### main/02_exim4-config_options -################################# - - -# Defines the access control list that is run when an -# SMTP MAIL command is received. -# -.ifndef MAIN_ACL_CHECK_MAIL -MAIN_ACL_CHECK_MAIL = acl_check_mail -.endif -acl_smtp_mail = MAIN_ACL_CHECK_MAIL - - -# Defines the access control list that is run when an -# SMTP RCPT command is received. -# -.ifndef MAIN_ACL_CHECK_RCPT -MAIN_ACL_CHECK_RCPT = acl_check_rcpt -.endif -acl_smtp_rcpt = MAIN_ACL_CHECK_RCPT - - -# Defines the access control list that is run when an -# SMTP DATA command is received. -# -.ifndef MAIN_ACL_CHECK_DATA -MAIN_ACL_CHECK_DATA = acl_check_data -.endif -acl_smtp_data = MAIN_ACL_CHECK_DATA - - -# Message size limit. The default (used when MESSAGE_SIZE_LIMIT -# is unset) is 50 MB -.ifdef MESSAGE_SIZE_LIMIT -message_size_limit = MESSAGE_SIZE_LIMIT -.endif - - -# If you are running exim4-daemon-heavy or a custom version of Exim that -# was compiled with the content-scanning extension, you can cause incoming -# messages to be automatically scanned for viruses. You have to modify the -# configuration in two places to set this up. The first of them is here, -# where you define the interface to your scanner. This example is typical -# for ClamAV; see the manual for details of what to set for other virus -# scanners. The second modification is in the acl_check_data access -# control list. - -# av_scanner = clamd:/var/run/clamav/clamd.ctl - - -# For spam scanning, there is a similar option that defines the interface to -# SpamAssassin. You do not need to set this if you are using the default, which -# is shown in this commented example. As for virus scanning, you must also -# modify the acl_check_data access control list to enable spam scanning. - -# spamd_address = 127.0.0.1 783 - -# Domain used to qualify unqualified recipient addresses -# If this option is not set, the qualify_domain value is used. -# qualify_recipient = - - -# Allow Exim to recognize addresses of the form "user@[10.11.12.13]", -# where the domain part is a "domain literal" (an IP address) instead -# of a named domain. The RFCs require this facility, but it is disabled -# in the default config since it is seldomly used and frequently abused. -# Domain literal support also needs a special router, which is automatically -# enabled if you use the enable macro MAIN_ALLOW_DOMAIN_LITERALS. -# Additionally, you might want to make your local IP addresses (or @[]) -# local domains. -.ifdef MAIN_ALLOW_DOMAIN_LITERALS -allow_domain_literals -.endif - - -# Do a reverse DNS lookup on all incoming IP calls, in order to get the -# true host name. If you feel this is too expensive, the networks for -# which a lookup is done can be listed here. -.ifndef DC_minimaldns -.ifndef MAIN_HOST_LOOKUP -MAIN_HOST_LOOKUP = * -.endif -host_lookup = MAIN_HOST_LOOKUP -.endif - - -# In a minimaldns setup, update-exim4.conf guesses the hostname and -# dumps it here to avoid DNS lookups being done at Exim run time. -.ifdef MAIN_HARDCODE_PRIMARY_HOSTNAME -primary_hostname = MAIN_HARDCODE_PRIMARY_HOSTNAME -.endif - -# The settings below, which are actually the same as the defaults in the -# code, cause Exim to make RFC 1413 (ident) callbacks for all incoming SMTP -# calls. You can limit the hosts to which these calls are made, and/or change -# the timeout that is used. If you set the timeout to zero, all RFC 1413 calls -# are disabled. RFC 1413 calls are cheap and can provide useful information -# for tracing problem messages, but some hosts and firewalls are -# misconfigured to drop the requests instead of either answering or -# rejecting them. This can result in a timeout instead of an immediate refused -# connection, leading to delays on starting up SMTP sessions. (The default was -# reduced from 30s to 5s for release 4.61.) -# rfc1413_hosts = * -# rfc1413_query_timeout = 5s - -# When using an external relay tester (such as rt.njabl.org and/or the -# currently defunct relay-test.mail-abuse.org, the test may be aborted -# since exim complains about "too many nonmail commands". If you want -# the test to complete, add the host from where "your" relay tester -# connects from to the MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS macro. -# Please note that a non-empty setting may cause extra DNS lookups to -# happen, which is the reason why this option is commented out in the -# default settings. -# MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS = !rt.njabl.org -.ifdef MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS -smtp_accept_max_nonmail_hosts = MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS -.endif - -# By default, exim forces a Sender: header containing the local -# account name at the local host name in all locally submitted messages -# that don't have the local account name at the local host name in the -# From: header, deletes any Sender: header present in the submitted -# message and forces the envelope sender of all locally submitted -# messages to the local account name at the local host name. -# The following settings allow local users to specify their own envelope sender -# in a locally submitted message. Sender: headers existing in a locally -# submitted message are not removed, and no automatic Sender: headers -# are added. These settings are fine for most hosts. -# If you run exim on a classical multi-user systems where all users -# have local mailboxes that can be reached via SMTP from the Internet -# with the local FQDN as the domain part of the address, you might want -# to disable the following three lines for traceability reasons. -.ifndef MAIN_FORCE_SENDER -local_from_check = false -local_sender_retain = true -untrusted_set_sender = * -.endif - - -# By default, Exim expects all envelope addresses to be fully qualified, that -# is, they must contain both a local part and a domain. Configure exim -# to accept unqualified addresses from certain hosts. When this is done, -# unqualified addresses are qualified using the settings of qualify_domain -# and/or qualify_recipient (see above). -# sender_unqualified_hosts = -# recipient_unqualified_hosts = - - -# Configure Exim to support the "percent hack" for certain domains. -# The "percent hack" is the feature by which mail addressed to x%y@z -# (where z is one of the domains listed) is locally rerouted to x@y -# and sent on. If z is not one of the "percent hack" domains, x%y is -# treated as an ordinary local part. The percent hack is rarely needed -# nowadays but frequently abused. You should not enable it unless you -# are sure that you really need it. -# percent_hack_domains = - - -# Bounce handling -.ifndef MAIN_IGNORE_BOUNCE_ERRORS_AFTER -MAIN_IGNORE_BOUNCE_ERRORS_AFTER = 2d -.endif -ignore_bounce_errors_after = MAIN_IGNORE_BOUNCE_ERRORS_AFTER - -.ifndef MAIN_TIMEOUT_FROZEN_AFTER -MAIN_TIMEOUT_FROZEN_AFTER = 7d -.endif -timeout_frozen_after = MAIN_TIMEOUT_FROZEN_AFTER - -.ifndef MAIN_FREEZE_TELL -MAIN_FREEZE_TELL = postmaster -.endif -freeze_tell = MAIN_FREEZE_TELL - - -# Define spool directory -.ifndef SPOOLDIR -SPOOLDIR = /var/spool/exim4 -.endif -spool_directory = SPOOLDIR - - -# trusted users can set envelope-from to arbitrary values -.ifndef MAIN_TRUSTED_USERS -MAIN_TRUSTED_USERS = uucp -.endif -trusted_users = MAIN_TRUSTED_USERS -.ifdef MAIN_TRUSTED_GROUPS -trusted_groups = MAIN_TRUSTED_GROUPS -.endif - - -# users in admin group can do many other things -# admin_groups = - - -# SMTP Banner. The example includes the Debian version in the SMTP dialog -# MAIN_SMTP_BANNER = "${primary_hostname} ESMTP Exim ${version_number} (Debian package MAIN_PACKAGE_VERSION) ${tod_full}" -# smtp_banner = $smtp_active_hostname ESMTP Exim $version_number $tod_full - -.ifdef MAIN_KEEP_ENVIRONMENT -keep_environment = MAIN_KEEP_ENVIRONMENT -.else -# set option to empty value to avoid warning. -keep_environment = -.endif -.ifdef MAIN_ADD_ENVIRONMENT -add_environment = MAIN_ADD_ENVIRONMENT -.endif -##################################################### -### end main/02_exim4-config_options -##################################################### -##################################################### -### main/03_exim4-config_tlsoptions -##################################################### - -### main/03_exim4-config_tlsoptions -################################# - -# TLS/SSL configuration for exim as an SMTP server. -# See /usr/share/doc/exim4-base/README.Debian.gz for explanations. - -.ifdef MAIN_TLS_ENABLE -# Defines what hosts to 'advertise' STARTTLS functionality to. The -# default, *, will advertise to all hosts that connect with EHLO. -.ifndef MAIN_TLS_ADVERTISE_HOSTS -MAIN_TLS_ADVERTISE_HOSTS = * -.endif -tls_advertise_hosts = MAIN_TLS_ADVERTISE_HOSTS - - -# Full paths to Certificate and Private Key. The Private Key file -# must be kept 'secret' and should be owned by root.Debian-exim mode -# 640 (-rw-r-----). exim-gencert takes care of these prerequisites. -# Normally, exim4 looks for certificate and key in different files: -# MAIN_TLS_CERTIFICATE - path to certificate file, -# CONFDIR/exim.crt if unset -# MAIN_TLS_PRIVATEKEY - path to private key file -# CONFDIR/exim.key if unset -# You can also configure exim to look for certificate and key in the -# same file, set MAIN_TLS_CERTKEY to that file to enable. This takes -# precedence over all other settings regarding certificate and key file. -.ifdef MAIN_TLS_CERTKEY -tls_certificate = MAIN_TLS_CERTKEY -.else -.ifndef MAIN_TLS_CERTIFICATE -MAIN_TLS_CERTIFICATE = CONFDIR/exim.crt -.endif -tls_certificate = MAIN_TLS_CERTIFICATE - -.ifndef MAIN_TLS_PRIVATEKEY -MAIN_TLS_PRIVATEKEY = CONFDIR/exim.key -.endif -tls_privatekey = MAIN_TLS_PRIVATEKEY -.endif - -# Pointer to the CA Certificates against which client certificates are -# checked. This is controlled by the `tls_verify_hosts' and -# `tls_try_verify_hosts' lists below. -# If you want to check server certificates, you need to add an -# tls_verify_certificates statement to the smtp transport. -# /etc/ssl/certs/ca-certificates.crt is generated by -# the "ca-certificates" package's update-ca-certificates(8) command. -.ifndef MAIN_TLS_VERIFY_CERTIFICATES -MAIN_TLS_VERIFY_CERTIFICATES = ${if exists{/etc/ssl/certs/ca-certificates.crt}\ - {/etc/ssl/certs/ca-certificates.crt}\ - {/dev/null}} -.endif -tls_verify_certificates = MAIN_TLS_VERIFY_CERTIFICATES - - -# A list of hosts which are constrained by `tls_verify_certificates'. A host -# that matches `tls_verify_host' must present a certificate that is -# verifyable through `tls_verify_certificates' in order to be accepted as an -# SMTP client. If it does not, the connection is aborted. -.ifdef MAIN_TLS_VERIFY_HOSTS -tls_verify_hosts = MAIN_TLS_VERIFY_HOSTS -.endif - -# A weaker form of checking: if a client matches `tls_try_verify_hosts' (but -# not `tls_verify_hosts'), request a certificate and check it against -# `tls_verify_certificates' but do not abort the connection if there is no -# certificate or if the certificate presented does not match. (This -# condition can be tested for in ACLs through `verify = certificate') -# By default, this check is done for all hosts. It is known that some -# clients (including incredimail's version downloadable in February -# 2008) choke on this. To disable, set MAIN_TLS_TRY_VERIFY_HOSTS to an -# empty value. -.ifdef MAIN_TLS_TRY_VERIFY_HOSTS -tls_try_verify_hosts = MAIN_TLS_TRY_VERIFY_HOSTS -.endif - -.endif -##################################################### -### end main/03_exim4-config_tlsoptions -##################################################### -##################################################### -### main/90_exim4-config_log_selector -##################################################### - -### main/90_exim4-config_log_selector -################################# - -# uncomment this for debugging -# MAIN_LOG_SELECTOR == MAIN_LOG_SELECTOR +all -subject -arguments - -.ifdef MAIN_LOG_SELECTOR -log_selector = MAIN_LOG_SELECTOR -.endif -##################################################### -### end main/90_exim4-config_log_selector -##################################################### -##################################################### -### acl/00_exim4-config_header -##################################################### - -###################################################################### -# ACL CONFIGURATION # -# Specifies access control lists for incoming SMTP mail # -###################################################################### -begin acl - - -##################################################### -### end acl/00_exim4-config_header -##################################################### -##################################################### -### acl/20_exim4-config_local_deny_exceptions -##################################################### - -### acl/20_exim4-config_local_deny_exceptions -################################# - -# This is used to determine whitelisted senders and hosts. -# It checks for CONFDIR/host_local_deny_exceptions and -# CONFDIR/sender_local_deny_exceptions. -# -# It is meant to be used from some other acl entry. -# -# See exim4-config_files(5) for details. -# -# If the files do not exist, the white list never matches, which is -# the desired behaviour. -# -# The old file names CONFDIR/local_host_whitelist and -# CONFDIR/local_sender_whitelist will continue to be honored for a -# transition period. Their use is deprecated. - -acl_local_deny_exceptions: - accept - hosts = ${if exists{CONFDIR/host_local_deny_exceptions}\ - {CONFDIR/host_local_deny_exceptions}\ - {}} - accept - senders = ${if exists{CONFDIR/sender_local_deny_exceptions}\ - {CONFDIR/sender_local_deny_exceptions}\ - {}} - accept - hosts = ${if exists{CONFDIR/local_host_whitelist}\ - {CONFDIR/local_host_whitelist}\ - {}} - accept - senders = ${if exists{CONFDIR/local_sender_whitelist}\ - {CONFDIR/local_sender_whitelist}\ - {}} - - # This hook allows you to hook in your own ACLs without having to - # modify this file. If you do it like we suggest, you'll end up with - # a small performance penalty since there is an additional file being - # accessed. This doesn't happen if you leave the macro unset. - .ifdef LOCAL_DENY_EXCEPTIONS_LOCAL_ACL_FILE - .include LOCAL_DENY_EXCEPTIONS_LOCAL_ACL_FILE - .endif - - # this is still supported for a transition period and is deprecated. - .ifdef WHITELIST_LOCAL_DENY_LOCAL_ACL_FILE - .include WHITELIST_LOCAL_DENY_LOCAL_ACL_FILE - .endif -##################################################### -### end acl/20_exim4-config_local_deny_exceptions -##################################################### -##################################################### -### acl/30_exim4-config_check_mail -##################################################### - -### acl/30_exim4-config_check_mail -################################# - -# This access control list is used for every MAIL command in an incoming -# SMTP message. The tests are run in order until the address is either -# accepted or denied. -# -acl_check_mail: - .ifdef CHECK_MAIL_HELO_ISSUED - deny - message = no HELO given before MAIL command - condition = ${if def:sender_helo_name {no}{yes}} - .endif - - accept -##################################################### -### end acl/30_exim4-config_check_mail -##################################################### -##################################################### -### acl/30_exim4-config_check_rcpt -##################################################### - -### acl/30_exim4-config_check_rcpt -################################# - -# This access control list is used for every RCPT command in an incoming -# SMTP message. The tests are run in order until the address is either -# accepted or denied. -# -acl_check_rcpt: - - # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by - # testing for an empty sending host field. - accept - hosts = : - control = dkim_disable_verify - - # Do not try to verify DKIM signatures of incoming mail if DC_minimaldns - # or DISABLE_DKIM_VERIFY are set. -.ifdef DC_minimaldns - warn - control = dkim_disable_verify -.else -.ifdef DISABLE_DKIM_VERIFY - warn - control = dkim_disable_verify -.endif -.endif - - # The following section of the ACL is concerned with local parts that contain - # certain non-alphanumeric characters. Dots in unusual places are - # handled by this ACL as well. - # - # Non-alphanumeric characters other than dots are rarely found in genuine - # local parts, but are often tried by people looking to circumvent - # relaying restrictions. Therefore, although they are valid in local - # parts, these rules disallow certain non-alphanumeric characters, as - # a precaution. - # - # Empty components (two dots in a row) are not valid in RFC 2822, but Exim - # allows them because they have been encountered. (Consider local parts - # constructed as "firstinitial.secondinitial.familyname" when applied to - # a name without a second initial.) However, a local part starting - # with a dot or containing /../ can cause trouble if it is used as part of a - # file name (e.g. for a mailing list). This is also true for local parts that - # contain slashes. A pipe symbol can also be troublesome if the local part is - # incorporated unthinkingly into a shell command line. - # - # These ACL components will block recipient addresses that are valid - # from an RFC2822 point of view. We chose to have them blocked by - # default for security reasons. - # - # If you feel that your site should have less strict recipient - # checking, please feel free to change the default values of the macros - # defined in main/01_exim4-config_listmacrosdefs or override them from a - # local configuration file. - # - # Two different rules are used. The first one has a quite strict - # default, and is applied to messages that are addressed to one of the - # local domains handled by this host. - - # The default value of CHECK_RCPT_LOCAL_LOCALPARTS is defined in - # main/01_exim4-config_listmacrosdefs: - # CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?] - # This blocks local parts that begin with a dot or contain a quite - # broad range of non-alphanumeric characters. - .ifdef CHECK_RCPT_LOCAL_LOCALPARTS - deny - domains = +local_domains - local_parts = CHECK_RCPT_LOCAL_LOCALPARTS - message = restricted characters in address - .endif - - - # The second rule applies to all other domains, and its default is - # considerably less strict. - - # The default value of CHECK_RCPT_REMOTE_LOCALPARTS is defined in - # main/01_exim4-config_listmacrosdefs: - # CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./ - - # It allows local users to send outgoing messages to sites - # that use slashes and vertical bars in their local parts. It blocks - # local parts that begin with a dot, slash, or vertical bar, but allows - # these characters within the local part. However, the sequence /../ is - # barred. The use of some other non-alphanumeric characters is blocked. - # Single quotes might probably be dangerous as well, but they're - # allowed by the default regexps to avoid rejecting mails to Ireland. - # The motivation here is to prevent local users (or local users' malware) - # from mounting certain kinds of attack on remote sites. - .ifdef CHECK_RCPT_REMOTE_LOCALPARTS - deny - domains = !+local_domains - local_parts = CHECK_RCPT_REMOTE_LOCALPARTS - message = restricted characters in address - .endif - - - # Accept mail to postmaster in any local domain, regardless of the source, - # and without verifying the sender. - # - accept - .ifndef CHECK_RCPT_POSTMASTER - local_parts = postmaster - .else - local_parts = CHECK_RCPT_POSTMASTER - .endif - domains = +local_domains : +relay_to_domains - - - # Deny unless the sender address can be verified. - # - # This is disabled by default so that DNSless systems don't break. If - # your system can do DNS lookups without delay or cost, you might want - # to enable this feature. - # - # This feature does not work in smarthost and satellite setups as - # with these setups all domains pass verification. See spec.txt chapter - # 39.31 with the added information that a smarthost/satellite setup - # routes all non-local e-mail to the smarthost. - .ifdef CHECK_RCPT_VERIFY_SENDER - deny - message = Sender verification failed - !acl = acl_local_deny_exceptions - !verify = sender - .endif - - # Verify senders listed in local_sender_callout with a callout. - # - # In smarthost and satellite setups, this causes the callout to be - # done to the smarthost. Verification will thus only be reliable if the - # smarthost does reject illegal addresses in the SMTP dialog. - deny - !acl = acl_local_deny_exceptions - senders = ${if exists{CONFDIR/local_sender_callout}\ - {CONFDIR/local_sender_callout}\ - {}} - !verify = sender/callout - - - # Accept if the message comes from one of the hosts for which we are an - # outgoing relay. It is assumed that such hosts are most likely to be MUAs, - # so we set control=submission to make Exim treat the message as a - # submission. It will fix up various errors in the message, for example, the - # lack of a Date: header line. If you are actually relaying out out from - # MTAs, you may want to disable this. If you are handling both relaying from - # MTAs and submissions from MUAs you should probably split them into two - # lists, and handle them differently. - - # Recipient verification is omitted here, because in many cases the clients - # are dumb MUAs that don't cope well with SMTP error responses. If you are - # actually relaying out from MTAs, you should probably add recipient - # verification here. - - # Note that, by putting this test before any DNS black list checks, you will - # always accept from these hosts, even if they end up on a black list. The - # assumption is that they are your friends, and if they get onto black - # list, it is a mistake. - accept - hosts = +relay_from_hosts - control = submission/sender_retain - control = dkim_disable_verify - - - # Accept if the message arrived over an authenticated connection, from - # any host. Again, these messages are usually from MUAs, so recipient - # verification is omitted, and submission mode is set. And again, we do this - # check before any black list tests. - accept - authenticated = * - control = submission/sender_retain - control = dkim_disable_verify - - - # Insist that any other recipient address that we accept is either in one of - # our local domains, or is in a domain for which we explicitly allow - # relaying. Any other domain is rejected as being unacceptable for relaying. - require - message = relay not permitted - domains = +local_domains : +relay_to_domains - - - # We also require all accepted addresses to be verifiable. This check will - # do local part verification for local domains, but only check the domain - # for remote domains. - require - verify = recipient - - - # Verify recipients listed in local_rcpt_callout with a callout. - # This is especially handy for forwarding MX hosts (secondary MX or - # mail hubs) of domains that receive a lot of spam to non-existent - # addresses. The only way to check local parts for remote relay - # domains is to use a callout (add /callout), but please read the - # documentation about callouts before doing this. - deny - !acl = acl_local_deny_exceptions - recipients = ${if exists{CONFDIR/local_rcpt_callout}\ - {CONFDIR/local_rcpt_callout}\ - {}} - !verify = recipient/callout - - - # CONFDIR/local_sender_blacklist holds a list of envelope senders that - # should have their access denied to the local host. Incoming messages - # with one of these senders are rejected at RCPT time. - # - # The explicit white lists are honored as well as negative items in - # the black list. See exim4-config_files(5) for details. - deny - message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster - !acl = acl_local_deny_exceptions - senders = ${if exists{CONFDIR/local_sender_blacklist}\ - {CONFDIR/local_sender_blacklist}\ - {}} - - - # deny bad sites (IP address) - # CONFDIR/local_host_blacklist holds a list of host names, IP addresses - # and networks (CIDR notation) that should have their access denied to - # The local host. Messages coming in from a listed host will have all - # RCPT statements rejected. - # - # The explicit white lists are honored as well as negative items in - # the black list. See exim4-config_files(5) for details. - deny - message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster - !acl = acl_local_deny_exceptions - hosts = ${if exists{CONFDIR/local_host_blacklist}\ - {CONFDIR/local_host_blacklist}\ - {}} - - - # Warn if the sender host does not have valid reverse DNS. - # - # If your system can do DNS lookups without delay or cost, you might want - # to enable this. - # If sender_host_address is defined, it's a remote call. If - # sender_host_name is not defined, then reverse lookup failed. Use - # this instead of !verify = reverse_host_lookup to catch deferrals - # as well as outright failures. - .ifdef CHECK_RCPT_REVERSE_DNS - warn - condition = ${if and{{def:sender_host_address}{!def:sender_host_name}}\ - {yes}{no}} - add_header = X-Host-Lookup-Failed: Reverse DNS lookup failed for $sender_host_address (${if eq{$host_lookup_failed}{1}{failed}{deferred}}) - .endif - - - # Use spfquery to perform a pair of SPF checks (for details, see - # http://www.openspf.org/) - # - # This is quite costly in terms of DNS lookups (~6 lookups per mail). Do not - # enable if that's an issue. Also note that if you enable this, you must - # install "spf-tools-perl" which provides the spfquery command. - # Missing spf-tools-perl will trigger the "Unexpected error in - # SPF check" warning. - .ifdef CHECK_RCPT_SPF - deny - message = [SPF] $sender_host_address is not allowed to send mail from \ - ${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}. \ - Please see \ - http://www.openspf.org/Why?scope=${if def:sender_address_domain \ - {mfrom}{helo}};identity=${if def:sender_address_domain \ - {$sender_address}{$sender_helo_name}};ip=$sender_host_address - log_message = SPF check failed. - !acl = acl_local_deny_exceptions - condition = ${run{/usr/bin/spfquery.mail-spf-perl --ip \ - ${quote:$sender_host_address} --identity \ - ${if def:sender_address_domain \ - {--scope mfrom --identity ${quote:$sender_address}}\ - {--scope helo --identity ${quote:$sender_helo_name}}}}\ - {no}{${if eq {$runrc}{1}{yes}{no}}}} - - defer - message = Temporary DNS error while checking SPF record. Try again later. - !acl = acl_local_deny_exceptions - condition = ${if eq {$runrc}{5}{yes}{no}} - - warn - condition = ${if <={$runrc}{6}{yes}{no}} - add_header = Received-SPF: ${if eq {$runrc}{0}{pass}\ - {${if eq {$runrc}{2}{softfail}\ - {${if eq {$runrc}{3}{neutral}\ - {${if eq {$runrc}{4}{permerror}\ - {${if eq {$runrc}{6}{none}{error}}}}}}}}}\ - } client-ip=$sender_host_address; \ - ${if def:sender_address_domain \ - {envelope-from=${sender_address}; }{}}\ - helo=$sender_helo_name - - warn - log_message = Unexpected error in SPF check. - condition = ${if >{$runrc}{6}{yes}{no}} - .endif - - - # Check against classic DNS "black" lists (DNSBLs) which list - # sender IP addresses - .ifdef CHECK_RCPT_IP_DNSBLS - warn - dnslists = CHECK_RCPT_IP_DNSBLS - add_header = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text) - log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text) - .endif - - - # Check against DNSBLs which list sender domains, with an option to locally - # whitelist certain domains that might be blacklisted. - # - # Note: If you define CHECK_RCPT_DOMAIN_DNSBLS, you must append - # "/$sender_address_domain" after each domain. For example: - # CHECK_RCPT_DOMAIN_DNSBLS = rhsbl.foo.org/$sender_address_domain \ - # : rhsbl.bar.org/$sender_address_domain - .ifdef CHECK_RCPT_DOMAIN_DNSBLS - warn - !senders = ${if exists{CONFDIR/local_domain_dnsbl_whitelist}\ - {CONFDIR/local_domain_dnsbl_whitelist}\ - {}} - dnslists = CHECK_RCPT_DOMAIN_DNSBLS - add_header = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text) - log_message = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text) - .endif - - - # This hook allows you to hook in your own ACLs without having to - # modify this file. If you do it like we suggest, you'll end up with - # a small performance penalty since there is an additional file being - # accessed. This doesn't happen if you leave the macro unset. - .ifdef CHECK_RCPT_LOCAL_ACL_FILE - .include CHECK_RCPT_LOCAL_ACL_FILE - .endif - - - ############################################################################# - # This check is commented out because it is recognized that not every - # sysadmin will want to do it. If you enable it, the check performs - # Client SMTP Authorization (csa) checks on the sending host. These checks - # do DNS lookups for SRV records. The CSA proposal is currently (May 2005) - # an Internet draft. You can, of course, add additional conditions to this - # ACL statement to restrict the CSA checks to certain hosts only. - # - # require verify = csa - ############################################################################# - - - # Accept if the address is in a domain for which we are an incoming relay, - # but again, only if the recipient can be verified. - - accept - domains = +relay_to_domains - endpass - verify = recipient - - - # At this point, the address has passed all the checks that have been - # configured, so we accept it unconditionally. - - accept -##################################################### -### end acl/30_exim4-config_check_rcpt -##################################################### -##################################################### -### acl/40_exim4-config_check_data -##################################################### - -### acl/40_exim4-config_check_data -################################# - -# This ACL is used after the contents of a message have been received. This -# is the ACL in which you can test a message's headers or body, and in -# particular, this is where you can invoke external virus or spam scanners. - -acl_check_data: - - # Deny unless the address list headers are syntactically correct. - # - # If you enable this, you might reject legitimate mail. - .ifdef CHECK_DATA_VERIFY_HEADER_SYNTAX - deny - message = Message headers fail syntax check - !acl = acl_local_deny_exceptions - !verify = header_syntax - .endif - - - # require that there is a verifiable sender address in at least - # one of the "Sender:", "Reply-To:", or "From:" header lines. - .ifdef CHECK_DATA_VERIFY_HEADER_SENDER - deny - message = No verifiable sender address in message headers - !acl = acl_local_deny_exceptions - !verify = header_sender - .endif - - - # Deny if the message contains malware. Before enabling this check, you - # must install a virus scanner and set the av_scanner option in the - # main configuration. - # - # exim4-daemon-heavy must be used for this section to work. - # - # deny - # malware = * - # message = This message was detected as possible malware ($malware_name). - - - # Add headers to a message if it is judged to be spam. Before enabling this, - # you must install SpamAssassin. You also need to set the spamd_address - # option in the main configuration. - # - # exim4-daemon-heavy must be used for this section to work. - # - # Please note that this is only suiteable as an example. There are - # multiple issues with this configuration method. For example, if you go - # this way, you'll give your spamassassin daemon write access to the - # entire exim spool which might be a security issue in case of a - # spamassassin exploit. - # - # See the exim docs and the exim wiki for more suitable examples. - # - # warn - # spam = Debian-exim:true - # add_header = X-Spam_score: $spam_score\n\ - # X-Spam_score_int: $spam_score_int\n\ - # X-Spam_bar: $spam_bar\n\ - # X-Spam_report: $spam_report - - - # This hook allows you to hook in your own ACLs without having to - # modify this file. If you do it like we suggest, you'll end up with - # a small performance penalty since there is an additional file being - # accessed. This doesn't happen if you leave the macro unset. - .ifdef CHECK_DATA_LOCAL_ACL_FILE - .include CHECK_DATA_LOCAL_ACL_FILE - .endif - - - # accept otherwise - accept -##################################################### -### end acl/40_exim4-config_check_data -##################################################### -##################################################### -### router/00_exim4-config_header -##################################################### - -###################################################################### -# ROUTERS CONFIGURATION # -# Specifies how addresses are handled # -###################################################################### -# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! # -# An address is passed to each router in turn until it is accepted. # -###################################################################### - -begin routers - -mlmmj_router: - driver = accept - domains = +mlmmj_domains - require_files = MLMMJ_HOME/${lc::$local_part} - # Use this instead, if you don't want to give Exim rx rights to mlmmj spool. - # Exim will then spawn a new process running under the UID of "mlmmj". - #require_files = mlmmj:MLMMJ_HOME/${lc::$local_part} - local_part_suffix = +* - local_part_suffix_optional - headers_remove = Delivered-To - headers_add = Delivered-To: $local_part$local_part_suffix@$domain - transport = mlmmj_transport - -dnslookup: - driver = dnslookup - domains = ! +local_domains - transport = remote_smtp - ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 - no_more - -##################################################### -### end router/00_exim4-config_header -##################################################### -##################################################### -### router/100_exim4-config_domain_literal -##################################################### - -### router/100_exim4-config_domain_literal -################################# - -# This router handles e-mail addresses in "domain literal" form like -# . The RFCs require this facility, but it is disabled -# in the default config since it is seldomly used and frequently abused. -# Domain literal support also needs to be enabled in the main config, -# which is automatically done if you use the enable macro -# MAIN_ALLOW_DOMAIN_LITERALS. - -.ifdef MAIN_ALLOW_DOMAIN_LITERALS -domain_literal: - debug_print = "R: domain_literal for $local_part@$domain" - driver = ipliteral - domains = ! +local_domains - transport = remote_smtp -.endif -##################################################### -### end router/100_exim4-config_domain_literal -##################################################### -##################################################### -### router/150_exim4-config_hubbed_hosts -##################################################### - -# router/150_exim4-config_hubbed_hosts -################################# - -# route specific domains manually. -# -# see exim4-config_files(5) and spec.txt chapter 20.3 through 20.7 for -# more detailed documentation. - -hubbed_hosts: - debug_print = "R: hubbed_hosts for $domain" - driver = manualroute - domains = "${if exists{CONFDIR/hubbed_hosts}\ - {partial-lsearch;CONFDIR/hubbed_hosts}\ - fail}" - same_domain_copy_routing = yes - route_data = ${lookup{$domain}partial-lsearch{CONFDIR/hubbed_hosts}} - transport = remote_smtp -##################################################### -### end router/150_exim4-config_hubbed_hosts -##################################################### -##################################################### -### router/200_exim4-config_primary -##################################################### - -### router/200_exim4-config_primary -################################# -# This file holds the primary router, responsible for nonlocal mails - -.ifdef DCconfig_internet -# configtype=internet -# -# deliver mail to the recipient if recipient domain is a domain we -# relay for. We do not ignore any target hosts here since delivering to -# a site local or even a link local address might be wanted here, and if -# such an address has found its way into the MX record of such a domain, -# the local admin is probably in a place where that broken MX record -# could be fixed. - -dnslookup_relay_to_domains: - debug_print = "R: dnslookup_relay_to_domains for $local_part@$domain" - driver = dnslookup - domains = ! +local_domains : +relay_to_domains - transport = remote_smtp - same_domain_copy_routing = yes - no_more - -# deliver mail directly to the recipient. This router is only reached -# for domains that we do not relay for. Since we most probably can't -# have broken MX records pointing to site local or link local IP -# addresses fixed, we ignore target hosts pointing to these addresses. - -dnslookup: - debug_print = "R: dnslookup for $local_part@$domain" - driver = dnslookup - domains = !+mlmmj_domains : !+local_domains - transport = remote_smtp - same_domain_copy_routing = yes - # ignore private rfc1918 and APIPA addresses - ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\ - 172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16 :\ - 255.255.255.255 - no_more - -.endif - - -.ifdef DCconfig_local -# configtype=local -# -# Stand-alone system, so generate an error for mail to a non-local domain -nonlocal: - debug_print = "R: nonlocal for $local_part@$domain" - driver = redirect - domains = ! +local_domains - allow_fail - data = :fail: Mailing to remote domains not supported - no_more - -.endif - - -.ifdef DCconfig_smarthost DCconfig_satellite -# configtype=smarthost or configtype=satellite -# -# Send all non-local mail to a single other machine (smarthost). -# -# This means _ALL_ non-local mail goes to the smarthost. This will most -# probably not do what you want for domains that are listed in -# relay_domains. The most typical use for relay_domains is to control -# relaying for incoming e-mail on secondary MX hosts. In that case, -# it doesn't make sense to send the mail to the smarthost since the -# smarthost will probably send the message right back here, causing a -# loop. -# -# If you want to use a smarthost while being secondary MX for some -# domains, you'll need to copy the dnslookup_relay_to_domains router -# here so that mail to relay_domains is handled separately. - -smarthost: - debug_print = "R: smarthost for $local_part@$domain" - driver = manualroute - domains = ! +local_domains - transport = remote_smtp_smarthost - route_list = * DCsmarthost byname - host_find_failed = ignore - same_domain_copy_routing = yes - no_more - -.endif - - -# The "no_more" above means that all later routers are for -# domains in the local_domains list, i.e. just like Exim 3 directors. -##################################################### -### end router/200_exim4-config_primary -##################################################### -##################################################### -### router/300_exim4-config_real_local -##################################################### - -### router/300_exim4-config_real_local -################################# - -# This router allows reaching a local user while avoiding local -# processing. This can be used to inform a user of a broken .forward -# file, for example. The userforward router does this. - -COND_LOCAL_SUBMITTER = "\ - ${if match_ip{$sender_host_address}{:@[]}\ - {1}{0}\ - }" - -real_local: - debug_print = "R: real_local for $local_part@$domain" - driver = accept - domains = +local_domains - condition = COND_LOCAL_SUBMITTER - local_part_prefix = real- - check_local_user - transport = LOCAL_DELIVERY - -##################################################### -### end router/300_exim4-config_real_local -##################################################### -##################################################### -### router/400_exim4-config_system_aliases -##################################################### - -### router/400_exim4-config_system_aliases -################################# - -# This router handles aliasing using a traditional /etc/aliases file. -# -##### NB You must ensure that /etc/aliases exists. It used to be the case -##### NB that every Unix had that file, because it was the Sendmail default. -##### NB These days, there are systems that don't have it. Your aliases -##### NB file should at least contain an alias for "postmaster". -# -# This router handles the local part in a case-insensitive way which -# satisfies the RFCs requirement that postmaster be reachable regardless -# of case. If you decide to handle /etc/aliases in a caseful way, you -# need to make arrangements for a caseless postmaster. -# -# Delivery to arbitrary directories, files, and piping to programs in -# /etc/aliases is disabled per default. -# If that is a problem for you, see -# /usr/share/doc/exim4-base/README.Debian.gz -# for explanation and some workarounds. - -system_aliases: - debug_print = "R: system_aliases for $local_part@$domain" - driver = redirect - domains = +local_domains - allow_fail - allow_defer - data = ${lookup{$local_part}lsearch{/etc/aliases}} - .ifdef SYSTEM_ALIASES_USER - user = SYSTEM_ALIASES_USER - .endif - .ifdef SYSTEM_ALIASES_GROUP - group = SYSTEM_ALIASES_GROUP - .endif - .ifdef SYSTEM_ALIASES_FILE_TRANSPORT - file_transport = SYSTEM_ALIASES_FILE_TRANSPORT - .endif - .ifdef SYSTEM_ALIASES_PIPE_TRANSPORT - pipe_transport = SYSTEM_ALIASES_PIPE_TRANSPORT - .endif - .ifdef SYSTEM_ALIASES_DIRECTORY_TRANSPORT - directory_transport = SYSTEM_ALIASES_DIRECTORY_TRANSPORT - .endif -##################################################### -### end router/400_exim4-config_system_aliases -##################################################### -##################################################### -### router/500_exim4-config_hubuser -##################################################### - -### router/500_exim4-config_hubuser -################################# - -.ifdef DCconfig_satellite -# This router is only used for configtype=satellite. -# It takes care to route all mail targetted to -# to the host where we read our mail -# -hub_user: - debug_print = "R: hub_user for $local_part@$domain" - driver = redirect - domains = +local_domains - data = ${local_part}@DCreadhost - check_local_user - -# Grab the redirected mail and deliver it. -# This is a duplicate of the smarthost router, needed because -# DCreadhost might end up as part of +local_domains -hub_user_smarthost: - debug_print = "R: hub_user_smarthost for $local_part@$domain" - driver = manualroute - domains = DCreadhost - transport = remote_smtp_smarthost - route_list = * DCsmarthost byname - host_find_failed = ignore - same_domain_copy_routing = yes - check_local_user -.endif - - -##################################################### -### end router/500_exim4-config_hubuser -##################################################### -##################################################### -### router/600_exim4-config_userforward -##################################################### - -### router/600_exim4-config_userforward -################################# - -# This router handles forwarding using traditional .forward files in users' -# home directories. It also allows mail filtering with a forward file -# starting with the string "# Exim filter" or "# Sieve filter". -# -# The no_verify setting means that this router is skipped when Exim is -# verifying addresses. Similarly, no_expn means that this router is skipped if -# Exim is processing an EXPN command. -# -# The check_ancestor option means that if the forward file generates an -# address that is an ancestor of the current one, the current one gets -# passed on instead. This covers the case where A is aliased to B and B -# has a .forward file pointing to A. -# -# The four transports specified at the end are those that are used when -# forwarding generates a direct delivery to a directory, or a file, or to a -# pipe, or sets up an auto-reply, respectively. -# -userforward: - debug_print = "R: userforward for $local_part@$domain" - driver = redirect - domains = +local_domains - check_local_user - file = $home/.forward - require_files = $local_part:$home/.forward - no_verify - no_expn - check_ancestor - allow_filter - forbid_smtp_code = true - directory_transport = address_directory - file_transport = address_file - pipe_transport = address_pipe - reply_transport = address_reply - skip_syntax_errors - syntax_errors_to = real-$local_part@$domain - syntax_errors_text = \ - This is an automatically generated message. An error has\n\ - been found in your .forward file. Details of the error are\n\ - reported below. While this error persists, you will receive\n\ - a copy of this message for every message that is addressed\n\ - to you. If your .forward file is a filter file, or if it is\n\ - a non-filter file containing no valid forwarding addresses,\n\ - a copy of each incoming message will be put in your normal\n\ - mailbox. If a non-filter file contains at least one valid\n\ - forwarding address, forwarding to the valid addresses will\n\ - happen, and those will be the only deliveries that occur. - -##################################################### -### end router/600_exim4-config_userforward -##################################################### -##################################################### -### router/700_exim4-config_procmail -##################################################### - -procmail: - debug_print = "R: procmail for $local_part@$domain" - driver = accept - domains = +local_domains - check_local_user - transport = procmail_pipe - # emulate OR with "if exists"-expansion - require_files = ${local_part}:\ - ${if exists{/etc/procmailrc}\ - {/etc/procmailrc}{${home}/.procmailrc}}:\ - +/usr/bin/procmail - no_verify - no_expn - -##################################################### -### end router/700_exim4-config_procmail -##################################################### -##################################################### -### router/800_exim4-config_maildrop -##################################################### - -### router/800_exim4-config_maildrop -################################# - -maildrop: - debug_print = "R: maildrop for $local_part@$domain" - driver = accept - domains = +local_domains - check_local_user - transport = maildrop_pipe - require_files = ${local_part}:${home}/.mailfilter:+/usr/bin/maildrop - no_verify - no_expn - -##################################################### -### end router/800_exim4-config_maildrop -##################################################### -##################################################### -### router/850_exim4-config_lowuid -##################################################### - -### router/850_exim4-config_lowuid -################################# - -.ifndef FIRST_USER_ACCOUNT_UID -FIRST_USER_ACCOUNT_UID = 0 -.endif - -.ifndef DEFAULT_SYSTEM_ACCOUNT_ALIAS -DEFAULT_SYSTEM_ACCOUNT_ALIAS = :fail: no mail to system accounts -.endif - -COND_SYSTEM_USER_AND_REMOTE_SUBMITTER = "\ - ${if and{{! match_ip{$sender_host_address}{:@[]}}\ - {<{$local_user_uid}{FIRST_USER_ACCOUNT_UID}}}\ - {1}{0}\ - }" - -lowuid_aliases: - debug_print = "R: lowuid_aliases for $local_part@$domain (UID $local_user_uid)" - check_local_user - driver = redirect - allow_fail - domains = +local_domains - condition = COND_SYSTEM_USER_AND_REMOTE_SUBMITTER - data = ${if exists{CONFDIR/lowuid-aliases}\ - {${lookup{$local_part}lsearch{CONFDIR/lowuid-aliases}\ - {$value}{DEFAULT_SYSTEM_ACCOUNT_ALIAS}}}\ - {DEFAULT_SYSTEM_ACCOUNT_ALIAS}} -##################################################### -### end