From 44ea1fd9d60a737ece217faaa3598fb8272beade Mon Sep 17 00:00:00 2001 From: Nick Burch Date: Thu, 7 Nov 2013 21:29:14 +0000 Subject: [PATCH] Patch from Andreas Beeker from bug #53475 - CSPName may not always be present on OOXML encrypted documents, plus test git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1539828 13f79535-47bb-0310-9956-ffa450edef68 --- .../poi/poifs/crypt/EncryptionHeader.java | 37 ++++++++----- .../org/apache/poi/xwpf/AllXWPFTests.java | 1 + .../org/apache/poi/xwpf/TestXWPFBugs.java | 52 ++++++++++++++++++ .../bug53475-password-is-solrcell.docx | Bin 0 -> 33792 bytes 4 files changed, 75 insertions(+), 15 deletions(-) create mode 100644 src/ooxml/testcases/org/apache/poi/xwpf/TestXWPFBugs.java create mode 100644 test-data/document/bug53475-password-is-solrcell.docx diff --git a/src/java/org/apache/poi/poifs/crypt/EncryptionHeader.java b/src/java/org/apache/poi/poifs/crypt/EncryptionHeader.java index 9adec4d6ec..2f10e98edf 100644 --- a/src/java/org/apache/poi/poifs/crypt/EncryptionHeader.java +++ b/src/java/org/apache/poi/poifs/crypt/EncryptionHeader.java @@ -16,15 +16,16 @@ ==================================================================== */ package org.apache.poi.poifs.crypt; -import org.apache.commons.codec.binary.Base64; -import org.apache.poi.poifs.filesystem.DocumentInputStream; - -import java.io.IOException; import java.io.ByteArrayInputStream; +import java.io.IOException; -import org.w3c.dom.NamedNodeMap; import javax.xml.parsers.DocumentBuilderFactory; + +import org.apache.commons.codec.binary.Base64; import org.apache.poi.EncryptedDocumentException; +import org.apache.poi.poifs.filesystem.DocumentInputStream; +import org.apache.poi.util.LittleEndianConsts; +import org.w3c.dom.NamedNodeMap; /** * Reads and processes OOXML Encryption Headers @@ -69,18 +70,24 @@ public class EncryptionHeader { is.readLong(); // skip reserved - StringBuilder builder = new StringBuilder(); - - while (true) { - char c = (char) is.readShort(); - - if (c == 0) { - break; + // CSPName may not always be specified + // In some cases, the sale value of the EncryptionVerifier has the details + is.mark(LittleEndianConsts.INT_SIZE+1); + int checkForSalt = is.readInt(); + is.reset(); + + if (checkForSalt == 16) { + cspName = ""; + } else { + StringBuilder builder = new StringBuilder(); + while (true) { + char c = (char) is.readShort(); + if (c == 0) break; + builder.append(c); } - - builder.append(c); + cspName = builder.toString(); } - cspName = builder.toString(); + cipherMode = MODE_ECB; keySalt = null; } diff --git a/src/ooxml/testcases/org/apache/poi/xwpf/AllXWPFTests.java b/src/ooxml/testcases/org/apache/poi/xwpf/AllXWPFTests.java index b1a9983f75..12b768bba9 100644 --- a/src/ooxml/testcases/org/apache/poi/xwpf/AllXWPFTests.java +++ b/src/ooxml/testcases/org/apache/poi/xwpf/AllXWPFTests.java @@ -41,6 +41,7 @@ public final class AllXWPFTests { public static Test suite() { TestSuite result = new TestSuite(AllXWPFTests.class.getName()); + result.addTestSuite(TestXWPFBugs.class); result.addTestSuite(TestXWPFDocument.class); result.addTestSuite(TestXWPFWordExtractor.class); result.addTestSuite(TestXWPFHeaderFooterPolicy.class); diff --git a/src/ooxml/testcases/org/apache/poi/xwpf/TestXWPFBugs.java b/src/ooxml/testcases/org/apache/poi/xwpf/TestXWPFBugs.java new file mode 100644 index 0000000000..d0286f671e --- /dev/null +++ b/src/ooxml/testcases/org/apache/poi/xwpf/TestXWPFBugs.java @@ -0,0 +1,52 @@ +package org.apache.poi.xwpf; + +import java.io.File; +import java.io.InputStream; + +import junit.framework.TestCase; + +import org.apache.poi.POIDataSamples; +import org.apache.poi.hssf.record.crypto.Biff8EncryptionKey; +import org.apache.poi.openxml4j.opc.OPCPackage; +import org.apache.poi.poifs.crypt.Decryptor; +import org.apache.poi.poifs.crypt.EncryptionHeader; +import org.apache.poi.poifs.crypt.EncryptionInfo; +import org.apache.poi.poifs.filesystem.NPOIFSFileSystem; +import org.apache.poi.xwpf.extractor.XWPFWordExtractor; +import org.apache.poi.xwpf.usermodel.XWPFDocument; + +public class TestXWPFBugs extends TestCase { + /** + * A word document that's encrypted with non-standard + * Encryption options, and no cspname section. See bug 53475 + */ + public void test53475() throws Exception { + try { + Biff8EncryptionKey.setCurrentUserPassword("solrcell"); + File file = POIDataSamples.getDocumentInstance().getFile("bug53475-password-is-solrcell.docx"); + NPOIFSFileSystem filesystem = new NPOIFSFileSystem(file, true); + + // Check the encryption details + EncryptionInfo info = new EncryptionInfo(filesystem); + assertEquals(128, info.getHeader().getKeySize()); + assertEquals(EncryptionHeader.ALGORITHM_AES_128, info.getHeader().getAlgorithm()); + assertEquals(EncryptionHeader.HASH_SHA1, info.getHeader().getHashAlgorithm()); + + // Check it can be decoded + Decryptor d = Decryptor.getInstance(info); + assertTrue("Unable to process: document is encrypted", d.verifyPassword("solrcell")); + + // Check we can read the word document in that + InputStream dataStream = d.getDataStream(filesystem); + OPCPackage opc = OPCPackage.open(dataStream); + XWPFDocument doc = new XWPFDocument(opc); + XWPFWordExtractor ex = new XWPFWordExtractor(doc); + String text = ex.getText(); + assertNotNull(text); + assertEquals("This is password protected Word document.", text.trim()); + ex.close(); + } finally { + Biff8EncryptionKey.setCurrentUserPassword(null); + } + } +} diff --git a/test-data/document/bug53475-password-is-solrcell.docx b/test-data/document/bug53475-password-is-solrcell.docx new file mode 100644 index 0000000000000000000000000000000000000000..2723d5654b4a3a78b876d323c388128162975db6 GIT binary patch literal 33792 zcmeFYbzEJ`)-8y;2X_tb?