From f41be105791abb1653bedca175ff7a0cacd6354c Mon Sep 17 00:00:00 2001
From: Andrew McNab <andrew.mcnab@manchester.ac.uk>
Date: Wed, 8 Jun 2005 13:47:23 +0000
Subject: [PATCH] New directives for gsexec / disk perms

---
 org.gridsite.core/CHANGES            |   5 +
 org.gridsite.core/src/gsexec.c       |   4 +-
 org.gridsite.core/src/htcp           | Bin 29747 -> 22680 bytes
 org.gridsite.core/src/mod_gridsite.c | 207 +++++++++++++++++++++++++++++------
 4 files changed, 181 insertions(+), 35 deletions(-)

diff --git a/org.gridsite.core/CHANGES b/org.gridsite.core/CHANGES
index a9a305e..6a14db8 100644
--- a/org.gridsite.core/CHANGES
+++ b/org.gridsite.core/CHANGES
@@ -1,3 +1,8 @@
+* Thu Jun 2 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
+- HTML improvements for Bug #4083
+- Note that GridSite currently doesn't work with SHM
+  SSL session cache, in httpd-*.conf and config guide.
+- Add GridSiteExecMethod for use with gsexec
 * Thu May 26 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
 - Include gsexec, a drop-in replacement for suexec,
   which can do suexec execution of CGI programs or
diff --git a/org.gridsite.core/src/gsexec.c b/org.gridsite.core/src/gsexec.c
index eeec524..b57ba4d 100644
--- a/org.gridsite.core/src/gsexec.c
+++ b/org.gridsite.core/src/gsexec.c
@@ -654,10 +654,10 @@ log_err("X509DN mapping type\n");
       }
     else if (strcasecmp(mapping_type, "directory") == 0)
       {
-        map_directory = getenv("GRST_EXEC_MAP_DIR");
+        map_directory = getenv("GRST_EXEC_DIRECTORY");
         if (map_directory == NULL)
           {
-            log_err("No GRST_EXEC_MAP_DIR despite directory mapping\n");
+            log_err("No GRST_EXEC_DIRECTORY despite directory mapping\n");
             internal_server_error();
             exit(153);
           }
diff --git a/org.gridsite.core/src/htcp b/org.gridsite.core/src/htcp
index 01c4eff34861e06f0fc4fd72de72621021b7f099..8a64842f5685ba9462ec46f27388593f059ae03f 100644
GIT binary patch
literal 22680
zcmch93w&Hvx$jCcp&`aj%Bj#ofuRscrFry)p}bm}>5D#wHpOyy4AW$iopv%a&g|&}
zNJ&jc2}7_b_$!K95RZrmTu-Zj7E|Gv@;kYlT&!BPV3l&tj;R=~JrK1r_y1pynVliU
z$Nk;A+m*GxwZ8SO@3o$L_PWczVsTMXkuXoOC=rCpdOc-x5g%HtO6Cfmm>{afG%;12
zhAfuN?E((MQKT745j+Sb2$Ml%@(xcK!#@FLU>RvM$Om-=!ij5zU|@Ywsmf*Et0+To
zP~jv3+hut%qOwH@KlYR{_)x~ca<;)x4Y(R@Gxz{An6m5Nv|9ka?=ki3BJCUMA}uwM
z_GoHrZ8BCnTh&F=0%XOKRqJG3^1(p9s}SZPoP|)2;6vbZhKl6hIrvMxO+=WAK%IOP
z;cSFU5iUUBGXsJ2(5!rF@b^N5a)b{doR7d~x{AbP9akfsgg}035$X_TA{0K9!8}r@
z04A7>abj;l-iHCx#?%L&3Kfm{dnO?2#ysaCajpiYAudChqTx$)%;+4QzDUOxBmM{i
zZFf4tEQIkM>Xg2~vPt6Y?8{onj{~L+1~p8*65gTVof>{v!xv~csNuIX{4)(-jF|No
zYvG>IFx*je-J{w+1C~l^{BwXu{LgE+P2<x~_@oe6-iZ7ohdgDJa}vC01n^N89MJ8p
z*Y&T_Fm2BI-$Fhg+Jx{oHGHLp{Tjbn*Kg49)4IIGlxw(E*YDK$-`4Q?8V&-V`~n?q
zzMUl>d>%kx`|}ClS&l&XVom=w4Zo}Du}`r4c@5XYu?T-j!<XsuWr%k@Z}j_N5z*!J
z9pVpZ_%+0Y*J{|W%g@m58-4vym(!n!zrH}8)ySKv<)c4cr|Z9|@ize;amnAK>Fv?w
z4{G>1#H3%L>l=A*NB%LFea}MqGmuZ&f1)_5>l^;Upuy)31k&3=KtDdj8J#xzcntL&
z7yaurz3YL;`d`xcjC}lqF|Rq5h;X=@BZ7@Lu3ETq*&@NLU^tZA7EFfiSlo7H#KVc!
zSfay~(;jWNMX(i-2rgN%`r3snf~yxVUh8iPHZ8n%g+HiJlacnM9Sp_e;b@BpF5etn
z6K+FJII$=aN+!ce7s2L8I229AMKIXb5sL<sb|_&7gJd<Cl$_3$Y$vwG?HC!CU|TX7
zinj+hB{s}cV>i$ZFh}CYI)dRuB40SKIY&VvB*Mv9WOJ^(MK(2?Rc~kJET-C9qB1Rk
zW+pEaNxLPMvPE0i4yW2%7(-*hNG#eW^P-!@Cz7#*Ejq#-&GBubBNU0mngwt|i8j%m
zOvXdaVGv0~n?uQPb4Oex+M_Mut)exKgxyL^WQdMUc6*0LBvM$>NhX^^(N@-Pfyxk(
z0(gjTAv2+*Ceqp*i6vRP1v(I5AQU0FV1iZ904TS{U>gy#W3c10)lhp&do-9zhGDKC
zL~quH=m@n(St+8BBM~r~vXi1U5e@@$E6fFV2)Bgn5I~qr)k7A9Sh8Z-wTptYp-hwF
ztXYIP!~IXeoJq#}r(D{U5Vu6*6-i2}HuIQL53%_$XFdp+Ic!pUJEpY~5l1oeDkWSj
zZr2s7(U(rc<jpa!6qp>FOEKxN50_$+WnU|uEkpz238-@=V~k}B7^71+GA<QjDPv5!
zD;Q(a4KT(i+Qb+W{CdWi<Zot-iS;(dn1EXtgE5QoBy?BC=*V%#SV-86u@KnG7!&55
zj4=s!F~(%GlQ9+@cQeL<<6g#?Y<Drng!}+wOwhX-W3qmju}_FSj4u%4F~-w{c%1Qt
zLOjX%B8*v#G3e}NjD^dyjIpTsK4UCu`WRy|@)F}ZAr3Oepf<o5gW<ZKH@lCQIgdbP
z&I$hc8IWFnQDo=U10!2C7k_E5Y*hnN7L!9qvv{hmB+Rm*K?yG)Ow$eZNw|?Pml#9O