router/850_exim4-config_lowuid -##################################################### -##################################################### -### router/900_exim4-config_local_user -##################################################### - -### router/900_exim4-config_local_user -################################# - -# This router matches local user mailboxes. If the router fails, the error -# message is "Unknown user". - -local_user: - debug_print = "R: local_user for $local_part@$domain" - driver = accept - domains = +local_domains - check_local_user - local_parts = ! root - transport = LOCAL_DELIVERY - cannot_route_message = Unknown user -##################################################### -### end router/900_exim4-config_local_user -##################################################### -##################################################### -### router/mmm_mail4root -##################################################### - -### router/mmm_mail4root -################################# -# deliver mail addressed to root to /var/mail/mail as user mail:mail -# if it was not redirected in /etc/aliases or by other means -# Exim cannot deliver as root since 4.24 (FIXED_NEVER_USERS) - -mail4root: - debug_print = "R: mail4root for $local_part@$domain" - driver = redirect - domains = +local_domains - data = /var/mail/mail - file_transport = address_file - local_parts = root - user = mail - group = mail - -##################################################### -### end router/mmm_mail4root -##################################################### -##################################################### -### transport/00_exim4-config_header -##################################################### - -###################################################################### -# TRANSPORTS CONFIGURATION # -###################################################################### -# ORDER DOES NOT MATTER # -# Only one appropriate transport is called for each delivery. # -###################################################################### - -# A transport is used only when referenced from a router that successfully -# handles an address. - -begin transports - -mlmmj_transport: - driver = pipe - return_path_add - user = mlmmj - group = mlmmj - home_directory = MLMMJ_HOME - current_directory = MLMMJ_HOME - command = /usr/bin/mlmmj-footer-receive MLMMJ_HOME ${lc:$local_part} - -##################################################### -### end transport/00_exim4-config_header -##################################################### -##################################################### -### transport/10_exim4-config_transport-macros -##################################################### - -### transport/10_exim4-config_transport-macros -################################# - -.ifdef HIDE_MAILNAME -REMOTE_SMTP_HEADERS_REWRITE=*@+local_domains $1@DCreadhost frs : *@ETC_MAILNAME $1@DCreadhost frs -REMOTE_SMTP_RETURN_PATH=${if match_domain{$sender_address_domain}{+local_domains}{${sender_address_local_part}@DCreadhost}{${if match_domain{$sender_address_domain}{ETC_MAILNAME}{${sender_address_local_part}@DCreadhost}fail}}} -.endif - -.ifdef REMOTE_SMTP_HELO_FROM_DNS -.ifdef REMOTE_SMTP_HELO_DATA -REMOTE_SMTP_HELO_DATA==${lookup dnsdb {ptr=$sending_ip_address}{$value}{$primary_hostname}} -.else -REMOTE_SMTP_HELO_DATA=${lookup dnsdb {ptr=$sending_ip_address}{$value}{$primary_hostname}} -.endif -.endif -##################################################### -### end transport/10_exim4-config_transport-macros -##################################################### -##################################################### -### transport/30_exim4-config_address_file -##################################################### - -# This transport is used for handling deliveries directly to files that are -# generated by aliasing or forwarding. -# -address_file: - debug_print = "T: address_file for $local_part@$domain" - driver = appendfile - delivery_date_add - envelope_to_add - return_path_add - -##################################################### -### end transport/30_exim4-config_address_file -##################################################### -##################################################### -### transport/30_exim4-config_address_pipe -##################################################### - -# This transport is used for handling pipe deliveries generated by -# .forward files. If the commands fails and produces any output on standard -# output or standard error streams, the output is returned to the sender -# of the message as a delivery error. -address_pipe: - debug_print = "T: address_pipe for $local_part@$domain" - driver = pipe - return_fail_output - -##################################################### -### end transport/30_exim4-config_address_pipe -##################################################### -##################################################### -### transport/30_exim4-config_address_reply -##################################################### - -# This transport is used for handling autoreplies generated by the filtering -# option of the userforward router. -# -address_reply: - debug_print = "T: autoreply for $local_part@$domain" - driver = autoreply - -##################################################### -### end transport/30_exim4-config_address_reply -##################################################### -##################################################### -### transport/30_exim4-config_mail_spool -##################################################### - -### transport/30_exim4-config_mail_spool - -# This transport is used for local delivery to user mailboxes in traditional -# BSD mailbox format. -# -mail_spool: - debug_print = "T: appendfile for $local_part@$domain" - driver = appendfile - file = /var/mail/$local_part - delivery_date_add - envelope_to_add - return_path_add - group = mail - mode = 0660 - mode_fail_narrower = false - -##################################################### -### end transport/30_exim4-config_mail_spool -##################################################### -##################################################### -### transport/30_exim4-config_maildir_home -##################################################### - -### transport/30_exim4-config_maildir_home -################################# - -# Use this instead of mail_spool if you want to to deliver to Maildir in -# home-directory - change the definition of LOCAL_DELIVERY -# -maildir_home: - debug_print = "T: maildir_home for $local_part@$domain" - driver = appendfile - .ifdef MAILDIR_HOME_MAILDIR_LOCATION - directory = MAILDIR_HOME_MAILDIR_LOCATION - .else - directory = $home/Maildir - .endif - .ifdef MAILDIR_HOME_CREATE_DIRECTORY - create_directory - .endif - .ifdef MAILDIR_HOME_CREATE_FILE - create_file = MAILDIR_HOME_CREATE_FILE - .endif - delivery_date_add - envelope_to_add - return_path_add - maildir_format - .ifdef MAILDIR_HOME_DIRECTORY_MODE - directory_mode = MAILDIR_HOME_DIRECTORY_MODE - .else - directory_mode = 0700 - .endif - .ifdef MAILDIR_HOME_MODE - mode = MAILDIR_HOME_MODE - .else - mode = 0600 - .endif - mode_fail_narrower = false - # This transport always chdirs to $home before trying to deliver. If - # $home is not accessible, this chdir fails and prevents delivery. - # If you are in a setup where home directories might not be - # accessible, uncomment the current_directory line below. - # current_directory = / -##################################################### -### end transport/30_exim4-config_maildir_home -##################################################### -##################################################### -### transport/30_exim4-config_maildrop_pipe -##################################################### - -maildrop_pipe: - debug_print = "T: maildrop_pipe for $local_part@$domain" - driver = pipe - path = "/bin:/usr/bin:/usr/local/bin" - command = "/usr/bin/maildrop" - message_prefix = - message_suffix = - return_path_add - delivery_date_add - envelope_to_add - -##################################################### -### end transport/30_exim4-config_maildrop_pipe -##################################################### -##################################################### -### transport/30_exim4-config_procmail_pipe -##################################################### - -procmail_pipe: - debug_print = "T: procmail_pipe for $local_part@$domain" - driver = pipe - path = "/bin:/usr/bin:/usr/local/bin" - command = "/usr/bin/procmail" - return_path_add - delivery_date_add - envelope_to_add - -##################################################### -### end transport/30_exim4-config_procmail_pipe -##################################################### -##################################################### -### transport/30_exim4-config_remote_smtp -##################################################### - -### transport/30_exim4-config_remote_smtp -################################# -# This transport is used for delivering messages over SMTP connections. - -remote_smtp: - debug_print = "T: remote_smtp for $local_part@$domain" - driver = smtp -.ifdef REMOTE_SMTP_HOSTS_AVOID_TLS - hosts_avoid_tls = REMOTE_SMTP_HOSTS_AVOID_TLS -.endif -.ifdef REMOTE_SMTP_HEADERS_REWRITE - headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE -.endif -.ifdef REMOTE_SMTP_RETURN_PATH - return_path = REMOTE_SMTP_RETURN_PATH -.endif -.ifdef REMOTE_SMTP_HELO_DATA - helo_data=REMOTE_SMTP_HELO_DATA -.endif -.ifdef DKIM_DOMAIN -dkim_domain = DKIM_DOMAIN -.endif -.ifdef DKIM_SELECTOR -dkim_selector = DKIM_SELECTOR -.endif -.ifdef DKIM_PRIVATE_KEY -dkim_private_key = DKIM_PRIVATE_KEY -.endif -.ifdef DKIM_CANON -dkim_canon = DKIM_CANON -.endif -.ifdef DKIM_STRICT -dkim_strict = DKIM_STRICT -.endif -.ifdef DKIM_SIGN_HEADERS -dkim_sign_headers = DKIM_SIGN_HEADERS -.endif -.ifdef TLS_DH_MIN_BITS -tls_dh_min_bits = TLS_DH_MIN_BITS -.endif -.ifdef REMOTE_SMTP_TLS_CERTIFICATE -tls_certificate = REMOTE_SMTP_TLS_CERTIFICATE -.endif -.ifdef REMOTE_SMTP_PRIVATEKEY -tls_privatekey = REMOTE_SMTP_PRIVATEKEY -.endif -##################################################### -### end transport/30_exim4-config_remote_smtp -##################################################### -##################################################### -### transport/30_exim4-config_remote_smtp_smarthost -##################################################### - -### transport/30_exim4-config_remote_smtp_smarthost -################################# - -# This transport is used for delivering messages over SMTP connections -# to a smarthost. The local host tries to authenticate. -# This transport is used for smarthost and satellite configurations. - -remote_smtp_smarthost: - debug_print = "T: remote_smtp_smarthost for $local_part@$domain" - driver = smtp - hosts_try_auth = <; ${if exists{CONFDIR/passwd.client} \ - {\ - ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$host_address}}\ - }\ - {} \ - } -.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS - hosts_avoid_tls = REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS -.endif -.ifdef REMOTE_SMTP_HEADERS_REWRITE - headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE -.endif -.ifdef REMOTE_SMTP_RETURN_PATH - return_path = REMOTE_SMTP_RETURN_PATH -.endif -.ifdef REMOTE_SMTP_HELO_DATA - helo_data=REMOTE_SMTP_HELO_DATA -.endif -.ifdef TLS_DH_MIN_BITS -tls_dh_min_bits = TLS_DH_MIN_BITS -.endif -.ifdef REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE -tls_certificate = REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE -.endif -.ifdef REMOTE_SMTP_SMARTHOST_PRIVATEKEY -tls_privatekey = REMOTE_SMTP_SMARTHOST_PRIVATEKEY -.endif -##################################################### -### end transport/30_exim4-config_remote_smtp_smarthost -##################################################### -##################################################### -### transport/35_exim4-config_address_directory -##################################################### -# This transport is used for handling file addresses generated by alias -# or .forward files if the path ends in "/", which causes it to be treated -# as a directory name rather than a file name. - -address_directory: - debug_print = "T: address_directory for $local_part@$domain" - driver = appendfile - delivery_date_add - envelope_to_add - return_path_add - check_string = "" - escape_string = "" - maildir_format - -##################################################### -### end transport/35_exim4-config_address_directory -##################################################### -##################################################### -### retry/00_exim4-config_header -##################################################### - -###################################################################### -# RETRY CONFIGURATION # -###################################################################### - -begin retry - -##################################################### -### end retry/00_exim4-config_header -##################################################### -##################################################### -### retry/30_exim4-config -##################################################### - -### retry/30_exim4-config -################################# - -# This single retry rule applies to all domains and all errors. It specifies -# retries every 15 minutes for 2 hours, then increasing retry intervals, -# starting at 1 hour and increasing each time by a factor of 1.5, up to 16 -# hours, then retries every 6 hours until 4 days have passed since the first -# failed delivery. - -# Please note that these rules only limit the frequency of retries, the -# effective retry-time depends on the frequency of queue-running, too. -# See QUEUEINTERVAL in /etc/default/exim4. - -# Address or Domain Error Retries -# ----------------- ----- ------- - -* * F,2h,15m; G,16h,1h,1.5; F,4d,6h - -##################################################### -### end retry/30_exim4-config -##################################################### -##################################################### -### rewrite/00_exim4-config_header -##################################################### - -###################################################################### -# REWRITE CONFIGURATION # -###################################################################### - -begin rewrite - -##################################################### -### end rewrite/00_exim4-config_header -##################################################### -##################################################### -### rewrite/31_exim4-config_rewriting -##################################################### - -### rewrite/31_exim4-config_rewriting -################################# - -# This rewriting rule is particularily useful for dialup users who -# don't have their own domain, but could be useful for anyone. -# It looks up the real address of all local users in a file -.ifndef NO_EAA_REWRITE_REWRITE -*@+local_domains "${lookup{${local_part}}lsearch{/etc/email-addresses}\ - {$value}fail}" Ffrs -# identical rewriting rule for /etc/mailname -*@ETC_MAILNAME "${lookup{${local_part}}lsearch{/etc/email-addresses}\ - {$value}fail}" Ffrs -.endif - - -##################################################### -### end rewrite/31_exim4-config_rewriting -##################################################### -##################################################### -### auth/00_exim4-config_header -##################################################### - -###################################################################### -# AUTHENTICATION CONFIGURATION # -###################################################################### - -begin authenticators - - -##################################################### -### end auth/00_exim4-config_header -##################################################### -##################################################### -### auth/30_exim4-config_examples -##################################################### - -### auth/30_exim4-config_examples -################################# - -# The examples below are for server side authentication, when the -# local exim is SMTP server and clients authenticate to the local exim. - -# They allow two styles of plain-text authentication against an -# CONFDIR/passwd file whose syntax is described in exim4_passwd(5). - -# Hosts that are allowed to use AUTH are defined by the -# auth_advertise_hosts option in the main configuration. The default is -# "*", which allows authentication to all hosts over all kinds of -# connections if there is at least one authenticator defined here. -# Authenticators which rely on unencrypted clear text passwords don't -# advertise on unencrypted connections by default. Thus, it might be -# wise to set up TLS to allow encrypted connections. If TLS cannot be -# used for some reason, you can set AUTH_SERVER_ALLOW_NOTLS_PASSWORDS to -# advertise unencrypted clear text password based authenticators on all -# connections. As this is severely reducing security, using TLS is -# preferred over allowing clear text password based authenticators on -# unencrypted connections. - -# PLAIN authentication has no server prompts. The client sends its -# credentials in one lump, containing an authorization ID (which we do not -# use), an authentication ID, and a password. The latter two appear as -# $auth2 and $auth3 in the configuration and should be checked against a -# valid username and password. In a real configuration you would typically -# use $auth2 as a lookup key, and compare $auth3 against the result of the -# lookup, perhaps using the crypteq{}{} condition. - -# plain_server: -# driver = plaintext -# public_name = PLAIN -# server_condition = "${if crypteq{$auth3}{${extract{1}{:}{${lookup{$auth2}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}" -# server_set_id = $auth2 -# server_prompts = : -# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS -# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}} -# .endif - -# LOGIN authentication has traditional prompts and responses. There is no -# authorization ID in this mechanism, so unlike PLAIN the username and -# password are $auth1 and $auth2. Apart from that you can use the same -# server_condition setting for both authenticators. - -# login_server: -# driver = plaintext -# public_name = LOGIN -# server_prompts = "Username:: : Password::" -# server_condition = "${if crypteq{$auth2}{${extract{1}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}" -# server_set_id = $auth1 -# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS -# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}} -# .endif -# -# cram_md5_server: -# driver = cram_md5 -# public_name = CRAM-MD5 -# server_secret = ${extract{2}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}fail}}} -# server_set_id = $auth1 - -# Here is an example of CRAM-MD5 authentication against PostgreSQL: -# -# psqldb_auth_server: -# driver = cram_md5 -# public_name = CRAM-MD5 -# server_secret = ${lookup pgsql{SELECT pw FROM users WHERE username = '${quote_pgsql:$auth1}'}{$value}fail} -# server_set_id = $auth1 - -# Authenticate against local passwords using sasl2-bin -# Requires exim_uid to be a member of sasl group, see README.Debian.gz -# plain_saslauthd_server: -# driver = plaintext -# public_name = PLAIN -# server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}} -# server_set_id = $auth2 -# server_prompts = : -# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS -# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}} -# .endif -# -# login_saslauthd_server: -# driver = plaintext -# public_name = LOGIN -# server_prompts = "Username:: : Password::" -# # don't send system passwords over unencrypted connections -# server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}} -# server_set_id = $auth1 -# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS -# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}} -# .endif -# -# ntlm_sasl_server: -# driver = cyrus_sasl -# public_name = NTLM -# server_realm = -# server_set_id = $auth1 -# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS -# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}} -# .endif -# -# digest_md5_sasl_server: -# driver = cyrus_sasl -# public_name = DIGEST-MD5 -# server_realm = -# server_set_id = $auth1 -# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS -# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}} -# .endif - -# Authentcate against cyrus-sasl -# This is mainly untested, please report any problems to -# pkg-exim4-users@lists.alioth.debian.org. -# cram_md5_sasl_server: -# driver = cyrus_sasl -# public_name = CRAM-MD5 -# server_realm = -# server_set_id = $auth1 -# -# plain_sasl_server: -# driver = cyrus_sasl -# public_name = PLAIN -# server_realm = -# server_set_id = $auth1 -# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS -# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}} -# .endif -# -# login_sasl_server: -# driver = cyrus_sasl -# public_name = LOGIN -# server_realm = -# server_set_id = $auth1 -# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS -# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}} -# .endif - -# Authenticate against courier authdaemon - -# This is now the (working!) example from -# http://www.exim.org/eximwiki/FAQ/Policy_controls/Q0730 -# Possible pitfall: access rights on /var/run/courier/authdaemon/socket. -# plain_courier_authdaemon: -# driver = plaintext -# public_name = PLAIN -# server_condition = \ -# ${extract {ADDRESS} \ -# {${readsocket{/var/run/courier/authdaemon/socket} \ -# {AUTH ${strlen:exim\nlogin\n$auth2\n$auth3\n}\nexim\nlogin\n$auth2\n$auth3\n} }} \ -# {yes} \ -# fail} -# server_set_id = $auth2 -# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS -# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}} -# .endif - -# login_courier_authdaemon: -# driver = plaintext -# public_name = LOGIN -# server_prompts = Username:: : Password:: -# server_condition = \ -# ${extract {ADDRESS} \ -# {${readsocket{/var/run/courier/authdaemon/socket} \ -# {AUTH ${strlen:exim\nlogin\n$auth1\n$auth2\n}\nexim\nlogin\n$auth1\n$auth2\n} }} \ -# {yes} \ -# fail} -# server_set_id = $auth1 -# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS -# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}} -# .endif - -# This one is a bad hack to support the broken version 4.xx of -# Microsoft Outlook Express which violates the RFCs by demanding -# "250-AUTH=" instead of "250-AUTH ". -# If your list of offered authenticators is other than PLAIN and LOGIN, -# you need to adapt the public_name line manually. -# It has to be the last authenticator to work and has not been tested -# well. Use at your own risk. -# See the thread entry point from -# http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050214/msg00213.html -# for the related discussion on the exim-users mailing list. -# Thanks to Fred Viles for this great work. - -# support_broken_outlook_express_4_server: -# driver = plaintext -# public_name = "\r\n250-AUTH=PLAIN LOGIN" -# server_prompts = User Name : Password -# server_condition = no -# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS -# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}} -# .endif - -############## -# See /usr/share/doc/exim4-base/README.Debian.gz -############## - -# These examples below are the equivalent for client side authentication. -# They get the passwords from CONFDIR/passwd.client, whose format is -# defined in exim4_passwd_client(5) - -# Because AUTH PLAIN and AUTH LOGIN send the password in clear, we -# only allow these mechanisms over encrypted connections by default. -# You can set AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS to allow unencrypted -# clear text password authentication on all connections. - -cram_md5: - driver = cram_md5 - public_name = CRAM-MD5 - client_name = ${extract{1}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}} - client_secret = ${extract{2}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}} - -# this returns the matching line from passwd.client and doubles all ^ -PASSWDLINE=${sg{\ - ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}\ - }\ - {\\N[\\^]\\N}\ - {^^}\ - } - -plain: - driver = plaintext - public_name = PLAIN -.