(XgmAy{w=?(Xgq+}+(FxCNI43GVLJn=7wx=YGG=J@52C zecveUX2mv4hfEWN007wBK1K>RX9RTzIFaW>^022Vr0I&eS3IH1b>;P~8zzF~s0NeoZ0Kf|X9{~ISyxI4L z|C5UnkPYDHGr$+3K-PfT9>^8I%zs|cfxvG-mc^K-}pz1x8MboH>(Z*X0;x|K#0NLTS5RVHvo)m0Hh3L`?rye zfgJvR>OcC#1OomWpKs&8&E5a00K>cgjrU<*&%f3G+C~jvqdj0mGXVeA|9av-+(rV} z|4-ZB>i_U-Kr;Vm`0v)s0$8y9PrCtV3kdL=ZoO&Ne>(nKto(C?e;;2Gz=H{ZjsL9R z0{DL$_wCvDn`Zt`WrX_g{KK&Sz5drW%72@4Z`_;y5{rNL$iH9Tzkd5o^Zq#hZ+r>- zqno!m`=)_!bLgLX_)qFoBscwu9I&*{%Z}(+7LNS_K580l?e$-}KBKNDT192_y)}M#KQw2{RyDVFhF(qJTYG zz)WQWWGipSgaAy60M5Lf6$Bh-1hCBrIKlwPTA2RU&J#!u(BFURm;WbMf7gxw=~~~e z^Pd20{;m9byFaXd|7-30Uw<3?XXpQ@nfd>&d#P;yzW)5qhyQ+k|If}@{-M8bbMsB7 z{->h-kMTd#|NHn5fc4%U5aU(=&;HTe=WQ&M{|)_pTc?NqaiRZ{@BWAf@Bx|6zv|LI zy8VBx-u(3WUs}Aa2miYT3^4v%-cAU>Tm4oLOaS*1K0rW#-@n}h0II*0x0K8LMbn{M z&8yCJ0H}}t=^k;-sDCjNvO{1<%*^zQ4|(g`J%mSwSY z7nN+@I$8o#?e~xsEsC4zyW8r16f%y`t}6)DbXTZ%eO@p6#1kPwrsh_^y0_IjC5wXi z*ZzMuACO*o8bwh=Whf5K8Kn4GHk{s5@E1X7Q`WGs=xDyLcKXd(rO5{zTcBBp%n(Sb zj?TEl>{=e0U0nB<_8+c`SBFJ!4q|kn^Ufo);&P{J8Yqk=BKx*^mBSk5%TjWB^=$5r z>pwdY0ridHmnNsaR+~;K%J|AAtt#JyfVsUgf^>MZj6+AAagmpYY1DxR>@ggQd}HH} z&4RqjD92oD=WCXy$01x>--}XWr9u1%Y5Rj#B@V?=%K)vw7K($$w=aoO_of=!s!{^c zJ3^NLhgwZJ6fQfIOX>(=oX};wPhuL!+mN0A5kj;Zx^BaH;R_cGOoRWLr<$42wH7+g znn&?j?RysL%#6rUHwIsF%N34SH%dX~T9GngOiBldd z3ChzwUoU)P5^s8D6)6;%E=)9EgO}F5L5sO4Zim35=cIEL6i~wuJ#9YhfzbpS*c_BV zu(`j7yuZ`WACTtnus{!O+7X5(e2xY>v}~6blJt0b0d?S!9ImCA^uV!0C&m=$GP!fB zY!5!1dG{hwAwhqQt#5X?N^=b-x_$cBeEjd8kH7l2gYZO&nqEe~n{Mb!mp(d?&8wFr za)trzCZA|A98bbfoDGCbY&7g^3JlJ^#cfiXc{k&yPAQb67s=ju zsIhEh<0Wee`t~r(p)fVjjCGxo`N}n^osH~jtm>9e`MX+vCO7P9KwwkAtsah1NKz7u zM@0q7+4#8;a7hlJBFrvprVOS!M#KS|9)qQ+Od^YrL~TJ%R89IuG==;~snqqbmZ5LY& zm_|QN&f$viEm=@lJ0J|aA#fQ@8yEMMuR;+!>ZmHG`J%zcbQWz7g*(iWGB*J?R}3Oz zy$f~^C0mO(Mld{CHKZn^QXo9Ic)#-f-@d*HYI+ub=(B z=@ImhS)&2cJXKzr+g?cQL|fjdohJ6lYJEAiBe@qxZoGsMHSqMUkEYrediRWNdJTdt zce<3xG6Ia`o8w{YmUL)m5NpW-sfMV|Ghiy;5hl@}b`#w0--?3-N^Gn?9uZ#~Ta0c{ zqgQn0>(U}dQ^FIr>quL~GG<$QK({z+8y4&TFeE=^t(SUqcDqWsYJksCEr7xKsz<-l zVb~ZC6Pm^m-c3nqRyMOxVkWr3h%yij4Z%*@ZW`*fbH+nut)OJOoTz)Hsa})YHzi&K zei`uix>&;Ef1FM1mlWO5rj%={r6eS8+; zV^=3C@2O--;3;J7@TWs?*$|)*tf3{9!H8Gsc4Z)e@Rcu2>5IN&jCa`IXkVOPcNwc8 z@fV)=u6-~RTzM79OaWH&=R0(KDqfiD<-x&~ANfL1v#6YD<1*kfPA&w8KBMeB^D-hN z++0O|qXb?`>|(x$AFd4@bx<|5icUk}yDlJCfdt{DVGy(x&i<8chDwDphnrzostxn? zXx4R(dQ>vpS+)!DyJLM)iE`Z`w6x^3xn$@Rw_|?skBCWFYGtZ6J{aomK@VQb3?t=& zD#~tWX-1a|bY_KRD14}vRM%cbK{uzvZUxnp5`+EHz&* zBx1{6lh)|PHh99;;3xqTH@rElC<5ZsCzBU9x^NxjfvI;ZXCwG9VPri4 zx+oL-S+~m@lHh)kgi{N0I3%f*@=;nw{w$>=+*h0GpF@)PrVm66nZ;N#&FQPZv-h1X4g{F`%*Ps1m|3c@a^Ye=|eo@xphm0V8Ad=Bv8O=!M1h| zpCTO@^5q)w2b)Ax^mIDeO0`2Jlq+GfN7cC%!