zNO&n>AK^U`UO~8;@Gc1l2-g$tl5i8@2EuU(uP3~K@NE*lnebA=0SVtmI6!!Tgj)!&
zCtNRKi|}oPeG-lkra(iL5{?s&6BZJ-32!Al@*Xm(wi50ld{n}B626=8poF^!?;_kM
z;hltc6Mja*cN5-2c#nkdCHy$yT@v0!_!+`o5`KX2vxMUk-c7iV@NE))nD9Zu0SWIR
zJV<zfgdZb(m~g#>A18d2uusBI5_SkzO86PVBZP&7_Yxi@Jn|RH|14qjTgWfr?-MQ~
zJSgEl!j**kB>WQLDTJSq@Ik^p!h0k<K$zQvp<RGy{qEMDUw0oH2{f&-JeY^AXP)zv
zU4Mgh^HbP={0A61v1=E6buAedH|==w-Nizz$#kCtXX!q>I6Juhrk7vbC2`=-T~{3k
zbzysl&+pwVy8Ap|Jq$Se>LZLYmFZVg!#^q|O3}+N_PnF|z#|?kUqNdsbuN&o>^@#$
zF*7^Z{Zb|9umSSWeY`2-pWNf$oAFn8pY~Vw_#L2T{LX@a(+F9B-QyqWKJLk;oNTHr
zn;LOeLIPw1r^G+<BOy?j@$c>Ks|Z+oAuUlhDwOWgqLde9{R^l|G4vb!&8GJD`cDL`
zevNvKK`l;|4jljj$ZagQeyoe*iidPxYFXx%y^^(&?!NMX^D(H4%q?Q$nFZ6jw>Ajx
zeO-zGva)fH^*V{nI||)64GMjTYjL)4o;9jln3!u}ldFY_fb)|->lVr=-tn@HS7hU5
z&NaGS|MBk5<H9~I<3A1^xOq4UQI$@BZ%z4Lj)%R9;LtA>!bY$4F&08!_b8(2K5zO3
zRoLr)HefA5aR%D&^9GzH2F1QWu}KW4NOQAjGC1g8Ko=Fm+tIqLf0L{JgmLR1FfzL9
zUv28gT=n}ECVc69SNl80sShJjrp>BBxJl-glP|w09n+%f#m2etB<D0$6@J&fb+WKG
z%ET05ha`^Gj){P1zxtE30y3@bV8?3J`Te<kRLsUFTQhXQQ)3IJSZ%uCK~*qZPg<WO
zEz`ywxhmGD+-)?ge974~Vc!fV==JXo$Ofl5>o7&Z1L2w<&G;X$5*Tl;5(}^mI|mIY
z9P1Oh?Wwx$srjPob<ul&)ZGbss228QU_eFJQ}#Dh(eN3}D^_{`q4J)krKMKa?l}Gu
z(*1rpob;!gFpK~e{b|l6OgYz~^&bC`jK8vb>s+z*RwT0Vx!HKVbq~a4cXY~>H6UR&
zbt1cuL>!Mct|Td~dcxUbR8?j@hPv5(Y{dD6%I%R&N)ge3&zdepJmQ>VL`3@yMcbt~
zMH^>iQ%4-3icrUT2FFBJY!%IZ#BoNA*?ZIL(L}(i(ZpUcCE&D@sE?`+Y?{5uI$L8t
zW-#H870x>fD)Cn=?P{pAz5V{9R1OS<0d9B#K&rIge_Z7r@12}hsj}`Xi-mXR9jC$E
zokxZJaddfCAqIxJ?A&7KUz8+0{uAAuCq(KaW3V!wViXLQLf2WycLEGq&q>{n1e|-_
z>Ji&7M(-I@8Pu&8sBATqb-b$`2HLDB@}@5V-<ex5!ea_07W&>tH7|=WN&~A>q^^Q`
zP+|?_=~O8?aGYicO3}PK@5QoG_uua*eGP4sS#W5Ww9=ZSb-PqmmP&VNgRGvRQ8azy
zbz#VK;AnAXT^TBEEVKShPUcoR_bE!~MvEkBgV;VzHYOd^^ZlIMsdtP^DF3uB(G7iH
z6$}+&%||h%Pv%O$tV`dZny8J6VsHAV0N9(;Tj^Vc+IDWQLNU9xy?i_gXXcqY`rneN
zF-ly5HM&;fCzNnQbCIQOv>cV+*WfmV*ONEcxDBt!H{3Q(!>?eIpc@|5Qh!fo8S72e
z8oNhTrn2A@#$dK9_pyx=*|$Qutc^t*YniiJ<z)Pi^`w_Vc@OnGxB?M0+mmi&A}zrO
znZDxMxp&@Bka5?fjI5W@81;#{E`NaUZdVP!A2^N{nEHR6km?@hI9g!m@2H}FIb5*k
z_NQ+K4=TlFHdB&K8-P^P5$6KcSdaf0GNjj4I-N#B_{v=2z5CbnmCj?ro94mYj{WOV
zy%s5Nx}PQcWh>sDJawWZ6Ra4mw2#@&|4>YEV*i3fmW+6J_5zU32yZ`M;b!-du(dUB
z;+=nx!b-e~qEvH1C--aKb3Wru{{SLVGh;jYm5R<7AN{K2R!-FaQ}H;o%kWfDoZ9w5
z&N`qf{2k8v{QrJ`FS#Jk!F8I0iO9;^Pnwuo%sJ?f6`A+jUelKa)Ub82cJxO~4M=*#
znWGdj#@e4zc{Fh9Y-QYjXmR^QmA(`#-Bmn{B~gVkP&Rc;`pHGsp1h@g@iyi2k%*1X
zeGIGU;rfj9L?)|@si#Q}rJY~S*M3;mu9TC@MBRTI6kEOi<5@8j<#5hb)e)yl<&Rla
zHT3(r*HKg1G3OS@ESK?W5n`rc$9X`tBbPH{reVj~rdb#}4LeRKm*49@Xy#zYS)R+5
z>l`!XI?k+If%Q`eXw8*&aGa^Re2gPAv6pZrm>f)4kj!y@soc5We?rM}!ZpXr37G2}
z#XIImC^F-Bp>X1PEw9pLBhul<!&0N2<9te?^!pF8J*i&DnWVVtQLFpZ<Q<&{r8j&C
z3GE6E67^s<bzIBt@`G1@ul)c!0}k?BSzvK^knwcGyBxbx2Q8Ned_mT$l&gcGA~>*S
z=d+3(>;d!wy1>*4$S|&{zo7`KCfzG8$GJ}xK{f6bm*Z^C<&QCSFqf^xRjVt<S)41d
ze(N@MZ7$!KdYZ{GrXEpF{C{EUxALaG^{u~Z>Mtskv8KLQarKXy`oDhnkD2;uS?~R(
z{<>nvm>L^%Pi7r<WpY=ZS?=kb42PP0MW8G(C$n;LzNq9{Pbp6sdlr^uZo%e(SlD;+
zZ@u$LC3sJX><E%n02>Qgdva!hr=&RGY*#piM0*x;_~4O1e)~2>x@Cp)O(g@Dy7{FX
z_A4){d@P&JWr3avQSgK*@TR{kI~%4bu7SD9xzCi@6?*YKREdQgdUuJxtgAt!a@l|6
z^x)_A8l`0=L^ufq?@qo5a^=*e=4JdRWqH{GAmj;uSIs$!cEI_=uyh@`z!2XN_4-d{
z#qeXGgbjjs=chq6*Br=^85_M>CF@dCRB~(!>vDAdT`CLmnMOw3#70Q$TuA}R3sWCb
zNgO2%Pf&auhAWV>5+!w+lo4%LuqGTsCF@efroyi?>rO(l8G}7PRHd-N8k*a=^thB0
zcFF1TTZ&v}-H91L>>2Fwk7oR%TEt6CvW}Y==1LJy*VY+M_4-Glr&l1KX%RR9=WD;!
z+WZFug-oflq{2p=s}#4UIh?Ri4;W4L7zp1+!`MZXW$UxEovT%|vhW6Un|eL0U{ZwU
zV8LVfi|8oN`y|gtdj_!)DdL}i6Es{O%J>g)tfwm->R*5byG~K_Di3GqI)x6$RGHjW
z9|8B?ouA_p-;eZ_-t-?)DhG3H1+hbWoyhBs>1K2D+99>E?32jHvZ#IR3jfhNt9$)N
zcgSA{us5%BbDK>aa-PaFJPyfz5Bkpdt@Sq+E1|}#)>y2>9KTEnK7N^0g;w^^PHZ=%
z60S~7q5{fH!6vmeL7Ddj5pW)ITplUyG_;Huog>g>gG^CzwT7H!e^`=TYL^bhr5!yR
zORb{)-0tFhL8*kRY`&`nW_Mp{SHtwwTC91oZAXryT&RQwLKC}X=5Yy5_wMX*f#vpg
z_?j#^-A<b1)wU(qV#CjaBzDAwB<*DebGm)CN&4(LCRuJ*o8;;2_o{&z_8BI5wT*s{
z#oq9f$hpGrZ10r5>HwNCh{M?L{+I4uhdGw7Q~B7r;t=)-I{9JeJ4&Udh=ai4AHf@3
zjyEk0#ziJ|h<%5n?_uX6eRAWOBYWRr=LedM<Zvncd*~UZ(yoSPZG=TI!T}KC81J<v