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS - client_send = "<; ${if !eq{$tls_out_cipher}{}\ - {^${extract{1}{:}{PASSWDLINE}}\ - ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}\ - }fail}" -.else - client_send = "<; ^${extract{1}{:}{PASSWDLINE}}\ - ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}" -.endif - -login: - driver = plaintext - public_name = LOGIN -.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS - # Return empty string if not non-TLS AND looking up $host in passwd-file - # yields a non-empty string; fail otherwise. - client_send = "<; ${if and{\ - {!eq{$tls_out_cipher}{}}\ - {!eq{PASSWDLINE}{}}\ - }\ - {}fail}\ - ; ${extract{1}{::}{PASSWDLINE}}\ - ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}" -.else - # Return empty string if looking up $host in passwd-file yields a - # non-empty string; fail otherwise. - client_send = "<; ${if !eq{PASSWDLINE}{}\ - {}fail}\ - ; ${extract{1}{::}{PASSWDLINE}}\ - ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}" -.endif -##################################################### -### end auth/30_exim4-config_examples -##################################################### diff --git a/misc/move/exim4.filter b/misc/move/exim4.filter deleted file mode 100644 index 4f87a5b..0000000 --- a/misc/move/exim4.filter +++ /dev/null @@ -1,2 +0,0 @@ -if $message_body contains "DISCARD_THIS_MAIL" and not error_message -then seen finish endif diff --git a/misc/move/foot_filter/Makefile b/misc/move/foot_filter/Makefile deleted file mode 100644 index eb22bc9..0000000 --- a/misc/move/foot_filter/Makefile +++ /dev/null @@ -1,14 +0,0 @@ -all: foot_filter -dev: tags splint foot_filter -.PHONY: splint clean clobber -tags: foot_filter.c - ctags --excmd=number '--regex-c=-/\*[[:blank:]]*tag:[[:blank:]]*([[:alnum:]_]+)-\1-' foot_filter.c -splint: - splint +unixlib -exitarg -initallelements foot_filter.c -foot_filter: foot_filter.c - gcc -Wall -g -o foot_filter foot_filter.c -O3 -clean: - -rm tags -clobber: clean - -rm foot_filter - -rm test diff --git a/misc/move/foot_filter/foot_filter.c b/misc/move/foot_filter/foot_filter.c deleted file mode 100644 index 6bbbff7..0000000 --- a/misc/move/foot_filter/foot_filter.c +++ /dev/null @@ -1,2685 +0,0 @@ -/* - -foot_filter.c - -(C) 2010 Ben Schmidt - -This Source Code Form is subject to the terms of the Mozilla Public License -Version 2.0. If a copy of the MPL was not distributed with this file, You can -obtain one at http://mozilla.org/MPL/2.0/. - -*/ - -// Check out the -V option; it outputs this and more -#define FOOT_FILTER_VERSION "foot_filter version 1.2, (C) 2010 Ben Schmidt" - -static const char * USAGE="\n\ -usage: foot_filter [-p plain_footer_file] [-h html_footer_file]\n\ - [{-P|-H} mime_footer_file] [-s]\n\ - foot_filter -V\n\ -\n\ -plain_footer_file, if present, will be appended to mails with plain text\n\ -sections only. Similarly, html_footer_file. If mime_footer_file (either\n\ -plain, -P, or HTML, -H) is given, it will be used when a mail with\n\ -alternative formats is encountered, or if the footer for the relevant\n\ -type of mail is not present; a new MIME section will be added.\n\ -\n\ --s turns on smart mode which endeavours to remove included/quoted copies of\n\ -the (or a similar) footer by surrounding the footer with patterns it later\n\ -recognises. It also endeavours to strip 'padding' surrounding the old\n\ -footers to make things as clean as possible. This includes whitespace\n\ -(including ' ' and '
'), '>' quoting characters, various pairs of\n\ -HTML tags (p, blockquote, div, span, font; it's naive, it doesn't check\n\ -tags in between are balanced at all, so in '

prefix

suffix

' the\n\ -first and last tags are paired), and even horizontal rules when inside\n\ -paired tags (e.g. use '
footer
'). If the smart strings are\n\ -found in the footer, they won't be added by the program, so you have the\n\ -necessary control to do this.\n\ -\n\ -New footers are added prior to trailing whitespace and a few closing html\n\ -tags (body, html) as well. You almost certainly want to begin your footer\n\ -with an empty line because of this.\n\ -\n\ -Since these alterations, by their very nature, break signed mail,\n\ -signatures are removed while processing. To keep some value from signatures,\n\ -have the MTA verify them and add a header (or even supply an alternative\n\ -footer to this program), and resign them to authenticate they came from the\n\ -mailing list directly after the signature verification was done and recorded.\n\ -Or don't use these kinds of transformations at all.\n\ -\n\ --V shows the version and exits.\n\ -\n\ -Program is running now. Send EOF or interrupt to stop it. To avoid this usage\n\ -message if wanting to run without arguments, use '--' as an argument.\n\ -\n"; - -/* - -This is a fairly simple program not expecting much extension. As such, some -liberties have been taken and some fun has been had by the author. Correctness -has been prioritised in design, but speed and efficiency have been taken into -consideration and prioritised above readability and modularity and other such -generally recommended programming practices. If making changes, great care -should be taken to understand how and where (everywhere) globals are used -before making them. Don't try to modify the program without understanding how -the whole thing works together or you will get burnt. You have been warned. - -Relevant RFCs: -http://www.ietf.org/rfc/rfc2015.txt -http://www.ietf.org/rfc/rfc3851.txt -http://www.ietf.org/rfc/rfc2045.txt -http://www.ietf.org/rfc/rfc2046.txt -http://www.ietf.org/rfc/rfc822.txt -http://www.ietf.org/rfc/rfc2183.txt - -For program configuration, see the 'constants' section below. - -Also see code comments throughout. - -Future possibilities: - -- Saving copies of original mail in 'semi-temp' files for debugging. - -- Stripping attachments and save them (e.g. in a location that can become a - 'files uploaded' section on a website). Replace them with links to the - website, even. - -- Making the prefixes, suffixes, replacements, padding, guts, pairs, - configurable at runtime. - -- Attaching signed mail, or wrapping in a multipart rather than removing - signatures; wouldn't be hard if always using MIME footers. - -- Following a script to allow various other header transformations (addition, - removal, etc.), or other transformations. - -- Prologues as well as or instead of footers. - -*/ - -/* tag: includes */ - -#include -#include -#include -#include -#include -#include -#include -#include - -/* tag: typedefs */ - -// splint has bools, but C doesn't! -#ifndef S_SPLINT_S -typedef int bool; -#define false (0) -#define true (1) -#endif - -// This is mostly to be able to include splint annotations -typedef /*@null@*//*@observer@*/ const char * const_null_string; -typedef /*@null@*/ char * null_string; -typedef /*@null@*//*@owned@*/ char * owned_null_string; -typedef /*@null@*//*@dependent@*/ char * dependent_null_string; - -// 'Callbacks'; they communicate primarily using globals, see below -typedef bool (*callback_t)(); -typedef void (*function_t)(); - -// For fill() -typedef enum { - echo, - encode, - shunt, - discard, - stop, - fail -} when_full_t; - -// Various places -typedef enum { - unencoded, - quoted_printable, - base64 -} encoding_t; - -// For returning multiple characters, and a request to delete backlog -// when decoding -typedef struct { - int r; - int c1; - int c2; - int c3; -} decode_t; - -/* tag: constants */ - -/* tag: header_constants */ - -// How many MIME Content- headers we expect, maximum, in a mail. If we have -// more than that, we won't be able to process MIME so well, but we won't fail -// catastrophically. -#define mime_headers_max 16 - -/* tag: footer_constants */ - -// Stuff for processing the footer's smart removal and (smart or not) -// insertion - -static const char * plain_prefix = "------~----------"; -static const char * plain_suffix = "------~~---------"; -static const char * plain_replacement = "\r\n\r\n"; -static const_null_string plain_tails[] = { - " ","\t","\r","\n", - NULL -}; -static const_null_string plain_padding[] = { - ">"," ","\t","\r","\n", - NULL -}; -static const_null_string plain_guts[] = { - NULL -}; -static const_null_string plain_pairs[] = { - NULL -}; - -static const char * html_prefix = "------~----------"; -static const char * html_suffix = "------~~---------"; -static const char * html_replacement = "\r\n

\r\n"; -static const_null_string html_tails[] = { - "","","","", - " "," ","&NBSP;","\t","\r","\n", - "
","
","
","
","
","
", - NULL -}; -static const_null_string html_padding[] = { - ">",">", - " "," ","&NBSP;","\t","\r","\n", - "
","
","
","
","
","
", - NULL -}; -static const_null_string html_guts[] = { - // These are removed in an attempt to make a pair - "
","
","
","
","
","
", - " "," ","&NBSP;","\t","\r","\n", - "
","
","
","
","
","
", - NULL -}; -static const_null_string html_pairs[] = { - // Closing part (or NULL to mark no more), end of opening part, - // start of opening part, NULL - // The search strategy is fairly naive; if it finds the closing part, - // it checks for the end of the opening part; if it finds that, it - // searches back for the first character of each of the opening part - // variants, and if that character is found and is the beginning of the - // whole variant, it removes the pair. - "

",">","

","

",">","

","

",">","

","
",">","
","
",">","
","
",">","
","
",">","","",">","","",">","","",">","","0,"unexpected commandline argument"); - // Load footers - if (plain_footer_file!=NULL) - load_footer(&plain_footer,&plain_footer_buffer, - plain_footer_file, - smart_footer?plain_prefix:NULL,smart_footer?plain_suffix:NULL); - if (html_footer_file!=NULL) - load_footer(&html_footer,&html_footer_buffer, - html_footer_file, - smart_footer?html_prefix:NULL,smart_footer?html_suffix:NULL); - if (mime_footer_file!=NULL) - load_footer(&mime_footer,&mime_footer_buffer, - mime_footer_file,NULL,NULL); - // Do the job - process_section(true,true,NULL); - // Finish - if (plain_footer_buffer!=NULL) free(plain_footer_buffer); - if (html_footer_buffer!=NULL) free(html_footer_buffer); - if (mime_footer_buffer!=NULL) free(mime_footer_buffer); - exit(EX_OK); -} - -static void load_footer(/*@out@*//*@shared@*/ char ** footer, - /*@reldef@*/ char ** footer_buffer, - char * file, - /*@unique@*/ const_null_string prefix, - /*@unique@*/ const_null_string suffix) { - FILE * f; - int prefixl=0, footerl=0, suffixl=0; - char * ff; - if (prefix!=NULL&&suffix!=NULL) { - prefixl=(int)strlen(prefix); - suffixl=(int)strlen(suffix); - } - f=fopen(file,"r"); - resort_to_errno(f==NULL,"error opening footer file",EX_NOINPUT); - resort_to_errno(fseek(f,0,SEEK_END)!=0, - "error seeking end of footer file",EX_IOERR); - resort_to_errno((footerl=(int)ftell(f))==-1, - "error finding footer length",EX_IOERR); - resort_to_errno(fseek(f,0,SEEK_SET)!=0, - "error seeking in footer file",EX_IOERR); - // prefix, \n, footer, \n, suffix, \0 - *footer_buffer=alloc_or_exit(sizeof(char)*(prefixl+footerl+suffixl+3)); - *footer=*footer_buffer; - *footer+=prefixl+1; - resort_to_errno(fread(*footer,1,(size_t)footerl,f)<(size_t)footerl, - "error reading footer",EX_IOERR); - // We strip off a single trailing newline to keep them from accumulating - // but to allow the user the option of adding them if desired - if ((*footer)[footerl-1]=='\n') --footerl; - (*footer)[footerl]='\0'; - if (prefix==NULL||suffix==NULL) return; - // Put in the prefix and suffix as necessary - ff=strstr(*footer,prefix); - if (ff!=NULL) { - ff=strstr(ff,suffix); - if (ff!=NULL) return; - (*footer)[footerl]='\n'; - ++footerl; - strcpy(*footer+footerl,suffix); - (*footer)[footerl+suffixl]='\0'; - } else { - ff=strstr(*footer,suffix); - if (ff==NULL) { - (*footer)[footerl]='\n'; - ++footerl; - strcpy(*footer+footerl,suffix); - (*footer)[footerl+suffixl]='\0'; - } - *footer-=prefixl+1; - strcpy(*footer,prefix); - (*footer)[prefixl]='\n'; - } -} - -// Should be called with the boundary for the section as lookahead -// in the buffer, but nothing more, and no lookbehind. -static void process_section(bool add_footer, - bool can_reenvelope, /*@null@*/ bool * parent_needs_footer) { - char * external=NULL; - char * internal=NULL; - char * generated=NULL; - bool reenveloping=false; - bool child_needed_footer=false; - bool needs_footer=false; - bool unsigning=false; - if (parent_needs_footer!=NULL) *parent_needs_footer=false; - // The headers must be read, saved and echoed before making any - // recursive calls, as I'm naughty and using globals. - read_boundary(&external); - read_and_save_mime_headers(); - if (mime_bad) { - // If an error, just resort to echoing - echo_buffer(); // Boundary and headers - // End headers with the extra line break - resort_to_errno(putstr("\r\n")==EOF, - "error echoing string",EX_IOERR); - free_saved_mime_headers(); - // Body - echo_to_boundary(external); - free(external); - return; - } - // Headers determining we skip this section - if (is_signature()) { - skip_buffer(); // Boundary and headers - skip_to_boundary(external); - return; - } - // Header processing - if (is_signed()) unsigning=true; - if (unsigning) change_to_mixed(); - if (add_footer&&mime_footer!=NULL&&( - is_alternative()||(is_multipart(NULL)&&!is_mixed())|| - (is_plain()&&plain_footer==NULL)|| - (is_html()&&html_footer==NULL) - )) { - add_footer=false; - if (can_reenvelope) { - reenveloping=true; - remove_mime_headers(); - } else if (parent_needs_footer!=NULL) *parent_needs_footer=true; - } - // Headers - echo_buffer(); // Boundary and possibly modified headers - if (reenveloping) { - generate_boundary(&generated); - output_mime_mixed_headers(generated); - output_prolog(); - output_boundary(generated); - output_saved_mime_headers(); - } - // End the headers with the extra line break - resort_to_errno(putstr("\r\n")==EOF, - "error echoing string",EX_IOERR); - // Body processing - if (is_multipart(&internal)) { - // This branch frees the MIME headers before recursing. - // Don't include the prolog if it used to be signed; - // it usually says something like 'this message is signed' - if (unsigning) { - skip_to_boundary(internal); - resort_to_errno(putstr("\r\n")==EOF, - "error echoing string",EX_IOERR); - } else { - echo_to_boundary(internal); - } - // The recursive call needs these globals - free_saved_mime_headers(); - while (!at_final_boundary(internal)) { - process_section(add_footer,false,&child_needed_footer); - if (child_needed_footer) needs_footer=true; - } - if (needs_footer) output_mime_footer(internal); - free(internal); - echo_to_boundary(external); - } else { - // This branch frees the MIME headers at the end - if (!is_attachment()&&( - (is_plain()&&plain_footer!=NULL)|| - (is_html()&&html_footer!=NULL))) { - // alternatively - // if (!is_attachment()&&( - // (is_plain()&&((add_footer&&plain_footer!=NULL)||smart_footer))|| - // (is_html()&&((add_footer&&html_footer!=NULL)||smart_footer)))) { - if (is_plain()) { - process_text_section(add_footer,plain_footer, - plain_prefix,plain_suffix,plain_replacement, - plain_tails,plain_padding,plain_guts,plain_pairs,external); - } else { - process_text_section(add_footer,html_footer, - html_prefix,html_suffix,html_replacement, - html_tails,html_padding,html_guts,html_pairs,external); - } - } else { - echo_to_boundary(external); - } - free_saved_mime_headers(); - } - // MIME stuff is freed now; take care not to use it. - /*@-branchstate@*/ - if (reenveloping) { - // We ensure generated is not null in another if(reenveloping) - // conditional above - /*@-nullpass@*/ - output_mime_footer(generated); - output_final_boundary(generated); - free(generated); - /*@=nullpass@*/ - } - /*@=branchstate@*/ - free(external); -} - -/* tag: header_functions */ - -static inline void read_and_save_mime_headers() { - /*@-mustfreeonly@*/ - mime_bad=false; - // Mark current end of buffer - buffer_mark=buffer_read; - buffer_marked=true; - for (;;) { - do { - // Extend current header until beginning of next - callback_bool=false; - (void)fill(until_eol,shunt); - if (buffer_filled==buffer_read) { - // We probably hit EOF; just get out, and the whole - // mail will end up echoed out - warning("unexpected end of input"); - break; - } - (void)look(one_char,buffer_read,false); - if (callback_int==(int)' '||callback_int==(int)'\t') { - // Continuation of previous header; read it - read_buffer(); - continue; - } - // Start of new header; don't read it; process the old one - // (from the mark to the end of the lookbehind) - break; - } while (true); - // Process the old header, if there is one - if (buffer_mark0) { - if (*h=='\0') break; - if (*h=='\\') { - ++h; - if (*h=='\0') break; - } - else if (*h=='(') ++levels; - else if (*h==')') --levels; - ++h; - } - if (!delimiting(*h,ext)&&!delimiting(*(hh-1),ext)) { - // Put in some whitespace if something delimiting isn't - // coming and hasn't just been - *hh=' '; - ++hh; - } - continue; - } else if (*h=='"'||*h=='[') { - if (*h=='[') close=']'; - else close='"'; - *hh=*h; - ++h; ++hh; - hhh=hh; - while (*h!='\0'&&*h!=close) { - if (*h=='\\') { - *hh=*h; - ++hh; ++h; - if (*h=='\0') break; - if (*h=='\r'&&*(h+1)=='\n') { - *hh=*h; ++hh; ++h; - *hh=*h; ++hh; ++h; - if (*h=='\0') break; - ++hh; ++h; - continue; - } - } else if (*h==(char)8) { - --hh; ++h; - if (hh'||c=='@'|| - c==','||c==';'||c==':'||c=='\\'||c=='"'|| - c=='.'||c=='['||c==']'|| - (ext&&(c=='/'||c=='='||c=='?'))); -} -static inline void remove_mime_headers() { - int h; - for (h=0;h0, - "internal error: unexpected data in buffer",EX_SOFTWARE); - set_decoding_type(); - encoding=decoding; - decode_and_read_to_boundary_encoding_when_full(boundary); - if (smart_footer&&footer!=NULL) { - // alternatively - // if (smart_footer) { - for (;;) { - prefix_pos=pos_of(prefix,0,buffer_read); - if (prefix_pos==EOF) break; - suffix_pos=pos_of(suffix,prefix_pos,buffer_read); - if (suffix_pos==EOF) break; - for (;;) { - later_prefix_pos= - pos_of(prefix,prefix_pos+prefixl,suffix_pos-prefixl); - if (later_prefix_pos!=EOF) prefix_pos=later_prefix_pos; - else break; - } - suffix_pos+=suffixl; - pad(padding,guts,pairs,&prefix_pos,&suffix_pos); - replacement_starts[replacements_count]=prefix_pos; - replacement_ends[replacements_count]=suffix_pos; - // We may not want the last replacement so replace - // with nothing first - replacement_strings[replacements_count]=NULL; - ++replacements_count; - // We want the last replacement; encode it now before - // doing any more encoding - if (removed_footers) encode_string(replacement); - encode_replacements(); - removed_footers=true; - } - } - if (*boundary!='\0'&&(decoding==quoted_printable||decoding==unencoded)) { - // If we're not using base64 encoding, and we're in multipart, there - // will be a final CRLF that is part of the input but logically part of - // the boundary, not the text. Removing the footer may have already - // removed it, so we need to check if it's here or not. - if (buffer_read>1) { - callback_compare="\r\n"; - (void)look(comparing_head,buffer_read-2,false); - callback_compare=NULL; - if (callback_bool) boundary_newline=true; - } - } - if (add_footer&&footer!=NULL) { - // This will skip past the boundary newline - mark_tail(tails); - if (removed_footers&&buffer_mark==0) { - // The last replacement coincides with where the footer - // is going to go; don't use the replacement text. - removed_footers=false; - } - } - if (removed_footers) encode_string(replacement); - if (add_footer&&footer!=NULL) { - if (buffer_mark0) (void)empty(until_no_buffer); -} -static inline void echo_lookbehind() { - make_replacements(echoing_one_char,echoing_until_start_marked); - if (buffer_read>0) (void)empty(echoing_until_no_lookbehind); -} -static inline void encode_lookbehind() { - make_replacements(encoding_one_char,encoding_until_start_marked); - if (buffer_read>0) (void)empty(encoding_until_no_lookbehind); -} -static inline void encode_replacements() { - make_replacements(encoding_one_char,encoding_until_start_marked); -} -static inline void make_replacements(callback_t one_char, - callback_t start_marked) { - int r, minr=0; - const char * c; - if (buffer_read==0) return; - buffer_marked=false; - while (replacements_count>0) { - for (r=0;r0) (void)empty(start_marked); - c = replacement_strings[minr]; - if (c!=NULL) { - while (*c!='\0') { - buffer_char=(int)(unsigned int)*c; - (void)(*one_char)(); - ++c; - } - } - buffer_marked=true; - buffer_mark=replacement_ends[minr]; - for (r=0;r0) (void)empty(until_start_marked); - for (r=minr;r0) (void)empty(encoding_until_start_marked); -} -static inline void echo_disk_buffer() { - if (disk_buffer_filled>0) (void)empty(echoing_until_no_disk_buffer); -} -static inline void encode_disk_buffer() { - if (disk_buffer_filled>0) (void)empty(encoding_until_no_disk_buffer); -} -static inline void skip_disk_buffer() { - if (disk_buffer_filled>0) (void)empty(until_no_disk_buffer); -} -static inline void read_boundary(/*@out@*/ char ** boundary) { - int l=0; - if (buffer_filled>buffer_read) { - callback_bool=false; - callback_int=0; - resort_to_exit(!look(counting_until_eol,buffer_read,false), - "internal error: missing eol at section boundary",EX_SOFTWARE); - l=callback_int-2; // remove the CRLF, but keep the leading '--' - } - // Leave room to append a trailing '--' for testing final boundary; - // the CRLF will be written in this space by saving_until_eol too. - *boundary = alloc_or_exit(sizeof(char)*(l+3)); - if (buffer_filled>buffer_read) { - callback_bool=false; - callback_save=*boundary; - (void)look(saving_until_eol,buffer_read,false); - callback_save=NULL; - } - (*boundary)[l]='\0'; - if (buffer_filled>buffer_read) { - callback_bool=false; - (void)look(until_eol,buffer_read,true); - } -} -static inline void echo_to_boundary(const char * boundary) { - do { - echo_buffer(); - } while (!process_one_line_checking_boundary( - echoing_n_chars,NULL,until_eol,echo,boundary)); -} -static inline void skip_to_boundary(const char * boundary) { - do { - skip_buffer(); - } while (!process_one_line_checking_boundary( - n_chars,NULL,until_eol,discard,boundary)); -} -static inline void decode_and_read_to_boundary_encoding_when_full( - const char * boundary) { - do { - read_buffer(); - } while (!process_one_line_checking_boundary( - encoding_n_chars,decode_lookahead, - decoding_until_eol,encode,boundary)); - finish_decoding(); // This just sets state, doesn't change data -} -static inline bool process_one_line_checking_boundary(callback_t n_chars, - /*@null@*/ function_t process, callback_t processing, - when_full_t when_full, const char * boundary) { - bool stopped_by_design; - if (feof(stdin)!=0) { - // We're done! Call it a boundary (even if it isn't--we need to - // get out of loops cleanly and tidy up as best we can). - return true; - } - // Empty until enough space for boundary - if (mem_buffer_size-mem_buffer_filled<80) { - callback_int=80-(mem_buffer_size-mem_buffer_filled); - (void)empty(n_chars); - } - callback_bool=false; - stopped_by_design=fill(until_eol,stop); - if (stopped_by_design||feof(stdin)!=0) { - if (buffer_filled-buffer_read==0) { - return *boundary=='\0'; - } - callback_bool=false; - if (*boundary!