-Y>K6AtSF(z?jS?uv0ikMGbbH($l2HihN0V?w>;$D#GRN)PROHur{8%;z*B zWi#UIyRU%(6Vcd|ac(mP_5-rMb2RRk5gWD*U=r^`KK*z-T+^YachWYl0oVT!-D;6e!J7_K(Dp7 zPchOUAac|#o`?+lwVZqdIzvLg?TP7@8*%9<8%)b@d2#U8DnhQ+Z2L%(M?R#vW8@EFka<{ z2m9kbu(Xdn&O!kl1p?fKtV4%=vzGbsMK7cwZnv64pYze4p&B8mA5pLIxFTt7UrW~q z*%KUI1pV*W6S0#GYm=V3#G$rPM@et|Zs<`!6jusf6!+x^@hIcLF*(aXFbQanhR#-I zT1{nW>3t%{E3Y?Wj{}`$w$Pk)6wQC;vquu) zfgU)Yi4HdGF!ZFxw-7sX#Vv>%G%{Eq=EMNwZM-1O~<9qN20i0#mukd#H?R zQjN&D)1oL_Aj*bZ(_L3cF`s$@c`((!ah4QC6UQjIL zqr`aYdTmgZ=~deK4OP#%AN;G%itYtVA-Nf3k5o-=0yr@GQ#>Jj#a5ukeX8|_tB8F8 z4Gr1`H%bXaS9-eHX9*nyou|xA%wW_Qv7gH?#Z>23?hskj%U8V#j}DD%1dCg+3j{{{+zL6Zlvg}+Z*uN z=~GEt5uLG;q1LVBe_Q z>84=F6Z^Nu%h?7kcJ3BMye6ME1Co)CjxE4UJ@fbdo7s%txYylEdv@=&DL8q^?q^Q8Eu_eOON4hD6xMo!Q@S4wS}8?381iCRNBS zE^imScpex~jO-QP%{(%TTJ0%;NJY^dM+$~wz~LCYdzr!-B|EKhp+f{<%A*&@T4YvnbiPKi; zav@3ZTFkZ8>VE*4ZYN@!E(8^#eTue`&Q*d1y`W2;H=`4{Hf;yaW5Z>sv$0It%jI{iPds+aGVl_H?gwDj&Y&=IE#fhcpayk10Gpii9GC=lQJ!30lh!bN*Zo%GX73qNu@o~J#rIx z>8cZNh~4;LU)T^oR+aBSY}_pdrAf>(kK1ht2eOpLlNpu6n`zV+Hz z{OGGF8Pq=g)=%SCU2szJoxk>AXKwmOxj&4M?u{E*Ut+_6NlG;~w+$Cgc1gCZH+kub zVfF_MZxML|18Sm4|Ltq*qtmkpcrdV&TxRmqSsCU^%p1A%LvNrJcCa?`my>kY^3o>t zOeZD1ZR;i;W7jSE?!?U}y~-S(z;Ce2jz!)P*upn?jYdsKSvVAi--*_@e0O@>?CkL! zZpP7zyMO2!mNGXKH(pm4Wa(JiTbvk+A1Oy##DBY_EQ$-}zeYYEX*GR9q_HJ51?7Py zfpGUlR6<9FZQTkBON1nA8@ao2k6Qz6>X~QfK}&y!-S_G6+tKN+#kz^Bz0qP|_LNYe zE5{I(?%0!c(JEts3XcTT=>t=#dVahe%rn|VV+sd+Y8A6?n?}-Rb8DE6=QFjc6z2!~ z++2Q~z05U*q{4S%$j3hS_5X^9X$6^@p1DqQ@C6Ep3TQbO65hQ8vPjB^Z$4=&|Hryy@3DopYb-|5zO z$vs48YrV8aNBa>>m&%rcw~n-^wa=_0ucy@D+M2$+5No<&&XlpC(<5 z{#ieCzgU5D$`ak*oA(vOhx(NeatHI)7yU@w-vE+p_W0s&OJE{YcyOh_eZ%$lirAJ*n9kX1dC1}M(_>wU6CVZaFK2_If z83(t^s?5$rKbQPS4p(Do&X9t9%4|AG$a$#@!xb*~M2e-Ph^sXCw$C zJ`BQT!k|$zfuq*&jcf zmkrOmEsZ{n{BB0c{jl6Guq@)(P@+iQ2P;XOxEWDx~Svx1JLbaHEjecrsZSHyrc7Oc+_D7|D_cGoQ zuEW}{3l5w+ppF?*Y&YW<*^Ver&DjeiGH8&zy3?q4(w-(ehwG62c*6cr9clSud59{- zg>=rQLau8IewpueOe`!ryou~4;d*^|)yc$3)X6>iL+xI#^Ax5qz^hZ4~alm2ZqbpBI9y zBDaP|7qfrM!05M$1i56a;p7n3aSD_8*=2J1YP}mGM7#?KIAN^%8x2#SbUCUB#r-_9 zJdJyOp+NkV*13fjP60C|5fj3qL|=R(Uod{0m9}2B`}6X(V%^H@n%U>jZ#zLDd^HSV>-W{r#69J|k@`Ci!g9@R{kDXklM zaZKXFHclOs{4i{e-GdfsUF9JJ)0+E_VAr_bpEhi*SLHKuc|wB2s14jY0V(RrTpYQH@In|R*p!bx) z`hB@WCDZh+yxd`7v&z1#^J#8#fcKnc79FPaW7-xTV0APn?ZB#**Az|| zf@(zGh_h?2(^cD<)Xwf@6MaZ9kPQ5)UM?lvuV;1a26mn63=q+X;fX`2XX-+aVupmh zi`JhbtY-q~I2}!%)gDA;1Dwz8An`Xof^e&Y1lH7D*o7EqUl)z5YT52|kvSHp#bB39 zU>Sbjr*{)O$g#!9>YSrt8C68PvBl+a05&hP@ewe5nDN;BSxGWd41XHC{H|num}nbT zBEpmUzMza@;Q&V{yKcr+5TPh>TL-GE&9d9bUjnCSHhFDj*p}mDhpuvIJ2}+|>yh~B z-5$xL6R+I&EI72?tk(;9NAf-pE$T?26NFHqVHh|t0*WHJnFQvSa19x}GK`# z_J(oKjIB?|P6FahN|`2JxMzGhz{jQM#PAg%+P-k=-+1anNGxovM7mv6_+*sLAVWc< zKH|XLRt^kdNTz8wOWm-KZ<$V`XcVGU^`_rmTTrD{f4*QDNgREI=A?F*g#I*rd{fx+ z-k9W_Yf)x%f?s_5fer6|uyt{B!g?^~>(_PB0&C4Ya-$?8i(-87Wgrvgl5Wb;`yP!;aHH_@6=Vk2;ve(7{nW zmX!z#QesQcv&pK>0?)WP@*zM-1HN-yd$a_zc$=GpnNYJ)a9FjFpq0B|`Y?