zXd`^ynADqojIE6CEg$HCXh<2)OXJOSk;ri_ZOhZ_fb-v4BaL%BSY+j!8;k3exG(2%
zd*L0zJM;_HR#!trOSJ-0>BHBJ6RoqfRDG%<UF(rkOZ9>MBPZ3w50*-CdVY@6iVu*A
z+XT#C|EYYUaZZJlY9f!Z<W>M6_6;E%;8`2?c*-_T#<qon$0St)BV2EI^rl<op!x9|
zaD>QHFMT4`+qwIN^$`E$vlOf6z#qPb#(L9}u`CTZU2n=JF$DLdTae@Y9vMCU0Xikm
zVa;x1z_~bwS#an#;Cx6Gp-!(n3osjt0q5;wk~~V>i_-z;=ec~@irH`sIDMu-IrM<@
zz>uV%hkXpGx#3oy<1L>+C&OVYw%%$R;X>gy;%=H=9kmrJ>KN$p-lZG!u1_wo3MxE+
z3eF`tnZ~r4KM)&mCL3zUdX0}_E^`rso`LVIP<SPtIXtOMS^fS)^dTx`*_W`Xx>TN#
z4mdBpVU(rMvGnQOfb&GI1V_o(ZVfoQRZhP=@B%UHv+soYWXj*gXm}CYVFK-J6uCx%
zE>b!A%k!CXJ2&7o82UU9CYAg?zCUeFU;3rBRT~(62AoG#EsQeVok!&Udnu~R9T)cB
zOzTZoBUQ7H85r-i3%K@O|NI+j0{ibH!p2JKNRR*M(0Yv0>Zpm(azNdkhcNWtCFf~n
zf3+VcS@&+NLQ<>DNDY-pjbU9jj^(raczoz|>%+UW4XEEgh`)&Vx)P({;euITBB_c0
zJLF`11e_OlHPqsbSU+dL91hP<A7m@E(FE%Y^i&+7UZ)twky+``=jG%%D7G%mtQ$0K
zSEzyiORSowW_pHV2~)z{sdT^J9hGh+sV$Wg@Zlc+V0ULFl=n|#*cnUUPAnnp>8B!p
zXEExhcfpaz`d3!9rZUy(@__T(e5UrV!z$+#)WP<cj>KN4j@KUuI5kQ;Xd#<=K%XTI
zIG<Jo^KVK1CWn1n)uO}lJmvvs*RNF{gy(tF--gAN+tP)-_dS|}>BipAd=_xGJU<ln
zf>VfsRT^JJyNuqettSnikuPI<8Yg+W_umF<ejuUB4<y8+H4wsDdVC+1_N<X>&~Xv6
zcCp8Llw;qeN-M)>a$Pa+2;R3^-(Y_7S5i5rZh$WJ1eL<0_$lBgkjI6umnhG~n`P(m
z_mLW_70ymIV%6`&<&dcJ(oA|LGD;&D>jT++7a^TVSL1KiPVct%k+&_slDrM8k!2do
z_W9)B0_-0Wdzr-cxg|Wr{QF;5=I2&ud?len9e+(C_4*HEPW~-ls>#0euo7IKa7#u0
z#*j1WQ1fGV-{gSvFRCmfCt@Y4JmCIYguO@A9iAzN(Z43_%@W%O+`>-fTwp}Oc4g=*
zqY#DNV89vD%=wS@hELpdYtU@fU|75z!xr>zh0x<a+1+_kaIMR|HuiSdLY)K=>o-tm
zHgyvJEr&@p0q;0M)%o=1ZpZOG96yeY$e%UfwK)DCa6AW&dS<+27Cyb!d)e&seLwJ&
zJ=-T0><O&7-g!vz-Q8JMlsaDuR)OOY9>n4`Pk*`vb$~2}j^Jlg{qhY4LHFR$1YDKZ
zs8i&cdrD`TWD@T`ZYDj<(v-#O>cgwmbOW>cd;#a{ii7@iJV!|OU)fAcF3&=WPk%b1
z5|~MjuwAr<MO~mbP5A=WS3zALpuDDZ#8d4~Eb>Z+JXDf=Vetklb{;88efW`M=#@QE
zvf*zbt2md%348bp$STQYQP$y4Bg>QW_RF_A81}_b0@=tcHJMz?58a|NPcxaAXT=a_
zRA5dpncRa7%~6?U%%tcXoQBR*nWr<8T9BEitITq5ItyVTd3GMzcmD7TK={o^np*04
zkQy3#jToKBHha@QMygk;7ryx;X787}-tOmePdZ|~BebpXGnY<B`k@0q#4@ZRBXE+c
z-O#bVM*S)u{L9Z}tKIvhmF%hG`Nz;x)cO7u;0Vi@?)_A%u<@#k38nU-OdiEHC@G+@
zl6rGKWaUx3>6;`VDS6YY2*Ba?f-mO|#gU?`TV-P|O6N&@52`q~{F40R*Euh_JQ4%S
zM`S+V8|&p`b{`2ioj3_lziSvv^50=EvT%qjj2@Os(JUbM4d(vF<dSRPqBA(JOQU)4
zdm2+XmxWqa4c+?*3cD_omihcG$c3n<K>o1f?Xhg%s+>UUIQ2IWIQ>ArCr$}C=NbZZ
zbCJTNRblyn;#_1HWI^|SRa~xqQBe;Bmm58&Euen|q_^(IjgEKkmxF{ieUH=`e#?jI
zcw^w)|1+sJtgR|k$6_BEZi5Z1bs8mFh{7JlX{yZnXN_`QAqu<a@C8H(YLx063IrfC
z?1GA|66|6me;)fRl{n3ws1l{v1HTT>dBj0?yTV^~=RDH1NK^HNw|^@6hswAJuXoP;
zlZ4d>DhG)#aG{OjkB|h0_Zd89!|n<DbyXLq#(JYETfs>lPatvd<-PA|@R-3AqNny-
zP5>w=B_XrYL^s7RDLhj(->J<+H=8M<=MZr;EjLqH)vDf1*?zi~8;wiF2l4_|76>?x
zuinfQAq9L6Cc_CG#+WOi)-km7;hSQv1mgg^Rs*nbKy$(g9FwGa{D+4(82$@Trsxel
zP_EGyNpX*|vB*V7zuO`mRL5S;RaP@%+UV{)+`Jvf0f+hZ432`ZUB{3(^k>Kbt1P`j
zs`W0~SDDrtfD)VoKaurw_PuPhQ2ggX;C=QDI8#)`ym4I)uv8lNRb^adPi|z^ad^Nf
z-YB(?T})b$K;O8OTKy|dfD=CW!SKa@11j*wm`QG~L~6crg#`iYJ(v9tja9(BcMBEp
z91d8O{imM7{%GvfQhr4>04dMQ;pLo`-c7;qx{xf7=llK<oQLzc+-16HKZNN{E8zT&
zcM3V@<m&Eo-J`|ZSFoGlR~LtWEV1#6PM$f~F5*{`_%~E>&M(e;AMr=kgp+&eGve%1
zb@0}KZ#>N}e$dv#roaq>JhC3v;}po4gQzh^Q(NW_u@yOZ@iz+oqtcJ$TPXdq34U~y
zA&<?d8zcXdqjL;~TZvti^T4ZP&3~DGDJ?sX?EcS#KgB_j9DT;);CqS+ByTze2M^^i
zX6Jk0UUG0v0S9|e6qs@N3gvyTbA`hbG(EtKaEv*whJB0;<M;oJ6lBcVA8hJCCjJmP
zdNx+G-x<U*s{0@pQ=j8sIOB}LS??SeEx!Cm$uoO?*7Htw^0zZ9M`rwS@qs@UU;awZ
zpAv6jc_A15^7qF$Pc#J21wl>gd!#jE6lBm~Z#+9(x+^>RyQ{k2%ckCS)=;UMhWcHy
zUfXKMeuA$JHkLSVfHnCxQsJ!m9>3^(gnx$1`P=AWPj)a<(me`I@F&#n-&lVR6avl@
zQ0|Q=QQsW$yNyM$s2z^lH7ml=Hrtx-t7;KTo0<Z3Rjo++#0q@VVz<Yl^L=7XxH;Uu
zIo#sQ=T#-KUBLHYVY_BgEVijVJm0ru&9cVe!gWncgR58ho0hHgUxnXxo0>}!?Jd5A
zDckZHbW&ImO4>CmV=e8i?co+QR27=ZwyQSys&4dEHTjmTY|?o(RU2xmw&n9A4ltX5
zDFXhLV$Irx!oO;X6rrXuwk6t@2(^T3*0$dc)~X^AC0t>Ns7h8P@yAzlwT}$(d$8Kt
zT3>6ZJpy^{n2#Uv_*%kAd^04~;Y-F+iRQ4c6$rA5W!v%O{JJ`^u%*T4qXr8bk<I&j
zRu~K=$|e1=M10Yh?Q4ytqAlejF<$#)(aQzfWRntiF)RA2t6FB1k8PdoYdcXUeuU=3
z*GjPj6q1w`W=ei@nP{GftFKekM5BL&zsWBe!;vt=Z<E9V>zc&M(5A4jr9BaDwqpqx
z1&Xs0;nu4}vvw(b%LJFYO5js8yQV|i_bRbG6cvlZ8&E$X7RD2Zw~6JcC_+RmOtrzA
z;$n5PEmp-gqtRyA;$mzkKZ;O`FdN}Ag!u?pBV3EH7-2cWDugu%EAR=N;k3LeIlmmA