='\0') { - // Can only be at a boundary without being at EOF if there - // really is a boundary - /*@-temptrans@*/ - callback_compare=boundary; - /*@=temptrans@*/ - (void)look(comparing_head,buffer_read,false); - callback_compare=NULL; - } - if (!callback_bool&&process!=NULL) (*process)(); - return callback_bool; - } else { - // Line is too long to be a boundary, so must be decoded - if (process!=NULL) (*process)(); - callback_bool=false; - (void)fill(processing,when_full); - return false; - } -} - -// Return the position of text whose start may occur in the buffer -// anywhere between from and (just before) to. Use EOF for from to -// go from current location; use EOF for to to read indefinitely; -// EOF is returned if text is not found. -static int pos_of(const char * text,int from,int to) { - int saved_buffer_read; - int pos=EOF; - if (*text=='\0') return from; - saved_buffer_read=buffer_read; - if (from!=EOF) buffer_read=from; - callback_match=(int)(unsigned int)*text; - for (;;) { - if (to!=EOF) { - callback_int=to-buffer_read; - if (!look(n_chars_until_match,buffer_read,true)) break; - } else { - if (!look(until_match,buffer_read,true)) break; - } - if (!callback_bool) break; - /*@-temptrans@*/ - callback_compare=text+1; - /*@=temptrans@*/ - (void)look(comparing_head,buffer_read,false); - callback_compare=NULL; - if (callback_bool) { - // Include the first character - pos=buffer_read-1; - break; - } - } - buffer_read=saved_buffer_read; - return pos; -} - -// Look at characters in the buffer, starting at offset from, -// 'reading' if so indicated (and looking at that location). -// The callback is called after updating the reading pointer -// and placing the character in the buffer. The character is -// also passed by means of the buffer_char global. -// EOF is sent to the callback when we run out of data. -// There is no automatic attempt to fill the buffer. -// The callback should return a boolean indicating whether -// to continue. This function will return true if the callback -// indicated to stop (including if it so indicated on EOF), or -// false if it stopped for EOF. -// We always call the callback at least once, so don't call -// this function at all unless you definitely want to look -// at something. -static bool look(callback_t callback,int from,bool read) { - int pos=from; - int disk_buffer_pos; - char * mem_buffer_pos; - if (pos=mem_buffer_end) mem_buffer_pos-=mem_buffer_size; - while (pos=disk_buffer_filled) { - mem_buffer_pos=mem_buffer_next_empty+(pos-disk_buffer_filled); - if (mem_buffer_pos>=mem_buffer_end) mem_buffer_pos-=mem_buffer_size; - while (pos>=disk_buffer_filled) { - buffer_char=(int)(unsigned int)*mem_buffer_pos; - if (!(*callback)()) return true; - --mem_buffer_pos; - if (mem_buffer_pos==mem_buffer_start-1) - mem_buffer_pos=mem_buffer_end-1; - if (mark&&pos==buffer_mark) --buffer_mark; - --pos; - } - } - if (pos>=0&&disk_buffer_filled>0) { - disk_buffer_pos=disk_buffer_start+pos; - // Reading backwards in the disk buffer is potentially very nasty; - // hopefully it never actually happens - while (pos>=0) { - /*@-nullpass@*/ - resort_to_errno(fseek(disk_buffer,disk_buffer_pos,SEEK_SET)!=0, - "error seeking in temporary file",EX_IOERR); - disk_buffer_sought=disk_buffer_pos; - buffer_char=getc(disk_buffer); - /*@=nullpass@*/ - resort_to_errno(buffer_char==EOF, - "error reading temporary file",EX_IOERR); - ++disk_buffer_sought; - if (!(*callback)()) return true; - --disk_buffer_pos; - if (mark&&pos==buffer_mark) --buffer_mark; - --pos; - } - } - if (mark&&buffer_mark==-1) { - buffer_mark=0; - buffer_marked=false; - } - // We don't call the callback on EOF when going backwards - // buffer_char=EOF; - // (void)(*callback)(); - return false; -} -// Remove characters from the (beginning of the) buffer. The same -// general principles as for look() apply. The callback is called -// after the character is removed and all accounting has been done, so -// perhaps the only place you can reliably find the character is in -// the buffer_char global. Again the callback gets an EOF call if -// there's nothing more to empty, and no automatic filling is done. -// The callback and function return values are as for look() and -// again, the callback is always called at least once; this means at -// least one character is always removed from the buffer, so only call -// the function if something definitely should be removed. -static bool empty(callback_t callback) { - if (disk_buffer_filled>0) { - if (disk_buffer_sought!=disk_buffer_start) { - /*@-nullpass@*/ - resort_to_errno(fseek(disk_buffer,disk_buffer_start,SEEK_SET)!=0, - "error seeking in temporary file",EX_IOERR); - /*@=nullpass@*/ - disk_buffer_sought=disk_buffer_start; - } - while (disk_buffer_filled>0) { - /*@-nullpass@*/ - buffer_char=getc(disk_buffer); - /*@=nullpass@*/ - resort_to_errno(buffer_char==EOF, - "error reading temporary file",EX_IOERR); - ++disk_buffer_sought; - ++disk_buffer_start; - --disk_buffer_filled; - --buffer_filled; - if (buffer_read>0) --buffer_read; - if (buffer_marked) { - if (buffer_mark>0) --buffer_mark; - else buffer_marked=false; - } - if (!(*callback)()) return true; - } - } - while (mem_buffer_filled>0) { - buffer_char=(int)(unsigned int)*mem_buffer_next_empty; - ++mem_buffer_next_empty; - if (mem_buffer_next_empty==mem_buffer_end) mem_buffer_next_empty=mem_buffer_start; - --mem_buffer_filled; - --buffer_filled; - if (buffer_read>0) --buffer_read; - if (buffer_marked) { - if (buffer_mark>0) --buffer_mark; - else buffer_marked=false; - } - if (!(*callback)()) return true; - } - buffer_char=EOF; - if (!(*callback)()) return true; - return false; -} -// Get more characters into the (end of the) buffer. The same -// general principles as for look() apply. The callback is called -// after the character is added and all accounting has been done, -// gets the character via buffer_char, including an EOF when no more -// input is available (EOF on stdin). It should return whether to get -// more characters, and this function will return whether its exit was -// requested by the callback or not (the callback may signal EOF is -// an appropriate place to stop and we still return true). -// When the buffer is full there are a number of automatic options -// echo old the data to stdout or call encodechar for it one character -// at a time; shunt a block off to disk, keeping mem_buffer_keep in -// memory, discard it a character at a time, stop (and return false; -// no EOF call is made), or fail (exit). Here 'full' is defined as -// less than mem_buffer_margin of space after adding the most recent -// character, so there is always a bit of space for callbacks to do -// input transformations. Again, at least one character is always -// added (if possible), and thus consumed from stdin, so only call this -// if you really want to do that. -static bool fill(callback_t callback, when_full_t when_full) { - if (feof(stdin)!=0) { - buffer_char=EOF; - if (!(*callback)()) return true; - return false; - } - for (;;) { - /*@-infloops@*/ - while (mem_buffer_filled>=mem_buffer_size-mem_buffer_margin) { - switch (when_full) { - case echo: - if (disk_buffer_filled>0) echo_disk_buffer(); - (void)empty(echoing_one_char); - break; - case encode: - if (disk_buffer_filled>0) encode_disk_buffer(); - (void)empty(encoding_one_char); - break; - case discard: - if (disk_buffer_filled>0) skip_disk_buffer(); - (void)empty(one_char); - break; - case shunt: - shunt_to_disk(mem_buffer_filled-mem_buffer_keep); - break; - case stop: - return false; - case fail: default: - resort_to_exit(true,"buffer full",EX_SOFTWARE); - } - } - /*@=infloops@*/ - buffer_char=get(); - if (buffer_char==EOF) { - resort_to_errno(ferror(stdin)!=0,"error reading input",EX_IOERR); - if (!(*callback)()) return true; - return false; - } - *mem_buffer_next_fill=(char)buffer_char; - ++mem_buffer_next_fill; - if (mem_buffer_next_fill==mem_buffer_end) mem_buffer_next_fill=mem_buffer_start; - ++mem_buffer_filled; - ++buffer_filled; - if (!(*callback)()) return true; - } -} - -static inline void create_disk_buffer() { - int fildes; - fildes=mkstemp(disk_buffer_template); - resort_to_errno(fildes==-1, - "cannot create temporary file",EX_CANTCREAT); - disk_buffer=fdopen(fildes,"rw"); - resort_to_errno(disk_buffer==NULL, - "cannot create temporary stream",EX_CANTCREAT); -} -static void remove_disk_buffer() { - if (disk_buffer!=NULL) { - resort_to_warning(fclose(disk_buffer)!=0, - "error closing temporary file"); - disk_buffer=NULL; - resort_to_warning(unlink(disk_buffer_template)!=0, - "error removing temporary file"); - } -} -static inline void shunt_to_disk(int n) { - if (disk_buffer==NULL) create_disk_buffer(); - if (disk_buffer_sought!=disk_buffer_start+disk_buffer_filled) { - disk_buffer_sought=disk_buffer_start+disk_buffer_filled; - /*@-nullpass@*/ - resort_to_errno(fseek(disk_buffer, - disk_buffer_start+disk_buffer_filled,SEEK_SET)!=0, - "cannot seek to end of temporary file",EX_IOERR); - /*@=nullpass@*/ - } - while (n>0) { - resort_to_exit(mem_buffer_filled==0, - "internal error: shunting too much to disk",EX_SOFTWARE); - /*@-nullpass@*/ - resort_to_errno(putc(*mem_buffer_next_empty,disk_buffer)==EOF, - "error writing to temporary file",EX_IOERR); - /*@=nullpass@*/ - ++disk_buffer_sought; - ++disk_buffer_filled; - ++mem_buffer_next_empty; - if (mem_buffer_next_empty==mem_buffer_end) mem_buffer_next_empty=mem_buffer_start; - --mem_buffer_filled; - --n; - } -} - -/* tag: callback_functions */ - -static bool one_char() { - callback_int=buffer_char; - return false; -} -static bool echoing_one_char() { - if (buffer_char!=EOF) { - resort_to_errno(put(buffer_char)==EOF,"error echoing",EX_IOERR); - } - callback_int=buffer_char; - return false; -} -static bool encoding_one_char() { - if (buffer_char!=EOF) encodechar(buffer_char); - callback_int=buffer_char; - return false; -} -// Set up callback_int before using this. -static bool n_chars() { - return --callback_int>0; -} -// Set up callback_int before using this. -static bool echoing_n_chars() { - if (buffer_char!=EOF) { - resort_to_errno(put(buffer_char)==EOF,"error echoing",EX_IOERR); - } - return --callback_int>0; -} -// Set up callback_int before using this. -static bool encoding_n_chars() { - if (buffer_char!=EOF) encodechar(buffer_char); - return --callback_int>0; -} -// Set up callback_int and callback_save before using this. -static bool saving_n_chars() { - if (buffer_char!=EOF) *callback_save++=(char)buffer_char; - // We don't actually need this, though it's a good idea, really! - // *callback_save='\0'; - return --callback_int>0; -} -// Set up callback_int and callback_match before using this. -static bool n_chars_until_match() { - callback_bool=buffer_char==callback_match; - return --callback_int>0&&buffer_char!=callback_match; -} -// Do callback_bool=false before using this. -static bool until_eol() { - if (buffer_char==(int)'\n') return !callback_bool; - callback_bool=buffer_char==(int)'\r'; - return true; -} -// Do callback_bool=false before using this. -/*static bool echoing_until_eol() { - if (buffer_char!=EOF) { - resort_to_errno(put(buffer_char)==EOF,"error echoing",EX_IOERR); - } - if (buffer_char==(int)'\n') return !callback_bool; - callback_bool=buffer_char==(int)'\r'; - return true; -}*/ -// Do callback_bool=false, callback_int=0 before using this. -static bool counting_until_eol() { - if (buffer_char!=EOF) ++callback_int; - if (buffer_char==(int)'\n') return !callback_bool; - callback_bool=buffer_char==(int)'\r'; - return true; -} -// Do callback_bool=false and set up callback_save before using this. -static bool saving_until_eol() { - if (buffer_char!=EOF) *callback_save++=(char)buffer_char; - // We don't actually need this, though it's a good idea, really! - // *callback_save='\0'; - if (buffer_char==(int)'\n') return !callback_bool; - callback_bool=buffer_char==(int)'\r'; - return true; -} -// Do callback_bool=false before using this. -static bool decoding_until_eol() { - // We decode as we fill and work directly in the buffer to make - // the transformation. We are guaranteed enough space to do this by - // mem_buffer_margin. - decode_t decoded; - decoded=decodechar(buffer_char); - // We always remove the latest undecoded character from the - // buffer. - ++decoded.r; - if (decoded.r>mem_buffer_filled) { - // This will only happen for quoted-printable decoding - // whitespace stripping, and we can just live with it - // if we can't get rid of it all; with sensible constants - // something really is disobeying MIME and probably SMTP - // about line length anyway if this happens. - warning("unable to strip all whitespace; not enough in memory"); - decoded.r=mem_buffer_filled; - } - if (buffer_filled-decoded.r(int)'Z'||c2!=c1-(int)'A'+(int)'a')&& - (c2<(int)'A'||c2>(int)'Z'||c1!=c2-(int)'A'+(int)'a')) { - callback_bool=false; - return false; - } - /*@-modobserver@*/ - ++callback_compare; - /*@=modobserver@*/ - if (*callback_compare=='\0') { - callback_bool=true; - return false; - } - return true; - /*@=nullderef@*/ -} - -/* tag: encoding_functions */ - -static inline void encode_string(const char * s) { - while (*s!='\0') { - encodechar((int)(unsigned int)*s); - s++; - } -} -static void encodechar(int c) { - if (encoding==unencoded) { - if (c!=EOF) resort_to_errno(put(c)==EOF,"error encoding",EX_IOERR); - return; - } else if (encoding==quoted_printable) { - if (encoding_echoed>=68) { - // We need a soft line break, or are close enough to needing - // one (76 chars max; unclear whether that counts the CRLF; and - // we may output two 3 character sequences which we don't want - // to follow with an unescaped CRLF). This scheme will probably - // make mail look a bit awful, but that's fairly standard anyway, - // and it shouldn't degrade. - resort_to_errno(putstr("=\r\n")==EOF, - "error encoding string",EX_IOERR); - encoding_echoed=0; - } - if (encoding_filled==1) { - // Whatever happens, we'll deal with this now - encoding_filled=0; - if (encoding_buffer[0]=='\r') { - if (c==(int)'\n') { - // Output them as is and we're done for now - resort_to_errno(putstr("\r\n")==EOF, - "error encoding string",EX_IOERR); - encoding_echoed=0; - return; - } else { - // Must encode the bare CR and continue as normal - resort_to_errno(put((int)'=')==EOF,"error encoding",EX_IOERR); - encode_hex_byte((unsigned int)'\r'); - encoding_echoed+=3; - } - } else { - // encoding_buffer[0] must be whitespace - if (c==EOF||c==(int)'\r') { - // Must encode it - resort_to_errno(put((int)'=')==EOF,"error encoding",EX_IOERR); - encode_hex_byte((unsigned int)encoding_buffer[0]); - encoding_echoed+=3; - } else { - // It is fine to output it now as something else is coming - resort_to_errno(put( - (int)(unsigned int)encoding_buffer[0])==EOF, - "error encoding",EX_IOERR); - encoding_echoed+=1; - } - } - } - if ((c>=33&&c<=60)||(c>=62&&c<=126)) { - resort_to_errno(put(c)==EOF,"error encoding",EX_IOERR); - ++encoding_echoed; - } else if (c==(int)' '||c==(int)'\t') { - if (encoding_echoed>=55) { - // My concession to readability; since it's likely to be - // a big mess with a 68 character width, we might as well - // break a bit earlier on a nice word boundary. And it'll - // in fact look better if we break with roughly equal size - // lines, assuming they come in at close to 76 characters - // wide, so we might as well make a nice skinny column. - // rather than a ragged one that uses the same amount of - // space. Compromising between the two, then, as some - // formats, like HTML, don't have many hard line breaks - // anyway, is what we get. - resort_to_errno(put(c)==EOF,"error encoding",EX_IOERR); - resort_to_errno(putstr("=\r\n")==EOF, - "error encoding string",EX_IOERR); - encoding_echoed=0; - } else { - // Store it; we may need to encode it if it's at end of line - encoding_filled=1; - encoding_buffer[0]=(char)c; - } - } else if (c==(int)'\r') { - // Store it; '\n' may be coming up - encoding_filled=1; - encoding_buffer[0]='\r'; - } else if (c==EOF) { - // No buffer, and we're done! Reset for another run. - encoding_echoed=0; - } else { - // Anything else must be encoded as a sequence. - resort_to_errno(put((int)'=')==EOF,"error encoding",EX_IOERR); - encode_hex_byte((unsigned int)c); - encoding_echoed+=3; - } - } else if (encoding==base64) { - if (c==EOF) { - // Reset for next run; we won't need it here - encoding_echoed=0; - if (encoding_filled==0) return; - encoding_buffer[encoding_filled]='\0'; - } else { - encoding_buffer[encoding_filled++]=(char)c; - } - if (encoding_filled==3||c==EOF) { - encode_64((((unsigned int)encoding_buffer[0]>>2)&0x3f)); - encode_64((((unsigned int)encoding_buffer[0]&0x03)<<4)| - (((unsigned int)encoding_buffer[1]>>4)&0x0f)); - if (encoding_filled==1) { - resort_to_errno(put((int)'=')==EOF,"error encoding",EX_IOERR); - resort_to_errno(put((int)'=')==EOF,"error encoding",EX_IOERR); - // Reset for next run - encoding_filled=0; - return; - } - encode_64((((unsigned int)encoding_buffer[1]&0x0f)<<2)| - (((unsigned int)encoding_buffer[2]>>6)&0x03)); - if (encoding_filled==2) { - resort_to_errno(put((int)'=')==EOF,"error encoding",EX_IOERR); - // Reset for next run - encoding_filled=0; - return; - } - encode_64((((unsigned int)encoding_buffer[2]&0x3f))); - encoding_echoed+=4; - if (encoding_echoed>=72) { - resort_to_errno(putstr("\r\n")==EOF, - "error encoding string",EX_IOERR); - encoding_echoed=0; - } - encoding_filled=0; - } - } else { - resort_to_exit(true,"internal error: unknown encoding",EX_SOFTWARE); - } -} -static inline void finish_encoding() { - encodechar(EOF); -} -// The function takes an input character c and returns up to four output -// characters (a character will be EOF to indicate no further characters -// to store; note that this doesn't mean there will be no more ever; only -// if EOF is returned when EOF was input does it meant this), and a number -// of characters to remove before adding the aforementioned characters. -static decode_t decodechar(int c) { - int h; - unsigned int b1, b2, b3, b4; - decode_t o; - o.r=0; o.c1=EOF; o.c2=EOF; o.c3=EOF; - if (decoding==unencoded) { - o.c1=c; - return o; - } else if (decoding==quoted_printable) { - // decoding_buffer may hold '=' and maybe a hex digit or a CR. - if (decoding_filled==2) { - // Whatever happens, it's all settled now. - decoding_filled=0; - if (decoding_buffer[1]=='\r') { - if (c==(int)'\n') { return o; } - // Invalid; leave as is--will be encoded later. - o.c1=(int)'='; o.c2=(int)'\r'; o.c3=c; - return o; - } - h=decode_hex(c); - if (h==EOF) { - // Invalid; leave as is--will be encoded later. - o.c1=(int)'='; o.c2=(int)(unsigned int)decoding_buffer[1]; o.c3=c; - return o; - } - // We have a full sequence representing a single character. - o.c1=decode_hex((int)(unsigned int)decoding_buffer[1])*16+h; - return o; - } else if (decoding_filled==1) { - if (c==(int)'\r'||decode_hex(c)!=EOF) { - // Valid character after = - decoding_filled=2; - decoding_buffer[1]=(char)c; - return o; - } - // Invalid; leave as is--will be encoded later. - decoding_filled=0; - o.c1=(int)'='; o.c2=c; - return o; - } else if (decoding_filled==0) { - if (c==(int)'=') { - // The first character can only ever be '=' so we - // don't actually bother to store it; just say it's there. - decoding_white=0; - decoding_filled=1; - return o; - } - // Keep track of whitespace. - if (c==(int)' '||c==(int)'\t') ++decoding_white; - else decoding_white=0; - // Remove trailing whitespace. - if (c==EOF||c==(int)'\r') { o.r=decoding_white; decoding_white=0; } - // Otherwise we just keep it. If it's EOF, we're done. - o.c1=c; - return o; - } else { - warning("internal error: decoding buffer too full"); - return o; - } - } else if (decoding==base64) { - if (c==EOF) { - // Just in case it was corrupted, make sure we're reset - decoding_filled=0; - return o; - } - if (c==(int)'='||decode_64(c)!=EOF) - decoding_buffer[decoding_filled++]=(char)c; - if (decoding_filled==4) { - // We empty it whatever happens here - decoding_filled=0; - b1=(unsigned int)decode_64((int)decoding_buffer[0]); - b2=(unsigned int)decode_64((int)decoding_buffer[1]); - o.c1=(int)(((b1&0x3f)<<2)|((b2>>4)&0x03)); - if (decoding_buffer[2]=='=') return o; - b3=(unsigned int)decode_64((int)decoding_buffer[2]); - o.c2=(int)(((b2&0x0f)<<4)|((b3>>2)&0x0f)); - if (decoding_buffer[3]=='=') return o; - b4=(unsigned int)decode_64((int)decoding_buffer[3]); - o.c3=(int)(((b3&0x03)<<6)|(b4&0x3f)); - } - return o; - } else { - resort_to_exit(true,"internal error: unknown encoding",EX_SOFTWARE); - // Never reached - return o; - } -} -static void decode_lookahead() { - // Decoding will always shrink, so this is quite easy - char * c; - char * cc; - decode_t decoded; - int pos=buffer_read; - int decpos=buffer_read; - resort_to_exit(buffer_read=mem_buffer_end) c-=mem_buffer_size; - cc=c; - while (pos0) { - resort_to_exit(decpos-decoded.r=(int)'0'&&c<=(int)'9') return c-(int)'0'; - if (c>=(int)'A'&&c<=(int)'F') return c-(int)'A'+10; - return EOF; -} -static inline int decode_64(int c) { - if (c>=(int)'A'&&c<=(int)'Z') return c-(int)'A'; - if (c>=(int)'a'&&c<=(int)'z') return c-(int)'a'+26; - if (c>=(int)'0'&&c<=(int)'9') return c-(int)'0'+52; - if (c==(int)'+') return 62; - if (c==(int)'/') return 63; - // if (c==(int)'=') return EOF; - return EOF; -} -static inline void encode_hex_byte(unsigned int h) { - int h1=(int)((h>>4)&0x0f); - int h2=(int)(h&0x0f); - if (h1<10) resort_to_errno(put((int)'0'+h1)==EOF,"error encoding",EX_IOERR); - else if (h1<16) - resort_to_errno(put((int)'A'+h1-10)==EOF,"error encoding",EX_IOERR); - else resort_to_exit(true,"internal error: byte too large",EX_SOFTWARE); - if (h2<10) resort_to_errno(put((int)'0'+h2)==EOF,"error encoding",EX_IOERR); - else if (h2<16) - resort_to_errno(put((int)'A'+h2-10)==EOF,"error encoding",EX_IOERR); - else resort_to_exit(true,"internal error: byte too large",EX_SOFTWARE); -} -static inline void encode_64(unsigned int b) { - if (b<26) - resort_to_errno(put((int)'A'+b)==EOF,"error encoding",EX_IOERR); - else if (b<52) - resort_to_errno(put((int)'a'+b-26)==EOF,"error encoding",EX_IOERR); - else if (b<62) - resort_to_errno(put((int)'0'+b-52)==EOF,"error encoding",EX_IOERR); - else if (b==62) - resort_to_errno(put((int)'+')==EOF,"error encoding",EX_IOERR); - else if (b==63) - resort_to_errno(put((int)'/')==EOF,"error encoding",EX_IOERR); - else resort_to_exit(true, - "internal error: base64 value too large",EX_SOFTWARE); -} - -/* tag: error_functions */ - -// Syslog constants: -// level: LOG_ERR, LOG_WARNING, LOG_NOTICE, LOG_INFO, LOG_DEBUG -// facility: LOG_MAIL, LOG_DAEMON, LOG_USER, LOG_LOCALn(0-7) - -static inline void * alloc_or_exit(size_t s) /*@allocates result@*/ { - void * m; - m=malloc(s); - if (m==NULL) { -#ifdef USE_STDERR - fprintf(stderr,"foot_filter: %s\n","out of memory"); -#endif -#ifdef USE_SYSLOG - syslog(LOG_ERR|LOG_MAIL,"%s\n","out of memory"); -#endif - exit(EX_OSERR); - } - return m; -} -static inline void /*noreturnwhentrue*/ - resort_to_exit(bool when,const char * message,int status) { - if (when) { -#ifdef USE_STDERR - fprintf(stderr,"foot_filter: %s\n",message); -#endif -#ifdef USE_SYSLOG - syslog(LOG_ERR|LOG_MAIL,"%s\n",message); -#endif - exit(status); - } -} -static inline void /*noreturnwhentrue*/ - resort_to_errno(bool when,const char * message,int status) { - if (when) { -#ifdef USE_STDERR - fprintf(stderr,"foot_filter: %s (%s)\n",message,strerror(errno)); -#endif -#ifdef USE_SYSLOG - syslog(LOG_ERR|LOG_MAIL,"%s (%m)\n",message); -#endif - exit(status); - } -} -static inline void resort_to_warning(bool when,const char * message) { - if (when) warning(message); -} -static inline void warning(const char * message) { -#ifdef USE_STDERR - fprintf(stderr,"foot_filter: %s\n",message); -#endif -#ifdef USE_SYSLOG - syslog(LOG_WARNING|LOG_MAIL,"%s\n",message); -#endif -} - -/* tag: helper_functions */ - -// The program was written following all the specs using CRLF for newlines, -// but we get them from Postfix with LF only, so these wrapper functions -// do the translation in such a way that it can easily be disabled if desired. -static inline int get() { - int c; -#ifdef UNIX_EOL - static bool got_nl=false; - if (got_nl) { - got_nl=false; - return 10; - } -#endif - c=getchar(); -#ifdef UNIX_EOL - if (c==10) { - got_nl=true; - return 13; - } -#endif - return c; -} -static inline int put(int c) { -#ifdef UNIX_EOL - if (c==13) return c; -#endif - return putchar(c); -} -static inline int putstr(const char * s) { - while (*s!