`al0AEU zD*&S( zdsokxFA!E|t7h;3JF^nb{fOCOE$vXI(FHZ%^y>J2L(dRX@pS z{n6xumQO!E`n$|S?}BalB*IbHdOvf4h>d68dOgs{Bb&->9ZT*0+u=oXDC|!9vozr)L`W&e0j#?WZRyI;Anb>wc_Pj|L_bEwCxJOP3 zFQR_6?@BMOs+7*_@Iji8uvKo$s<0@Hls!cvv01Dy_{neKOUQNP_@tv_&*-AK0|R&_ zjzK~#I-~aY2846rwpMa1&Z~*%l&%*c>26yygq!m1mC3Evn^#(kqu zUa*;JTu???NQVbuA&XS>>oC{Dl$JJkAbq+Zh3pC{w7u3FI%!>_8?qF82L7?ngdR3P zL}rcir48u~;OG@!vi3h-Sb}R-3?VZPW1!W))HZpDL-f0s%XtwInSUmzRNZ;DPLEKk zi+n(cp9kyGmN_vaf3V~Epail}K^GasI9OH#RY2OjKqfu5T_Y!8pyb-h+S{ZR-RBux zxId79FgJQW52pOWBujT!R5*!cmd`kdvN9q4fi&K9h66E7y>XF$WKCk`3L9^Ss~j>r zejY85Xe0-gZJ$yY4vkTHJ6_`PZRL=AVY_0pHBPb|`tTdpoyrQ{Kb38M5Bt;!D1)RU4`ImGfn0&r5Cr>0Yx> z9@vK9p{q-IlkOCOGct6y+ecff<1sISk|38prCOv6h&dd57&gVOdjHr_v@)tAU$oh; z5OXfr1N@$~Dr;c*h^|7l8)7KcmZb8=*^hAp2+xbJo)o{%uV3}2-3vO%^l9Nd zEzpVdS(hKh7I>2ucW3HH#shxj+!?SCg8)zb5$tom%USYweQ*hFV$CofETkF;;RqZW zO*e0rwv6K?*TAqf7jO_Gej97qvm-xfL3`PReLnTDp!Kl|omwkbGK9o*L^j&n-Lc>_ z&CeRxDNnJ67JJL>f@STxaV|zv0{S|Y@wlT{0FbW5v$v` zL&*#UBpz%&!uGgZeIf(4Sqj`z9V zTZWl-D;Kn!{AzVkc&-o}`Fypf6#MXVBYy{F$V@5h| zy5|B>2a*M@j)F*{nek__v8@xzv%Ewvs|{tu3GFo{-(3{zUDXaA-9jM5k3Pl9q47vv zc!OSpanS-}sh;D3lNd>iDf{*-Kl@I=Tc=I3-1w1?Ypju4**>9u@N#v1ErEptab;M< z(qa}M_w(~={t4sM@zsBCf1Ae8LufWg;o@CbkdrHqi>=^O%R~Bsp321jXRX1}t#bzG z`!a=QsrMlRG3|3Ed>3-7*HfP?%Qx+*fpR%Rz}y*gv0;)A)-XEdB{W2}u0N--7~zb9 zDE(-xqK&idjh?YIImAW&VgnM}YdS*)d)IGZeIr_Bzvr88mQ^vgO8rH$0Eqi~#iL41 zUPz&dOrU(7FF&0jH^&~l^@4F4;tL;DLzx99u)k1IOT}cUG){MIu${IE_e-GfSp_F1 zr;7XcR)zy|NoEEshS?vbVOevFhn~R>xA)ST#grY zAsk!!&Td-nkmSd#lv=<&rY_2NTt6i`LJj$4zP;wUb{l^P<45@mm6Rf982PoB^X15! z{8AAdi~g{EbTg;k1*F~}XW&I2OwQeRW8tEuv!~)f*uXgP=*yhiaO;V@R)VXtd`r@b z9CLWD%|ZTL8exkrjXYv-XYo_$5E_b08pXiD9$&VVRhP3f{eBF6IkD^82D@vtW=ult z6xcb?p4WC@ybq}cP3ADNm3TrzZ+NjeYhL^?{t#+)UrkIa;$+3ec$4DuNZrx=LvzT>9K&EtPJ$1f#}%5Q@taN3 z;{8`=ccv{LAg46yqKP~%_*<)(xNt_Q=2*Wu-A0*U#i#UY&%=qNVDfTN*3#|X`pqcG zw+3N9ZS2G0yLPqZNsH+o@|2m$;v&UgQze-+SC%Uz_!3Xm9pV~0DC>Zi+V4)~Wn_!% z6-~pkk2skk%qB28MAqx23wZQ&r&kWqd0kOHp@>?qtq2^1sYD7yv4=Q}l#$pweZnv! zFx#>wXdl{KRul_Lp>bq=z-P+)lAi4ySc?z~Wu0GBKaFtPY#ZV=%&Z=s(t!&H-a+Mq#l13QkD6~G5qbL`X(Y!bdewF-dzC9R9M>Xd+95|m^z_Dg3kK9PQi;Nl?4w{7^YcXGO zai_o&`orhd3>W43B0}ve(LziMPcdx`0i+zcH$84<2HWrQ$6wdCU-N6jmFzZ^;r-Q~KA7`-V0`F_WB0ieV6kY(JuY&6j_7f91xQe|aZv=ex~kYw@^)O*WiUnZ1e~5Hgqc z9JqZ0)kCwXv2hrowCsu~`;_bN;T=ERij1F-5kw&w4HLMkYid~C5A1H8kNOe0h;k8Q zrtpvYe+jo7or|a+-J6IdIOzoa>Ss|rN5Y)BD+7#;6RpC}IGRd`jaR)}+gwCTg$ z@SRUc2$V3%5AS=v;GI=5B24q+dP-K_>sk$mMLjmN`u!Tuzq`LOcsy797BWL@nwfQG zik|P^s${a4yz%NcHAYyYj>2OCWr^#+4IgTcm2yFb>oTSBg|(gI(9P6o`xSU6c$BVd zfgMLiZ83raRZ9zje$}+#cmDmA9|>_}f?jIz`^kxVc2PN-HJ+C71!!i84T}ebD#nGN zLxXA|9vPjvE)$LGWj$Ie%-hw+CYl(g<@wYbl<2gsJ3^3BunJlf_9|)$3>41J+CLlr zzCA#qyLPYleN)zv2lH2ysIZl@bmTiWm6&|VeC4)oltzAAqq|Z^w=V*;Yd~?Ht~Ar@ zJQ`(Ty~K;x1=niGf7Jf;a2sRkb<$OSf4;yx5Mu%=8e$97*A(G;G=#mBDJU^#;7=PZ zi$)SCIv*v>Q#}tQ$cWiwdn?HAw))UfK2t2>fM=9MJg+<{I5nUH>p|xIQU9+%76;Ei z`6XkV*Q?;IQ3j)HF0BS9PUwmhK^(HDp!Rqs|(gN{jt#)ZpNu+G!? z7+&Vx{%(37Qa$~0%Gt&ThI;MyD|XeJ$l{8B*5Ad}ZdNR59$W}74LRrW#seo2<0Z;) zTa53O3=!9VZVbSsgm_}lPGI_QEBdv%KePO;3i44!O z5vC`+j)9pXq8?m__&ywz-85Ki?ApHsSt9&yJ^LL$YVKJ#Hx1<74oVpaon2a?