zhqXuS*nCknt3Cp+_L=7zcw5p}H5)donu`JrRMpRJna@8&y+-~=4Is~|omG1|v2Nn`
zW3g!R7N2jebcLFAYgXJu@TNwWn;`QRaNuiC`eM<rFV^Y{`S9@{6U~u!^t&X@(;Bv$
zE$K@@OSp8(ulpcKvb;4B>+mJQ9WgtM`iafqMADZ^Qbrn^l^Cy`$rK3U(=kbiCR0vI
z!sW(T?P0P5yi-zKTkEsz<~aFIws*8gLXvE<IbJ<$M)?L%#}{l#*=C(=*p~>|Rv1WD
zDC$clEnf&SQ@BJZnruZuJQ1^F&9O*r`Py(8Xkkeo)X1lH<Skpa)V5)SNVePI+E}8k
z4!r@|2-`4TvbMbX21qT3qN?PKaseG|;Kz5(VSEL+DZEWIhvHyDv`C@xSz*$~7kSY(
ze0h#k$0i6bqOlrOYj52qLeW@MwB!beBnAi}I&f&h@r=)AgcM*-$L6`c0N!2zr(N|~
z=iUPN{sQ=m1@I#U@HY$KX8^nTF?^YrCaZ(DRi8?sGaweq={``Tk6m{Cy!y+7>(=_$
z1OsbUufI{$*&Xq^t;kHpgDFe~`SL~nHBBz?I{%HJRae^<iET(F>);R=5EFK7Jls*3
z59`QmNsDBHjmtRW)xq!UXz?0+qM1sx+uQ0$0`mYSop2HZTtxnfAcc=(En8VptV|_s
zUmNBkU&!|1vsOT}FnUI7RHyXe6VOx#I#)Snr-eH0n_iWiPJiYo8*=qAbWvY*G)7l#
z$0Y@AzPcH#H%=R~$7>@AWX=Nfg&GHPjdKb^bK#D-y$v|-QNi%%E?*2+??~bE(Ku!l
zHPR<%j+t^gDD?)&>|(wepMUz=qnhVMp(v%ZLeR{H7-m^LV}yX@p1f4Ir<6kct##zb
zt-fmZ$Y^YfRFQN$Yysr4poy7DA2s1go#u%p^Y~(bF~0#~%#{-3Q5~NSfH1%0VSJ&E
zYjn)-O!-=t_XFV5QTZJ^&k&aGz&E3a%RYr~OA$Z&NlzIC+=;a{J^_{Aq4MqnJ|ze<
zv8m>=yB_rLsi(Z_f%gamdOT(LBve!*K7%m=J_(g~EMNf_8@(HwHN>bUu-A;;3mD12
z`!V+`u;NpY<pqRS5MD=k3*kM4i5XAXc?h)#S0k)KxD_FaupQw(gfAmJh42ExD+sS6
zyoK-{!o+(~AE6fEYJ^n?w<1Ilwj<n!@MVOj5MDrd1>tpsw-DY#$O*-}AeJmzG~ZW^
z>pEum=G4xuo#UHbUq7#Y_Uw=Os@GtVv=m)Y=GV-gjqif~pJCUwHqZI{=>Pwy0gh^u
z+dAyf2E=wk#g<9ogY$4AE^5&^!?g>qT~=d<+C;4tN?M|}Wm^;#RcvF~*A`9H>hXCD
zfN#oc6X6K)RU#g-MXkIgpw<p=MOxk!P@9O!Z^UcER<Jb@!UyQJT%IM-fQmLYgAj;>
zI@+7jKnxY}r&dx^HSuvdD#bcDg62HnuO`j`2Kxm2l)S430Q-%3SjOi<1iX}zc=Ape
z6!-v}hkcn3K5LeDuaF-5_EO-*5llH_hL0hze-n>={#hgf=-?a+fG%<P3$1Gq*zbwQ
zF@l2x#|HBdm(LOe_HP!kZ{Levun}p~F7p|h5I7z%%`ssVc=brT+XX0^5l%-S9><hw
z0M$qvdW_l8A_xYLV^9D9$0n9jK7+?QPRJ|AIF5l`800u^na9wLBg5eB2HtMq@q2vp
z5Rc&w1cS$Wia4m=U1PBFeC}}J@$Qga^VMBD2Gg|rX^qFGo&?^Lz`K?L>c`-H1~A(t
z-U#;nBiH8JBC5fA2x;QccHHRlE+ZGY9Nr!m-bvt{JO$p@U3mN+*t00#7K(E8IB!wM
zY**fm1Uw%Yp?&#~Kk~5;!SGj&Ii<QWPXk2~kGRjf@HqF(1m0sr&<}AKUPLhT27xyS
zJkEFKAr7CH5!gQY;|u2_z~ek-9)tG^GDy!n#Phi_Op<dRX_@DwUx=R>0I|ViOq-c!
z?sd4g03DkBe<lLkWq+eDyXhUnf^V-;9?A?oB;WUN{9vZKJq!IM2dkDj9;kBF0{gv!
zmDKFt3RVr8Il4qzRP|R?4#x4YUn*Eeat)whN+EK05tYbWqj0YS`jaYW&x9S&ZxpO7
zW$xA~5nQ3DexS-HN|^qxV6TMf*9xZQa6eZLrd6O*&cAp{<ZUy`9~G=dSo)oUl?Twj
z6s%S}^dklHEIfbLP|28)gY>7!a`UG|-mGOHmg6|f^_0NswBt-Ie=$5&ajcL$xa(&c
zl19EFc*aKo8~KWW-2m9gR|NUsc7h-FBLeL+#WKY5<9-RBCDtJhxZ2wUc&7_4Y<~;N
zN3}lL{!YL`>yz!@575}7NO;9p0K575Cg2FhF+}kD3UPo5{ZPJxNb?tlxb6eoSBPIA
z{xI%2SgqmzL~Pc2y!+_)fcbnJf$Pg6DDd1}p0XPdvpzoo<5Pvea-W9DH{m&eIj+*v
zC*k%pu7~+tfWY#V8h%T|{NCT_zq0u4Ea%Xrs6U<M#T8-;;9I|l14P7Ze+S}2TK|)Z
z&lL9o<{b_gPG$L*0rN3;ckwQ(y<hW`-3Se_{tJNlBfZZ7hwvcaBY;1Ju1lDAO7Ssw
zef<uw`>wA)=yG${SE=gq!rb+BriM8WQr=4dbNo~KI7?g(m=_)x_&SZh9(0L+tA?v}
zeK~<6&7Q~dyL9=L8onQ}>EGmkH{j&`@CPmLqZ+?i)BjfuKdtNkn<>}u&o$hs@qeq~
z^ELbzz;1h0Vu<7Q8Ea(y3gH7xc>#jwx3e<=^InZ63`OK`mKqXscZV&~@N(V$8V&Q4
z5y~3_d>8z89)?QR-vQX&{%1A*9F6}C4V$~gz7N=pFFy2F{$7vIWeBAIbHHXiJOkt5
zuXOn(y8LYoo4dwJXgE9^2U!1Xz;1qO0rNxo4(N&eUZe4iJy!!Z{yiQ3-K5KBX?m@I
z-TLbQY{pCW&u)$XrpD)24I?gn@7CpebotX7Hg}U9(6G_htAO47zX_PX<scgGrh69&
z_g!VD!47;3zh`Th>on?PCSarQO6dD?UCuf_gq48Z?KJ~VK9uj@QH^i(-vyX2m<>Ol
z)#cZN7Tf!phLM!?am*HpxULWr%?Uecr&?QUn{hGKqNderf-9D-ZNklB!C>PUX!)XC
zQM|Sur^FpN>afEtxV9=7Y>5SVkQ9mp<vt}CO5v(5?q7l}sg90qhO~cGW1g}B7Oz>j
z(jPPsn=$D;Rk;b0RC!1SUfUA5I1OilxP%J{UhgIE^h$1v+M%uaJKL~@!wp~y7UVD1
z!tpKc-f9WrtSPB)26GqdtH<0~!Pa=t+G1`VbC>XTv*>1bPEcO?77Qg4p>6VRuOJ%3
z)nAZA9)2aMt7I&QbJms!Zw8Zhh&3lu>Z&+%MVXr<s+x0TkqB*(*PsPy#SNk6O)w`8
z&T!ral(68HWA3U!xxZ9*tGV+f4R^--uC`Oxx4BW&C28&)eXW^03-_c&BJK>{q2`9w
zeQoX>>IWylkg_=z$H}(3IL(cru2n0@k+-wC^W=4M?hI6m!Y|xeW2~dvby+}N+2^{P
zO<wAjSIwy|`768!&fTK2mL1EvDooCHTpr@OcFtW>UuEac;{IN%OI={+E>sSruG4ep
zt2^%UIkVh%@#VAY!B{*IF5peQ?Mmj|jThm$D@o^8x9z#J%}saX-h9YA@x~(K4m@cs
zb=9A{Ox^nD&XE`L<uf?=xR_Q(Mc>95Z5|22jlH|i+yLlCk%k_7A!E>`@$qhFEL2&}
dmDNj(@vd*=5qGr3-7W_a+)C)qD!AkE{{VB7HDmw)

literal 29747
zcmd^odwi7Dng5wf!jObakf_*F94@h;k_#6#pduKCi$aJH6stH)GLyW4$xNJi2f|hm