='\0') if (put((int)(unsigned int)*s++)==EOF) return EOF; - return 0; -} - -static inline bool case_insensitively_heads(const char * head,const char * buffer) { - const char * s1=head; - const char * s2=buffer; - for (;;) { - if (*s1=='\0') return true; /* for equality return *s2=='\0'; */ - else if (*s2=='\0') return false; - if (*s1!=*s2&& - (*s1<'A'||*s1>'Z'||*s2!=*s1-'A'+'a')&& - (*s2<'A'||*s2>'Z'||*s1!=*s2-'A'+'a')) return false; - ++s1; ++s2; - } -} - diff --git a/misc/move/mlmmj-footer-receive b/misc/move/mlmmj-footer-receive deleted file mode 100755 index 66308e3..0000000 --- a/misc/move/mlmmj-footer-receive +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash -# -# mlmmj-footer-receive -# -# Adds the footer to incoming message -# - -/usr/bin/foot_filter -P /$1/$2/control/footer-text -H /$1/$2/control/footer-html | /usr/bin/mlmmj-receive -F -L /$1/$2/ diff --git a/misc/move/screenshot_0.png b/misc/move/screenshot_0.png deleted file mode 100644 index f3a339c36c5bfce324528a59312c09148795544f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 25200 zcmd3OcT|)4*QYa%q9P(T1OyZW6cnU)Vxd>1cSL%Z-iZz>AOg~*BUL&Ap+i&{r1u&K zy;tdklI#uc``g{K`^WF>+1+<@&J39H z&2PlJT$P~s%aG#gAL;((-SYE)oniWX`_|b%E_HhrY#ta54%suGz4hkG>VdOJqHu?Z zV+%L8;7Esv#LUzbBa8wb=S&|H2MLe2jP!pT{~{|TMjZZ$6A{5)e;xmFhZc9{_?M?b z8x+UCBs)$2zQDtUMycaxUUi3t9RG46{r}>H+9R0FpPTI;huIeLe&%T9^kI#|kJO;Hi6@t(oC|>H%lT%Qb z!JaxEF9>)Qk$Hx8 zyYv_mFID2(M^y57=+`$k99&(MmjBupdWf#Kh)6U~uqFiD+h zdF^LnDP87UW>?RiKQHof{Go+KmQR9Wf>1?8Mc-!jyQf*I7cN{-R8%Z2Emc=n&&bGN zjm$18DypuoE-ZW?Dq2%sULNFAc<8R=69J>*OKt_m+h=AAfFZYint#t)`~-?AbF-P0goIKPDvTsi`?5 zXlu@ro4t53IWaM@ylib@VPR(cHrh>mD5oo{sj6PNa>dxhWM+E0EbuiLk7eedW{+U;y@&2?QH zWl@apEHEm}wR3lOmz0$J8B9x4gmiV?9j)=Kf=5L~OkCW63O5G_hmg>IYYaC;p>tmh zuT@k*LBXR5DSB_!4!OmyZ#8`?ZTxMy3Lyw!(3)V^&wdc;V#pRsJeH>09QKX{3N|=Pi@2*Nlc|`^BWNtfLz8oHKndS7UQ&fm_ z^_-J`{t2^!-PKoC?rt9bj>UTS=W6ls@oj6UWU0b5;GtLLQq%G#mjwLL?kX0(c1ZZhOEHeGO+Y|ePEJlq$!@H+#>epa^YL2mgGKGp zs{V?YwJk3vYinyd_h||wlCYnnrK3Y~>eS5K+(2x|$kOjnD)$l>XJBO9-lSk*VWFo_ zdh_NlJ>3+-RIy}gz=sbvgk6?Jg{VkL17*UQ`+9qM(l#YXH@3IE_a^-MES*K2-(8@M z4GX(ONvW|^9L}P&+LbCL%E8ag?YaE*=LK4!-q_*q&CQEVEJ?XJq~E+yfqs0jv$C`>Y51+K&InUtaT*)Dl^Wzn=g~OceRz2I!pJCyEk`vw zQPh+Aim8c-9@?jdf^v0Yg41!fb@;UW{b3K-!l%^S+{MYsHxUSgtE(#;8(Wa1ing}L z=4>0p0x2bXFR%OKXm-8RWYp6O3l^4^#K5MZ@mwC{q@js>OG>%8xI9!m7p%@*-ox#F zv_0TlmJXpjT;o}`de`^snc-5KDlc4-zkGra?}G=O&k_4`@sW`zk8R7hvy7aaoS4rH zm0|d!1FKC6*mB|)Xei3cHn+FeX3nK5XEDov`uOS7VC>xZC&*tu)~eCZQYHIhL$+42 zRrr_UE%o)r_5KujxV6Ud@4h;$H!Sd}{CyJ`I1s;vJrl;q$6+0&eunU;Z7_z2C~F8X zFi^7VUgx!p`0iGwU*iE+a#|f3g6K&uwD*1)A0NLecEjR0S-eVtSKON;?(VzRW8!~| zj*8v9IsTf2ZV!L3#?8fbUZ3|xy*~+^+r!>#%3}1$OjjK4g)_5KqP3T2QgpQI z^5EAve!FW|uMQ0k{`J>i=c%~rZ%&;#do~~_$fmJAecSjVREz5B!;P7i8qeK+j@|8T zR8bMv1*Ra90aXnRsO7vVf3PSe>J9`zP>Ko)R($y)ou@7=AmB9L35UBTU7H+2^Zhxg zM6Zn|51&I97nekCvvxG$$nI!?;JLe+M;|;dAS46@3nkbwE!Mf%zbgu7`y{zYa@AER zz2CooC%JIr!KWA$gtnL%K6oeoicJ|fzu2f4D25Jp*G5}6^qKLb)xV4Rqf!Df(uO1T~di5$cmU=~F^d|kYoIX*Htp{fwwzamN&!E2)`svdr$*q+|I1YXn zXg{t=s}L4mjVp|7j5va+>xZcL2USgrSxR>S9}jx>A4L=h?)nx&PMJcOq4+GtHBlSvRV zU0q#FSyS`+<;y)ap00W_@H~e>Z7zZ%z+YTa($X%Unw^__v(#BuPOiWJZTn!fzO4<0 zoU3+UJX!NE<3Y?KuQkkdo-%Lx`#)*V;q`=Ac z1$%N@%C3}H0$yF(n(ul-aNUPtE&3=5LsE?wbaX=ha`*6XS?rY&CNY45vyJ=}929i4 zTD4X(Y}S#Oz;BnhzPIJ+#N6PTMJA{&OMJYClIJ6K35rNu+%Uu1-xh3##;{O}V{)2W zS_(;G*m0kNE>h$dRaPY>B_tB5p`l@BW(M02nS0;vK#esLkW>Aipd-UljJWq)cH;J%T)^{H(+ z$SZ)1x6w`wNj1yM%aX0F+DmT(8^8OKSdmFNZTW_nS`mZn&KrPC_&P?Z;CVALxLh0n z4&OyNrX8tWb*tAS)9k@y1Dtz->)Btvd~v2wp^%Z4wQR#R_T^}h zF`R^42N?j{W&@xW(ut+z;`Y*jii%3y4$W|@6#Ae}P*|7-eGnWR3>#^&XHjA`uv+T6 z2jFyOW@dXJAUK$gST=BfojSG9fEvPJsOKnxbnXlc4Gp=?YbhuMx%|2EZY|CIICGu* zjEn|oYx1DL@4IMhei5(=JlcYcS)Lb9do-GG7S|~1w7<3BNAFXfZ^p>TNb|MhjS3k(RbTiCQ`s%5>ir9Z0Y(H&(lXIog%l9IJUcYIm;t+&`77A#DG71 z&;GHf)m5a%X_1h5m6ld-z^)yV>FMwfeBy94XlR3_mlV;K312gAg%|hkQ{~OQbrqVB z<7T^aXRzAc@ub<3)617oetSnM9GCXR$~IERjwWK$vv;pmlSpDjOHN~Ti^78V?lmoQ=e8y6_Im@m1_MCg3 zi%aM9$!>-=H#g7E&ub@H))&<>KmvU^^#dMIBXaesb|Ba7kE4mPR9Y*IGUX>b>tso$ zzF1*q)#m%5Bp==}WR^rL=2iZBcY1Yo70RY938pcvh97X7As#)QSb*1Hr1H_j(L2qCvd0JsSBbaB9?i%h>)y+fPn9aIA^Oi zp1K%+e;-$8U;SYqt*#z&!wlMX9MJ&90S?hziHeHiV?Y;{mGNuRKB>xaUh2Pk^(s}w zK=Fk}?~MLYbs%Q&7L+7Q!|s>7rxq3qpP`7;3QfZign*r#?9SICVrrKaOrH>SI&jW| z-8FR2>dCz6c~{4B?Xjc1y}h(`6#=jgomGhAlY7(RSkGldlJI#saCr30#ZgB9Up(==$=ZtGLY6F z8vgd@pUqL)E32#dh#7~xiJ1g^@7R1Q|L{Mvv$N`|s@J#Ter;@UadKK@y;f}~E`j9l z1o8kRW%wFwiJFN?`Xiq-<*Z8AHQU3l1#)c1wXwvM9C7$E&-)|kxpSq~Lx3MS^lxy! zcw=jbg$l{WmQ!9X5Gi~0%9S)7Wess)o=&b80oG161odohLE$@4Q4)2YX};>{xGCnn z&tvPQFx4(D4)w;V2c@m8EwchHlvf3)btaDb` z3?D>Drgrhzn)Yk|{LqV0N|TFbN4>kdo1;C~egook{Xy{`Cr{58-07V)=ZW3g+JZp8 zjxg!m&gnmqPto#@A8>}t*S@~KhKdh>F~8r=a<+GMB|me<9Mi+j!4VP=z$axW}z!LqZ)LgG=&?^A#VRsFxTvjZ{RY^}<>YX1P9v;5Q z|Fx_vNx(iOr8XTktFW`P<2ct&cIHeWz%NctdlwfvAYh+3jkIy74^-UDw{MFhU$Ys3 zq|xy9^lNF@YJ18P8X5zD=sX(qdHcHJHeXmNP&EY8T6Hc>Yalt~5f-@0x6HjjiT%K%=nisQ4% zHtUKR85!X~A9g?gj@_K=pcnP%Eq8En*$Ji<-jbshYm=I4zkT;^R)6qlR#p~FFnjJL zoN=g)R%CXMa`a6yfj+=exT2FjeE0w$&o@p7su)X>*G6L~BLGBzmp^~b0VgS^M9h|% z0`!MaYKVz1F5cW)=o#)u4Gs;RI(_;A4c|RBwxz|s9C!zmE5M%cHSpp7{!)k|-_vB- z+vI-V4T3&=I6rkT-4xD(*l1+j=PtG$EPTYzo}U#w8c#_BkPv|5%XBzQ#bzC~ZtE}P z<>gIHO(i4%y}U)CP#~8?M@K`Ew;xMkjsPkJND-;TGG3_aEn*rF{LG{e{e=oyESEj*bG*u=@M^ zse>}o(ryDu;^W(y{3j3*Y$O4#6?#Q9{@ha)ky2$bihXp8KV33TPqZh@7P%$ct4;`4ZwpTm|o> zzNeVc_xTCQ)O@|>((eqEc#um}l_rT&AryL7pX)^=xc7B_##2|CmcncYS?5 zEN$QZDf6lUknVi&IJ2n@AX~kae=BX?s1YOw7KnoKV_H7=E)cG0)*8B=glPa#>S$-! z&WhH3;ALLnHWY|t9*7OSN+(YCvckg7wP!>@Fe*yYu}|qPP8!0#)Mj`wL^|I9jbAAn zV||GWh=_=Q(@~Uf7bux3Xg^sWbzetb!D_+AY4~}1ACS=lxIU1g4@s=|?i~VxUUdiy zl%%hTA$J7=#B0?*vfxkwksL%r)%#I}H!)o;r?RqgLaud09njre5|WOd9?36kVM9EY zC(=3j`H>qSsQBzJ5S6s5s$o#3%FE%T%*B``b|n@3st>qqvtPC{YnUA`rywn@31I~( z1cWEDMAkcZ1ibg1#Kqsd7?^EsY=qamA3l8e{CP5jeO{goU?>1skk(aIRV5|g^?sFi z$g{d#<`1wIPBGAdrnB zRMdmp!1~dn?-~Z)eGn2rE`b_o4|sNWU$B#rmX?;6w;pLNBD0@ujnV#@S>MpWXJf9W zt6S~9X$m0?x%U8v>*H)-87Se1#G^Sb-~F@Q)^;)KXATlyuuNj zP7rb~DlP^c4JH9H1i#(rZMmvE(B7$}k@LpwWi=j(wIPqa}WD8Nll7?ChY}VswsxFhEU&Gzei{I;{8Q7Ud}55+E?ZkwJZn zlvM)&3TGlRvhUZ`fvd-gl=)q#4;;07FZ4PrS^gSABau%s;$B_aq`3al$*FqfM-v{8 zZ*Uw^S5x!;^_}GK(gm2?iTjRn10c{2rF8}*@IpZ|rMGByd zRQ$FhgI|p{0Yh+c0c(Q*1=|6I{_#gln3oO zL*A!aS`~1JCMRD|lM%;z{5mZW7sCz%6R{v#ODDb^z4rPGVkoW4T$Q!Y#_Ad+WfB63 zhjcG5d~DT}Cl&gTiHn0cS;9>R;*F4ifVswdU}$$iSmNO50HqinKyjp{pWib6eM!In zFn1EpDiEK6NcjKH@ACs-f!UOQpL$=f3^!VUCd^V3@ zfbl~z4QEzJxqCc|r_4PE%N_tX@OwWInBn2g{^PUo>U8DU21TUo_H?+?M(yvX-c^ll zgf1>F0@ij~9$e2%^69?X(9n>tQ^wB9%F4)C2iXX;S|kDAA$E`pl^vuV!g>hOUm9{Z z2<^K@MIeoa6g1tA}>VrOS3$Qnzm_q2+pp}r6$$uK54r?-$Y zyvw40rqn+sUy^y$;K zV2t%;s}YrBb@iy|=m9(AfzHaOWPg8uwH$RlDAwu9Wb|T(r~!RP7Z*Oa70^J}VC>f5 z4*_!mcB+ygf0m4lm$#;^3OU@8D`jdr`;LqTs9;2FtR?&dz8UmGLC0AE0fG5N-D zK#p2af9~D6V?L0N?fm>?t}Si=*dud=%kgqkE2eju$F2~=Xjh1glU)#r_cAv(2Td7- zBw%tN+d);HoSan8)#L;b9H6bApI?DqRsZ+zj|SG$K)c?SmvR8>>lEp=>6sa4&~!UG zIKW^K5`qG~pI0^-3*t|yA}DK6eS5mQ)$_D@!DXcY80Z(^(pKrr8(@2YEQ0ri*t z?%gIZ1h*IaYCN_p53Gm?NgxdKM4gxHW)ROI94 zz8ng8^x)utxTsA{785_-mSJ^(;{&cc0IShG~7shL%J6#TzA4xdc1@fQ0f`1Oo zWYlv_6mW%I&2~RPE-+k)$_y2i;PY><;5=xTl_3r%$cdgrLP7#N!ec6k|H2J{LW`aZ zs6>nO{LIYE;B)|^GY4bL|L}0LLoVu`R;`yig!dSJrwnYl_tJn)?0h!kK>DN;bRb$V zl>>0hJUl%Kds87WeFktTE>lxeU%LiFC?n+umPggV_<66zGB++O7qwD|{T8WcGvt1KPnH=*Apb- zI}jyu;Lvb6OiN=^ey~Pb!s!6C4u$#xDXGgeFmt*DjK^VLX-!X2!vEmDwP?=b+8+?iYsJruSw9}u0F+(xI(#mSsza~8`&A*Y9qx$JmF({V%U(=k(gWB+E%cxV=KdD1rU!rLyvquLE!huk$b+YL%<0G8+Ghzcp;|r456DsMh2`x_sjY|peunM?Gu~aW!~M> z1NMNea#&S`{7EPl0C^#KLF0gPpS`nlP*4zHMZW6-K#mnwioLjx`-0kJ?9tzZ1qCgh zyoa=F6Hq!J3H>im^z-#{T_Kf}0E$N+tX8!|-G{_FTxj?N*irstTibj- zg-&E&2ZAs%9j&Xc53)|afy1xy?_gPhn_hXEiuaH!h>VI$TzoO9j#ofH6CZbRp|`j9 z5K;$2cYy(-Hs(00W}OIgj3A`QDk%+c2zqRN@rN2 zgI)FdJKK$5h=YK}-7#bVZ7Txb$&{5e0llNJioY>EK`U|DU>ScJz9ssfN22~sX)IbHX@?L=g4El zI0p*DTJ6EARYA>8Gh2c6NO>0&OX%W&o}7jTV*UrM{J#d_G^4^odbGX}%+<+h3s68# zb~acZ2+$3QWs0M4V=<>7yKfOh?;|KtAZ>z<)ji9II(O#GARsTmb#*|wQ&KD~Euryd ze`iJ5viA!(Kom`ljl_uqO^Uv+18ouMo)Z9w+$QS-06(k(!voJB@(5Y~ zh}|_%Tk3tu#Rg06C#&Zmpuk45X{-(vvj__hLpur-n$Mp~L=#XfM$THa4FACy){fai)9>m))qy3Z~{bR(MzK3WNyawR-#3kylo;~mwGo?S(R#l$wM)c}O;$6<;iO8TK?|A%JwL_7RJg9`kAC9IOp#^2 zUvo8B1fidwAK_}&gu9K~yylLqN}Fy(_%H^rnT%>ugy#J;*(b=T@wS~NUd#Ndb}c~~ zWL)U+fu6^F?{brtC`jd1V>Y13rKF~!h5@c9C>O_|Fqd=s5Xg^(qznv6ZQ-Y;rj4sV z5OSukj(P0-l*XBtE$^r1CUVpWwM?Rl=Hk5y<@6JNxLzcFN#}-k5y3w$F3x2t&aSr0 z7TQwmFeNfoD zqZS9f&S$&2x;SdKltJ19uLFFzchFH|(i~AX>R|;019J{C3zTfkcV31|R8(2QL1_GT z0oh1EKcJ~(Pa7!cdYQ4I9BX!z6fp?(Yaha?gG6c`Z@gzJ^u0$ONj@t}$=`JEqZYla zMC3gWX&+&2@#z|yFtx`2ZY88)WhX&|oSFh6<+{+F4hR|wTyL)`1r?XEG$@0nrWxPm zz`-Lj)gv&L!$3EN#~PY|hphNX!2U&ek{O_tpY%xGr%#i;-Da92feja@q`ZJ?Qz=9& zsnGkEjAaL57pfNYGYPmX4>BWSpd~;AY_PsQ0!=Kj#WOUNf|k}BAQ_lPJj04xHfN%L zDBG8WrYi*i_`St>mw};b?4lh%MJUOi#^Xz25w}7ExYBa&9Ryj6vg4RGOvepWEP_Y?dh670vT7bsy15~d99}S)xK)ndm&RgxviH1I_z`#J+^h)>5S>o2f zLr;&WZin0u>~3htuu$3nK6H`7%xn(YnDpr16HypQ$vnKgS3|)KVK=DN)fnsO==lEq z7Avdl!H*0Sh^99A6Z7)|hCluS+5nbZeZ4qV`Ub_qKtU38bV2ECX=y?60@5q+&W6?$ zvXLfQ9H+9lG3KUy5e0=z(>02(rR7(H{TnA*%J_0yCB)-xOqw4KU1YCP4FBDLt*uWw z#|R+y=qCdIOk101%8G3Fs(_SvjRM+lzZ(7Qj|~wJ7ETg!ZU$ZSN?etv!^)I=Hrtv?1TDyexD5Vi1GE%Ek5QDLk8 zT;>=#2?Ga*A{V2kFs5SDw(dxPNk9Mj$D$0mTQwFiy3Y&Y3MizuCt)O%EsKHSh=AGcwh}UB<9zWik z#XyIqQymh@cLuf)h0-fA4|S=6rU~c=90QG}Cs7_aGi2PgS#ZX4rQae*CVt zuhc)!3>3rwIRiUGd>U{FLyCG%lG|iJC99OUI5E=qm;Ru+bI*F8W)-A;Y-vqRjcrv* z%HspV$cV0u4A?jT`<$+Vt`RFjA0zB)3%J@pEi2d^rt$cZuPo^s}xn zY;8wBraS7cFfnCD6{e=h2J2p<(AxNNIK_|lU@d+qUf=e5?dI`Wn29ObquPR9hSjR{ zgHyNl>(`f@4dC?rHUcTiS+gBUL?aDsp(P=K5k_brtX!!SD(#gWrp>Sbn7X>zfuQFy z_9wRE6lP~HLdPX=)Hcv3N)zTcohc~oM|DQ-t0P`3T!nr6^~+o_ALp zC9isE87RKlcFw+_M3FF@vHj<@zQi?o6=l{*z=vgJ(0>=^FD@<){n=v!1N`7R@bQ(JbRc+mwumxk`xWT3 z-2fa9rZ1RqGF9(vd$a+z!>A6n7A{}EKEJ#SYzz;&*?i*m_I97m5@r#i6J*v!P{?G{ zJpk%@dwbK=hM#tD{5X)=95>cDcTnG<7bW76Q(YvRag+qP2pvE`N-5N!^=bufGHf*P z*ngc8KGxyQ-7{>KoD96T`y>LdS31b<6;H2V2BgM^a4?1h*9PN< zQT+h|86e>?B%!ACDKaCZ3S19JFwmc*<+}lTWbh3^<=vOi*9@(em=(xV7Jkfc-@O~{ zQlwtp&T?RWR*Se*U>m`fRpeA!QXJlWZefy{!C|6OJ9jKPO9wzR}RaN#!Rpwk~^4eg(S*Y1PlqhIA>13iOaO2MWZxX(lu z)b5X&Uk1{bA@met5rBLWRKU169esUUJG(JxH-;7fX#Z2mQ(v+a1NR&XCM<;-bp6AP z1ye5FFPT|~ehE{At|>Lf9&M~Vi{X=&+=&R{@b}l1iOke!+zD6KWM$acyNL68-7Ea) z*bF++Cgsf0ulXz)sxY)>AKiThZ5b>Iv1xky17Ki5f2piFNswee-AA-_XoOJzw}nnc zyvUP8+BT_U9M$>$V+cICNWMrg)*{bi-W!NGV@PtY=E-2z8ykz`&!c-XGqFpI>S}$TV)CGCIwT}XO+#ksnf9%O*}(LQ+xb_xw~-v5wJYyM z6rHQ6)y{3jT|8bm%%z5b>(DK+)PX?OH#NQ3-(q)hF-;I2?qX&Daxi@bi>VD`)q2a- zsU$YIog0UfI|`)oSmUSf*x-z3%f4(Cv+t%1ZoZl;$TJrOq?4PzL&!xfZ+7Jj*g(pQOvH z&?V7PmE=|DI># zC;hT4FLoL6G&@Qv$^SZe(p5jNG^mI`szxiFb0kxt6GZFl3yFshjaFNvf;PB#d2x$5 zY-i7&+MI)vTy`xqUyoLNx?=8viCOfi(?UViGg_*uR8%qB1L#B?Y$70HON*@jF&Tv* z`NZnE`7RJpbVsmxiixdW`wK54Wld~txjc6`e0(nWl2j###%;IpuiM+>SQO=-<*1Pf zmch+Keq@da51y6!fDhk&v0F*n#j{2JBD=b~v(}r{FS7DOU0jq?LziN@htyPAo7k_Q z0t7I>P`|f?bN7i@5y;j6!OY8`B^Y|%s?9p+P}<&^2UNVxj=gs}F0*uBzI5)|y)(-_ znF*^|gah;=a>R%XKSJ8jaHdDe&t@!ftBHjYlBY(^-S)(`#o+-aW>ZtY3w#VkCUTRl zF$ch;!kL)V2zb{<6(wAtw5=_!&`?+@sr|46X)7N;nDsid?D?bJRH>f++=|?!ka*F! zt5h+41xa!*3*{V3aph=P?L=JzCY_L`Tym4m7A~VNTY3zu!44bVwZ~$^E53$lvGR9d z70e@`q2CgqUJu=50L$SPixR4syXS)GQ0-B+{S0)+Th&oe#BkPST50%2L`();7Pf#V z>>Y|UtIIR}Z-}@RPt5(=n-XJZkBZ}GxpGBy{@g%r07a<#W+lI4oQA55L|+~m#odBK zwPV(C!lvb@6Il;dV{$!YzNQe+(WtJuaEpndzkJEgkYr@Ic5RVOV}mTaqEdTjX*VbT z25cm3AGv7nGj!+Jn7+8}=skLmfcr#xdWtQ`*B3G=4Lt9sln)lViW`15Y`Z{fO(wg%+$t_U zkUEWiJIeqK3*J(hoJgN>H2x~eRN(_3{ZJ7TCjvcLh9>KzJC21DJncsxLqv84jR5+9 zX4u%#0mjB&5`HT)14~F0Z3?8M-`**SMHtQtlcJxJA^|9w9Dxm>)xt!_3JL zvBf;L*4BG$_i{@LpYm@;vTJsFkJV0hAkc@CfubR_a%(-A*jIn#dj%g~r<^8(=ev!G zY1Dh^pTTHqfnpQ6$AR&!(@hDYqIvu_?+4mnKc4$7KCLF6Rd}gWTf4(hy&|$!BLMJvli~ zNp!nq@M{&x`9b`A>gWnatF#f<8aJSqrykJQ8dJNoGkf3RLLhzAK!(5n`K{=IjK-Tl zL*d7yAFlfNq8K{3=n|$6YP1DRI3ZH4)Z0^8QWAQ@FW@EvDegOq(FzSZtt{TWFH}BT zmO7Ijz`%eNnK{Z#%gOX_l)F4rmin(tMN0CU|7BDEPhf?pr|n8#3+@p2Gj_9_Wzx8j zW~12{hZZc$!Zk;46wu$E^rmW@rzZ~Kq0YC%T$>I9f`_EI&u&#>n-{cePOjcz!!r&u z*s5?dNePvN>nFGu9FN!LAe3_e`x9qvH5lll0%JZJw^_j3)7 z(ZT=rUCBg+?M(XBjcyM?HyPG!+sIFGveM+Z2dekl%!z$aCmzx~AyDu%6wwxWB&n(e zhPUMrvaO8!^tDP8N{=I{M3gm1@(CM{Z%N4|@{oeRef1QR5?%NYva+)|xpkJ7tmx?x zIqCW7C69&LDCHbwbnluj5)w60PFiT%$-w|0H4@HB7LG0}v|t=KT2?6~rpV3VWz`~K`#e6PIH zf_~TCHslB+GMtffV_$>IE>}csnlG}9F1lm4=|HLJqYMLscU9wq-*NL$=OtpA5j;3Musngn^HK+e zgmi$D{O6z4js~_CS&$Z2#=rOO?fr>Bc-l;SeqzDku>L~P)HEh1C*5CFt?!0#)as%o z)pa+v8-m_Kn-hM7@JO}(^gwWpXdN7y>weg-4o6o*ULw8r7k*!rcj_nM%GF42(+|-B z0hW-K_{T)9QiOu&;ua|@KE1cT_3@+L)vLTGNh%@OYsL4_O~q*`6=X9x>@Mt!Mh$&WtYdtIW{4oP#9p(R>ML$%j> z@FJI)q6RkS(q+=tHY;>I;17=-C+*6u_`txKB*KkcLN9H?U;_27hD=NNQjYNwXUz6z zYacDs^O3c3_1I^MwH^O4!A~P318}?WA4h&5S}4H%JR|v%!CO~CfBlLB3K`@&x{#^7 zK$-DgTDmchSG)F*YqcRLB{ONY(!4A0{9|!Ax%k7m@%Qgzkp$uX@r!cN7kb};Dluz{ za$0yuftwBw#DwMMa#2w6E^15}09q7wDxcD)a`kxOnwBC9$-~B9+I^&uG6c89^RTj3B_|&bQDSHcU}!12VBjR6pD3>t-8y>`uZu<#ZFfrPdw*Sb|-t#^)6NP^Qt)GN0 zTH3a{Iu>YE+Mfy;_)(_go05-{5E$nv&QQ_!yCJy@cBff54yYi2$3u7bNDKft?a&L;n(d+ z#=GeqJ}&j&USsLJw}LEs65$?igO(jp&schoFShHG`+NsUd@B`gajr9V0|RS#%s`^t zUGD|C%$c&oaS{%=(=&B@?nwu8&0j%37r zu80GP%YwyBa*!=x*L$z;X>(BAVSD%f{o1KuM|?d^BG=5G=bD~-0~I+ekD9u=!(x^w zdLy!jd?|=FKTa%mbTm>~cJ6{wnSN+HO`@_a{H%0!-h;V3b=wL(Y2L(;SCHDo@hGgN z#%MjXy10F@%6dp`>}a)!fL}v(h!j^;2yU+-Tm8g(*WR7}QlvI%>VkH$~y*a~{r`y)^S zORlxt`DtnMT~cFvLmm2KWgPtWllBI<<^{j)h6@ARmv_gmbKX=S^x}t+-Z4g?SiJf> zqG`s#^!1LLiyHOrwo^;Q)=I~X7t{C2(~yag*A$fI63sC%t2-z5&#a(w?vfq6z*I8Q z4jf!$L>`!CFNf+MMXUDzQv&JY>4`0h3w7K%-8Kk09hwWAxf<^K{h8h72sYT_hp#({ zt*Ec&4{JH#=f#9$1}&Z$0{=MCwZI7ff9SMN6cqp0FEM4jVk~xe;$doHiK!ykmfjAc z36(tmfD=A&h0gm8<9a=tMfVEw1EYJoUU&R(x1SOx@kYEWpXAx2xk>4B72;fW)(C56 zNm$pWFgDT|QKd@JHiIZ1H={+hT4YNp?ZT#OWwpV9u&oWm${m zl8B=^!@eAm8vMy{Sm=jlnIWC*ClAslQ??cxcnX!M)$RSi$CYJnqm}9oGVwL7#J@gs zYJ7fyk&KKCIzbStj9tX_qN!}McaIC={ZR4=g9Tk zSGmBsmt>lbcE5Slvb`|LeMkuL^+T?xYvBc7aTaE$qJ*WFGHurtwH@Ig=9ORL8zJ7- z(q*=Kt2M4O^IZg#c~=x4N7qO^JNode@Tyy_Sx2{HM;`0_`(oq5S$Wt8hCdjgug!a_ zE5zxY0FlE=m8E_T8S&o55-nZ4pPPDtzITrTKlE;`HM;OZwuw+yXnS{vooOk9<}=6X z#?cDh>^v;m9&*~dccOiLC%IxGltG7{GecB8AFG`u?1cngc~;VOyGnrV_yG={!DOghTAXs!m^L;hYgYjl&9xWwy+iYav*;ol2}aC4Y70 zxG*5uqiZ)4?C%d?uUs|3RKKPtxc$?o(UFx6cdkxEa2l}+uf&fT#I1UWq(>wgB;X0l zTZfAg%9Ts&P6j~)6&TT#L|9F@tpYXF4YD`maNpopxOMWMyaQvR+F6i!gYs7BCZ?FE4D$VKcp8RTbU^7_g*q6O>H~kbT-)vyho3kgQ zIL1odH}hRN#EJ~-+9SF@-og$qTh4c`-c29FyO=En`I1D_FQ*&0O|(JL%K6gBuK5xN z8TA73W{CL*u)Y5kxwVQA19iYxhWe9Oo1&N@_SOg+bVJXBzf;t;%kOj9(W^6R|bD_;`vOo4e2#&>l#2D7K^>%%`H`j zlay9)P_aepYXm$$6ki&yw1bGdKk55(G*pe}S}UAdKQ()Y)qmn z0+4d}4{shnAK$7~@m?cz8{cShD_^uZx`NrQmK?w>ooBrNG_^ZL(Lg_KkJDZ@hr=hKoNguv6)MIyc~;y z$CeaATVFMzVkw_gXjuEU5}^)HlXN}Kflxu%S**H2Y(>6u+k5&1d-?dF?rH-cjpr`A zjcx7vb0sS74B%7DM*-e+p39tTqjO1aU(7m|C;y>eQ|(dKjZl_7h$R>0LSzg!$q=t{ z#{10 zh8NF0VV+}AHZPmijYZ$H!P@&9)>NhkN~WiLI7`gL59WVY(x^_Nt)9~JyXI~Y#jl$} z-o)qp6_5XJ*}wf#W!Mkzr3zhJXKd{KZL}4LWD*;%TTF}9A|vbG(Iqt*UvMk$&(o@M zmpkfmDmN`2@=;TJ;&)zboajZ}xf!F&u90kawB2XrvOHoxS!kG^u4QnWz8sn>2J{W| z^ha$5J8!M|I5}f6E6~#FHvY}JwB^}mXk6@0^;cVO_}g!vp9Dus6M>5Qw}AoctO81@ zc@bH;VwS`QPMcBtC&en=TcT3$1*b(64YB)@(3ZK&c|UpL3yX2$j`=AsZv_>VaDm5} z%J8R+3R}$J27yYayLU%=P!}@5ScG0cC>ek_tB&8V+i!MiG-r0!G#oyCh39`*FE-9o zot(k7{}5L+n7aLcSVUceleG1H#0I^Ds7!AAsm@3|zgKi?Ye#Jk^3Pv>CIDIg>a!Lx421;(c*O6`zK6-;Qc&8=s! z_U(r_X4t#&qx6u6BuzDbXm=C}S{9F{c{R3Iddzm>V|NgoH3fASc64E(9-Dcq&)-=y z%nBBCv?>}}USO0;M66b8g&bPWG^;TxQjeOp8WqnSzUXJP>aXpBWZq?#;C^J_m629% zPFO1SSa7)j%W+16{&hPvGH$bJKzYx(pTjCqZ``oqShuiX$P(>2f7InaCR~(i8g|2_M-@yRWglWh?R=o^y-!15(7ZGGFlsU^jKgcS z!Rw*mh+#i*&;IO|N>=fl_%Az}8oljGczlJU=gEJY_p14<@Y6gy(|UdCnNw5OFPm~s zwz%xII&eCAqP^#nf_9)bmM6cYUTC;)`So(n&d`MjGuv#&2-zx$i<{C(@b ze!E(lZTJ1C{`r~lliw=?7e4?iy!^XS7dJ2Zx&gR!Z1>l@kO(~SOZh_O*}3tP|802S zk$t$0Ptq#o1aKL^rozk5rd;~)P<`2yy3Jo&uO&+XPx868CU@^rxKkHD5&x0#{r>Fz z^`C#<*Rjp~(b?Q5{o$Rvy5EX(Pk|$RSC_=(J^Jy=NA2@x_W#9~kM;g^|Nidg=fk_} z?*Qk2f0f?0e6s)oDN zz$LmLuZqikxOi$`t-pNbt$g#Gn$(|NQ!W8dE)oC#eVM*Yb@I3(p(qds{c&0>J5iW{V&g(r00IS%f9;i8_OGz;*+)J zpU3`Hr+`J}-5WPvL@zN0rk|R(Uw5rqb&A=pDrf(yUf|}7yPKb9{5k>Db#qIl_xdx5(!uex$h-WkCq+AVnP!{kugr&(-P&i z8@(O4@X{JsY&RU5`f>K+3x-8IW1O82gN{Xcd%OHf%?jYwFCYiFSxtTeXkbi)3sOR! zdw(5h9WlK)JRQ7IsnIaR)%hPy8>4AsG;NF)u%r$ej+Psv<;G~aFqxngy~HT t42-WqcLX4JC}pNZio)9nvYPiBFf@9FC2vd$@?2>_2GP7DA5 diff --git a/misc/move/screenshot_1.png b/misc/move/screenshot_1.png deleted file mode 100644 index 100645575b4999a13318cd42c54579f2108cde8e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 79648 zcmdSBWn7f)*Dj2rVj&_Z(h5q4f^?~XG)PM;-Q6`70#X9fCEX!4G%6_F-5@(#sYxy-1{O^jbq=p0h%MttExk+PcSNI{Gqm-OD-pu)n*9hr)l>J6RU;Qp26v@i0g6Y9X=Sy_%N$#-MAj(>lcYv)>wN5_W0>2xVb zSsKWVf|G#9-N!_+|MiS-i}2sG*DK8u|DL@4PD_36-?Kl#o)`W-xhwGh{6(CpSNIp- z;Zbeu?+=X}%=l8PsjE-b=s!vQUPfTud;22xJo&woJRi`|==Y{cQypMAJQDd^g5`+Z}>R#$NR`oh9O z!zcW{kypC9-g_$=WO&%4TdV8XdCI+dH9XVc8y6Qh#x%XMGG1b$fPI5>x_zS`AwM}M z2giR_ahiMZ_M%Byaq-m~H@IKkqoH}8{Bq;(zh!+(o)Xa6MMgz6IXJX?=guA6OV~*{y zdkPovl~MUgJ)2HdX-&~P*<;B z{rvf}3X^Kn{`A_~WWE-Umev@&tF^UNCW>vj<^qB^I5?P%jqS#b8?X+>#>R4Ta`^c8 zs;a6H5fSO>>F`fvUysf7jI6AzppZ~PLINu*YlQUtK(4xlg+)L>fQ+bxU*e z<;$15Pt2{YsmRFOx8|f)Ir!U-28V`7NJ#dVdQxeR_ct~!AYf+@$4HhP>TQ#Bd4Z{Nlv zpb~Uh)2?3Z&QwV1NtLLssxr5+w6?CZo%!|i172HeD_q24S5o12URqk3)mZt&ibd*d ze!dEm?{(7NdIW-=KC^r;Ln*tpt!;a2%iiAp77@_^`FhQECmapAON>CA4e5HwnHV@b z?;)qWJw$^i`FQqhPft%j;1TR?Za(JW8A6m+Rq-=2F860ECmg5RIyq4axjVjo{ms9n z(BXMhWMpRyr$nZww)S{|PW34N$J|`BvVxG&G|fsQbw+09;`GlCxaZI3<>hIzzSPo+ z3k@YCB2s?&(so;u0K1@v&0TDIb(U}5%*@WFj&PWEe^btsH>(mE9v!`O@uHc?e0vOM zXJ;qnczsfm9$wP|FF$|q-N!T>9QONb69_+59XNP~LeeB^BH_b_hCouz@remowc)`& zIa%2Zxwt#GZl#=k$<8)=`SMGB{aGZdmbryRwX1-utE=F~4_t0;?oR=X#8*wQkHyJa z4?UCTn*vmrOH`dbJ$8QrNg;|Z?HO2D2skcv`}z3^dF(xS@IV{A%V#mjf|>qSR8*9e zm8FHW9wq+(QLr{KHn=sJ-`U}rznJ>Qz<|>U)&Jwi(}v%9`T3&HpEEHrX?93hJEO5d z{iw=QOziL9zopxRaGP{%-Hi+lP5<6nWlvINQibLGc!kKiw}m01wR*j-8g@2q0=u^a z+?jBC1#T`bu9pkJ0&C4}Z89=47P~#meVO~{p{^f&9UUF(@P-Co0+)H`qT=FM0T*j6 z9USYD)Ttj0hX)7ki9%z&y~U#IB*wqsQ4jNOgduI`|_m(Mk~+-)s8uL zZr=P78=Ir|D*5FO1hc-kIixh1`r9iZr!?hb9!dx zjge8hQZ_{L*7kN^Z!ZMTXslo|?0wNs*EhGeI5;_Tv$7=R$9fwZ8xsUv%&B@w1B%?X7v|;+31j#ijBRa;I=xG~D$~*oM~aPJ z#D>78&+`3jS}rCgmbDH0DjZ^M^_PZ*1}qoPt|#%;-;lE4BdfP4DBxmyf`djmoL7d` zwnMwSUpCD6#rpfVWGSXrZ5=mvCyOEqZRZB5F)t`PfB#OOMedW$%*;R#(#yv$NzOo? zEWaJ>C#j^=JN(_i=}$HO-ACUBJR66GhB`atO$-)~rXknqAb9Ps{oB|teh&?~!2TI^ zX+*{Unw%77U@$${n2F=IVq#+(bQ^?^{X{@ra5(VqQKnb#EpmD=%PLG1WD$Fz1ihqr zC<%A=`SV|XgtSkzPB0isO3Fg*%3H+5Y1^ZY`u7zgq*Y(NiVhD~R#8z=Q&Uq`?i(H+ z?(I$Sj`7%8A|xbyV`Ec@A-;Akpt-qO)c1zdNYqQB;I9!8I+gan|NMDj^5gx2Zs*vT z06V)vrt@r5h>a6cTwI)#lvKS?*U8!W#?`AzU9UzW*o{_OEcy$yEA3Z?zmJcPLoOg9 zB1%_UURhazl7~i*)q1!j%uodd1)<#BZeR5&D=X_Ph>eRY)UC}aQS@kYqQcx!S2H-; zSw2GUs~2eVd7rp?dwV-Ml?4UKy?ohS^rpd)BN)AegF0)OWV$K}A_!ULGo43=9nX`t>Wbdcl&2in_WwR5K{%(a{yJf1XcR z&%(vUt+p4Yp@E9o7MWsKU z&!MKKrplfcO5~E|NYR@Q&M6vD#FUi6A|qjoK8E}G_ASn;KYdCn_95OlIJoCSqT4;9 zs-`x$KZQVS2YUxF=MH8nP-BLku(M->zK?}j86Mi&@d*j}+oz`b`W*Ii&G}kL=Z%j6 zpFhjT^M=BH(bBT8vRXx<$cTyiVZWS)54A|h%E=w?qBDu!!i_`AiaelUWMoWO8XKr~ zSznu|M%%EnvQAVvS-g3Z-07^YKJ=#H6DAlN`)|h*v$L0l_Qz8($&YDiX}P!t8XMta z#W=?j-0%2BFstVv2F`v7Ff%j5ug1p(Sy#i7=jVr?b#*Ct6g4Lbc|4J6 zMImIYv=1d=8KkA9r|P`8w4RHKhKGljEj}a+t*GGL?NDvfsq?Iy;Bazs;^X7vpOu4b z4;inz|9RS|3e&*RE_!==yX@=%EZVN97}Vng*3s2GyR~t?1fvh;=H}d1qdPl&3VJ4m zzH!p^9s%!aN-8V)xVXv&o>3tDQm4K&ET`Qvhr8HU-(ONv0*mQX5Gm|+lr?nAdfyWA z8Mn=3UW|PiAefvSX`;pX`T6Cp-chKu37%;RNy0}_dY+!1^qPeOpVd`W^L1;h2Fhvy zaljo-cG%Gx#A1j?moP`WeW!`1P)UZMm-pFBS&EDy@24 zVP?+tSg%!I^e*hXhF~DR%FbR0Rfva&2Z|h^AO{DB1|;UH&#%tTf;Q(*5NU%qB>L?g z9Cl?;j<*$ge7qk!@m!^Z?GM`^zre0f95M`wMPAUPGrppt0 z*vN>+aftlcC^IYTYGZp|zM8h!4NCrgbKaC>O3(4)e_}+kj2|kgLk!k8Qs))h0RoM&MZ~hfe zX#UaJX}z=56B{=MKke=9egFP_e0)6oO@2(`5fI{y@pW)^9z^Uya)z528l3bA0A{tz z0W4H@VIhz90(1}tO~C_vNngI)?5N<@($c~RrZ`-i=NAw_69`$DnJFrKo7hYkkNwZZ zcGt;RnVa{<42dpM$te%_^e7&4=68O~KAK9Ms^Pp(UFolHU_h^sI6jzaXJ?l%ya?-p zMRT1A3hGqqy{L+0wc}N^c5417;Y(FiaMzsYWe(?B!g29#SfV31czD(aAstvx^tVZ< zs;D&n{w*#cLB2NBZG^p)zN8Q3MEu3!fYqGavP{edV!XK?Jeb>8c+S8Z~DYEOo=j50}VbSy4{OwEaeQ?U&nIv-7bR=rd zRlO|vtyRrnSev7t+VrVrKBsEg0J_dhdlv7h~4ZT%(D>h1YZl6b{Ppr!8r+#trD|5!B|8>g!9?;tGr!ET#32CwB358_) z`}=n`8Fy%MBBy1=#Hy>SdeF>=L8cXhK1WN3S5?%+`7${<`CwrWwo*dF$H_Pg z&{yDlr*&?daAtb?vM()7N>bW*0i-8rdYs540KP8wEy92NK7da4sHKL~)zmT)jF^b8 zy14B76Vansh#}@sGc(CT^Y*zj^JU%xQ_HDS#jTN1Q9MtcEbYW??Co(setcMaNePmD zjtbK;91T)F=E1!CXwLWViu58%48&f?djs_=W4#x(uziir2t=LM>IZENjY@BfJ0YLT z+BiVIC)d!QK7M@l51>Ljj7%?tFhAhJp9X-qdAOP zVTsCU{h`Z-&ed$HW@QYiaQw8ct`5*BHJ^Q2ZEbDU@t-m{SwFwdOh+IB-r?fyt&R=# z_xEq~zXN7tRHqUGBvUqq!(jpXL=!TqXanuTW}j;$dvK}yB#<(erd6)-YwBDd2B1OD z^Bsvy;GE@#*n8;;%pb zbz<}rjE3ee=Q?(6ddx)#1q7<0nQ?PE1 zLOLShP{!)^Cq2$yIejlFxpw15-FBw{;1)LBnpep1&Z3*d59!IucIC4kj%To&HO#l3z$V#1RZOuqaBffJ7)!+Z?*WYAcDt_QH zq@`Qu+oH(H$i7OaL#yEH>kDb8zP{djDutYZhi89lzU`9-)3OP}5EBqLJUr?GCu$CM zc5bku08rRXyRmgfE8{UI z02B`o58u3bgA$F3h)CdbpyTEqY-?-Vmphb zC*fO6Z0uwpHt*!9_*e6)I=u!v69fb{8-Y3l#AcD8K?CF-C#Uk+C-vhYi`w0# z#u!Kq&}TO`iY2VNxw+ZY?ncfm0uC?F7q_$_HMnvfC_4UPUU6u!?CpycF%v+Z7HT02 zCU&LaKv<>&Mg4;sxyBS>K2)G{G&VastEKaEagYL|MpXbEI*_5rZ^e`@z=h%(1n*3l z3uFRqc)VV3<20w!$N2d3(G=h!tqjS$PKb5%?%9=z(WlTI8Fa}7b0?6vFGUn+vP+Qf%LM7CRI=c z8dvQ<-7NyT0beF&W?*F%68McuEgT^5pm*nBU|`_o9fku94wfe;Cl?oUFf*eeZ~gxL zyY~-AOMXGj{3?sX%K1k|=)>15^ZXP-*GunEU_XFq${+Z2}quMy^MCRcQw`&^C;+gvgtn zH83&Be94fLn+qHyFg-23qq{$F36>;e&_jjwwlmMw1yrHYfb;e6@PH?P_JEy%I0N<< z_}#WBb{FfITsDs#at~gg=QBVgpit(}<<||^n3`tg=3*NhR#wccGYLxaw+>{o@o_j0 z7FO2VSH*!YHZn2-HmXTon`iW2(69ggPj_sJR^0t~?|5$&-Rwy8=#S?GehNy;F&$pM zM~_}2*v8=Vp>s~M`Guw5ruQq;)fvv?;$lut09{yFSpgLcq;UbP90YM(oX0{t=?iC< zcv88yim5LkZ8tVGWu~Pqx$r#V;UOR(z?P^}B7BAPD{wTNifkyM*gW~+r=480#66n7 z0L1M6HeMm31MVapf)E;`@85fV{rUxo1~%HSU(e4NcXxMvZ&0QzV~>D?Jhw%7A`P@T zA72?iL2fX_Eu3I5URv4@)YZ^XR8$lRG4UJ} zc|*gZn;h6fPVb2dV?`;z&IwoK{yo77q&U3%@7W{gIof|uehi0({O5ND694^j%Kw2c zN{DH~w3+=!yLsKdB=TQZ_J2Cn%$M0JrT=-|BjcU_fx_1R1+lGjMU5)2ygc&GKivw4 z@{N_1S6i_7+5bGDuUf=exVOJw-(cHHvY8uKtJ~lB$t6ycP6|GIL#T{HeCa?sfBEtS zN==f*E$kMxetZ-n>Ex6e)Pcmsv(97;lz^hqzrFL+y53VP`AcTfS_ArO!wo7ykiLBJ$zLe{d-vQPxn3Vi zh0LTYQe3D?5AahBreH@t`dAd#fobCct$z_@2Geo2oIC(zo4EBZ(@TnGqPw zYf&Nb`^;2>E~tg~2?`Af?G5*|MHQk%kmcpeHi&@rF_(an?NKryQ_ z+^g5nr$<8vMMbLx1ydew`Q+S|i{v&BA|nPYqWnYHy_S+2yuHaODTj8}Y7b*f2=*|SlhL%>eWFBx5 zd)>ibXp|sL{t2P3cisFuKCZo*X-Y?GW@&kHvfZ^_cf1DDYwg~sg;j!;z5N#U#SIOB zN7~5mVDH8F17oBYzCuEk=a7yEIhiI6jkfP~yZn5s&eojMt+vwYwXMC)@BV>~$8CB? znEm?2_=JeqV0s~sQL^DTo}SBrqd(iI z#fY=xm9+`C<2||J(kBDLrZNHTiIh%TbMx$u|Q2OS%g2`wk+7BVvEa6edll{PXpHH9K6FCQEd(#0O} z`F1F9u7I}0&r5*4$Y*V*X{t+c5lp)xR@B=3M-Ip)+cM*B3a2F zz5ZdtJg_zH(3QaN!~`t(g9nYjex(FO270YkE&`X^n=S()=CA+U)Gr~9y_rcFPo9+K zy|QZ>udIDS&aRtRT=eL6XtU(d^lRU<)BX5>fUUBjOQqGw(a{V%YC&yHO+bSmNZ3|V zJ4tTcYF(=|IcsBY3Z`D4Uo>H+xp8Ab&(p4HuI2a+n;;dXP{(ia!?kLurr_Hl6eFuX zBuD0ZdxKhU!s(n`Y#*tgY3fXrzW(`rb&Q==D>6ezR!lyL?Haz5ykzv+sue3u9Ji6k zR&(g@03vgXxJdT;*>`yEpPM6?@eP{RK8LVRl+Yu#3~f3bx)NClu9u2kFIk>}cqVc);`acJH-RVj|_g%Vz1Pm04M9 z5M$gt$UJSg#dtm;ak2C;o=Hj1{fV^0?GQRTd7ybK?>pH5zxVZd@?9?TukSd38G8Kq zaZgVV%JTtW!L+mo_wL<;&Y7Rz9efWoVPC(hXlV(60OIrfKF!024+BWptr+WC%-E2uaI-%9EdaXv=jJR$s!?)}y;9{VOTAn!3l3;csob-MlofV+9P2J$ zbMRg*JBN?Y3P2Xk8!*#QUAv=H|La$kNsck@xc?CIM z8k+KQV`{G_Vq)bsT|FW@z3HM{i=OMXb?@Ho9Uhj2(|hFNo+q?(EOk9vzDLMsFXlqr zPHuBu1(>403&w{Fac^k04i~eB^yIv9)iX(m`zM^D_NPwo!b+PS_hLg{JiR5*yPY(U&6zyuC69$z_KcYK-e8V9QP*- z%}nyvOn#Xq5N68#0(43QR!9K>Ci<~K|BRm>I7t>0JvxVm;I{39Rz7;Ho~^=Oe^Sg( zK}d)(a>ObYy)x{40s=q^e761Pt!b7hP=6I2;3v43j7F0dZ08!`>jUXraOFZ3T zmCRxjb+eV*2UN33BT@%*qZ0gN;}7EMZk;>lOr!MjWoE5n_LJJJYK67e;_QZ>ro9n z!MhtQdftcgVGm`Xq^K3@PJoGKG84PGrj4sHO+z(X(vp^z%cq!&unxncvEpJC@`)>$ zX4-RmdkYD}TF%Zve(f9+`_q^o+nyY=5}TKFb-9beV;eEg@c54GLpi%*GKK$&NI zmuex`$;q9LE2B$$dL-x%Oe3BrSBwm-j6WM=N-4p(qYBnRI|uE`>!`H;^3Iq0q99Qi z=<7o-BrPMeUVr9INGj;M5zA$vudfd_gED$*Gvr_XF<^Jb_^m^zgg{8{OccV>X7vz^ zbaZqz3fRWwM~AWT^#~OP!