<3*!j z^b~i`b+KXk)1;SM^%TKK4i1J>7`|4(&_RzMMVCHt1>lJ^9cuF1l)=KR{?5MN>7V{n zpd0CQ`5L(O5VpxU^V(G~CAP>@!5n0^NLxUDHHM9lRBXX@@ng8oWy6*T1n z@W(`L^W=WAmcl=4|ML$bjE%}xxW@hpW%esOaKBix^CPi!&P*TnkM_9wJ27fZTm#ZD zHAG@MLcI{m)?O5Lx}3`P$1J>AHQw?3d^xJB{v~o`@@^bx^kHX5i zpf_tgUVY3w{CS&dJH^4u;;jB-H|dtAfpZ2b+>SVq14xn&f)*gJe^l>wnDJYugzg$g zO0Pd-HF$rTY~`_Vp6{o%KtJY$Q(x^@bE`(9YUqXRljMDeL6p$2$L$TJ46-|2Ez&?l zbWttwXZ`)H_Z?l^9G=b;3jzOczDtL&X8BcjwxP{z|7ItJ;`_SX;Lv%hxX(q% zHFA!hM>hd)1{fYrVUH_qx$x1{BOKd>d2p*edmb15H%NpvaR*=RH-zL}ROHYh?PJ-go!MSA*Zh^Y5M~=FlgpC7rdJ z?r9T;ZCkW!dP2DeEx?lw5>XjbTDpwCpZ%V8Q8mh0X`_NAEJm2hc0?(t+=!;T5kYhnhwfBNDEG(?(BUdo)F@H0rX!VJGy?dGfO|HfO2}IQl*t;hkEhf?OrS zwMhKY_?KvsV1+@c6uQv9D)?N3B9?ojaPK#YHu z@q!aVmbKed@TnM9jvH0LXU|{r)jw)~lEI~rY@WJilMZ+25@V8VOzB7smU^if7_I`0 zEyZfjMPlD)05~(XBa9zK>p`E;V{w4UIQBXLig@hupY{Lue7x|Xx!1c3Vl0#< zkY)SvIjIlVK78?fr}`tv?tvnM&W5#NDjuD|&9EDGxEZG!p&s;AkhFQ($F65~=Zb@W zR_`d4h4{ikKt0{UY-eUgJZlm;8KvkrG{v(_zm-w8V%jT=OGZU{k^@;DY*f!i;r6^s zPDPQ={((gZ)2qJ9u^944{XMTQOrCt+_B5EvV`fQDa=L}vOLvSum<$%^do`Dg&BSvC z_t+kwMujV!P%M)b-39fLTOf>9?wr%#zyI^aX;rWp+ge!*X*6l8#{k9|KI0$tzoNlC zwJ?og=SL>;GF?4i7vJ251)C4j1#q-U0_82?%Q1Ck1M|D1u?6q=qpe8PR({q#_$sfwE0 zS?(&V!R?txX<`QQ*>^Ojaow5LGV--QAMv#x(Y6Tt&gs?lYo`Od;jeo3NA=%!y0VvZ z6fIC`UAZ(rmqvX?QQI^tx={Y*ds(_}fa_fOx<`3L&d6lSVZusyy7J3cB@cZ|VEU*UF09*{)bKVB4C*3`_QQS`3ymv18>H(>%>0+zj_y zE<<%i42eqR+jjA23>RF$2X|(9Fb03t{#{qvZ@k($3;AaY?9^a-5WxB7*X#_p_L5J) zB%mTTkt<03;g?lAgTu(?T1#KGpT0w0d0-qj$158EaSD-DIQ>!or<)~++n^}Ecgl(1 z%J@!|bW^c9{FpFx2sJOej@fz)Y{Vs)RGvlB(9}Kr;xQwr_vFaUOzAU(pziMK!Nt_Ebef`dL}{zUG%BJD-ghbJd6!$N4x=u334amv{-m;ys{ z&+pdr-#zb8G+~m1@V*^D9K|T|-SnR4%nU0jo~K;&5R5y!-*^4?v%UJ;+<4aFSD?k^ zC%tqy$x57s95E%Chqe*f2J+6+->v7r3hWis}r6TT8l4;eU-_PIK_q+RDqOdF)*tiXl!3GP_{UO#NrbE}OWE2;gi!#D%>v977q?DU+sq@kaX#@~^PvKR_A6M@&~R zVBRx}{#pCIK?9f95=B3e+I`>)wc0qXZlv>=SJGs_Xn&oaLAF(w0joeUs4nW9tQ@-k zcvQLOqUx@}_2R{A`2OdKHwBr+pY{I>YzfU->RCqRJhuOl2kn;QGNs*#`I9iFqlCWb z#xY80XiBvwa$}q`>L7zuV6!SZ9+vWHC$abWnJVJ7gF)CIjd#P%_mg9nd@``YxM!kI z-)sHafs)#Nl<)XbLo`hrmzSQzzG&p3fh1mw7?r_GtE>L?e#BqzNBs4E#Q*(%#P9U% zch9?&g()Gls)2>#+d!CNgH<*Anm|nPf-aGC6S-pdbwy`#IG9meNG=93g?G=*V#M#yDQu!@g@F=ulSM zqn+Th?kCG5nc90+idQvVAwn4-$qdGLZ9xG}2-fC5t9M~e3*}TBH4tB=78VL$*bizr zb}!$5irdV2BoU(%R!CX=!r#P#?ylLv0n4zis2(R9r5TK_*19_`$rieIP3QDS^Vwhd z(gj`bHI0eTe|=_jepO6p1LJyN-)<9!9oH%LKfrI%ftU z_v-twOA6z+KJ)NVc2iY6S?LjyF-d!!sQ3DA20dJ(utS%NSKHyP-@UxMdOjNu1(@XZ zLK5Ul^onkb)_+9Qui?sA)U(S%kA7?`Z{XfX{w!HkM5;^#hAk-{Il2~{!