z8>Sj#l(x1@E8Sw%mTkT6YFFFE#>*P~lx_K0YT1@nTItU>4ehcmb=gXr-}igYd1u}X
z!M5)1U%xjwbIx<lbDr~@=XuWkz1$gGvBc$a3Hx#jk05l<eO}*O_>uK0Wv&Q_LQyHE
zii_b3!L+$MfCJZ$FkJzh7tRBBiVkUX6A-3j8fj-sLz;lwTQ3A1^NTW-F5`ZHG`Q!H
z;UFB#Wx5;Q<G_C$X>=z6(=nZ8(D{JxyUXjN3jn6G(`sVv%{8$|RjfUp?y62Ds%NV-
zke0kHZCHztDu-o}uL`)!;4Xx#g$uy(I!}4>cMg6jmr}Tk;8^F6!F>qsQn)E_yk@|W
z9*UJ$6@I6|6~Pt5T@1%-s`5m+_AB9!ha*4La5Zo<;qot3J$p%+0UDEyIXmFbiy8;m
z14nuADpB5u-wOayHug0cfsbfl5_})rL=Asb`}97n!_&2Y3H<ZnsGG5Hv*1R%C{ya1
zY2(Fz3~xduEARFCZURglBmvg}rd$b61H26I4h=5=ybdts%ygQ(0eAv@!du~Y0iLd5
z3;sQT8P9Z>n-GBMod->wkNDkypVjGg@b>|3(=hGidB6)Kz7YQx{<<G}eXQqrae?>@
z@NRX$zXf~%_?JNNEbr%lj{v4^5dM3>7T|>%UJ3X#;A=Ge4q#ue*S7>d@qY||BH*WV
z`eT4A0bj0RwvRf%Yc+lo{AGauQK!40T=EN0%DWQ&I;6*S`h55X;OjJe0QtKBzo+3Z
z0KNw>+YI@+74UArFT*Fi6aGHH^K|-h_!GZn%Xge8Mf&qdr|l5G7w`eVeLDZ|5qAWz
zT|V_-0k-880el)T+avS;0kE?^s}T3};avTGjdUOSycab7IMhGpsQ;x%pNRAi!6&^d
z;8zk~!%xDm18moK65tIE{St36>ZkNyDn1E#8SriXqM*4B@V&bHufVsj00LX!45U-;
zET4LgIOzWxaa~BKoie=#&b|T+pwDYbCu6F+3oX96VbRLv^@35MXgIYsl!}^(PSX+5
z8BMk(k{yni_ISG~Lap#bXz7Yo*DhKSTD4@!nqX6?Y0<SSf+2;PinXWAP`I-*8jm<K
zx5T31c)C-BLTw$1cqnCtlV&JHw*H1Z%@U#OHiuS6+mJb$tdE6Lsc4F+sg&e-uB<?E
zYp0nYx&$M-Hmn*WFBd5@l1Q7PEow&7?GgH@Qz({*x5>EpW^sEeku*g|w4<eStLO;F
zVu=<3oN%&Dw5L*?;g%?fB;zgNRJ5g|QzYBtk!Y7_?L@$AB_<+7$0oDALn9I?s_3Lr
zE#Y`8^G8roc%%RxI=7ISa7q(tZHXmP%pHj)lL8EcV<Z<!G7Aa-<<<nGC&Fd|l3u<F
z!iu!VL+MmB0`al7T6`Vh_Bb=e6ml#EM$=|Wv?ilbV0J;sP*^k)Hp2iRN|g^$sKnA0
z%df2u&4%Rd5XUtadUfZYg4x%P_6H-xWv39=qal~1q;fNkA$1X3m2(unJ;sc0Z^y9X
z5$7S1ab*&Ai%B|L6KuT@jfHKv0GRAM3ot0KjTK-JWLqehEyO>gO^-pIe){N3U!{*m
zcYr<y&V%$ZC?2AZLGdts^m0e&7YT8cJ_g}q^fB-qr;h>Bq7TMS(8nNrl0F*RDf$@b
zPt(UheTF^<H1IP9gQS-}1_K{`ObSZqV?t0yAA?~zeGHfr>0<z$L?44`fPO%T>GY?d
zuc1E`<30Upn1j%tj`;?Cbdq)SF|oLc{>Ow^NFS4q#q=>*SVq4_h!ylP$Trf)gk^2d
zFS}3ptcM{o>kNP10@CZRh~dkgMNNh)p2sh0BZey|S%bmBW5c*AC}D$XgNGzcNgGt%
zV84VZaf4HU!KWom$r}N}dnHT_7?p%~Ntl{2Y6<U<Fg0S-5$=>QHDfF!yg|a$kg<$#
zqlBp`qml4J2~%UnI>NOQrsj+dgaZ<$1`SqduuQ_#q|r%ONSGQmx(J{A6Cx_8Sz`y`
zV-lu@je7_mk}x%G>>}JRVQSpiP55aEQ}f1N!h0o53o!N(-X&pLg7Gxr9TKKR7|#>#
zlrSyB=qJ2E!n6?M0O3Xn(^8B>gcnMf7GoSCTq|K(j&Y1|K*F>j!y;TJVOo-LlCY34
zEy_4e_~aj1e_ED-c8vN<m=<Pm8ZmfC!n8D_jBvk%X>rCx!cR+>mS+SA@0Bnu(5NK5
z3-GL8-`4Z<?&BvLn^qgUUqFh1pBrv83ZC@(tnY)NQ@eJ-R@XF=V{yw}ul!*tCI#J(
z0?726?%_kd>(9LYio}6E@3`6kb&;O&@IK5Ld&@F!m>2fE+uiSdgz)ei+357pYXwAg
zz5YtiyQ(cb{5TX1nio;_Bwp5iqQqdN_5I{~|JnU&nJ#Bd_lc(7V0lmQ+1_A@|EXYE
zPtXEtZ_rxUXkCRm0ktQ1vipR0IBgB5eZ%RKRuDBoG;ln@ldlPZ#NObu-Tftv#s<s|
zh|;W3x=*{(exwa7q)f%&FYr5@ezq@os?kVk)GKUMce-HkB_M#@#v<cRoopx`GX3f0
zz3ZQqtex!cFKV=E&M4;US$OZlN!?v_!hin`MF3I5onGT!61nVF$i}Kw=z}3$!epag
zmr$53VUweTl1A%a-_s@dSiKXzjaLqL`m8H-xxo|N+fE3xus3)DGH~*6231uu0lsl8
z$HU`_;NVXb!bZO_ta<pPBAV&<XI@l^eZl7&4ga^Hcu2qB-)LQ9qnJ|^o5ZmG%jU5h
z91JX^sfwZPC|%~C=Ey&+FkuVM{4b1_e}SF<3P=9$Wb<F_D1YlH`Jp7*KwL2lGm&O3
z4bz}<#m2d?B<oLq&}LN9-Bm8kjWEFOu8G17OB|ye0|L>0q|gv)ECD-4tB(IpHXa#=
zJIjq3I^nA$6DAsMI-yS`4Aqj>b);pNk;-N<8k}X^qT(fIlZ1IIjG!;LyHOT6$+`hU
z71{wz^JBfieHC23Uo932k^V3WP&mfzy6o|~?2B?qH|V5y|0^elN@11*10uSCb^nP<
z8aj`0ZWTA6;<%rHF^=8IT_;{ecpxZym4QqXIy%5&Aj2_*A*&vx_XLmj2Ftp;=8CS{
z5E$;9JKR}otVVU&94(;~i5d>4PYpjuBGwtjbdMw{wR+0ht>S=Z#E^IRITm8QVPg`K
zRYU;+W2&s;QEP%-MU-FX+Agc(+Bjo4ebhRATGk$UjJiIkB+)>%AGMBU<NGq}K(x`Q
z(!^e~Q^08%QNN-ZuwCqQ<3k#AkBtd?EU|v0AWyJl*^asz(?1YAM&UqF=-`IN0HjC<
zf+tk$iN5lT3i-OPDii3O?!=U<d)qN#-h?*qNJY<3Gd#D<`jV<;Pw-Utwo@W~{s^pI
zFZ$6_Lj@4_Fe-Qo92s{>;h$`@x}EY7+b==$8Ic*(jZab9sxOQDr?wb~v&7}ka9!8C
z9$h@fZepSFP0_s6qnid6_`e$RL5i_AM`x0v1IuYaO<6Vn&Rv*a>IVFT64>B283l`m
zPRoq(TDaG!%u?zOX^_?PG>WEgn_c^eIw9jmpYeTi1KHiBsG%*@OY}OieUdCtTIsPI
z&&Ip9y(l9!KB^0QN+k?((a)+%!_20BTBp8EQBfi#Zhz)Y0Bq8kE*jVf?#R>a6-Z|L
zHm@74mcD<^D&z;hmrRWi<Wfx7wIH>=2InG5>**3?KC8f(5<*W-X`>drFjw%$M=AJw
zSTX2=hjgvKEu(A=UZf?qO=YIAU>CO1+8nWuZY*U3YsyA#bZx9=%(W_}H~45zW*LO{
zg`Ur?fCtI;WEL}!k>KYTzVh0+cifm4ap(A6nXgx4)F$UT>;d+ByD9+oz|J&J)vunC
z;vQmWny2T#S4ji1&tUT%$lMAZRETqKh9sLN04b)UR=FyyCwLqY((1~rPP>M%mAS%y
z5BIXVw;dP$%#RSdYyUcAuSUq98DPqOS&Dz>w+O(p#~3Zt(sPWq9#u?nbpN76mW=p!