$v=ARD`m$GzxP3fod)XV3CTBxF&6MK}~HweDHKr5)+bLM%G^5LEwt@OMGxu_he8RD=UyH9$^P)+?!bVYbow%W zp0~BNoJ@eUfZWUM2keDv$u~RF9tEr2JQs6__*`->fyyCax=J=`=9JBs!y{e>mIIrPB;vKl$% zX3B&3gK!sNb2Bqi(E7>AbDRK$3keCdEQsCUji4z8fqhCX zXC8Eso1p;8oK6IxjgDg1n}k9DIun~lu~@p&rrJLM%`>o?6vCnv85^aZTMKtbkZ`$Y zcJVa;y~f|-F;VJTI{5+`%VRc4UOPRhcm$_p=GdHqMD7;oxCM~VYuAqEjZ6*?7du(V zYinm4x5=>oHZ)cfI(3~cH4}=DX90FcRO}85udeRoH@0tyhCArOJ}#d6Oob@SEOn;M z3tAT4_?OzAsu%|;Da_Pa;yoG#p@D_F;lb+4_5KST*ETkaj%Ivi*6ZTZgzj4d&R+0| z<|&NI&p!;NjN-QG93*yKOh_v&mDbZ6%T}(QN(;Ep#MBB-iV31L9mxMc$}li8@m>8zPRaj9-7l2&|t7elrIAx|p;Ca0@5o4u?3N zVfU)=M3siu-bi;7l>mtDp$fuMo4aK|PqOe;f^L0+1_eKE>gzC2jSmc$28&lS< z0NDj@2{alF*fC{<*L7nW8is=84I95&K-un9RjP^W@I=maQRf|+ffq|{8TE%d` z7CW{@ygj82)6jBNx1bjWdJ7M4$Ta2VF2U$_Al7l^aCJ4vJe*GMXm890`nsg>a1aI( zfq8|kZaG|ZAJDqPBG83M{okLV1+W^gfDY+|zE<*I*``w*ZxtxOs*xvZOiVfG0So0< z(c3+#%BDd8h}J;Z24%7wiOl4}zWf`yq`bV&sEH%B^34P2_ap-EKI8pY{Hd!a`A75Pv;S~bOP{UhPiX(&6FEN8=_$9dSA+BRaq54a+yC$QwEq)v z_Wv;vX!3#x2dV2FlgIx+OJ2%4rhgzHLa9oiEiakFCe4+vPY_o6sf3Qz*C2YsHb$xT zuq|^!LVB$$Xhu%o=33F;z43RROE9W1-Ojf?<^!%4(gD;v;E=!_42(0_a0Flo8M1I89 zFBLbhat1eQpwyP6BUv=;cTuW@F+4W9_1+jqs*bj{T>A=>Bevt=KSF@Nsa)bKh>n9QO`rz=(~Xcr<_4)`V@R zpE@{f1CpWy$#eL7!_<@r4b6MHqgrC!P}240>}xbMwY76~$sDCfS3ViSWb_s+HxE0Z%d_a%Lu2T zaaQB7@C#gKKSxDFLvnTQb(p1p&ts&IF;6k&&Qj zfk_RNlTV*6X)fO}H4Uqtiu@o&L(?T2h7i2RwY&9`U~Bcw_a{-wweup|bG3(CqhuO& z>fG^PTKNxW3iXYp+kQ?5(aYJ!jnsM|rPE`<0tPw_7xZffhljP$fIfTn4ACeJ621hL zn<3ad5lc}EyH57}GAteQKW@31zdx}kk@e6jj}P-QnG3*hY^`r~s<}Cbt$65sT?mVQ zXp^^Se+d>`6Yx)LY%Boa+}g)r=LdTw3rpZ$rO|0MX3=)8#HZNtoguN*lFSxDq`8iB zOEmt(D*s~*1F28(3gh9N6k+Iu|JLb^Sp3y*XU(e_H8t8|fU)sOWF#dkuvA$UxD6LllX2{#9&ME}#fAxf%|x>gIG)}}h~knk+}yWUj~*v|a27+)?)fn3 z?vZJP`W0GUf1NBisbP=jFqHaAOl{5d#qb#k;{>P}V@##>l;AubNW5r|yifw^?) z5{S5iBO3dnx|*7!U@X|$+G_9U05OP8F18#zR4y|vCtL!%(~C6it{K$;5ks-R!e)bcuyXB!8CbMIQE!0veA)mI0X0o#qdtP2q9;r3#oMo9+Z>=f=7+-0x~?w{^tikQ*u z%SlQ`gMbZ71g8%&Cj}`fuzPjRtE2t>Djo8mFbNs8e#O!hRaNdl4}Q3WpHon93W|AI zn;#gL+WFGu=`||GHJ1|$f?(|3uGB|p}e zW*I7^_%)Y=ry-;IxtdX;+CA8W;0F#QTU%Rj%7O#6UkjXlprNj#(Ye%aSt0>2!SaNW zv8AWyF{rV>et|T$ml`5m<+vQ?{QcnI0N!G3VsdwHpKLUM znJ-%<2h5b<9cpiHhZWd@xd{G;s!RhzdWc%YnKyVZ!Sxs&dn#CD*q0%9<;oRU>T~DL zfv*J=TG$GD<(3+-MXKHcg9>3I)(G9;3Hv2{GDo=qGxP;e_Jj}T!omA7HarYF3#+>J z_dnt1uPQ2fx!nk1Yz8KI;NTyf^i<`@Q&`Qd`ihHn>V$n2Bn(YBQ_ziOIuno^tYx4H zQ)RIO_HMnM2+txrD?(LK``4q7r?kj8z-KJ52DG#WP%FR}@9*b#_tER8ur&)zl0cn= zA%}6KO%mwKeqUj}1FZPqNWu!cz^95E&bLN@73K`Hj=;Jc-3DR5ws#Je-L&w z#bT(y3#wax(&yZqoO0_4bAA0Sz>?V>?@LQdAq9e$=7on1TyL&=VL^6wB|y_pHz;#X z4dbGs_Q73eHB~1B;=EZB_J#hk9k{{a6xEH~ENI-w0oYE)sxkNU5em@z&fJvm`$jS?ZD zMfySInfA2gRu?1>9f7gdK*>WoY3Ih)02hZVsd78il@p-*=V@2=c6Akk{{nmxh|}#P zi4ZEUCQ6r+g4*TyC_QhDglB$!VDqag#3CLp8*>^C%i%|>nb0DELL-XVhOrqC z>7lA^i=1tXjM^Z;KH5)u6{h2KJyyBoER%(Nr0L}?fyTdh@nQ*3S3EX}NA))em!W~Z z#$MAsJX`^w$(dlndO$1<{Da^hpyajv_HMhKftc{h{@LLW0X50Mi^J*1grTdCZ|xO- zRq?NlXeT>zcy}2=7`pSkz!V^IK{|jdSfkjB7Jy2?p$-EyJ2D`Ob3b`<0S_;??*gGB z12GZ3yrYv7D>Ji<{OKW`FdG}T*#nD4>>CcCk{|#}K;0@e_w8(duvVBFwIk|lI~ z(6LN`8csrzx!vLncPqA0Oj#JVhKI2Rcu`L8Y=9WGs#f!1;IZv_6xA9G-i$s3(v6aW z;z_-`n_Jm2X3gh3VQBM@Bt$Ks*T?m(YLO+95E5&|UiXFvD$}A3#6H?*a@& z;oaTc(CVF>oIt>UHR;>8dtlzcgrT}7`M1l#F}WKFh%g74g@AnV*7#uN4&xzvOsRF%*VUauP=iN%1o$BED#<4bni(6b!3d4@Z-G~oxb)u= zufB%bGcqzVO8d9W=hG)_u7PrWsZ$Jde=(RuLGE~I_Hpv8U3h=tOwJ`%X zP*E`qRuNDqgut;D3MNPjJ|Jj_z!LL7{RIP5N6~VT^X^4uuM) z#Tjlg_+j$B%?D1)23oct8UQRB+t`SB>{;sR>4C?0w|O61Q7bDC|0G)F(!Vw`Duby< z*nVItGz4=r=*pRy65`^l+7;as6ScDf`}<#NIQSBo6ckQ6_7?7#Df;`h`}KRZekUd* zLFKk@A_ukFS(B5nU8+WJC_Tzv8m1!G8WjD z!0=8X=vow`fp$^d+uMWe3Zoq;yN6_`#Cx$~qB<)uU%^lMu5;xbjK9KfYu$HyN&Wlm zKx?AmF!&QVJ^i}l58yj+S(WE>`=d&ad#WHX;AKkGM*!bH2L(-3IxHH52n}w2ZYQJh z?P?2t#aMXg_F0XK$miq!EyC|5M{2c{r!yT)VU(0(s@LK0u*B`1$#RL<~|1ecx zBUrgHrBV~V&&3uxj@?wIpuComutw?8y%=a;vIBTsRb9Of1HKT?qc&yGdiA;eE#vUi z2i{DrP+@PadL5>SEfNR%`%5i`*f3|;cgnQ52uHpfGy!pD(m+)0=n`tOev8m;(}M3C z7wgKhWz24Ym{|u2Tl#dse|rJy_DgGuHO1yCTmG)L-v;Kg`*vkT#R=dwy&Bi=@3djC z9GcF*keNr@&QtK(PJ{6g2I*p#WuW>)4T56J!NJk51-*;+$z~IDq^q^~Fj4#S=lzEd zjlk;(Bi6C2(4T+>&&n%sh|dJ8b@q6Q$0jA!yR7SCJi&FEk&^PHRlBuTu7~8|Zpm{o8mv}IbNYg?31#08@H?s3 zs1hALM;TaHIq`&x%W4>^_a}T900%rRon8!pctRl!5ROgF=BJD~fF2w5XUFv@Qmuse z_^|Ns+gE?%5(sW!_NUM*C4fUvyIoK#3jR5UVI-Z;xE(lDh}k9-zd+_=*p>tZQq%;B{aj{PyfasYd{e z7YKsQ7zP^y0r2_zLsBaRn$>(Pcuk~Kj5Anub3Ckd=o&_bUC1p+qv&ej&-gVy$T ziYKPs&_z0>e1Yl?$jlq~DCl$GV%OHzXkP>_L0iiU1prL@FqjFH8lX6!*BtEap?9K_ zKXIZ0-unc+ThVcGUd&e3&CHa)@Q;l9QuVGZYP}y!qhml;h+RKU43m~L4M~B_nTiIv8{#2%y&pfFsjJ{ zl!K7a1hiVvcNT(LoGYpbCj;}Shp<>DaLd5Ya}{c*3#Mx{%2LEy2Z^fS$j)iUERaIZw-34r&46l^Zusp^Sqi zxDpy{=;IPBH*{0=44jjp$|Q3!^H`F{OLV@W>35q( z@3r}{hT_e%wD|zP>#MA2U1A4iHWMfoBIPhP0*nA$F;v5a`FUU`fsTjK_ZKF+Z{a%! zfLDW53?p!HF)@%Xg`jN(EXnTy-vDrwbat2o!0{nH{o>plSl9#v1R#@5PfrIsPQhqD z)_Vg@egq8heEm8H4pyttQV6*O5rl5$T&YQAuqjd_ANk?>omD1mw1?qLN+0 z4~{&N{_nrNdgV9lxBH%w;qy?Pdabj|Yo7ZIpJ|ws-aGPKz3j(=FJ1DZj{3!Z!P|bslIvlbtTyodMf z1|cgCsfE>YnV6LsDDL8atjfvuk31`wwz5uqUqg{0iG7Xs)S^Uetm%;Tr2F1@eO5*E zi_|OEt_XRph#Z-Wg?^2Xjf+y(RO^(d1MW;Vme)I{?6&{TfWQai(ax@pHiA7w zYsc^1fK!vRvbT>Moc4L0x7x{kZ*MQQuSIxUpi$;I7BHQ(IkclY)bjdJ*sIQKNcYc} zn}a0FC<&1zT`DDO4Btl3iy0^dvo*6Q|t-8gcB^7tZ>vbPnrz<2t`Ch6vMW;hkn{&+Pc-dPEP0pOO}d$`Z!+$gFYigJt}FI|H|c(XP+*S z$5ZS&;_aoen=AITazVjR*`6_Wurh(vkd|pO?lGN^m}s{>ntpna`+|Mhut?==1pLAI zA@b<*HZAOrmpo7(^l$$6?Ua^jtEf0~ioQ0zK7}|Le%$`>^VO~L5|c!J2Voixl*M6a zVZ<2|{}oB!p@E6P?(QP^Co>+Wbhn_lhA+|t{rFS zrLDbV_fX&Ji>FkF2Wz7qZ#T;u9SQF zZVNlvGK;>cZQHY^2Q1e z+`5UFjO^8&^$^-@ELX8KhNQ zTr!}dGO3(R8dEsLYqeur$@luLt2%BpiJ29-$147C+Wq#lzX2$r#m)E&N3bW4kcm|v zd)-_8-7~Dd*Ymc{R^FF%lNIG2Pb^RAyg?^>5yz{khFN-r{S^`HH!h^) zrKRR;=;#npk;Wv3E_+SY=GqxNzIQp4m@gr5h(c2!$Na)sjTkN(PO_-LH=E-VmqTcy36A)lm>r)4!{<_!v>h{M_qBlbKa+q4-56(1d zZL>^ft%tTFghF7M`flkPjOL#Qv0=TvOT)ZoW{h67?{IG3rqlx8#K@NNU7K-xKD1|O zbi}OZa_g6$A8@`UC%+4&W@KgN>>mw2yc4haiMR>nwwCm)+40MhXJ(x zql8S%F%j{iWo-4S2{Yg3o|1@72ogP{P>dK)`RH#&#=|+i1CChhi57MgO>5 zF7P%FObL+&{Mxa0tsWiak$Cn>Qd08eO&sFebN(0ba2T4~&OMcqVoV(^Weks@?}QUO zbTGkv>S}11gwPmYbMG}RT~^L~6h@2lqp7LdFjfOMYve_b`^d7*-1kqB!VR%<^9PJRbF59 z%&L+F><3EyVEMU^rR%`3405i|dckUZ+O> z{y}(exry?sD0v2PvG4_Z&C%3{gpv=y2|X9)EC(o0LQ(^)*J$ydo(QL z8QL(YU6GcSQd~@aNcimBxm(Ni+58j~D>&Wb<6D?t=@8ik|BJG>fXZ_3+I?>t!2l5n zrAwtjKxqMKDWw|;>5@(n1f--JBqT&qx&@Sw4w3F|0g>Jl-*`ZJ}mmXd2347x-d=c4UpE8;H>so~|1Xm#5OP*(SyFsSrtqlp~?HKN#Yu)laRG-qz zrw^>OBzzLAmq*bn8S=8n`8hHIEeeu&9~D=|-E!vq{3(8PgW`y*)=5No(_8LS)kKrz zgT z@Ou5WUtvlue3vwxrnB!G>^+7#B6f{(R zK!3az6+!=VSTm?WK`P|f891=y?w&fr9CtjgtT+#j9y*C+a2;aRyW`_2Y}Xe-<}IY_1y!uHZ{p8e zgYgLo56K1Iym?$%J=NuAjBo5V!K9&CPhnA9f*nQSaCHW-5 zgPFP3OLN~!KA*>4eflo;SWWv0^F37Wm4QzH!c?5p(cFFb;hl8d%LP}-7ix(=AR3N~ z<$%;dTE2%evOV~*ntF??^QD$MpgKH|Hm`$Sgo9+#(Z%Dw)_wE4NFBu!1^Kg`c9h69 zWoXpk8ToizVjv~$6*=N8^n2s0qHqHW?`gw)n-Xr@Lo6?O|0W#gaCAC~=`E6X9yf1> zU?R>p&_0LlH|ZKm(e^{*8kC>xf9md>Yk!$txauED9wsk2yW0BUV|vqA>*6(?NK#a8%x>;)D>^t_$)M#Hoaqgp zL)eU;IW1b`<>vIRymSgXZW(jJz;M#qD$jj>zfJg=7%dm`Y5TyE*rgD0KF?p55!nQ` z`n>%8{JW71DBi6CtS>6`vR~Dc&wbR6h3yR4vNf8{|J$rp=uC?5HWAEWo zR+jv(QGr&2vZg9e=U`@D-h2tUj!$JAF+xjAck%Q@G&HUw?y1LRp7pqQA#AZEsvzfP zWMCAf4yVpYUt7DyTllcYYG?eMx!Uzq#Xq$>h3j>4^2BcaaNahyxW1_9>%1C?sc%>I z^S_^^M$oiwOgC`^IA0lEo2KBYT*lJW7B*)_&uUyCv@t|M8t2q1Z~h!0ha>eSlNuX1 z7hLvST4rjvcaIUmIA_)E$#M6%wT(4Z)?^`<_3e#YsuNq|YISCZ*t;`(1*P9+zr$HB zmu)>-^gGp3^K7KtD0yyms}Hw+dnl3!mgu0S=jyTfB;k#5uW1jszDZ2)l9Q)EyirnO zhbSmLQ!8_q;vr2E9OC8RUFg^cO+$QGjf(9guD+u=P#`1&SO04~wRq$ie(Fi;m7H$Wl^NBq6(HVrjGjYfc_hMosNS(*s9 zRFRUHN7cbgTP1Q*iu&Kb?YmvOtyAL}S)K5)Hp$}26H5a-4%TahkPZk2-&z$N+ArF_ ziZn*B7dc*!Qf^KnP#D85p=J}qNH3u*ys_ThsAr@mM4~kHrA+vz`z_-HghKUz&k`(& z{(5O%xqQMp9FdaZ3C;yjzM7pifSVPL9RS=}b?d>$VHFCYP=Q48PD;8>_d%Xu02<@2 zYbsc|jfKi*(Eq>aWfl}{&JFxdH2@q7N{M4XemH`?4v5yFRyaC33S4})T=K7-ox5Ps z`R*OS5Z^%c6`wtdB5Z5B11=t5w3PGA?1GkaaEN76Hvo=ou61WV-X7wL+kD1@Sy$HL zzr&}?k}W@yOTGyQvvW?h(GsU>!PH;Pn-n1t zL9)5|=Uywp9h(7oe?j*c^H_AMzG+=2AtN9m6FspoHtS!ExP|QPzqH@|#pgb{)?p;` z!}6#5Udsyetzk4I5bz*nD#7dc_&4znXJ_c4Dk^bxlh5(j9%Sx@9LE7O#(64CYx57e zlJ(eY(E(GLlenr??@GhMLba#-0O?E;jCP@lW-0r@=&kHj?B z!Cd7@S-Dvx#mYB5%M)`lKaoq=t}DlT4=_nDK5QT;HzWB(y z@T#kiTunUEFoHg$sAw}p!|(@yrhoAX)Q1s0FmCB2xeZn+;12{1r|W??z+)B21Yr8W zP2iiWFccc0H3ldRG%27N0N4f&gx*)KOh73dT=j^bknz4;h7vBc{x1}5v2#tMb+Sea z3u%Q-py5|3)H>^W(%;VsF>qE^_VAA%P=ksmzLsKcPIHHHTQ~h4&4B*Kk!2!}v~<9f zoh_hDIo2=mhzM@+8As)J$<8Y3vZDHI3T=10pOPYrW2~46j$iZeSkMb9Ic3cl=O94(e2=xlc4PvsIJltf@%=%E{HZJo- zzA!J3;Q9?E6(zN5=d{5kO-jD4e}&>f_fb!=3XaKc|LU;F**Vz!YA`zwyC?Rn$L6K! z{e+=G^&zey`P!{r@D{9ZDvmVKnh>B5rC6I^Zaj}xez>-})+G@Z8ymTAQ|CwZxFNE) z2zysQ%d088n;$1-rpWoemIey4J^bXs>J`RsU#jR*S$Z6XMePJFQZJp4A_x;d?l9_? zZ#Tw&c$7VXcM0_v^`D8VIz2zz+c z`T1c)OJB4rYh88&GNq)Yp=k@fr;yZCfYfEL?b3XqD#SE1FIL)}p-Fve(j$Lc$m(=- zD0vtHrI*`n?4T!j#XAb2pSAt&)Z!w9Q%U@;0hQ0g!@Y@fGLlomP5E0SC1gHlm9tQ? zRZgECn?9v4)TqCKpuX0vcT=4v!c$X|Ocpfa056I_u@s(GOvFc21akP6FJJT_b`Sfk z>uz8GaTH`$V_m7O<7cqfb>6(m$}(ze?|?75d1As?jPoEU(W&0e*TnNoA~ZE~V5LL) zEh_5CGc)$GoVL^ME7T-=U7@}5UrpzXIpR;Jyvl)?xB;+q)^j-}|AAkDjReiPA)>dvm1d-Awxwf?Y%7z(l*3Q+12b^n>#+DY}s(0ZA%goTy0~c%XDCwEtP?w+M@|V@B_$J6Ei?{{zQ=&vF{mvJK8j-QAW%VFsY0p6fzbQU$e07# zV{4+O0&I`c72qfU0i3*i;Vr(-*{M5rySpgDqN4e`N3eBU3|HAlfQN{;(*vY9Mnyit8#P3BhF(*+h;h&m9^H-J0{RrNvoNeZkv^(f}teE_f4Z zT*D(`;QsXSBd^`bjcYsy?Q{M{Muy0Huy+d?cr(Vb+1%L)*)z#TO{E)D+G=bz?<@Ws z>f)OcK<+Rz^4T6SG5D2uZLwG~clBhefAIE3g2>WRrS0uy43s*uEXS^`Pdv_)g#E#7 zJ(d!alJ+6@)mktlTSq984PV&7#p9&L~{fO&aUtntqF8H5`dFH zdeQO>9|4cm0}w|pE~fCi*d-=_n|3E1@I{NWvmI@1Ik~wg-q2@4hn`g_*^fa5c}dAmm&ET{>Iw>a z{VnG)hVcI(H+(Oj(Fdd~-`cF7m$vrAr}zOQp`~)LX)=~gl+GSFJ#A1MJ^-Ev3RtF* zfqEXh)|)A*sb1h4)=4rz+>Vdn0Zd~ivCL5HG%UxZJXE?D+%;A{JT%00|NdFsb5#x3 zHzg6Xo5|;T?iWce($IVo4!!7B`4m*Rc_WA^>+KFBz@Y4;{k4X!?)i53wViEk3IFJ+ z6UO*Y!KE3^(h^uFyp(%x)HerScyTUFumyCWa&!MQ$4xx1Sy*`bgu7g4G6VoodU|^B zaf2V|=Pj?UhLUob!Gi_JtZpnkKYs(dr{J^_Kqmr^7Q9(3pFbZkb|JfTDUh2{y{Nbt z&N67<#zsX!cL7YPkVa@E@~(e?%+AR%wyZ`ATJMPWhUWg$ekByWcdtAX&Az?H`tZSo zmVtq><2yUAva$+&aWVTa?Jw3cE-qQWJ^6j1SXzc`#Jhe|cu`=3g5n<*;7T+hAwtP; zu#qjoONKxxUpeZ=*!rclL@)aTrT+c^(KR-DCI??n`da?+4**U%hSYZS|e;k3L+%^ZrDA=Z>|eTqhn$ zKAL8hhvHemZA4h4DAp+hTAzQTMnynqdmofUmUC zUnXV)&AkWwSs+oEvVN&{l2{3cGGbWYO=`}b6=_C$odj97uzY$uKXuWls4t$Et~h*| zY~ym>gbsTw-hud&6vOtf6NOK<45$q{H$H#1FBRhb!E?U2iGS%6y@tI%yWt0#Jp%BP z<*W2M=$<%6^p=D)!SdUt2)?PlCpxrmw&LDj+bo>6B3@6$ojn(rBNSgju=rj`dMF-x zV2ocmE*)|LTgOrmX8_DJT&PPx2kqR8>Q-mRVzMeZr!g4J{((axKxX-Oqy+LFw*Ayp zs>`JaZ*Ok^Mc`zajY)-b9|IE;7)g)e6YL+>6A@B_clX@?_w(Bq zZ_SzZG79`{(n9u;IJ()b8Hx(l4r}yBa_lE-JCA3C3VMan)bZmUmc}~Gfo~o#5uJ1` zs5uc45iObkPJ!1K1Rd4Y)>CJ_E=C;j{9qmkIy8WKAR&RG_|;nvA#enLw;fLQR1Abz zJ}(|H5pNVUFpC1S%+6Xf2dHcTpbeNmF&$9T8opt6C+HqDV zx?LHQa9JaItxU_UI~y?oqC84d7`+jCi^mFZqYXw~pupg^2HP*#YO~YRU>zR>CSwYB z00;@@1$YcZ=5gRZ`RWx4zy&2GztSHE)&Fo?iUvt9*d$K%_Zyg+wmbK-a)K@hvU5n* z;^O0ri;Dr<1Ypn>$Yyv9)c0)c?RBePnnKnH2pAB&L%qFtczAcf__@9P5NJ&xokg5mt|a2R;>@dqxxHXnOXeqZUv(-?&7k*awMl+J;cT9hmzZ!_KZ=Nu$X@9IAaeC< zi@HgsH#4?eC%xu(4dX@>Aj3~D`c#{grz-?sLudV;@~`Os)-W!qv~(3;^zoDF@{cEb zSXq&GN_vHhh=6e4W%)1&GtpICc-c3zIbToB ziL8IB`IQT08yfqFo+-9xAc7Eb746*A+QCB9^seGc6c1VeZ{_def0fZ1YW9?r-p;;P zLd3x)#T#7mXTJs!#`a_K5_m&Mf5F?414a_a{i1<=3BSw7M+BH*f1Y6o4P-Bb z8sKbtar>yK&{I(rgO3gnOdN%h>440xt+{QCa(Q{3gV^E64=@Z;g!31S3E<5fbo3UT zRanF9iiQdcew#mW2XhQzsr-;_EzB+C=jO6x-sIxuKH{%!eMG&pvt#*E<9KWG^s4!J z|1cRqsoUHu!>+7CuXRW2^sp%jYBipC#kE{fMw zonbG<)zwYYCQuRJjd8J?mdcAr-?4nnudkn3BqN&2?wKM|Lh%-vAr|cHZ0}2Jc5Bd!Zt%Y zM@Me^c7Pl&Sn)#@xZd3kN)mK8Ykwv3SeKNP3=R$L@9ovAfD+kl?XR)&MkW!6c)$#2 zQHo^)1g~HL93rHL*Cp$(qpAu`_Rzo}Mi!Rto}R7Y!c?Eyq*t%V<7MeriAhLO9@@5i z?c%&kSH)W;E-BeI+F{pik*Jfz&OYeeHWDc@u{kLtD;*jTyg02F8xx_!W*u5mGJEZ3 zQhZtThtkrhrBkdzPFc9;MLx&V)~okAG6PCu{Gz?quPZ3{$I-DU z8tdH@lyOy0gt~6(7Zh3YS`=aavM%Nr0?rBr5`2t?kq2+Faaq+Z8qnAIa%osu8yt3Z zlb`h}sJflC)OZ~Bf5nYu(P`5vfjg?uq1a{asGxkRxod2T9Dz~<$?BRz;lJLpaU8`X zp=Xd6eB@e#(gF)#YG2H{eVJVLdkFgria26XR&AtNl zK)@?lwd>BtS)olQ^6Z%*982G0-K%K?1gZLZgeX}Ai@`u3H;|r+U2lF{e|KpVYG009 zcqxKjwqsvI9-!w*5y(CXb|a2FI(qZDo9GnnwV>xoPR{%3`Q`V8*<)F98m`}>&3OnS zpF*Ai?%m??*D5sG!fdfGB-{lBSNGhS+;Ig&g%!55^2auaIyI}@rDB`LG+A_O6t|(v z6CW8okNw5DC_Fc?*h?7C-g7?Dq;1}mTTAN{YG9j-o9#V47q4rGA}=hJ7pgkuoc2d= zjenJHl3HBjxu_x$L_k^9&lkPy{(TE$IR^5_UuJuq?ouwx z(^Fxu(SNCyYFO%n<9w>l4eTo2fZqh@(a_|4-tA8!gX84N| z&EqOgD_KR2?WMqtJfo#r?XqvV@GLbn%yM?{09qMXVr`;HXL*>a0tDbR(Gy;e4c)}& z26OOgKYXCYooqO`hHWq}5&AzgUR!PikCR_m!Pn zqJx&4E2~h1B{X**3oBUZ)TfJJ?MU^sp(El}>3K67X;83n)0xbW2+`B}ZSwyPFQ^NN z{`xg_h=sngy6WpEvH8cz+TQ;2t5-Tob{#{vDmwiWP0ezgOqZc74R8jQcV^UJKwA#Q zZwKd-`IVGYf4DthhrcZ4g00d-Lo>k1QMXm|S#VDq2V0~ePYPuE340;qVIVn4EK|HV zM1ApA6HnRz-;hh<1?zIpvprjbK>ttcw~y%;s^A;d*_#7dGXS60qJZa{mN>QOBO4gzq63^z+0 z)RK=fFOQ0nd}qAZozx(i24wjI8GaSE-TlPJ-&OW$nc$d*^#2;a7S!l8G&OlF&W??i z8Ld+pS_t{@-$8~v@S=2Mj9Xn@4&6J8e)J9VSW^>Cp-w}Y>jDS$!45U$9cF=y<`YRX z4PNAhxv3*-t-y_c6AE_JJHNj%$HIPEdC7}B(5>b$+@?gp$7~wr%IsXGijXGiPQHHq z#!DM53X%&DC;jnnToIAxByOv~5P7{!G_~8V%7jMn3$bxH_@jRqo>WnFe3hIkQVKF8 zaw}u$8!D>9l`hU4UPSc||32`)Aq6&-vBzheR4+XnZI9ER>>0#sy7w6GYN(fc6g;w# zd;!a(kMgzOd7`{l9hx^B;-Td#?jp0t2YzH(%;nZ&Eou*aA|vgg{{Jm|AWPO*i|V3! zoFL@HjrdB4J09Yp`T+IICMD$LqY?Y zS?=}?DpVXL8N63`kaSxWt?@a9Zn`1#A&|@uCV1A(u%)!CbQIO4v>pO`5fdFwpJLD( zvi)1Z%#|1DXE<6A+U(2}hx(k{v`x>YH|L*Q%~hDMg$4NZIL&@`euH=yfvwSdN(Aqa zlDa01k`)U95!h*|7|Efm?lXB3|B7+< zx=!#7ZoclL6kTirR*n3CoGlibuqcg^yEB&D!#@Tk<)pgYcg3ZpOS&WgG$RwV_f3O5 zn3tOcZkd95^5x#~epEzRnWEYiyCvivrfxy})EQniH}U#*rZG{!L25;Od@Dc<+onwL=H7e&1HTo!TT#V`?$cyz>&g9J&?OlY|HVzclJ z-WlRN##*|CD?0VT`!8g0al{;-V86QZGj5850X0rtj+lXNQV(!h$Py^Ln+uTq5 z&sWBd1>#d8yDtFxDZ-Cw>;N?RM9m4d~%n@O9hM~eNi zz?*vOdX6blSAZn`b^eLuY!I5K?n%qmK!NW$3lk%&`O_y_vX>D|5>kLq>z9%RcXzEV zEw$?{cJ^|A1UHG8DISy%LU4Fdus&O$it-w+yo9q|5q8Tx#geM={4URZ1W z>yG=E59LIsn*TR|K;X9P-%t+zGBLoj_WAm?zJS1x=Pbc*LoJ_LzI!Ezp!@s&mdh&p9Quaw2LqXI_Fug!G^C)4=KZIIc2UHDDzMNcGWzuB$xU0%#|JNR@|u?% zM2UY*5ds*Cjf2BRjwU<)2tF)6A=z_&!=kvHoOB;|HD|-cHKr#|9KJF0YhSTmLec+_ z;8Q!^x@u;oh>yso8iQh@Zefc|s{O9tv(*ob!=fV1)vj;cv(vUFyxr}WuUy$f8jp*u zd;H0%_RPVsy_BAmjA~H3G>cvi2jiR_(5pS%B?TM3qRQaM~V$hMPCC}h2IOe7tZI3lP9;%Z-!-#}X zTX(AW3so=&Fz$OEiwE?KiFevNx?Sc6M(8&AYrfi_S1hmYYfgkF_EDlir+Bb*k3l|_ zfbKr&1{7ftHq$0Adtos#Upmao0ReBjyIuGOo!OAfTqLtA`xk86;bKC;n~GiUBBcmr3l#zLFs?OG~TCCcDv^q`4p$Cp4mS>N$oRE=%E#Yc(2$Yjs_Fhn1zJ zvWn8l_Dn`uG+nVbV~~mD)>V(kMhkVv*8)=`m6T9GLR&p!zxn*_J}taKEA;uqs2hak z7FrDljWcCyJh^!=^ROLE(&*_Kc7JV;j&`oE_R{!zQvI?kdC4o#Fzxa5DST4RqNaw8WIWbM%>P0G9ySpVk3E+W-B&)I z!f{*MYnO1tg5Sc5o;64x$kqrWH=P`UiJSk2zU+~PCpyA?Ru(FfhK^ph=W%o!X*1;5 z9okw~=Y$%#)r4(Gz}wla9wDdSOq@?6{bW=BOXOy05-f3r~S(-U(*UdeX4d|08YyArL5u0%R8UrbEOhbu-8xyvw$!C`0);G zte_zI&TbdRJCu4kg(jT#t~_sGAL9bA2M`beAwEn3u{JgR;tl!$LymaRm4lcZzrO}YFvsYh4gE8CNJD|`G2?UuryDRm;bz0{)|J+GO`bSJczs7|c4`&HI zCSCy#3mVHMdt^K_FT8VRE?pV{x_x5oE&omk!^+%={`**biXGwYfw(#g1~@`Oof+sn&dz3n=N44#bln& zP1kEbK(PPI9~J6L1>g2xe{wIy)xWI$zb>hxfxng8f8SVMyq#hHd=HUjdH=)kO-SUc z+{VYMPjzM1NW?|ELf#|{4-GrjOFjDHHh_N<{>=de@2FJSXm$1MYy`y4*Z6L#I$g_1 zTZ993)N3B-0Na->YXDU|*!$-rcyg{2`&hZn9*-aP6C!#L{M$ypmXHStp2x-jm(mGvCvw`j%Vt&P;IJqF}=U^6b66V7F_v0|T5^IyHl- zVOuri-zi03Uy%!ivtrCE6Nt<7Pv{81{7^0U_s8GU1aj*@J($FZ-S`Fqjac{3b|BD# z-Z&FOaAah(Wh#Z~ix+BT#vTq1U4VD+j%tX__}bnS^(QUVIUZif*G*EJ&4`UZMm{ zv5aW5@#0G~kBKdw|5zWr^05>i7;cv!K04Yv%hQ#D z9K6Pd5s!n`iF|$EJhU9Yek)a2i?#ynNhZtd00;kC^7S|FB7V?ELHGI3Cg*9V{-N6Z zPH+20VM%w^?9{(=J%7amR|90V)wV@IbVKeM9u*bG>89dOn4bO|%)jY1yT`^ou)^N8XF{Xx8V@HO4%8#Y`S}|L;P(CZAtvi>zj(_}mkF!#i8d58cJ zOt%Wb@8aUZtt%XAe;N*hujJ=5Q3(DDl$UfruUCL%@w5PFcV@4xoPvUpx?PIJhxDIn zmKKs@Qf%j^b#VMLnsIVhR>1xd8d%7?qzKm^hv`{wj(%GvJ{I$(IR2CJz~d^iyvK6; zE&_Z(d=>8X!24dC79cTzI!pX6jYrc)0YixR=dyTE1YIz;TR@OQ;D;}=yd;)AU_ZGS z6BXm|>jkH8@36w18^D4;#(4N6l{Vnt%Ve@2GH=xB9M?6@rgkfC#8a^F8Ga#r(6 z+s;!HxR$cz%gBWsWqCqNYtv^>zRJ7~xeVr;W%08z+~@uej#Td7Nk zBnR1Zw>myJ-}db9-DUndk1aCstz8PjTuE8EuP304O4I3!?J3lM%}OuI&Es?uHD1^i zZ|J~6H}~TPf)pjO$w`;IcA*Bi&{7)8cpCyXao`U$J*ll*!?l$4rGtl+8vDdkm)pJOu~JfHGlbaum@ zsjaP)t?eaS?~~JGPAj**{@#Gl!0%n(0W71FPJeDtGdlPGz~J|723^+{b!^#-0gwj& z6Dh?Va|c%^*cbo0Rnxk|k1|zfbE!d;)#<0$XGwqp9QwA)1m2qyCk%+je0)&RFaw-& z2OeP_A$Yg1cStY1mXI@Cn(s_}&S_AoE+4x0;T(jHdW*v!7i3WMMx)yM^uN?No?Jn2 ze%Vn#bMEnDgv}#?3!K$s8k}h9vTrEm#ujK@yL4sEEIT?H@Rier`|;DUX#%&o{zv*e z({GaOKQizfdyhy85&=7OI8%Y@Y7xmt-X+GKg9as}LFVr}`_B6s_t!c)zf z7bEx9Rz3@C3B|E_TBzOvORj(Az0I9%?jB=b^Zk$S{{Q2?Tb)SZ+k9@qc`%J3%Kds! z3GawPlG%?cab_Cr&Zowoe92IHZ(uO&iRwX0mA1}`Vq4L4~uFE74g zU*~}h%#E}jE14;LGUm8GdJI{9PJkpx3aFw#=1?}Yc|MB07M*-LT|aR(bWJ|_q1W(k z{o9i33=Ae#RyvN|(2W0W6hy>f28BgzB%PWXvhe3tj~+iB>99kcvs7{HhQf9n<0l(6 znQ`9|k1^vPu{cjvpDHV=*d5dgS#}uW_@!s_ZKq|A!L<#YOvuaN&V@Xee)qi-s(@%ah!pG)U){@jF;e} zKp*^hd&k3=Z^~*~n2aOP@O|NT=QEbI|4WW}LJnJ!`hKroHeZq}>b|Vgn(7Y`eGD<9 zFD%z=N`1*VUq$+1#DcNX$9NU*#hDq!XU~$LQE zfoU2S{(8W0f$N5?+TXp?%bG-i;!QG;wYSydG#4YICYFgbG+HE*yvDlnHsI~z?4ogj zv6+GU$YE#n8V}6fihQc{^{W_2*_cWb<@vvr-OCAKG&nd{A4={)Q(W!e-JP297Qqiw$@I+5M=(+Sxdg7un!$vkcfDPCL_J9j5OFS35Hry*msxdvg!sYo7Y*z=7=-qmB``P? zeo=XHb8?wR!gmSr%Fj@^1N{S!R6#5#E{=yl5-yu^Us3t-VR?|Imb(Eg7SLOXdI%)O z4>U}{h4c2KUdN*VcQoYvy-S?IU(^U`{oWU$QtP}nL9b=;Jw2de!yvanw?&B=y?_5c zP)0yrZcR17sAKr?1Y4?&u?m=YJ*-(ncKvz@5Qv_hXVCxN-QI>VoTrKzH}^PRHZNKR zSB!C6$8oqQrLKcgCIMQ3(B<>89{G7Tz&LEht6SaV>^5>3yeUj}(tnZaEDtw{pTFw) zgMHP-hI<&R z$9pIYAjV#z1}rv;)0F~D?=aoLJKm=QVyMDmvr6-zzLnE^>f+&BWx& z^<4>{*RO%64~zg14LbZkhKBONZVuR_y0Rr0V-4f&V6tO*QPCe(bG#dSi(R+CenU#C zUDs8M_uLv^a7m){K39N44J>!4C9FnjZ}1CU$0yn6xPKY>ONiTn`h1&WH+5C_I%MHq zG3tZ=nT6Zi;#-5z1W0PsMyPb2cMi1uPg%IZa4aRHXvTcwRP01Yw!)2aY$|>eDMiVq zQt6B+MQ+>{iC3%b*p751+x)z?n$ixn*P2>d3;`qoG}r~k2(m6p1el~(#B*~PfQbi< z_{qa&p3axc@}A~tJMX@H6U9VpgaDz$-fsJrKg3pPx{9d_5-G=64|HqO3;8Z0!L&3g zZkDvlOv8fwkcjjq3O?fhW1cVn)K@|NMpSbZ44IJFXjCHvorIhd;{7;7zlZ}p`;`o~ zh12VuBfXDT{TE-)DLwdoR1*BxITxeq*2yZ>N2X;b$bX zUQ-eGbxTY|e6&yhLk3z(JOnfLG}xps-cw!q&V(T3UxgXTzO6MwWQNEvPdiYx7&h;s zvpw^To||5O>a2}j;iJDhSm5wXSN9rn`?l_7WzZ|-<3I-Tw9K$9p~B+v9Spxq#c?M`41QLMD06(w8+e)1zGC0aii!$Ok)gML z^89QoI!$?|I?SX~e~wz$7Pv@nQ!X{jfkQv$3*`;2vT z$n8BdfvyDeBOuQ$C#?zCRo^neuT$hEpj#7BL^dO~0mqwaFm%d^rJZ({oeIIb50xM36u{-w%+-{b@WRV-GGUk7sdY+|?JrH4HidRc)EiHvp<Az|^TV6q%56B9pp@0}hWpy>Vhq;4rV zQEquF{5A@5JrEs%u_DjzIgFN?!UT7d;}b0>Sa9GmOd8?{W26emFI+Uiy;w&{sRSnL zf?YA#*MXrMg@9|+awt^l^-WEs#?klII7kfO<9eAxA2p|y1G-aR*ILYtg4a-Asx!nkd(wmE?k11R0RfJ zLIC`Anqvd&Em)*S0E5BAPGCsEU-ar9I}KkrDE!yrPBdsSFTab30$&nyD=XlOvAiKr z1KC!Fc!Gr3@#pm7tm(BzyQom^B@!&6nJr{9UHaS`EZ-hp z*-Y7VpzET}g?PU>x2~{w@uCfm1z;b#y7J$@X9G(nut+Y?9hjkU4&>5`W!C(m{~1I; z6AxrL;xCL*0hR*iGceC{X!5<(u;zW0_%a@(T;~g^91ASvr zp3}0c4O$oH&9@VzFMw8wG~|czho4iJe?QhB)a41u`$k92 z4EV)#bgUYYouci4eREZ)+R)O`G2Uy##r1MUR|F3-B!E5N_WSMC{t}Kw5%u`OP*a#I zG#TcB=xswE+%5KR&BPN;$icJaU}bls<~PS=cjEK8<)UB1Ar4OoHb%QNds2=8cN}&-=u%s zDKArcofiFz0)A9|B^E}4W+TmQ(2c#{s+2)H>zVZU#ue^x1regf%ap>xh?;zyc^CDq zQGP&jaX6Rpqt zl=Gfz?Oh9#RZHDsi){AUx(#3n1}7ePfjTHBg0&nNQ9`D}&A|a4*duT+R9KAs(w4hp zt1M}t^s8{!D>UFObc|a3s8nK_ttRV_kGf#C_2{+z{hN#D0x#c4e?UcU{mf6G?w3NP zY}EewNat=0zO|V_Qey1Z*};guXxGrt;P#)t%h@SI^?XMHe93m2FoK9!h&elc^9Aht zeb-rH)xz`+obyUxxBNIk^vSg1piv)}aV(&1dCQ?;Jv0|O9}n!$no8s4GCULR8y$V> zn`5v%Z4lBp9V+E(8cSqYtCYZ>Y3_1`Z6hN-CfR7Oe$=p6kP zI^ruF?;;}5k-V8^#GCw9Y*Z2|g{mFhoqKl>Vbhfwl_$|rQK-T-@;Ro%dKr%x!pJ8} z+RLCSdXVhJ5iiSMf3dXoCYFZ|@j=rP{XI#Q#hzTqs?!N?t+&Vq+2*%5YyHivIl=u& zd+03WV9_`$QA_)cdfa*2u~DqNhobFHPXkN6O}nOq#F%BXb&ccM=7X*ob?5nhLi3O2 zX4^rC$J8@J{UI>~8J59oD*I*nOD4`1Ph{Yn(Ix4!)g*$L)4wW_<+19A2nY7p0r)Jw z#<~WMzjhtKCIIgc7ZK59{@M#n2*G_B${U_XD-3t<=8F1XMQMZ^uPT<~V*Wz4!y3%& zJtFJOt%{cd5p3JQg+?C##}BbIzpD6m?-blc3;+xA6JcL)Rq9c|r&sj;q z?p=Q&S6X$r1+$%c+$t%4?k+L4nnuzG+iN%c-hL%ujT;mY^8r!09JW$6@$>a$ZDb* zrrKY`Kl`gg05kKKfn4O}+_x)G>H?NK`A#uJ4vvm2ckj+bA;QMS#(H{sN=p4sY-ugb z+&tD(7~c5YD(B+LVuk_5ie|3jDslxW1);tzUSUiLY-bFnrn!0b!=LT#9{PEn@j&|m z?2LAHgt`|)3f{iOQ7t(9N=N(8vk;Xp5c);?XN7JnuSd5wDk3V0!(|rxR^DS7RmUO= zvDS|7j4ZC&fdRqyJXGnS`O(?rJ`(X5O;GzmZ&QcLBOSrUgO0mlpTEe9=H=ya4Gw8* z|A@QHzL-HeGG&l&G3GI5b{g*X>QRm3)?BTn(`mRRA58m_!d}|2PCTnA^Ng8$S#f3U z{J6_uEc9J(QTZ)S!MC5GT9wm8n?I`E$DAXQBi+8X^043i0KFA)@lgd` zuWlv@FbGL`!{+eqHh#DuFoJvgxbLE(#>+N)b@c#ZEh|D)&pCRTUxx=(?(L z-5b>(kpz_ycR0GOvJfu+x>qP5O!01Mzp`IQj7%z8bzk4H-QSrzq5Eg_>lZF$U<(WL zj%VFH_n5C=pY=MacNpRw7INI!*{SbU6+sQ-xQLPTJ$>aXHpj<4pW{VKbMbKDr(e?E zuSc@}BHWM`mBcDlAW${NeEKmM{-noK@9gYz4c8t>j&eDF@R7Awby%Y6t+b+Gr zb1tUx54w>N9ih<&*j$+YzIMOBLAnNrP9SOG;}eS1*T-v5f^<|<1aTW|7VlG-OwI(~tTHCcv2xlIcOuHOnv^-ucr^&}6Ar%vEg_1iC zE^g#CR+4#58VWp)8l%esKZY!CMYi83HO!%8O^r#JaoE=|d>OnnG5{U6i3&^F3Gjp| ztiu8bw6yGg2qp>04aEmm;?+l-tdDl?qa)6Ts}44jImN|_&+dCHojby?$;5=KQb4fU zjEp&EhJYc3XG2B5JdTLd7Ya|CS(N!3O(}`_i~%^WgUHsCFq&vpSm^Bu-_+K+gC_|V zA++Tn?}Hz{9D7(^<$f1N+II8UI~t0L?1F;zmSj{^X^^Pe$3jF4KOPjHM^r^bG-WvX z7>2)%zO5NI`&0CsK_1P!D&91YqL@^0y(GI8h==PD5wir5^9%FFJxRrXh7XfW#aaqS1U!6de$|w45E3qooee|gpvLqgi@8AvJhX59 z@s9jDol8n0lT37-)&1l|QzPM_wdMtUUSLzdxO9Ga(w0-4fdcv5_s=EvAhtGnE>Js> z0O$Xl=W%(_^5RAfHMK_)5#-W0;jp0MxF-%{JzCd%%46um)37gjd^>zu{km>}4fn&@ zX;;*U@O$vuF2&IIXix=O>a8g`h1_XYq#^RfHoP@*4^%)Q=d>H$3#+0uYZICh=^qhgE=0fA7ki_UojR80nU~1}H*}p8m!vs}Gp)Zx%PfuE{Fs-^p57#QK$Ad9TH~~_{Jsm)_tfJZMKl)oLW=VN;_d_+jRex)j_!gzbWHrSU%#u~T+9mcN|sLo zYW8(qavx=LOXhrqHSXA%AOk%;CITAQ-=9d3chSiMu^7im4NnT{pP`VG8$3~V{ zU&tqO1lGv88fU@b2pk9k(*4w556s^eE;;SnZ3`U?=j#B=hl^M^%FE%&qpUbr7`A+k zjfx>%UK{c1#Oiw?0(S?>w5OheleK2Hdm$E(j;$*L4q?M|Y5x znrXN?S{0O(^n0P*yfL37gC;BlO%v#pT9Fai4b@+gkgqf`HsX_WihFRzAZYw5d;9wR z!69BxQW5B&(+JKid{?DdU3+zsqx|Q7!(xGzNGQmc&Gb_NI~8%l?xWq zJeIdeY?EclK?^o}OB2$>AztY^ zW8BXt*5gg_7qLCwqJ*=Gjt&X}Gpfh^z}WAk49v< z3IJ zFyNi zkd{VLq`Tq2ac0gr-}jw4=U;1Pt-&?2-*@k4KhJ$%_Z7EuzcZ}Jsw!nNqO(VTop0Q{ z8o)H_Xg`)w@gl#ubAjkeg8pj6@B1u-=Iri3BOr8CcdD*@%~ng<{+jF1WzmZl5oS)d zSXO(=&fDVfKFyi%{^EDyDmAkmQGMRrB{b-@8{bq1Tj19XYQJ7GE^x5^dL&&14K)%H z9`4HHAv-R)v)op8t>Lj|JZ|{f)GR%FzbnOHy|?fDi>p^Jdk(eFFs6ePmqxG(xnO^p> zJLow-o9f0hUq>JH%zNJzmo6zGi6W?=AYBn36&-~LD%pw1US#295}@VuFSVV_IF`gh zwzs#*`i5M8D!DwUV-o1P#@;h0rI%pzMQRi`X=5SzwpJJAUbKTVpE?3Fe zd5AsW3wxqDaf7lawLdk z`-|beEK`!|ftqoRQTd!2jO?t7iWc5;37kgPbe>*AG-~WEw}-7yXnY6VtlH~Gl^X*e+ zXLk|?hVeCakug!@eSIF?g5HYt_oCjsxxYShR=fUG?eK>&QMPK8#c4uP+q0~qd{P<) z22$K>CdN8f@!MYR+FVvvj+DS}ym;xD&Gw|e&izB$)pzMWEc5H}P^%p79+frfenH=@ z$w3|M8|b-8Na(UYrR!2>dGlsnP5{Ne1wm*ir|I}jjnq%c=aJaXmuaWF8y*H%BIvavAz-gOi2^+{fo>N5L%20|$*IjF{l>&E>G z+~`}@cw}rpvQ3Si^5f%OA4v6oC8oCn{q^c7hOsRgSxF3e7inVk>MW zsvR}qp@E7gH|?RYde&Gne$8AliW@L-o|Rx#?2@U~Xca*78uhCdrVlfHK!i1yaq$?u zd1Ff&9|s5Ig;a4*z!?She3ynZ3U3TcmYJqc+c^Id7OOiFcT&08-bO_?HL!|^h>m2f z7O!(&|3HX$@P5xoAXIWT=GJ+)u#`pxrmhTrmmg2Mx4v_Mp;6k6Rjx6urI#aS+Slpm zC*rp&o7IK%8@jKVHyDvD{>a*(YHgJi$6n@j{b3;_^i)LW9@1_R)9HLpmZ4yHr-k8# z*bsCGGx`Y_U+C$nrmcTu9!}`v;RU21xD~_M0l6k((nNQ;4p4%c^(2CV z^7`n_{B+X?YQnO=xUySRi+M-QNs~DK1#vWu?tqU$6%3k0NlB^sj@YF11iyke1>eZR zxS7C9d^C&KHt7X1x#LG+4}?e|>uw92jg_w|6|^EGx%kAwMEG zprd2dDC#WA&26^%)KOU`1J5EdQkm0qqNBZiquee#$D_fY@E=5I0h)IIEm%NN@Q-Ff zl9!iP{~`x;pmDpeIIrtGyebpL+}YY{v3&3W@KhUX0KEUc@!zmBXg8^3-^6Qd zR3896?G7~Euw&=usT5izFQY{RiO^Ef*Uv|NzPzPw+%!0&4XpIY`L5i_Nec)MkLEf_ zC6J2c?*AL`NnU<$vG9dl3eXSI?GN@)JbOCNG2TqjiY{4JDx3^gpbxXS3j z>niH%Sqa%Izw#S(yjgZ-$1pI5iySHDm&@7d=TDdVKF|IOB31lKqst;@rC5v4c2?%R z1^C1Q9^g<)F%RV1FyXtIZ&lC0fqC(Vo%LVDWwZD8@O~7t`93%ZEMj9^F*~L2}V1K<7W1Ve!!mn|BaL3{ov{p=(8W)f| z1`8}(-)#=bc!!^mPV2tZ?2x}S zFz6oW0W{^YoE(XCD!lU(RSQjWg3WI^+3z~<8-{~fQJt6fiNm1 zMfmB{UPiT@VlsmlA9LPL$o;i}IM0a#PVE=VMSc7B-fl}$LpdH?%Qq~0X;PdrNgH&4 z&XtTfB`Said3o?t@f-ekNCO^0JOzsr9$r*nWWVVj%^!%_UP+FJhNh?8p4h3Op`mHi z&f_rIKUNl*8LLHY*cW&pt|}$2ih*SB@4NB~uo^DCMBMT>HsC3NE~BV|pFYy9fprRU z;8KUBXAu+si#uA33kgQ$EUepr~IB=z#kCbybBh$tPFM^}y zNC*A@#2A$DJ)s@1K0z7nZ@%E+WapeS@tidh+Vhx|=UqNMy}7SWY@V|U!(-YvT73Zh zJGAPK6)nJ%ZWt}Jc9g$&Tu;4Plo4h*Z`&Eef0OENRip0tSlklr^n%UAi$8FmWSgpj z9^;>T?SzTTtv!S9Zx0UOaIz#E>+9*uEs6f=I=wRwqRT|>iIr3Hfdm{v!nk`{r0YEY ziZgVjuR>`wukjqFP9r6raNr+VA8@;WxP&4orZ*7Mf{${8hlT@Ig1MLb`@(zC9i6S6 z*SG{lRaD*`iVx(dLxAL8m_)ldYjA`fHuQ=zOrK@0>W7<>%vr-$UcrrI42_>&5d#wa7AAH3pkh%Ub$BZ z99@L@`_CF*hcx+LvM$wpw&dh5xBv*Ln=>V9<+lR=ubf;|HVVoC&D4d(3xh6myhPlCnhA zDSaBDn<`Yb9 zhLn^c;$rHVoNAN(7$hS0^@-r8bbGu+zBPcmv~gnhO9-+0(I+7z@%1C@rw3kt(wdo= zn$*D$eWcF6P~9Ljsr1tYrc{FtNg@s>wy7~aXaRuzAmxx0U@Mh_#|Zb^fzy2r)Iq18?|V>hYHgL zr>%#2XrZea!ynu-GamuUBC1PGDSR?W22Yw$R4${Lc6`k48tuQ=wg^_&Lpa_w`fFJQe3 zwc2WH>+P$rMQcthegttwchF>CXC^n^l1SCGDLUuMbH)4P$LHX6NSjcrT~NAMn5%Tu zA(XM^l1%0!Vh5DAO2!!72HI~6@8M9|^SC9ZR$o>7u`NztB`a^ky7l^(z({(Uqxo@>4 zqT%vDOfMxO?PbMcu?xG-Im)4u)x%wd1|wl-XSg2p#(naq&eyL{F~$LKrK2-B%}Sy6 zQ#V%k*b>lP}hfy>Y04&gX#t^95zk8J`91s>{Tv1ck zv>5T}7WMiF>Yqoj1Gc39mgM~)Dn|a-70h9{U7AL7DKy}PMczFd3v!0}nK@iexk4e( z;|4|&w0Reha>zf>&=6L?OBWRv8?68QW0P}*xb4U8m&jvH%`RI(XjwCi4Bx%;MX80o z2&Rbx6SgUzQV0kMVmB+VlH-0|q*+*8I47uWaoP4}o{TuXUWza>xpMrGd~{VoK7=fl z7ZKEYf}0~JYk_v);IL+Xm)K7+X9C_BNhv9F0Y~Dq4^9f3eWko{!p11It^iN9{touB*QG+Y7T7R?0@2a(0t~+wpd}W8 z2U!0=KR1)+^5oB}uQqo+`Apl#^|BPhx&PqwerHD;EfDZARxTC?KX?_zC-?X<^W z9MLP9UU0zKYBs05t{MmFG-X{J^RLhDsNa=EL@AkCg-P=ge|svdIe$D z?GZWpb*3vD24+g%=TF7OEBU+qD%sYmWppooJF0~*L>?M}`v}0lWvAb|bu$K3l&|0u z5`t3?2M6mrAKkUQr*FZ&{)Epp+kEI10Q-w5oJB?VfMX1Ce36=KY7Za2+7J3V)_n)T zJurg6%;OqvVMPwGoQe%b1w1!vthsXH%)(Cir;}~IUps~b(?