^2gDYM9Fj4a6_ZvaN~W=)w&g7${oix0C`c7;Iro#NeAiuPK={$nH%y z3J{JAHQY`YcyY0*TC*6M5NAp~!9KiZu9zKCufU@dV9-)#YR+2>^xeSZRGxCGS@FY- zf~$f;fAH`7^x7j_K2UP8@{G!QU-j+tI33Tak>BD_&Wgo;R)I1(t%~BTl7&~1AB`<0 zl-^+&SiH6qeFnk8_qj`aZ>tJ}A!7vAcaO9MR-b3_r{uqci}#IK)t?$?8019Ie>AT~ z(l%83nf;*EW-@p-)C8rzA`FC6Y=w?G*yN3j9X8d$;waa&DaFKv{@)(2m;Tcit8@?V z@_vTSF*Twb(rbM%{nBZ9=?j+5j19=!rE~2vogFnw}9w5P+ z_M#JZoD=6UtbIHteo3}iVVE)0Q1tz)9$1$xx`Nso_DT|evjfKxbTrmq{4h~MA6F`bER%gH%qi!kYbUxwGqca=6|2KK)9-S0 zUg32?igN^HS{Y3{(;c&v=5%^B+;<7F9q5pi^nGK2(4Yq=VbgdU7G-{)F!}?}VIw}S z>cXz+FnZgo=XAoS=noy^#~WWn_ALgBmuoJx3Rc|NcZuTk7|L`$hOHE(ij*R|hGl}F zfZ^*2{^*CQ6B0UIrq!YFk3SJwr{CR5VHJBt=~FuzA!!Y7rVK3>A1CWf8g<5wO}7y4 z7#dw{HJk-z%G*kx^^ui)_sujlQ~EYF6yvsE2T59i-MAZ-0L168S-KjuoMvrdzTGJb zM^NuVO(53ku^0amYWPI(i|!l=aZL*^DSzfBC80CtG6v}r?gt=Wfz4T_II8w1G;HB? z+g;E-h0LJh{E}Tbyr&g+;cIAF<-63U*uz>~;}iy4PWro0jrTQzUf-Kxba5w+=?#Mk z?}=@e>tbKgyKs@WNJK**XRD3X;>8gQtrS&H-Zy91M5K*VshN5O(a>08SXf;XBI=t> z2VL2Ju;H#ZP8vpJ#2b#ad-W%?(<9XT*i5d5v*rf1h zFNetc>Lg}{)R6aHX<}%(sGm{}hj1TQ$?wo=!nQOB)@k&u_LOyK-ajxpsOx z;>tN63)r3Z7T7Xo1?aJk&k-m>_MWCYOlK3})#NLs(e+m3_PncqKTK9v<~IZFljG*_ z3ly&=IV~4S$ok&XzJ)NYxl$meDo4BVt!4O)cO524d!$D-$KoTWtF{vTWvnWwK`Fb} zU^NM?A2^Bhgz3lGRgo_ZB8Y`LLD>}$4s-Q(DP>%SGOsCsJ$cNpz<1eko!tF1ty%<; zzMpF@@=mUEI8ziYB+z|~M&GCIe{JNx25)0%!SZhBWt+Z=mv5U4XJN(@ww9|$+1QNcV>gwXw`go}_j zWr1G>WCQB)YdU>LqMD=jol0X07oXS&xOfJW1{%0e$W*q>9vZ%1eE;74rS##xf4Vqx z>nokSL>YTc==&hzn@>;r`~0i3Xh!m8x;kRlJuL$_<@8VSkmF&<$V5NW;)H#^?{9>neQ%0c1NmyVhF%LV?4OlvjOGVdwX##Lacl?b zkLba~wr1rX?Mx)0!%v|aghE5I>N~I>WV!$Fu&of}>4cSL)9N6>{X=q=P1WK0p$tk< zE}11Xdeo8{{%fP|of^{wJ;!GJ*hv5;N)-7;&-kLuf}psRVMvA~H$}b(ev*M$+eQfK zp`s2-zP!biUpLTr45s1!#ff(QC8_lm3%xL5cpUjVXa$!qKyWDe2QcHz=7a?quE``| zEikgAVLxUtDgyaQoFGo5f!9t}0%XNmkJ52LdoC30ggy+y^|5*fuzXd#;(gC0=%XXE zMUzZDgFp?JCSQVIwyol4?+8KZ=0}#ABSX@_?*M0VPOt06$DuKxbW%CJnoi<4c`MwG zlCWORB!;#~0}Y(;ot%GOk#C%75Y*VDhki5EnnExUDKi}-7B})yqT^@O307L6v-zX? z_)=Z}Na@(jXg&~67n$43J5nVe85CV*O_E+~uERa`rKe_DyE)=r}rErphO3bA?a##lE;Om%g8#^k@ap3a~u--LvQ(3!$2c2`+33|f% z1{r%Jn$7y@DbCD82`%%QHE_h3C|pnX{Uj_2Z}vGUBPs>{DdDb-TL~W(nCd>CInkW* ztc4B{@`!#;AL#GsCBQejp^CkS;se(tBG^j}4uUL$a< zf*Rm#y*3Fhbt#^La!G@A|e5%jieh+kQ1o{4j3cA=}LrdYPopIn!pIrn!eWP{3>_Mc;2P zpqsMK6Np}KeI_Du(iF;vlhvGFy317z%s5G*mun7|LixLXIs&=0@McTM9n>!bdKDWw84x|Td& zq_Bt-!J`z{*7v;7?$_|K6Pv4C={!_v0f8LmMYTQE=a6Q)9Ey00$fB^d#1yKZ;{L>r zvQFomtH%C#YrB?A0`Au$m{~nz#C;a@$_lpTKR|${;<7)GmUZq?cA(s%_|-i}t6d}Z z|6kpmM^qC4wuV89fb4->u0Z|YHM0&5Hg7jXL-h>cZ zfG8!jNRbi)jOWam&1`1oz1hrL-OYdh|J>bO{a=8@enC$ZDpEU5j?xc4J!S3b`}7!E zptRz5om2Z(KC}>Bc^>6k4iO^#YBb2yS|hvGO5y&UkvG#GLRtE$XsgY#*1o;!l=pTf zAZs9{LFg}sJ_XH_P@YVptGxJ53()$@^)sw-X&cS@D~TNzc!Xc^z;uH`Qa{1IG-x%R ztU}-EI`!zwX%dEDcW@O~dNTx#E|H&z;xl+am}$itA%MPsmeNG!nr<4NZK&y;t*Un|IrY^uDJq zDIG8N4Cydp3zW#ay@7*)L&Fi&7HX$kVGsL@!