zavw+<Bdq;mg**Hl2^%|dD&F!tSy_o!;!3yVHS{{od)8+BneU*Al+4J+UZd!Yu+c{(
zw{o=ZS3C~xvUw_Tr?<YJv3^Ho_$!R{iQk^xN~YvESfDxJu31ihQpJ>F)<9oVWX{&T
zrY{pHVdD~Q=nvXCP}8H<B}xz@wEamHM+K)pq?9`VDQ+)SVRo>0x`!|?Dp3j=P9K+c
zGTrFUY3g79gY^rLh>6C198>9`+Fogi3|82xo+LSxdLGQ>en93flLJhtZoii*w)%o6
zhQ(kzyL3*ij#?=dKVoWCHxT5)M~!F4twz*Y&gIoi#2$++>uyz!oYRaLi!CdrSr|DM
zTUJvxzAt#d9*8aL>TI-}?AYV3Wlhf}81JHj#$2ff%PPsnqaT@x1%>s8lhP#QtOGT(
ztT&Z84+KxCx}0*1vuYIPEJrbqffADJ4LWc*`us5`(<^QAXJe`E&a%1`%0Tb{3zYJ;
zERSNeN6qom<#%m6AkCo|0c{I)67|4v`h>2$!w_EmcWnq*AF!9_`~p+N1N5ibyvxoj
zeZX*-z<n}bnVcfX1-xcwr(y>y0XgC8K9Q&E2<kAZt{+kaRgunlmu2lxNf4lO-ep-v
zHhzSzZ^%aL>Z&=GWz}U9jH3MxT?ex9wysO<7)(&4u79Ph_`jp;QWU8tMXP?JP3hda
zzE7cy)b)jmtq-c}BftJ&y51}EovrKLiXB_mSf6`)*J5!e7w5g#dHc#;Sg&8%=u6J&
zU0I$>@?7gJ;HG2GB46)%tRY}`<ye05x7JFjiuZVAdy%9XvA&SG%X=4kJ?=&;p>Xnv
z_AFut!kvNKDsG~*%Mxpkssksyxyc-sEzhcWOq@Q#1U(ia;UPQ0pZT(EZ5X6D6Xsgy
zPCLyk(R1*@4`V8a=IsgkcGQV<Hrk8mfgo4eNIm1pA`}e%d}LHj`m!v-LXgN&R{IPX
z>q)%PdV5IP4s2lXYv}6xf@g-s&?CJpx5mG-7gU|)Np9S1(I}iK>4_>hvW)dvO0P?K
z`K&waVoo~Aon+<QLm!be08C34t01-&hQ=sf-h@4nyRo2&ygs|0B`PoM1FQh30U@2`
zt=_d~P`??6dR|tkP{nF$-8%n-tS!`&73njIVDH*fGhXgF)Dt}28$7MW?jHK64b*T=
z!+2TIv06<-Tl#{hA+Lj|rCp|!YTvK4R6kI4S+fhJ;7(f86vuXf*mI#Y(6j3P5N3{|
zeH=z=hi6;URlzdxMzo+>-Nj&pg!~}D<M@Slj5~pn>tj8KUOMJ>@u$%W+I%1G4IXB{
zPdht2un@C%9iseI9Cp`r2yKrcpIm1jCHDn`4{^dD1aOr<^Iu4oJv$bMShM|%*lUmL
za<ik{VXig(JNqT_@nPgXer5339hH5-V|Veu0qmmLI@ujgAGSW5<9HO3175}3Xi1C9
zRINr&Q}rA@P1St#G+CaO_TYV3d`KZINROuge0D-gEmV-^e^E4A+bxG#N<|IcK#XlC
zA&`YKM8REdlQYb5lI$|GV6aO{#=Eh=n8FbOQzW58!a4UXNCakgf5DErsp*?B1I9ug
zF_y9+4;6$W_R7c;5}fMa`Dq7O<lp&82RPQ;0^5^_3((*;%K6#QvmlI>az0`6dK-7D
zxzG*<O!Q2OLXnA%L<Ps17u&%ZCfana2()QT0f)YhxGRI!_HEK=EkH94VW0NFcXUHL
z!v1}&ipP2u`?E*U;*VILRid?%*drWy4c(~20Ow}FI##EL?YY<yt4wd|c<0Dwc*NSH
z$w<bQ!O#bvR-)Ze*P@kC4`sXrLhSeb#z(a>QnqUSnMYa5=vMQ-mWYCs68%)-Ob3Zc
zit{vDD|F0_?ndhkEs@2Oz38WN#f`-EOWd#KaQi?(_y>Qi%GyyE)3sWGTIqe+jitsF
zx>jFO8EIk<pSxD?+fK5zDt-T2DNfJ)U!~{8lS|&GR$M$ZT8DDDvR0+s;W`O6(Fq;J
zYGNJs`;0SR_WCxKV==={<Tt;R)X~-TMNi*yo9sPrx)HmJ+z`{7WqsRrzu1N9pLw3u
z>UrsRkD;)>OgUCtjn;abKuJ#~f*9){B6@-t7dVB;?FSyTJXy@V{lJ5kbzE|RJbiM9
zz+P?~w7!>3an4u|THnmZ%TnxR$U*B%c7mF49<;U&O4_>rN7tI|cI_>`Rbyyn*oVf7
zTrDmfI9y!pqwdu%+|S<D^77$KrW>=1fSh&ZWq1}D?D|SU<fW^1$U*C*P3?G}ZKN30
z9LNwfH>E07r99rr%Q)N{1Hr>IB9JzY?7{r|Qn`P6(Aul$Njb{xExmDf(E3z11>4M6
zg&nj^6*D0B!9Wbl?>nGB84B*8H&l;u7y!MEB3sCn4pLeAm*gVlD(|3GZqskHsXDf2
z>`j>gscuyUCWHsA?J5_#neJ^z<+6MkvdeWCmgNlVrPyMM<~c^7<JUIeSdCr&3+f5W
z@}t7U%<5=Q@Yvvbbku4GiqI-R-P;ah4A?0LY^8s-Oeb0A8qNB-(z=w8M@kIyv{5ua
z{2aw@ZPj~v857Vz@DP6C@kkTh;E}xHUn1$<=5LXe(J`=>yrZrf^Na6tEF2w&iW*~l
zi{=WenJQ(#ql$vT&okmy?0yY`UHK#A%^zeFz2NfD%qN$u5RQU;RRGC3R{=?Na{
z-o}~Bg!f_TjxwJxr=E-a9c9R$;r`P|BYRVorXtnu^FiyST%<O#r&P>2sDtehtqHK+
zet)ph@+#?|gyHmqdY|c_b(<oXJ4VTEN)2Q-Ku*-*Syp>M<)YPcujWCkO&JW$&!71R
zWKp(DJNDoIl`KqK_CN3$z}<3hQDCw#x@HF!m+{2fsd%lu&q?jc)0&>eMc(fHlFRoa
zRQA4vxa|f)m|Bl+s8XL*az;8T!mwH9HC|>1=vGo0x`4Bb%hvJK{B_1(_m*l+=PZCG
z^>qq`+w>E`Ph*Z5Ox8WB#o*}Ky7MejBc;MIs!BBcTFgU@wq4qrnTd#k7&`pM;pe6!
z+?%Py@35KKZTyhDHM}Kx8&ciNB&IzVkiU7@zaVx%Vh5ZxJjHn9XOaqxA;-8q>`3O>
zpkDc@MCuD3!N~kep2W$vv`1B3?|w@`zF?EH#i2&Y?*8&dYnw{zmBX>Bs@(kkODY>y
zd531ozVy#kc8<gjuu{$;id8v%R96Lym%%Tb2Eb-;(CXLB1&{SbPu+4`$X>ZYu{b@$
zsx+h!dV*)Vx1ABDUd3XmhZWTs5HZ{@a%O)9|3-j8H43kj<ppxHmB-nE96u><e3<d7
zJ#X2+?oY$RFP{Dmr!KV+tDL%Q^SRO&%Sx1BlOzV+;<yI~s6YjZ7<>=+QVnFTLOj8N
z%))GFaW*tphsYt<XVw@cfF5}Qf-Xh!ZS?o!oK+fFcYmPK`ixSzvmeQgjZInN>k#6l
z4l!gXc#yoHw7%fMMjVZT*GA)QP}kci2b4T|f`>7p4WqmFQXU-KGH)~Ewu7$pxQ92O
z1@_3A4LyM<cQ%Su9Qq=nJlQDLb?9zHdDH%Z4C{+7UJND?KxBa($=UnhdKFn{M`B<V
zgB(JEImV9U>T7V0iu5s(RcA*uI9WxGWhA8_Bgd-9B7bHWl|{{mFC+Wb&wecR)uT4p
zKX)t827gM7ZHG7eGe1D6Pj=I=!`B$Cdc*BO&hMnr)mlS8Q6z##y0;yXHirf{gn3s<
zujmOL(I$7q_$B45?9KW&nWcNb)RKA8X!bG48)>`uOT$TjsC&P(8xu!f3@EV=_U2Gb
z8zl`CX6liMgGLTTEn+n#f2M&cFt}6T%W72|DZ08;7UrNdS>k(<#abq-j9YcQFXb!}
zorh4Oko~Ly9?&V0fEB|YfV#<HB+2hWUu2;iWURN3C^^b989R-!|7ypw+K5GCuwIu+
z^EO)jb|O1dTUK@5`w0rOrZ*$wd1J^l<WnH;@|ZP}?d8e{v}DqM0fFTX0uvi8pG|;f