{%=dq%tMj=w;01ZKc4K7iO1+6%T$xv8q zFp01~U#XdFhNg^)f*3r5>ZgEAe>BP$HxR6xVuJ9 zbD|5Oxi+oP@!1>$a+WTli4Hy*Qzp*N?yK7fLd<74V>@7AHV4;HQ(FR%w@&s8Y^oVo zNMURc0FB2{X_FLOP8}*JodA=^90mB; zH~Tyt7zDI=8ooCg+UY&Bf&DX7viq^3X0=sd)!58xPVczcBtj6*o}o4{`2*;WzYF}I zsQoYYafQzxA3NF{qs9KCO-~EQZ}<%lREdDIkFFWTN>I|<9p~`=-+#}6EM*IS_vyB z+t|!6)&{#Z#h)2zrFK9vsIR9S3FO$E;{n?hT|K?AQfE#!wzkEovT8g$F0wJcR6Cus zgXAt66~*MDDNZJ+&TF#g=iSx%Y5m=}=AHpy2&(Bo4NK(4Z~a<+QS zI_w01p1k6z&f*q@TU`ESanOu^w>yI~hlT&_XEpy>alGIl3e>l^ZqbBSI}Y|WEKSr* z{0yX;>xzbItkX!2{#iu>Eln)9b$wq$M8*A|Ka$8QY-HoOPF#6URB6s?hbi6F_w7sh z8?0a$`}+K)_qlmdrv-8u94+!x0vCc}&k5SdtPoI4G<*tq*D47$ys+~zcLAyD2Mh%6 z^8W!dnq93^IwPnkd-MTat9C&F7tE1jWm@^_Aa ziF|Q|0KpAkBGkWfNjM%PLYb;hV{yn*#OiTvv=Hv^2ZkQD*Dy}|MGz}^EW43-Y? z!;%)Z+B26bIFCy+@`j8ROS0_u_sfTe&3xbG=UWbxmG2+g0sFr>eG?{jlL3!kyhwuS zeCO#hSdntDlLZAu+5E^aS$;@z-kC2kD%)>|bzT$+2nqwC(XpC`a}Fvr7@*Q_9&Pua z6kM-%xa-yVQbB*|r7DyGh#etrWN0j#)~FIpcYORYF;AAW|B0Wp%R~KphFO32D ziF1vt_xpG7>3rm*0#w=k>qO7pXLA#BCMuzblLa2V)wpoF>uE7bi(bK?*(e@S{Kw2Q z@%`4^@(6rz8JAmLVxOP7%5C+>E>Zjb&n+cHR!zeG8aOkd&-2 zs4@GerZoB$^I6TRB^eE5d)p3?7d{7ifdtuJ;bk)@9u$GvNbB)!-ZJsXn z=B{xpAW!=rUU{u!bg@fwX~@-EGMV)I;rzpB*LWgzIl09}if^Ci{+0{EML!o47SHW0 zB&Oo9N@7l6O(0*<(l7#}iq!j^`9sFY8rM9xaT+%Q%=A|q zRM68veLyN;;dYzbzV!@o!e1djv^mXLwhizEBft~sdQ#u1F%m#~ExKgpDs{6H%OYxiD`iCQudRkN5 zD({P7`IQXh_SM!Sdl>{rI(2jS>IboCE-f`@XW>^5Z>O$3_(nzOt82z7At*RmBX_)E z0byWU6R~9Sbla&cNhxFy(3Tw$f#pj)jFK zv3ICI4-tH3bH(=JpIF2VLOWWSi2iDNZdOh_r#Y@oO8i89+I%J=vve-CfPtduce_cW3at>9{M7 zj@j<2{UL~r;XVRPRF(m50bglp$ZSs?x8LakTt1qP&;L1)^jymTD6M|O7_nWEA8*hq zpdiOr2~a+kmq%6j{gdyoX^D#qrtKMrwQ|O61^FnoeL85i31yM#z*DG{k<)sTR~bWU z{-NvdV3Ue!?}rpCz88TcgoU{U$ce?~#t46y=oyaFHPO=Ce$Fj{P;b=pf8itn6c=T) zte17Hf86XXYF?_EnI7;ZGTiVD77XF!$0z_(Ai$Kk=r%_Xu>v zlVLw1W%!JWky`x+731;T^_+Ac^Nb@9c|OXp3OaM#4pEdZG;wl!*Q)<^t@`trNmyv; zojZ54(lTf62-M3NsdFi-J2qS0g)M5o)cVJ`@1G@I6^}qraP+RL>rubBl3g2(B24Ij zQ6f)Q1az6c(iY?An}c(O>2k1R;Sq0jvBUA8Zf;IbCdKWmp1JFA zy|y*aQ^;Gh5x+rA-J&_V=S$l%P;QuCJ{_=ttI310WM+{2N7a{L_OL5cV54jLIiYWn z_C8+I!j*TIFE?mv9o!2n3DiMq^gZPFlrp z6m@pS$$d!vT2sG{(9GMs-UZ>=YJD&8?&=Q@3ONVKeSUG)Of)nc(8y^$>COvI&G?)_ zD^1LF`+G}23msi6kVlY@xnDNRZ8Fw*JY;y;*er5UdQ(zT z+S?iELR*zRLbq_X5I5ZLTJ^nO+tH9DdUo@~mu+}1@T)8a3VYpR6(_v;CsD*d1(uMR ze*;#6+1CkuzPp*mz-a~s8wDK=R0vSE^y;6Ewv}u~#n*U-W|jD_mhfKq-GAt~0QirN zydme)bFNILr01QNbgWUukw?Aq@$u~~B{A5BQ9ER!c`hQrb9&RoKw!VQGd4Aax1y;A zu9zP?dI)qr2U47Ck%`sox_b30&>ZMldA#JnbnI0}SB<`HV4gpo*yLYafEUJqMYx~X zgEB%kWM-CV^zi6~rneM&(9@?QE+PyYk}>`CziAjb#o3+q`-Z6Escz9FV2(SnBQ6uS z^U_coF9(LpgU)-*@S1ygaLEeiGINGPf8W(SqgL=mht;3l7S-)eFwMrjzwT0yI3aSB z|Ei@@GnPqh!*o~fuNx&QAbN4S&YkP@K=L6{3uD(&PgtvUg1_4t>-acj*M_?B&Q)-F zkre`K|1GN`NQ%C;jt($6Fer^msxvd&fwOnc{Uj2m@{@I9@|V9toxK_I*bmtL{qm^Q zcKedDisEv@RVKVBoMx-Mc3{XP41@#EuaeSIOn2_|5A?(U*G(hi_Z?(s?<*-c`Chd; zd4LtYZDrjjk2)|gK%JTbwh3LaY#F?I35od|jUBuViy`3S@v-+B7DZQZD)*zn@Zj?Z z5LVdf!^!w<00AX{!64$+>D}AY_pqzkxMZlim`Wy|d){^WnbwoQ^3QahlGlvyd6y1K zz{gXS>Sdao1J8Jad&7WN+MaW=+}u!R2n$OQQ&1>!uOib&QA7g5gB{nW`X8lgULv_x z?Xt;1#U_<+HUahfMrAn0Wz&grgXy_tUfbnr=iTbc7&R3KF}MCLUIh?VC8XNA*F$p=-+#6%*-J-~&v>1sAn8V9Nq%PXCuCH+E>wzV7(x&A zf7(ZH^NdTNiec2)>1=Liq-P2a2q5NqUJJ^PeF5I}VFM{C-&yao4Hzui`7PS{7;l0l zq!*?}g`uZc`E`m|JWvDV?CsIeB!j_AYx6^rUyEIlvo8%dT5f}H$bano5<3C$SFhML zchP}E$)o}fA+V1js>+6;Z)i0=J`oX#o>sMS3+2hlt+lL-^eifkrE$lP?uH{J<+x0c ztLwVPw7GI}kpw6~F%x+gYf>Z8O0832-q+({9znX$0RV)zudjNg6EzG6nK3M(OM;2h z21cAe1*eULqf`L&k5h!g{?^tbjXJDAtEX#j1Hq`BdKKX{vT6IBLKq$FZnyo78sTeI zwZ-2yjhqS(U>iSv*S`odao|{0!jzqomFEukcKwhX7;8FNIsAuN_27!#ziq)p6vZ7Q zH!0zGJ(D@O{J??llA|%NqVXglG0|9;J2S0x??)1CH%s39eHjbI-zX7`lAfr`SpqN( znGb2iJRihVL9Y@ss9_qpnFtf$v2sgJ9)s?5;j;pzV1I9D{RjR<}ujmp(H0A!b${WD9X# zo||I^_V!<4w*%ntR#+$|(fejZ*)$ccYyTYl(_d(L8mtsqlOM4l+=; z*UJS*`JsU&22R&zx?gdaUojz~wz;{=CD5~g16L?Eo_M11Bo6|BL@``$##Oq^YfM6` zw8ZynW@!PxbmYvQN)vUKml%dW$FYvDS@JMJ7MFy&TU4b-uq|{RHLWyLdDd}us#pAV zV1oa#b7koujR+u9jACj|z{&&(g?{>t>(b5rx_6OL?4=#rh8)d`cS_9OLJ940?B|iv z`1&izA5+@q06C%Lr>@u8eo67DR~T~75AjJ6GKB=-_wL**WW{2iN&##37J`_=y(F4@e|;yi&ycMdJ91_d9Rq#QIn3Kugq~J80=c#y?r|^HRFr@h%6Yre$L1!Tf_;MC$&B0<)tl=BIHWye(8>hRXTq8 z8WyWg!H_aHccsmBqIfhUUbU|3E|zr>qdlE;s_^r_X2dS9&a7&6Aeqbb%qY#7?9EyD z&KbD4Uws*w(a}{6ZEJ0XfzvbjXE36*k{j%K`t)k6tLrmdJiH5Tb900%JpXCDd1OsT zMb$BO2Z6KcoFE8wa$>=H>zrHAQ`aDM+y3FS*ehWE@Xx8NfQEv?hYCK}jJK?Ri-BYod!p84WdrgDg2*SVgPwM3E@#O{?K^-O}C2;#!W|7m*Yw9%(n3^ zN5C9(@DZWUO~h^N6FMX(nPix27Qjmak?x+q>0dviZ{DRwN1&Bg2@MZdMBGAdb)|0o zMPHsQzvqq(x`hbOeb|K%yUjUBkLR_p*d)L2)KJxYbzcS`1tkW;-EE>-f?1gPQhhN> zg_0hy888uonaf_3+`s}3JY%GGwB4$8#;5e{*>dLde)HQ_vYO!cJn!q}f1T$UhJUJd zrXH`!F$5>{5U>Ha>K_1>E>QguHy9(G@IZ1eWtiGc=E(NKLd-MTVMd2h>R&U%ocp@5 zSL#OlE`WZ5>ecSqc*cQnPP{tK$mIko+j0JC%>*W3u<^c)n)dT{%`#QdIduuP4p>&uUh7?%rg;f z`$wtUIT98|I8|8FuR?y``j^YWBd~K_KL{G^{}mPW?+$*wa1QXiGdr5kb(1 zl4?!EfI>qid)KToENpJd69bw2>KhJ>GOlR&B6}0XA18ORqB&s1XgRntV!H}d28itf zP6N=PxS3RH#oeJz`T3q}x2DU(!)tqiDkd z=}(p-C;ZM!KtPnEGOwbfq{G{zH?Br&Zl2fPo=H-&3R+Zq_4|X0LW$vBpnFOI=@W86 z0PD<4Eo~4amiFUc#x{c#Ei4QTRmvgFy|T=bkSPWlyhd>&n9h$@u9v`o42Z?8lE*Mw z)iTj-v31e;$~ylocdc*h{hIgf%b}n9Y9=zT_3C%UJV@%^Ta*_OX*mA=gQ`hJOia|> z?W{xrj!;JWm6;?tB!Wjb->-N8U~{Neftvsuiyn_w9vm6_rp&ywyYKwXw4X|f>L$N`UzkvR0$@MTN62)rpvfgAjm5;; zVv5~;sc`q-igQh)-G3Gi|5<~LXR8)ioOH>=x4pC)zK+~ScX4Pr`~|pwGWe=JisPzp zH0NSr1y&rYve2YJn?PBpyCubl%NQ_Zg~jt?8x`Z;$5;cO?A(m`U9H z99v_z-!W1`zS0EK8ss^5A2gV{fI!;1eCj>JOJ;CDLSp;Vs^pd>Ljd-fmgB5{PB6P8 zfcGD(w%Zg~6;_{1r3A&j+NZWF%F!+k*t` zQ*zU{7d5%Ps=iiD(YJY`mu? zmu1x9%+YMdAdtKO#{^DR?CA(Z1{xdk+@fY*uGck#F&3bbFlgX39V6q_yE0`dz0MBeP1v&eUct>-tm;wU~~2B{onjNr}5_-*_jZz zw_kk94u~zlNd|4J&?_O7ZI2e^YXK;78U`a@dd36`sK?f&KtM$ z-iT?q)Fmd6Iv+#vC+-zli4 zCn)HtsOZJG>+iu2#SIX0TV=Hi7Xho_GCRCOcTNzTK3x0DKlg%04#{Ocy=4kc4kw(Z zn|vOy^2D6#+ro4B`v%XGoSAz<3NGCWkMwnc?|fDiXxnph!`L1v zbv%9T=2p9+&I_{e^R-C&fQ(;Zhygr^+aafn*?-k~C!ehqQh)n}02` zZd#2RgkvQT?e)BP-Erw`b2@vJnjiHCC<4QRF1Xq1>Sne2_+kJv%--bj8D$ORYCPBO zde$53S%gE!>>^x14HQ2PQ{7qJqoSSvjp>G>fnLt(9`#TO)4U5I41#-lY?(Bwr<_{7 zeOHf#Cu!-s2`Y5MDKP$ALLPhH;Hx_G@gY!@zapx3I0i`~^k1L**{smvwB;_dZ@|JZ ziTp!V#;ZJ11R5F`Y=EqSiyBfvC%zfucHQ>zg;kXI-tI)@w*Zn(QgYPuOz!qlQeC>J zJS8Qqlo%n^=Yr9c>9Mmu*g*nf%iSdf#M~-Zv{6WEI!oP6>5bB?R^2dXxUuDVng032 zUE<=4A>psvb3RsLdYQaFE=fqkd$Eay=CIdX-x{{LT6$>kUcwgCrNz1VW2N@IUgyqE z;Ogy1E)D-$K#HITx7>FaB|}mk8J-$2)G(;At}4!BgjbFn_ZjRwf`B>F zz`g}@8AGFjA!AUIHH-|JjjL7J9Fs(4fl|)LduxB*oH?)c4pIsF`R?H7Cn|DJo}6?0 zDDJOJvFZwm5@l13$3OGlgLAr{k;}emOH-a3 z&V-6m?mW%UOwTOEn;h7e=|ARQ0rM~p>|!;P*rME3!opl;nX0Hi%1lBgHDI=x@Ykd>YX(9R(u(7Dg#I zj2s~)2&f#f$i!%+6QOT%a{3bmh2`gF;tZ3+RKg&ohY1gjG%*oORz~+Rz$Yg0>20WG zV&+$EmQ9Cdo6ZTv%Z(s1;y0Pe5kW~z(z|t%M7Kmf9-J4^{UXg%nd1)knT{m;_>y*g zY~fj?YgCj?cHVWaSCf$B$uc|!nCoBU5-$%gtv~jL>SdsuDPfn~U;VLS-$KvL&CY&T z{mBED@lkGHqE6a4mDabg;V!;3QeR(}e)y=9$&T?ZwXPnk4%m9E@cjEib|`B<5U9KQ zd`uSMAgQ+!BV8YEbl{TR$3-HzU#Lt}qNdSFaUW=xDR z_LbNE%CAQDNIr;RpgR+8t>K>Smi!x3w`|)O1qg8reLGH=xbuxkmkuv}{x#XkW~Y9| zaAWQ85mzZPT3N?Nyz=#RFK%hY#pX{8AKstDR~=#+(Jh=qoF4uZy&)es{)zL!yBju7 zM6Noj^AbJ_Dawx5RaYMw#?8|f#kop< zD)P}vd+asgm6p+K>OguJxN2aqK%V0S0q~Hj3y>6qFXqwz;d_c*U$^JOs|mAQ6_p6B zq}|N7DE>Cb$Ntm#)NNr$0~PGt7Ngrg{v{=ekoEWYG-D7Z3hSQ z?Ou3RdLAKFzpzO2KoGBekLXtve|2jUmf~RjJvJ^UYz{RPq%`+>*!y2gZVg9);Bcs{ zJVc?sugS$&R~(; zioUzB5IE|DhK8ucoYnIqq<5Krwy?|Q4DOqWcz7?iGe*Pd3esnw;m9B zLf_nG{_53Cl>?vY(oY`-ser9nIl-Ud^1X&(z9?Kxk3d zo2<^Xv()15jPl-BHq*?TL4Aecenv5XXLU<^1 zB)a4x_$9%wOiFxVds0-Aocy)9c~aDH7+f&GhzCz9x`10q%)jv2Qy9zwvc=_H=nOhylO> z799)gE+gaI>}>zwpk}qxey&!$Ytd~cCLs9rc6YDCU9z>Uaojc4(n^Sp9fO?igXj98 zHLd~;-zN70-60bXd9@L82!_ZqrRA#=hl=5Ty&xpk9r3$NXB|2X2EFt6BViL&r?0xI z-GR!?y=e0$((-dvEO5j&e?`fpt_oN+tgalZy4VukjcLMTFNHz!$!Mk4=PI%S?||I3 z6@u0ja;CzgV@Fs;woayydi!l*>x1gaE(7JpxbP|DQs7^MH8$9*4~95QG2F>4N@NI- zz`}U47c|WBH90T2n>Q|B5S8z1+4ujxHxH~l^>RBcJCTsKlq^uKX08XC`2|1&{hk~h zS*uQ@WTPL^8&zu4npKHwfMm3iGorK z|EPrc+D}!Lh?={%ohB)W@pc}msTnsFcPzSSj@cUCW};nODjZ&n5`XyZOY^rT{y4>m z38Pbbc-TyH55UpXiVX)Oz0G$~5aKM1qx%R_smAPvjeIP|MFbzAr9`42_a7Z)3mqRH zr%Fc?5)y3JMBd-U_f`X4GY4W>zXPBtXE!GV{2huI}|U)x4sjDyMzc zSecUi{HJnqzJ7iu%Ow-{`S?cq-pZshX;vSBIp+CGnBN8m^%Vx88oelz^5QmLxH&oW~r;-a>=N)lo`gJ|dJI zF+U(#S$U{k5gHv1c6MoEfiN^br1rUW5deib)k9RkqdAA{jm|yk-0XYp#a-} zc5JKaxK^OHbLR!pEWqq7LMa{PUC{=(c>UfP>rnHF1bFt2rkX@G{`#T>{cY4G;!UE4 z*>ea(u9tcIvzq}#sL1W?qn*I4tda58mh+ut;CH2|IdO0Rz79tld-l*=zQHJl;&z#?$S76=x?@yq3SPTCr9;Jx&-~&S-o#y? z;Ib+#A2aQ^r-HHA`?cmS_=|uF7gW;tczAupnf&de?ON~nC@9Q0FYC(r6VcI8)-O3A zkQZ{nEiCMro}}(9DuRQbrckgC#93Fxv?|DHdr~BZ*!Ron94FM|FzxtBI{lV87|1~y8fwQ!o z9T)PRLZDi@ysV5Hyp>Xl)4!)ZAv11yp|9WczH{qCr{Ty-1Bd0;q%im-eq;8z8nDSk2yf_}A7%0}~S|6&d3`$Uc1k;e+fW8Gs`F zT;uFcwQ6TE^doj1a+Pl%!b;;XBl+PLS6MORNHWt_y*h-;s=M(CTAKTqc7@tQQ*TjT zBg{jllrDO};{S8;1Q(*sgb8Yij#z1XHNRB<{%cLt;lV|uR^<}6DH%uRA8wF z>$|M^YP6?Ki!5V^P(p30wQR(=qP*4WOM%1(-zjb`D;u2dcJj{3km{m6QIJ2_dmqoXi>z$kW0NbosM z_p^qY>1@+Il-Dj;_?Re&sn~-BA~w3`A&g7$*p>`651qt4qo2S_z!wx0ggk!y_#4gf zScPr7;!xKPdrwaf^4!qy*J$7nWHyN(E`EyU-IQCePtJe~J^RuQAkv5q(=*2-9G_htuqqHq-7g6LL*xrZ3MS@+h~uzE~iD{M)UFL#k~RS+<8Vd9>+R&$dyo)3ic1* zg^KhhIEC%9xHHzeTyJ^<#ca_VaCeTXvE&VzWls z$~7F~t?V>n1S|r*Ae)klSHjzOS34>F^JfO-LL6jcbK*W0)|V$9F4qdY>TH;9+hLDX zO)j-|ErbgTG)mJ%JIRc?oWE{xgXszzL%C+6kB@|s(s#JS%0xH`y$j$BORcf|l!Fn% zdO@FJAomV@vH{+WkBsBO_F+6`2Kj{&% zz>ZdJ5;q1RIJO5#+@cb8<{j}LECCx@)RX-YDADkpUElw`0=Bq%QblS7dsJA zD)gcv9FDxItI;Lo0`^hShmtRHuZOB!iw}5droU*r>k>WXWHtf5QQnZ7l^>){9~&37 zlV4c)2$GESMkBg3?|i2ZaTcg~{4Oo6_cH->^J<00$wQCv5$_MK*`E`SSoxB8C-NN1 zA3%pDrlMLF%RO(|mXlVhB=O+22o0!<3u~Mk1vO=#Jm5d=Q2kK%i>_62@AcVhF0hEd zDIUh4Qri7BGTL`>(9~%9rWlEOj8Al$>pgq!AeT> zaA2%hfFfuv(K0#_rdDaCpssGxOR;FXdNfgZXQ!*4Dm=%^u;z7r*V09Hg-~$f$X3a- z8vXucuiMRqx>7CInFpyYqkXkhH^22d@zoB??Y#CL=+Ey9A&5=qh4IzBhjIMQJOToz z01rUD8R?TM6WiL>791K%#-{fuJm1{h+~?gpkb3tGy5@B+yuZcZNmHt^>7ZD2G1DAqC6J<(E=(vY^bi;M+R%uBO*~oHx?X>+ zgaczMUk;9@>va3BZ|4}0}sXI8SfxHwAr z!#TIyNkJEW{(2^;)%Ncs`_kb*h&Zo=rOwoWVB_{FltvYjQ@I^#?GC^iws=3MT`; z-5s&%jOT3|GGKQRJF5Q;%N%q|dSJ-b_cJ4I1TVBsop1=;Bn}azzBl0)-D4xIUWHN| zOeFW)bw<}khi|pDA0h1uBq}@f;VY1#00pj*i3$6?dm*8r9pE3{(t>;SYNgde5LnwQ z7MKj>e{E_Khs2`hX79Ie#T68+7kZMBfVjA7NUs2TGLRb5)9+AHK9!f>`qiHS!>hAs z4&G^So{Nr*T=@ADr}ybFm)#n;rRkHBlET{A+T``z?$UM^cHe#(%@Lo7#&Y}-S174_ zDWx+rJ!`$jRu#68>Q^c3Mb-`ORfjyjl>b0NG@T<(H#Bo`h4#oQh_;81*$D{bNh;Dc zok~k8-1IeGXs(rl+UJ?3CKEL^cdNr*qUYwwgnl$wXqfMV9CYCD-7X|ggGTvT7$L@7 zr>SOkQ>YPc;1k{1Rd9xeyhlZ7feyZ4Y#uiKdvuENJe<|CW$_@Y$jZ)s_Ux&JxecYu zTdnd_=I6WP$L*;`vCoQf2-t?F7Ok^3lkzMt8@IY{UK(CzO3O*bfcONT_7Iu5ZJdnr zHg`ts{o6cO$IB|fyuuIpf9<_@P?Y<&E&73i2!f(0B3T3^BS@BDK$I*9C^_eh+Gp=`?m73pzuv8SwYx0VD!S?Z`un9h#~gDEw*l!u zjagm5Dtz{SYkR#0%S$SeOS_wYuHU$EV%79MVlg6tRuV9n77$Voo?@FN4*ViZc0o`= zT$GN1#mqDjm*g(LWkJt7d#k~ZS2!IfM1BLdKD!Vcbo5T~_47DyLnA|Q_h|VoT`uMx zb&UCN-e@@FT<#4rnu>vXb9U^+@VD-CSR0kyalg88P3xSMl(}V-UGlGqJBRz{#$&cab}x4#YzvqOWqXB^FNR3r;R(gNj@<(r zt_|24cnxT3PAPL9KTqfY@eXS0JDsYDYK1OTY`n8oues1%Ty*pPN8m{L++3+cscxDW zMld}C-|wpCoPuw6Sm&R=5g+E+4HW(GA(dxoagj7S>Ma@&a&WM59#>b%s(w@DU1Mf9 zr!eBgbf3sFFfvsgRp-dHt*wQ$)kuYN-%d3kBt&zTC^h|Q)PiqLDEO{L=Un6y(K;n4 z^9l1~zPl$(qT%-W3jVtvX=&7|GO}_&th3+Bqqt2!*jYsa(0@^W8xs=7w!g)Hx~vVp zkwr7MX4}d5&GSMKOnCp+N1!iPTto@j=7~Rk_;`6;Kt@ZLuv~8a%*Y_VPFlQ`Q3}NO zr%y3iKoLi^%#eRrMoiY7yDDHR9WJp^^uyzimx$gxl{AfksZH5d#S&wo^@-)z7!Lo^ zTi5Xz=L$J4k*|Jwh{;V!i=w&~=a&YURYC$m(-tb#j(@HPif-6TB zd00m8O}f+*_&*O6Y_ak1>_^&zJJ0a&u*03m&!5{zOC9-~o`W=RE$T62v=;pN^Y5mn z!@(5rodM60Yj~Ht$6oezN15{DaP4L|Nfw#Nu&?QTtuV+alWbV2ftFgg~hcL(r}(q(@_u)aWx%f?HTpk9|h2e zQ)DR1L+-9 zsIYtNcxo6ZA#c-88cPhVP;Yphr$SEoLA-dkJ(lPI4OMbRRh2rnl$yEu2>Ef$UzO{<&!&HYjV~SE%fy|*?KOc zWnR(7poQG$e~sY93)(qB&8gT7 z<+3->=>_#Z=EywA?%Au+WLH*z0}*Dyz#Cn5+KvxFgxUUxN{+cImqXlzQitf%wzsYg z+MSiouI!;TDL;PfY;LU7osH|_`SA0uycLrHP!V(^9{Ao1iS00}d=_CSz&AyT-u4kd<(HZg$qv;)E0-b1EEA zg^D>czu;1)1M%upq(J2JBr>0-?x~oIQpIpj?P#mKf(RcS&-Y`_obrs<&y|zU zReaF#-QV8>${XMegW5{FhlXfqXb45XGj=_0Lxfe8}t&5QZs=C_d=H~NDOXxy|gG~VI z=icWi$xy>{*;ZeP2=2INfmA487WoK9Z6DB)jqjhlP4CjtBSK&xvK59WOOq|RNEz@9 zXSM~?ZN9%>mApcg%Nbe+pc(1aF3y#!SCz}OUvOdaMB=_{=fWlM+zF)6=Oc*0D7s7# z<0&$vF>>dU-!_|zK-pe0tFqJi<0$;w)O1AT*Kb@q**=)Tc`Wf>eGApW?#wUnB_`k^ zVsc^(_&lhr$}lj9i8Y1!)Z|WD^mT!*r<#%l=ZXDo?6Lbc+t2XvCkTHS)Jqlx zhlI$Mp$pv7A1@aNcZkoSyT7`;*J3PO zOAWDo4L$oV*`AfT`SM7qEI{{epWBBA*hN15(&dkE`&vjJhLohY5TJwbH0%j7>DoDo5(XYb5buqsX{^vWN?)Pl$gL=^VFl&~nI zZ$1Vv)7K~WIpMVgm}@Vf=k1%os#xJ(J_dm1Fm&(_ROD~D_jrXz@`z{7O-<>PrF_dF zK=8-}Y}VH^|LDlcIpcRjZ%-;3I&y_D0TIFoZj87~fBVsGXTN(8%AyO2i5cy-?na6% zb<#Nnf}BWMxvfcm$;tul+7g!lv)4Vx*=-Q)`Zi54t5^t(Z}Pp}KN(rbE32mtz|rlvMqA$0N8^!r>=Kk_;u&tm^QU~u-uLMge0<{!^^;i+A{ zMd7gmtls4MorOK`WN%g^sN8jorZoN?HgdbFD%IzILS{5mg1+6s#}B*TF&ilivK*{8 zFZHH$VS{Jb6&#`M5awv~$eOzZy(%t%h=6R$g_INv=fRBpZ{G-zJv;lMl7KLEnTOx6 zZs6NwUA%m=qGUx_NtXS@UK6&f57^|k8y{U`+It!W9Y_EKR^Vlhi*?3)GqEnRRJy5fg#wlHGYeVXpi4vzR{)4i85K1UzTl8ui8P{4P5mv&3bJ zUXdIS8;TC}op(0Ak=Pfz6SKV{`|SG+Zr`o0{zpoiGn7V?y(_mj+fD0YA8go zjy2KI-NhMG!%zK+i!>s?x=4yg#V04X3#dGQSa$6E1D0s}?o!tV{xvPCixwN93q&We zH}<}D=!^Ilqk|)>n)ufO=Q*-_u5a512Sv~0PiqUFmazUS#1cIt@Au_PC;J>r9?S8! zNJlI7Pj*fdojpYd4k;S5u%b)*DOC79%^U(E>Xcu6&&}QWnH1W_B>3V*KzLUo+tw?^ zuyYk%pMQb)kZ$V~?Feiy1k*D?0?rm1w2=XEXzVVO)O7aCW5?jdBu3iTFBQ4sc-VSA z(n2MzJQccB&!6Yl&3mdV{|Ab>YsPxuc74@{fS7Qsy}jSQ6)>xoLz9JCG14^}R>#>l z0G5vpxioX4!GT;yJSs49a~dG-$e%wOq1_>rQL$e)b8#(aZCv9T&Jx%cku~%(99WLD z`zNM;OU_7v9=fXMG*(|4VB{SfctsmU``O?Ix_AgUyW-N)&gG>MbAj8q)$SHwu z4T2*Q%v*+RH2@<6EVaaC45CF>K!K{Eg@GPbUK}}@)16JbyR6-HGc`T&=j4jx5LAnx znsUy$w75(aptCo;DssYwpmjXj8dB)Sz_+|&TxvGz0HVvLs|=qi4PP4SI6aCljZPaI zIUMW4(bNpOI8`rj$?m>hyW)PHr1^4Rr=&MhWWbwx@B{uExFaamf^FN=l($ zBIxf@aO?GcOvkhIXwQ(4kn;?Sze#fS;Qswf#OLGuU4v@rG$#p+FZ{L5R-utH9|Sb62F_K zg}T91OU4A8a58fP4#+_bN51iq)nw)j>lSmZNWY+GQBe`BxKz3tfh4 zo@-gzR={JYi;wTEP768WRFk)nj(n7VS~&2#eY~~wLZN*ITXt6M-5?*%DWHRo>Gm@4 z4aoB`tCd?cfu3i+>A^YV*_}>xYmP~33kv`k(j`K#CrGC&KLEf<9Ei^5&%&aXzwQ|I ziRb1UT_az3%3?hDD<(4X&|scj(@GQNEW7uYv#g55PDGLd{K;raA2<&`zJ#mW64v|a zq2J%9`}_q=>YIWVbH2aUpNZjQ|5*TDtEr)(!;Pb4mYip2006NthJ7rtf`!u&7P!ES zuKx+wXK$??cz&~wT)33>HhtZo;my2ri^8NQuP@`2@MYKSST` z+X;=0V>sB@VG%boUgd>xc%K4D4Y1+hgrlB#WYL1ZwMt{1Zkz`=TIMnnudEnz6>-NF z+tJN$bYauWJ$f_@h+%M3Xx13F%13^CcnGi$#&U+}6xTcm$*j zcMTY8ZN9V&HwT^ZGGblBTvyK2m_aaT@pzw#jzvb$DY>(=yCR@ls(_mhIJ|bsWj9E! zf|GD61xtNpWx(#@PC;e@t&Q_V;GZv=ZK{^4X7_%7CkmLGwuY{vvJ7;+-{GZMjXHcz zEi8PyZ9bq^6dU`@V~3r=@upbe=t5`<7+f`es8mlK`ZZ(!Xc9_+-2tA)9?8(9KDhAd;1m@D7|HGiPCH2 zkgW1ME#E=9`?zZAYR^>witvm5z#r=ELm!C&aaDaI?xblcYGsxEvAF`^BV!`CdSyt~ zLQMGRle>ZI0#i*Yb@k2eNj3i=-YTEnbn1|gRHY|=f(SZNl9BuyIEO@By_RA2BKNTJ zvNB)aP5GUC6RO&641_+yaxlI6O=bpKngJ6 zbT-W=v*XLy4c2Qg{E!@m1x0PHs&v2&bB=2V>cZ)0x%W60sP(L)5Nnb9&yKb{z)O%x z0(X}F#qh8)b8ESXaJ_)tO}DdJ9ad(B?Iaa!NqflxMcjgdnop}+~PTc7S=!!?U z?e_XBtLq2L6~W+91bd~<&um0?KMotIsU0+RrJ;FB$Hb5zFR$rzrs!pSR#l_iCfDNA zIHCy0oAuGZB)>-G`N8|Bd!@mf`bEFgneMjX{_Py$Fb^lH`6U zVCw|_myoQ$_W>$W?|)iFgAxos!23I>SXh_SqI!%#@0|LUKA-_mS#MwGA1G4PZ(A%e zJqv|A3H})hK^GWzJZe{{q50^Knsv_J?@CB~o_zS^Yo@Pne7cBb!~p0yG^PLq`-V3< z9PCIPW{+zB?ECy6Z(xz(W69YvR$D z>gvGQQ<}9NBW7mFdL6Mr5|eMa!9(Fz0{KS}PzDnaJk$OXlimvDK9$Dao=1+oTuXT- zOLe#)gFRfj3)?PaO9m`mzVO;RvpK2%-~t2_K-Zyn^+i;!vrM%%n7fp8{m-n)+ma|o zPToh!EOtuL$;lM{D{c-QeJ6}~q=w3Ja>2oYk$>3u`DhiMJkc)bne)ckL5o6Ij+|b%ScRU6h@>PZb2BmVQvxkc_~*JCS~X*HQN*X? zM>sfR7!Mp$@4br7Z5^A6vPCjh(?RGiQ@Qb~JMS0{mB5Qt(s&vEHz>gi`&k~ zak1y-&ZfrM3zEyLQ4E8#*TS^p`)k(xm!}qeOH2<4u3u-5y+IgiH?m!+3#(|`UHz{G zfwdz%5zqm_iHpL^^T^tV5532kbZopgA~7JWz5MR4rA*mPNZNnM<#~HCOGC`b>0Q%% zCV~(1W#y+;|N35w<&b9TYHBz`)jPvE0+9|KT{ae$Ejs+$g)_E#Af99LjtYA1I)0G@<#UJN?_0NXvF`Cl&LVE&`K4oztPf(M z@)_39`IraNF=nmC4+y*0EyWY**vo+uvWHyFw1VFi-)r zw$AaXfk002RoHQvX*C!GszgOQED=EUvgk|r1utBf1~Gq)Ome711X}_eHPe}{UJt$C zn?{}vXWC61!A^gT4x(Ga2kGCwB?6HRyx9G+$jbC5oWS{m)9j<4kJ3_B$7rifg6~$L zZ|FNR!L+Y3)OTu3>OQ?LbXw@64~+P;xob@fiLF#LH`^r*8l4t?-|L(6d5);-f89M?3X`&d@5ft*)urYoq$|2MJDD@pl~@QIT8 znJU}0VHJONcdGN*aWvJR%LCwvLs!LfvzJ1G) z_@>*D6X{^0<=Lwl&qb z%SY#2l@@Q_+}5r@D2-AyK5TAwWM&qhoB(f$^_7ZAZD%b*2s0-;>A`W*X9%oH#zGtp zhbJil7@NhZYiiHA$1tkqeF#qjg&rU!b|gGyeGHjL2D3_`%R=K$-~K)bNa@VXfRlxa zp%SN5T>T*d>gGJ;c10bii#vPXe*%-@V5+UqqF=d(gS2<_qPu}|$$tbWLj#h~QLQ^z zmj;UbS}dwX2ZvzyYUcm(!^GU&Zi!_;!BQN2xWRmO28Kv4_i5#Gn&RjOKhqNr9!miz z{Xdf&*|+RQO8&`>4Covjymj@)=*lAo`ef*6gXaF*x_1i-V}U}u0uqDi^_OjP+Z8gl zPI=Z@!o_(D*48FMs=aHVy`P1A49|D9gb;*{eK5->R<2zm-sMk%bp1cEHUZ%~(+b~R z<||km56Cv9MJSjB;=m^_Yvsu#6VyawECrj?S&<50FLcG#A?^MBzpJ}Ee-IhRJo4YA zgN?e|-TZ7r?{3X z8oLXVA(4?ywfnY+-Fh&;14D8*#C`0c9^(@eaCRFX8pGX}T;enbw|9?mERB)16pZud z5x0L*3DxS*0m7Bq-NL2NX0vZj#vhZNN7V`P%@~!kfc4F~YF~A@dtHU8dnu6x1lTyO zvDvxN5kMZALKzQYRQFC~A%^+wy473Luis#XgNg(DhXxiG^=YY-N*oo=BP{G}+}zyT zJJx6v94j*b+=G?gXdlZ3L5E*9EsgVG+z1?s&ys9&rHF}%fkh5K7a)R>Jl)>j8or@? z0T!I}<*NO&n2UutH65J1Yd`uc7rcREIwB`0D0;;M5F^+hn|;l1w@C+5rkW{$D$SQ5 zMkWRZCZ@nIUyQBHb*O92OliIZgj-J+K(%&d!u>SoqTfq71-@cqO#vn*hI4MGE5j{O z%3l-Gay5O{{(je$VfFx4KWz_l-5{EK5$vn@SAsD8_^dx?6qKT&L;2LAftfHUlDK3Ajw1V zk1~q#Pt#J3$;mZTg13yEO!x64-zyi+f|YaYL8KE-nrA_!mz?P+!>pEzOPOg@RVTJ=5R=`S!e;yv^IWSW$vvXO6X|~nZ50%;^N&ch(sKw1#DuCLf{$VA)i{eu4ut0y49lNMG&$}R!TP`IqqSkS1^Y&$I;;0Z zsso22lk`jFHnsf%FP=Qvi~R2E^FoqT&~kh%;dujHXu7J}<`8;s=ww1wn3R8Uk#&}< zgySV%_v4>=l=SparWpWoXn+4+&2*4Q&Gg=!&n`KpGStzxzTYcTyz7)U@@z~^f3AN4 zBkvu$aTGez52e>s}&*;+|h*aPh=l-@Ya zGLpZdyLp>)u~aEAs{z851HtATlQJlkQsc18_C~7pi`)*-XS&}@K;P8;ag`K2D*hX8 zUXflXHk{Yfo3u9{w1j~x`0o{iXzEQ zX67a89&ObeahU=6!Y62N?jmU&mBS)Izk#aFJ1VFTAnKr!7!d4EP63nBVb-636AiVk zEqU|lce1lhO~yus;{^wOmX??K_`$EGv9+hOQ(g74k)eJ?5(iD#=nVo$=728qOiau= z;|+=d3JW1!sW=fBZ-;7*MMb3y8Wl(!ltN(shtol>;P}%=TjzpAq~T>mxVCnLA*Zk~ zyzn<1Gy2eO{08`)cE1!Aa7Z<^5oDL_{L!?ES>E5@ z&p$Dn^X<-wpPYm$g{R1qTvuOjkO_V%*R#F6;FM<1S9yzsh)vu3Rk33WOvpIXzXI&; z!5UWSFuX?knJk?r?bTZN#<(ku}Sad zyi6Q4bwor)`qYP}D`%wtxW`2*ihq5@FfLn9a&CHhyL5$+h_qT9SilfiZzXt%&L#a9 zKv^>UFF^UK|EEj12*vX2^C%@evO`-}6O|E}dX7I`x`(4>?3KF8hmWpL&pf*$W324- z`0>>4%b1o~9d_>9%*-f1x}|I=#x2s>xkAiI*-Z=U60m4lP~8$eUb2 zv-gb+4Tb+hqIZ_u^;7lijfF^L6EYSpI1U*?Rb`=_xzu*>Dcps)I`23M_ z)UoXN^z;L$VoA2TLOI^KYd0_ACpM57A(1Fi$S5q}CJlwQ1Yo-X0d=%2pEOY%JbXCY z`-+#AASD$^>XMTSf_)D#6pZp=?x*4(*))#&feky$`086yk{C_E$4fimk>c5|*v6bJ zk(Kz$vDYDvI*UBx)INjmZbE(KZ0w_}uw4MV<rn#=5! zE5y;XTxOq}D{_tG@v>Q$Y@D=bK75bUnE1icRZSKDOgpPtXn_b%R!`D)e0FwKHO|S& zDZL(#oX3WZjs6xlcPb;3i`vR>W!nTXPxOlE=hr|!HN)P4n&vw+PchNoW~*se@BL_? z!r#)^cv+9d?pI<>ouL0GSIGx?B)YA)$Tj8&Udjb!s1=%zbn!i)=jB}G;o`~<`c{+k z<4=N!BKuaVjdB@SUjwDnbYvT9G|#?OE|Rac;}a5IBU~F#3Q=FakPSn~T#>7A%t!~rb=*6ODsSUVW_FYfiqSN|fFW~mbNO(rDe zS#_u$(u;55Ce)*a9KB4r2hW|VIf>{s&+$<;iQw}qDArWc_|aJs9_LaID66z|#nfi* z_-9t=?S|S29-bdeg!)gU{Fw>V&m6?&D)B+F02waFgczo+;;)2U+BHXWK{L`q>v(k( z`0~IAH!w8~2_Wh(P4jj6-0Ds>IXMZE3k3oU|4ilp8w1*H?|?yWwyav}5SKgE-%ooU z9-?aESaD@D|Clh+{{P7Q7a#Xu^t&PjZ}$8STi#8071`T=WbF#S$Vv8dP@h5B&CV)- zqACDP@Bs=p1qIxg?hic#d0juWfa-ekg^7bycuqRQ$NNL&Qz7r`EG(BZrwyOV;|WR5 zNo5woU+z%+eW+Cf+RO=7J@9h!x4V63$v8~mNB^(Th_fsB?}3W{zdbco1888J%Xe>V zg{lgc8`wYE+s`{apb$g5!2XJrMEkBW>DyNIoc6bP74!FrFCZ7)e9uEf)V~Zj7H;NW z1H41{>3;tVF6~iV+`g5j4k^J4N@hZvL$_?EbZ075fQg0?}dxsxOz2S`tIQ1puD_1oHbCT>Nn!A9T_=p zk9*8#yQ*AZuE8Rokedq(S`}4Qfjf7mjp*iSZP6;by0-pet)jYSJ30y-cbW69!$dp5 zM1iE;EJ03gbQdT%FCaoHn2C{Z!+C#8fAz+`H!x0oZb10g8mGs%%4i7+>dl_1oc2nF zV)@rd$Pe=k3meXR-{LT0LUM+Gr>bVq-gk>l3XFRE{t~d9HCS%~4`^+)v=|t($A`PS zYh&eRV`cZW>b5KEQZq98dV1vKl2dN3^>(BpL83J`t5OD@!JxttN9w=f? zGWi+YdwgI>T&a8c+w?hdE)tbXO-~=IUsbll=D_`W7p?r0N4ak00PT7`wRZz%B>$C6 z!t-TU+rOSGNjFvb*{m{DWvALP*gv>Ia8;Gf>piPM(EWXbi=|Pbq!og{0vAbnET72B zhwR^{qMCx%F@G|C#X`&P(1TTAG4<<$D-kq)&9z2DM_EPUysY=v&bQ|-)cKM6rUB{> z%@C-);`qSE;jyT|x@BdTih3fR>tPjMMq7re9ky#5P|AeV(4L-RH0-bUNpKf@oqBu^ zxutZ|DQdmsoeO=S{MeucrwdzZ@AxfdVN*jLApY9^$b%{YjFaP^DVzQBR@x=e05 zR@M>`6A@9Q+Y$lIk$7Ye?D~IcDCHT`f&1KS2XLq5UcOvjSpkZjR5UM#VfS6&Q~|dK zh8c>4`3=MN_+(^cP}f7&7ke0jrEW03YJU##G7)faiSKE8Koe6yK*!$3RKD5R$?6DS z?*nMtEVf-E<1h?@=fGY!UfB0G6;-h_c3TX8B!^LmpI_@|%Eu(6q*j)e{RURL_|RVp z7Yb{jx3lw>pi4+aa1CH%Oy0+IX6?xY(%-Od#n5rWqd1gWalS){anvwAm zvb?(yJ1-CGj68|iY(Mn1xDGm7&vOE;Zu#zwdMz7j8zpC z>ODW@lB8m9;NxpZdV*8tsbU;dYOH3P<2v-=Uc%o(kq{Opm+A0L9?Lsha|ghRuk|HV zke7#`5zH=}_tq(Sd3kT&*4$kkf!?>3MY_HHeUssW0C)H5?(UbOqV#lh4V9G|M|&H_ zc@Lr`)u7WKkO>$)5059JqK)ry!4)Sm(((9U2T*$O1cf%v66nc*F*F+~5~d0C0b!$} z9Uxo-?HXb=xE^TIfR=w~`GF>*Y1nPbmj(FvT^SzK)I_&#WtD+J z1O}3=*R~p{Q)6XL}8MiiiZqrYPq9N-R=MeKR8tK%_MZh{NB>`_X zQc_ancS{R(Oh{;`*=R|)WD+@_O>=829&+zB`RFYs)?oKyclWa9RdLbqy1x*I_ z+w-8nKw>d%(3QyVv}e9Dh|)+hzM-M7k0O?X^n~nP0zJJsvlvgH%YJ%#xI5;WBzZji z6*%3>%H&+wpw0*FvT`~)GwCYDvu&|b#$Hh&A$j^8@zCj_^!hb^uFffe&2m53B=SFa zz{tpmdogLe7&Z|+R=O~c zU_~XrNC?}&2cO5;!Q0l>*2J8~0Pq)C&NOb$G!3lnn&rK6jDFL&dnvNeYL4d49Xm(I z>^c#sO+lwr)1Y zhXMlH7?{7keSQ8!?C%S(F%XFRc9!~pzybw|2lksD(ORoujb$GUUu|(5G_FDCfdADK z;+OQn1=u*4O2o_rhhRe^;Oq@#tD+$FOSXCM(CQR%BVGr1#rJbBh7p4x7(8Ef_ZwI*42%%!Fv!o;0 zHLe#Okv>0^D5CqWn(}T6I*-Nr80O|Ac~`9mg3uc}l+QxjV8P&>n5&e?EH&>|XTTm$ zG!e!8gYo!`jJ61nX-7w3%=zV>IMy(_Gb!cWp`o!UAP_?}TIQ6WdKO#-`zTO@5RbU; z!{HB%LT`Mk{!~`aM;*Prx)Lv>K~Z3$+AEs|Hq)#SvE-B#=p=6N#37W7d0-D~-l#9# z!pdq6pkiZR>xSKJI-o{F+vC#G(%ML|$Tw*48ZNf=kBxPOzY;WUUfJwdV3H=xo+>Wo5A;>LVA! zgudkzO0Tt7yfw)ug5f@o%pN3;sXcK_QOJ;d{`}%))PoSb!29~h;Q)in3BShsA6=LE zu6yfoVo5?TvyOR5m(3(PT_WDQxd|Pzv(HZij`$c!KPt# za%9iK!lHSM=jwV2NBHY(UHqg|_qvZzaPlX6h8nK3aAAk9QAS$%;=KXZ314cOw=j0< z=_kT4H#D;Z%ToHz79YfWMz^hapA)Nz=?M=ftxJr_K5>K?WPN-4qpvRxnEm|q00AiH zgPf!!+DuKXdlI^%CH9({nk!?>)YLtnWcSF_7~;3$WBDEPjQW`A=zg5LfOmhRdhxq#Pg2DoybIu6tvs6^5c>CG9OlJ`o@DClr6U03ta$dE_dMUn9>3$2`hI5;m9lsi|yO?>L0ah#Rbvr%&Ji_+j9s)L^ql z0LSp4$5q||l6;XXwqKWlgAd)L%}?lq6%`ajjLSRSnf?SGzJVhj+%DjBdR1a)p{W@U z_6adDstW#6_a7bpxGxOWxK*-yigBTsPdGt|@NW9#H^^xiWJ0c0> zb3M*21mOdYq9kWu>v^N-&Esla_-??*LdD5;8@F>JA5_h5_&8gsl{yGFZ&KXn;t~-S z-g%k5y?nOv&r-p81u6#26cYqdX0DVCp}r+M>Q+sO<-8AiG1$gM*vR;OG|U&g0=F(8 zEVLqzarChQ<&DgF49soz%yKb96Ip-6c~;gB%oNM8v9a~0zP4KEq=qdLqPVTCt!oQ# z-oTo5g$Vs#hKKoL_m7g22XNZ=8sLo7>7u}F*f*%DsaN_2_1Bom=zS67hAc`K0J@{7 zsnwP-pQI)<0IpW|kq8=CDJdzvpzLpGsHqEL(0{el35QC8M!?(H*wfXKVo1QBhyu~3 z%=r++gI(uYsd~+K{`}EZJxxkN9iFMgUI)6q&P)QG8c9y4zbFG6*mav>tJ(VVXLfEb zKRx;gM3Gu z21})Y&Zz3|zoQ8T+pFvpJ9)iBTP0|0Rrv`C2_f(W^KI8Eth2y2l`&jH#aM|BTevY=(>R?h2j&X>xQ9*N+UN0U-ac^ zDW&ikDv=Q8cd6Kt=I4!8D4L`Y2-`qMVegB=i)zf| zqeIy!``Pfz{M+q?b1{6D)4yRWg%C>FvVmH}so8P0aPB>^Dfh|V6tq4mOH2RKX$pa; z67+Uc(u;oTyoGfhdo)c;sOGc*&6Bgu;q1o!zaRuD+iYYY<}!8KYT+^~+n;rBo3#@u zb=-w+%!AxMRX&}@AXGZI*kd%)7z{BTs3N#X`7?&`S}zV4TIsb!;vQqp#As@Qa@g4a@l!GK0rQ5m9W*L(x+EjH zEhZ%+7wj+gs|d@?7ruwegZBe7yVKq}ZH(RIsNpqEaHl6Ndn>OvP5PZJ)d?h+i14)#M6$lOvhKP{c zNw+so@B{`YG&Gb8@(EmG&Y+;6kHlQ75k~0-jyVpeg3rJ*YIb}}ear~w29rRpL(ans z0$4FBS=-wdnI{}Y8FUh^tjBvBIr$q{`5^>}3^a-5hsyMfc3$-j-?w9N4{cWmbM>UE z@m-y#%FET+=!WRZl?E*M9k+kGCOv*O?rsbzgB*zk}mPhuz$c)aTpfuC;k z+n}I>Q1CjRhyQp>LRx_!@&A76-*@BRbK~F3;oqCX|NZ?Ci#D(UEL+Q=l}H-ar1SEP z=u}~f!S{}R=_(BJsdwplTJ`_>y&pN6rb&UC>+#NY2Ki}Ao&?y-|70pHPzj~t?gC~a zD+)(09Q#}}2%=72>?wfmF=QSKM=f}O)WL?gtd-v>;$}{~O2+RH7JD7_3-acpRG|Xg z{QcKxNQJ;3N)kcznnCl(zn_HD0zR;%4IA}2my`UF3C`hJJq!dn?DuL%y_4xyHahB( zAH&;WQkSQ;xHv zSc_Wg3&?Z;_j0Ze{)2QZP{B{3HxP;;$dza~IT7RuTs=JguRqn-a0LL)|4c#bXn;|?B@qe2tfLjirHf>`*?#)idWR2yPm|Jf2y}qlLgx1X zfy2S(#o*D;`TF%Md?Y}gU|aU{0y6k}1K6(@xOgv=#F3gL6 zxrsdGn8+h@8(gH~#XJ>q#eE+ljnNpm&n0Pfb&0OddjWd0EdBD?{46Y82_+?2mhB5u zlB8UDMPI*G>>&v0dw40yYgyT;U@Q92#uOVOEJ46sSDu&;>vZ9^?@d+&Q3Tme{X0gg8 z+6FCu6l5BAmWFI6dGw@Cnv>YW#YGo7GgQh9wnAb@_!C@(Yb$pnj>m_K*Nz7i5}gbh z30aH_b$23icaJyUTAyZu)9nw-_KJpBp0(7AQy@}5ejK2O1s`{d_Z$89?cW(LpttW7 zRIA$(V|B_x&PY$sJ146bBe2>Xol$0U__0{GEqusw3B;ykMYjkaIQ}l3Wl;{3iC{h1 z4)Mjg!S4t{lg;u<;1K3vVefw=98(9G?6iapIKmUX*TyX~xBIW_DVD2o)?_3KP>f#;?mdwuN z_Brhqi7_7@X!#3vba%h`t?7KYZTg9d?)%$w2ba@-4(BfIlpg;19^|mIXg}#a5t(m1 zl4Y&5#I`lZB1#v{G4V0Px7>Mg0bu?%*VUsC?k_Tn&@X@y8y(d&6XW6#a~%ySxeTGN zH)W_Jq3iYIgAtde7A|E$lj-N=BSmSmA>?B&1AXP0_FExT%)?IO6=m>ot0SPP8X;pi zoL@e3aB)g7Kqf-aRb%PP79n$UTbtlYcP0~|LYiW<4DUjMtHpW(?vJ11bSA?k3nL|# zh?@-?Y=0i>tC0_BWchX9?1Xi|RhKTU#-{I$;Pg4I6~(reWan%bgbXQUygvM$;Gb@9 zKa!GBYV(^t@4-TWg_c>YMcx% zS0<#&^rYMe|NeqsB`|SG)-R8hYYgsiF{*783;TvfZT-lW5#5?)DcMMjY-$v3JKU~` zbN31gAq!;-A6kvtuNO2mF4daL%6dU1B9L!9P$v-yBggcr;O_S~vqYy`L-z}3XM;NJ z18HuAk{l@Ulsas)Z6XziLU3FTY7GC-3eDJ4S@9bT@!dT+B7`y;*U9*r*Cn#yB5~E( z_G@;uQ5!yUAxui!%acDFAL7KS0F?fUe>SLBsi~>hY&gfhiYWG`!18&jOUO|y>nRpe zvz|Un&U0j@=j<%{BQ-Tgrz)W6AR6F%G8ws^qKXse!@M42zGGEHB-(Z^^90R{;-cR}GIk&4eu|U%g`zzuGHzS2a-3 zwj+k$vB-9ot{UVEuvd4|>Nf%y({*OY}c z4x_%Axfxtyo2st1=19K7lU5bpe1X9&2DPKroF!0=e{QjHF54w0bhrHEdA9aK7WvVX zAQuM*E=hZN{N&?9Vq%bK$u~(U+_*4CZr>>~blBKeQeyKji*W{0>yf*NP<@`xQl2WH zy1S~NMFMHRS;@Yxi3!yFok6lb`2|(^@uwy!Vy-;vaQH&kLkar2yHi!SHq-lTqaSR3 zTXUXU6mMiw&D!1~bjtgc{L8vQpwyB7BywzZv~+GcTW}v{F7I^Vfx^p=q*jeF{J29f zf_qbSfHkB!=C20Q!~j%52Nl5;=NUfRGR4tSs4a!dT}E;OrbLjhQ%b+|H@u(8#-_h6 zZbh9@#e2uM5Uk46#|YwAg^C{jdBATOAr$A?{m>8+Px#aSEw5=kqC(m?bg~B$>k=g~ zD9d)o3=QdorwpveBl z$sH5#_l%{IQ63j3r_HjhVpxmKQg5!Pk
- +