=BfxDffQJ*TWcQlFxzTnwv)E@Dmi1 zI=7NE!lnom`ntkJ4{8P*_(2~`#&LztCbxze@(ixUI@-9Qw;}U;^7xUxOBp`=N1iqs z=({K-lkM*GRG9eS@bt41=Yf|XopIg#+fk}-_$lUMIzY_U4m zWGw9mT*Zg6_2|rRW=>^ROgZL4t6!g;`#n(NW_YG}vZI$c^lR)q{!VMvTe%^}1c(>b zP&w<39aFZy@P;R1B!95RdT^2G&Jc8yRCj8>NQG?kJQZWj+S)^uFQ)t6fZIUTF@fv& zz&5vmXUAfysnLEM^&>o0SRbaW!zL0w0>HDVbX(Qe{ zhHd0dHZ+W8WA_^40|z^Y&2BU$0t97{vXc#QG$|RxoodZ}?u~b3^~ukOsf>J)>RA zrl!;RRahif#@%VyN++2cbB{9E3p{Gb^=X8ziMvPuEt>vNnjvp_8zZx-H)ne6LLnTj z)}<8F&PK0OSN3CG+)&b`p%<6qyr}w+^_Y?9nUWQ7#C7|owv@cWf=Di!xptr4GWqqC z-#GobKg8BSX<;G$ zOh6w?zmUCGO~XZD&E?#WM(#U&0zDWRV7<4pb+8zEY!){>O7FK%oVv9A& zC~(~DElnNgHaT13FAD$P>xy>#;8_XC)pyqMX5Q-94IyK2LWi# z!YYRsOGen_^zl)xEqQR4_%Nq-bi7Q5pxNfK$&O81YF|#BixdVrH|6q|yPPi@cRU5% z-oB#j#u<3Q0cl73vI=b-h3PZwSxJ%EtfV$wy~`TFqRhLeM*1zn-cJg2f44n`R)*U9 zS!(z#JNiX%B4Yp=5wY==Qkho$@4b_1d#Bafa(-LKrmjBcb(en(a>oXE!dJ6CyA626 z<{&#ROS)!P0EJG2t_ZmDT(?I(ll*o`E#yL;jLrUspo5quyb&9x1Jy!0Yy;~djN~gA z9YV}rU-uTF;#FMXvFN2j8GdOTaSa8q7Q;7oT^9332ntye(A!w6{R{O!r9SF@J@Q^P z3iI5Fg_`%nWWHC4%a*3|1YFk)-5zR~-lRd4fDhOc@SsL(#S}`!9REry7LduxIQHiK z=n04GGmZ7mYFcKJX~&Fx>#BFK1S2Dh$DyJ<96mKa8RB{H`wYYso1aIJ`SX15G!}_} z?0N3IQ3OY?Ee7{0`d6dJxY+A_L%r)-jdU-WcO7KXOj0Hh6+#)^>h8t5#!^`@FHB&$ zfUSgJ#lyp_M}rcTA=h?y0c5F;y?j+n1?5{|f9j~t>n!V$KCa{`Z|)+i`ymnX4Lf|G zRZ>+o@?Ie}i*a6-8}k#07Gf&@^FwVNOFr{(((h_l&eqMciTB?rUVz3Pm1xZ6{wfY{ z?=q}>MsL^+F3e7v`FXt7ninN5zh8-e%FtD6O1*Lox>L+aJDej60p0*0iq#Pwi3Dl? zsB<3d=Y8XEByZs6triO0S*R%~&(ddLZ{MIySu_loCLdTtoHTe7i#Rk?^m0)!tbMqm zh*tNZ)OVt^dfY$z91FQwO}SFVI`+7k8+=h^ROH+usN`s7a^k9IWE;bS4bGxysbVN- z0wT^@A|Ls?(KWTIos1jT6A{jwR9b5(J2);@m@Re}n7}^e?|gEzd|~@}x44|d?wyS9 z`Bn?vj32J!A!}{Roo;bm+W?P63B}Oi+i;b5O1g+Cu$$woRvH(f<``T%Dk8S9Cc}l2 zRUNgaA@P(U-TJX{aIn;~t?sAf9 z@l|qw6M1EmZx*NAbkRrTHHiOLy@s8;hfJUc#3J-|`vkFcMu4N=5}z`_)$O}TK)xlV>JVkGjIoX8+F{>H+$hvua zXmvmwj#60@Fk!hnHU)gT#MMPeP#-0T9N>O=@%O)>GVUYg!jg1cx$_%sOlEaH4?Tim zc0kg$0`k5@!^QW$%f+qBice5~=aBR{?r5K-VNzNXFcLQ}%L84yyJC=3F|T zG$WTDC&BHo>p6EO;uvkESwQKa6mgx+u!F^oOH(v17W`##x=e>&nC-W#q~1o+Bd7L+ zg3(5k`9AKlz&@H1Rc{o<9V&fdb(nc>pObwFb^b*7DQQnQ|52aePPDZF`pXGEr9fe+ za`gRCxw5P9Q+(*&^6#1`RcHF%hsyT_IVpC38ou2&Q0=S`sx#>qBjl>#NN7>^uL+_1 zH#dXX)MQZSYvLzNobq2sgix?O?$B-T{maKeQco+kYB#b@E>N;Sj>NBmDxJ#F8Q-}j zzAyAmZ+2E(_2A@r;YBt&qwYlQssQgFO>yKgMY?*icu*Aub=Z0|;D$et*?oX5cIxoO zk~TrLHXURAb|tw%Z|%@~LVC<7V2oRSoS#8i!rVTj(e~SxnXwo}EAWY4>zM{sLRy=C z^iG}S`mLHzlvQ>IlMTpNvj0(fYV3J^)kv}K(Sn{2Q%qwDv=e#X%>BCCJ~cw%vfW>R zDD+Ho^ejKu1tB0FUn!Tza(@6%{Q^*mx@a~#sd$Z<1}!&T_F9v-G~3P#vF5)O<+Uyj zuw$1y-{460e0;$gHRrF{TdqonWD9{OHUCui-R;QZ%+YcH$XsL&3>PcH!?=kbtXQx$ zg<$T(>u}2f%jH6{y+`gma9AtONIYZ6r6V045U00o0IaaCF{jwrVMRnlbLGen7&bms?R{rSabf%{0ilfAYo0lZO>RIS4^d)~&x+E2S zL)=UXeyoErVF1QOvd1_#(G?ptcJPi2zi5KOBu!$bvteeeV z5pS>pnApQkOUE52yXy|=^@z7~CkZlGpcPT_kald{$1e6zxfqy8*@$*)molX8^(Ujc zH_`Ei#3O|nY@o6VaiUWG+kDUY**@sp!u%*wgE$3!kf-hcQ$u78Li#($VU0Ytw4 mmJQ$!QRbiVM_%~-jr;cZ`ELdM3*vv4|1VhlpCtdy`F{o4Mxgru literal 0 HcmV?d00001