zF47pFN{kKU-fuI=gzo(+xoAKhZ|(qs!;Bu)8c;J;c3oIuWzFbl_kK1SG{AeM%y0u8
zvU88(jvq;}VIEbY8W!8oP#bh$Jf=}@&PQR3;*jJszOGR&&qrbN9GXIur!>lhED9<>
zX4nK3TOKT1B!6D>LKP@9OI4r%tKPR@IS)tB+^!7z?zoIJ`$<!^g`;mu{vk5Xx@)bE
z{XxR22bG<~3!GUa`FxT<S3ZL~Y*;QeTE|pgoWfyJ3~p2@*u>)o<h<aaI|>G$LTqpF
zP@f*h*B=MqDIg_#07W~+Z57^P&3Jk<(e33E(X)uh!3Bq>K~=0?KAAz<mJ^NhLh*98
zhJX0s$Qmx=8Js;v$Qu3#I_tx<UJPCdxsITv_uUk89&`kp!*Gs)J(=Uy(&Lg;Pw>D{
zv(0}VN||261LYd6k~CK(8(j`MH=fMWL3XUp9BK2jY2Dinv~0%?zyUt<!lNiT$_-w`
zMMluKY@QUWRIt*mu@FMAzL8h`<)`zje*{7}OTmqnTV>2?*I@z6ly=`#+Raxet59IX
zr~;^KqoRWraw$doXDk6bd@zQgOa1~>;Em9gTvCbjd}R*{8;xYn2!8(qS?jEs*Z*g}
z6y9*#Mo@kZBS2yAU(+3jB~jFL@+i1qkCh7^8@g!pR3!BVk8#(Tja2J!FLn4%9`_k_
zPl%(DmV<lQ#&zrKKJDJVg6$=J%z8oP_5_b{yTNo2?<etl^N3fTMf{)C(33p`I%a)d
z<-zd-k3j8vfKb*pJHhS_!Iv1)Jr>Ad6H4|JBNV4s%NMg4*^lAAp1YK3IU9fW6beRl
zzFm$fEycdg3tdE(8({tW8@56ml@7duN`FqJWbI+j@AK{9WiX()aizD9WEW-V^Dvar
zYnNfJI}0m!Z&WmkH9M!<4dkRakCW`(FPy^4Vc<&DH@(gY5VzEH_j8OrP`?@#&;yO$
zJM_vv!k(`0lJ_OwxW>Bw(D3l{e5A38KQEnj&-%%{S5p3-*LDq;e~D4`^M04a6kkrs
z*EEhm&Gh%J8^-w-?sFcz4MOU9SLf;Z@%5QE(!U-0C2weCE!CkQP<Ws88+h1YqsKam
zlJzap@;>U-5AVSp&E2PmzfIpP=^pap9%>IF(x=wlqRL-wX&U!~hV>N)Oj2NE_M)V6
z&vs;^vw`|V+>FM}suj_An`z7sR7AwGrl!W4idF;zVg;UlG20XI`2n#y+7fNw9E}8W
zaTO`7BHsU66E&;q6Nydj(fNU;tCuehEn3^OEVQa2*tC3Q@M@8xx-{7y2`oyRM!-fV
z^%dciS+z0|X>V<hM!-ZxcqaL(Xbx1|9H?jtEM3{8<Eko}t17nU;v^0*n}8`AgDb`A
zHH$>BVX3TM)#AjKcv~_YiB_#?{~NGY5sRsc=ckB@R7DCufvN=oGQ{V+oL6;qb)Yre
z9)n!WM1YS41tQTDo<fph3#1b1WJ@&A3Iv(mFwM@?{2DyNp|3@eNFYFo=NBwl3IvQO
zm`oN4mNSxAAf7M-t%-CzQY4Z#xwHIH_!~*4NRTHdOCxA7{}L7wsH}+0C>qHrtNdqd
zfcg0lTL8~eC6W+yN)nnW>zs{56^OX%dR2;899$7>3W~+iSQMgclZ7;{Z4xWPo1%e8
zdotQ$CX!G#6k;T!tyhZ{ZN_-g3TAw@!1HNlRfo2ltHpKUxL6WxM*gH&)R~08Ra}>j
z!^Om+bemWc?G&q8Owo|oj6z!=fhE}BxDKuXZZ+JEa36=e4Xzok6>cM394-mB0?)<S
zoEBB2<`?1Nwf2~qm@g`3)yB}00`_$ctT+{@m<_#G%te9*Dr#p(=JSWB*T{e50P?Kr
zS$J~pTo-cR!l&L6@znZ2V2w1ls<o?E+(Ph{#ST+M<a%%xXio(a@n|5?8VCpQP$2^?
zv3B$UDXOzIYPJ~CUV)Z$$eK?LqJpWS)?}h1kc@UD%qa3FH%F7HKsv>`(>R!k{+gK#
zfgm1ulZ2>B)euOy$W~%|l<WZSoD|no2Mn{NlYFPzJKAGmNjBBeSvhM)Q8TFHxx17s
zvqlyiNQO-#3M3;O52R8?AdEV*a>;N!)ry49WWr3eBx2P?Yobx0MJ0VuBcHl4Y}vA<
zx(z*2s@;rMCz5S7Xlal})Pzz~)kT#zqSmrotVqo$5|BYN9~o?k;@QPb(XFB-+zBQ`
zL{=J4My5<WM;LFz6YU6fY(nKlJW+*g?X6oyIG%`$NVY>tp+gelF>L49I^T@I6M#8S
zu&;l}gTI*v?|0;9o>%kW*Yn^X<iY=z2fv*MTY#PX*nH*tR9y|MuJT-hogp@}3DArn
zP}!u{T~<3Uw02E!b*ORms&zMu8ndIbrVEkj&QKZyR4%<fxVp&!ULU*}v}&r`Vu|K-
zss@IE&NpdRcSbw%<Dn%PEoqTVXz}vZ`OE{ZL3^m7B~;;o({!@k+*(7D7>_V8MpNiK
zWAZ145FW-gOr_l{rIqQF8EC_}83>yJJYoxI7JBY@m1?vBJlLA<K;tVq$4I(Jrw681
zq^7bBu-6Ye+9jHGpfaAIdAH+*32lLz8BSWGls|j4@>9sfQEI+WeMpuu4!0;a+R<rl
zbrRM!boMZIU7Yw!&}=%=c!0JOBcK|2QZq*kksXv!Gvwo_R3#pO4YbGe>XH?zBTyfX
zQzAwf5^hdl_Mk_%FbFsYV%5EzU4g$ezkCchP|02(p4c)%#FCqRn5D5j*lxEDe^dLM
zHZ$%2X#XgDd3=7a*N4Yt<+JtNBB{I!&&k5KGI*XA{_anDeKd_ruwW>LUk1m=S9y8h
zo<_M`OVolm9&g3F0Mt7$4&CGRF}x4{dGIUY_`VBvDwr@Qx)6``T!K7dC7mb*jNo5&
zA-~)`wtZ%{-vPmJHR`qit^w{gxH#N)xclM$4(>^~7va7K_cOTP!2JoX6z>I?3|9@e
z0ImV<Hn=$4cDVcD{toU*xEJBR2lq3$-@yF|t`yJNPll_8TL9MpcN<(BZaW-#6HDvs
z=LahBDv=q1In}ePX9s52*3PM&J$rVbay2G%%g|g`@cknywdyiF5cU6g7Adw#_@%w6
zH-ZRp59B#r!s=%xJhuppwbS{|2-+pz%|UyA9Qe}+>x+5a;*BhRHSlTw=L27rqY$S^
zyq);n1O4rU%X{#iXglCEbF^#891E<ju1Rf8MWUUln)W$$m)AsNtu^um2i0o?Mu}ui
zD%n!goNkXrYG%)wHFw^;Dv5UO+T|-2*R=70{;Jv4u#zfiBXefWscA{21#Bm<XiWf5
z=+CL1S6f|MJ*!T*cI*agZrK#Qt^{~s`E)hl=!;;EH>J7US0Tmc?(=*PzPpc*8&dJE
zKwu4A0Rt{k*o-Fb9Ww^+HW1zdUj~t0Ps7+A#x}bM7Oe(3&x&RSw;<ZH@;(IZjNUy6
z(@A<BQTRB*u0r<#cs|c6&jRq{S<V7cx`#JGcp5$~A+K<Iz;H>y<l=Jp?t2M&UPfUB
zlekd<{Nf)#Po7neFxT%8EcnQv&RRH!3>LWOBTreuwBlQk>h2|^C`>tzBvGQwHdSTw
ziNb1R^A(hQ3aQ@0OUCU)HZhJ?;2QTXN_LN1$r8u$RVv<bVZ;}V`!d3X<7i-G#u@na
zjr(Wdj1?shNg{RQx+(5)lhBpAMX4Wou0kQ@h1V8$A*yg4V?0*_r*I?hj%Bsp1A)Tz
z6A<S)1Kh$*{W8H@{1Blikv(^_*x0|x1fS<#lInN|$?j<-p7ROCR{_mE4M)7*^HD_E
z8vM8@=<y7Vj{tW(GmIbP&wJUB3)#kx!%y)>5cmEtgDjwNGcuJj(@6xbD!j(?NBD*5
zTVx@^^IN18ZVpSx>*3v8g<VRkKF`O=&fmmjT8ZboWc(8fDl2Ya+Oj0lJT!^IZQlS{
z_q6h2H_@*D1{0zb$M#oc!o=c5L~D4B31q+U&Y#MJNyP^cRk-RX6K0d@j(253z|%@-
zr{ZS1=OpuI6jbRcA&E~ZXr?EP9EEo)sMhlUp?eiHSBdyOC1Tvr=-r5%r3A-;z3GJu
zVa!1PEZ-zS!+L?xg9`F`o*}ebk@9&iB;h>@D)GESzV|Aq%yS9r{gvNHD&^8V3m;MD
zIni?!EAlm^*MK<B>-YXU=uS9A;*X$OE}!2^ZTh_|*Y9P5-@6p0`MunWE~Dir8^~#1
zs-O7d`2);)c;zg_CG7(-wB+-j!;j1FU5f<2w++7&*sT4sf&0B(h$y4B@=a_M!y3=J
z${%EZh8d|%SF?--v*XD(k`6M7`pnTp>@N^ePWiZ`AtQ$3DZLb0=tjU-_=M*u{K6+$
zZ)&2R5`BtB@1EvWYJ8g5?rA>ZosR%Dc>%jS;SK?uSuof09`Y2-K7~?9fvu}x4$+v$
zw_PG#RwR*Xh*b11NGq62VxssRmNb=hD4r_|eGt)wyGVXa@!x{5dwPa=tC(2v3=`J_
z**m8A69~I2Ut!E+z;G27FGk7k8Iso141Vkw6DN_Ag5vG;E+zHiD@c7N<yw50WUDd^
z)+5P1o4sD~4_WS<$uyvK$c7h~EFs=JnYfFD<}<OFFPCz6%V2`Ros!U7B$Sasj&ANx
zk?Z2yDW1C}?o$ljBN6ryw?_tN68ApI)j9_ID#(?G2=}u$FJ8`U4@hEsiJW_vBzBCv
zep*uCeAE3IiTezLpOvvK%=Vy+tzzuwWfA{Cx_>KU-(qR9xfQ>|*oP!ShOvJqgHaao
zu*Cg1gI|@w&yw!fq(~lMwy#Uh_A>SxlC#T+`=pG$p24SNEMMg0epb@`8kO`M2bbdK
zneCgqa0iUvTS3u&nrZ*Uj<0wf)4nBhT)~3&XHbo?pFpfP=#s45j_88P>=KJ_2epD}
zMWlH#Vhh8^CCy*qw~RAM)jHVqjwdMlZj@Psu;0t*;zQ76VdTRyVhVoCF2|3`#?W{o
z0hfJ3@ivrG_{>s?OVcjqlC<D5HjLt5GI#||ka`gXb+QHzp<V^^q#5o(Qo;NT(k?uL
zysnEr&w>g(e67_4B8w;C+=4Gs@VY4I4>tFa6D2uAQg7(vWT>VEYvTWf*_7hAQgVFa
zf1Km^{{qLZ@uIA7yz4xd$M<1hg>M3sg3i)aR(KwMJ*6Kmttg!U1-d7=Toa0m=NDfI
zz%x#GN*P=}p$>~ZFJAaKVfh4TbBb6#p#}(r(}7T2ya2&52>MjeccFvE*b5Ym0%k1A
z5rnzu6i~;E4#czNj;lnTNg!HEZdiii$L|-#61(ht#DBDe8OIlZ7reWSNf>@Ekx;ox
z#{e|}l&&g4S5B5;fpZl%pmI%#n+sSemk~07oE-2C(l)s<?sC0XT7+L0^etSY%-sdv
zsfD+bL3zXw1#T`vJk_q+$+PB9y?DxvH%-3y=9}DjPp0bvB)jFBc_dMsx5<>3@H;Za
zQCwRzjtx3246u8M?dh5=Evb&?lxj3s6V$Y|w4ebr%OyosG8!?$rfv{&L0QutZ;7QN
zQD(JQA8qk8!FFs{V^fdsYpZSn3&Pym8BJBoo2<697~v#>=q~YEu}HKPVRQ|lr6FW$
zZEpjJ#@$8=2-3P#8;PD(mH)ZcErf2~THajLd1kvN&zwB@rpfNH5FwPn6`p4*BImmc
zRScIso??v_iOif?HGi@juNrf4jp7#n>m0LrYmT|B^ql8H`FQaex#jxOGuEYH^vYm~
z`xr>R!&l<<-h+&gIaXeCW{2>Swvc=U90N=1S2f%iTHa8<YGor&DG=n*L?{#qM<Pjy
zo69Bj1S;)js1@f6q)5$4tYoac<MO#OsA;ZP5nPIw_AL&ssb9Ukv1!$6P_-$vCPd1>
zyYT|)c&fcEjx7qV3bO#M2H4p01pP=#Qf<Mx4PMrVXjyh>b2x@De$#yWTpTa*>rClN
z&bnOY=m>X(;?Za%8VPZmA6TmRW;3y+MN>(%wo2R-H>y<#ud%}ciZ*AImcmYAOWf3n
zvXpG3u5oj0lZ}C(O=@YVwKI{@D5_{Fdv4wHrFfc!H1z`JMvBeWgUT06;NUD0N;Gf8
zVG(f6L?|A{tNS1$WY$HrM<kDmPH<&o)6H3Jw(wnk?eT;Ip<xwOFQYf>b5S%(TgIK5
zSUM#21T>ij|MqlPm6KMlI;4a~l)Pl^3cRXuZIiMihZ4*LveWXEUGaT^(N>&UeXyp@
zO$$|hZPVBUm(@#$wD~B}(J+9RGSIt)aEcO%QEVM}#i6zhu%&EKsUZ@jLGyqkAb(V>
zR-aUze#0T&{n(stbzo-AS7pI#7$raG1DiFc(lECmSu>iIrIUQlGFoHdHrRAXmBiO5
zQVku=?PxFvIy2=OrK5d@aAv5@M4lJ1(>0@As`YZir~WV9Eri}=)m77DTeqtQK2V=d
zQ|oj@lZC-a)0Crt%%E+2O=!iUHBHE>8jiN#*3<|P%&Qi8d$ub=bIR5`E2jKcR)U>q
zG9Hex`vA5ovSHQYYXRV8m@S(mCpqIlS7-8#l}>Tqo{lEB>h_sJ7M#S&T%fI)waKo;
zVLUX{+N$Fnor`M!cD_1?09IX(Ja%;%zf`tkZOCz)d?+SUTObifzU2)~!PO1uRD-Km
z%l;HYI9riKY18&5>!`yrHLq??BS6OqdjNt~%+iKctAmRA8pLL0tkjPfb~mafN?ghy
z*uB~vlA~pf=yjb2q$S>BD^^usciS<$PexHPN>rz|c9`L2_-0c1h8>d1?iAHHHi=d*
zx^{V$8EzBRMmS}N>d4kOGAiFpifYVPs`bg-2mtRwtxiT`#8-jNm?^5+qC_>Di>Q`w
zp{-6PB;VCh1LFyM-)aRTU$~>aMO5<~ACs$y@;0`x%mlLIU8qP*bns{l$<gL?TPTe7
z)P^HB4R)rR*;2D`dmKZgjoRFtjBd6e7zaz1L~J%B0FhwW|BElY4ph!3Ff~)}PKS@V
zZuXLM4M5Z2us-AzPQBwC2?2!diwizpv*0*^BOcFvxXkH<v(xF*aeo1GZi&b9pxwyO
zh&dti0$t*8{&Ec*q9q>Bk1QbY+{nI&%WEkdraB2G@!Y2r>%@%++vPHzt_hB3MGW)2
zs0(<t2s_IKC|cmg!V!<>P5XdXiLgzNKB7bn&c@^U)FIN-^=18Ryfnh(6-!(7PH(Iq
z@QT*#Wz+3MjEy%D^SOz@>m(EUA|Bl*;A}iD74E@0Wf%7@^kvh#3$TsHDelDix%Z(H
z)yBJ9<FTlPz*`8skF#R>3TXcU_@qa?J-DZBPkoLCQEYl&K$v*c9d9z*3p}uxy==TM
zBZe{|o_x1H@J=F3eefb4<-8BhrpLR-_AFNMh?bX4?<qhw-lM>K^c;Bh8Kx{3c#i|m
zra^*s_}dP8JePbLc;v;th)35CM?Oi9&r7Wfs<TUg^0Mju3n21mU&Nd3h_Hh^M6tuf
z-L(YvYG;DavUvRz&WYzkL#U7`>c>v|bsk<7@OE+yt1lamuRXBCOnL@u*g8jq9UOyz
z9VXr&c6IJ>*r}bycir1z;u&j4mrFq7u`Tkt19;z(jYYwvK{p<bGPbYFZ^d^G90k}x
z`VMx)v&~o!p}tcP&pv?qD1)PkJL$cO2Avp#NPXG#Y}o1ZI}?P}*DIhC^mhtYCA0ri
zuquK5oPw1#us>690X^AoDOgpU{gZ+fL+pnXEIq;gM!~wFqQ6kEQY`xq1+ynoM~4bl
zEzy4Wy+`o0UbTCbUMgX>Zw31$%yz6`N=~&`1yd{N570go%+q-x*!~o(Mijo!R>3^n
z%DoHUqfh_YZd5w=IC7U~L{CY1Ps}AE<dI*#$VGYN*DstfN4ebP5tDKNLZ0kbBviCV
zOwLQcI1diw!Ba-qxEJ4wP!dvTgq?Ooc!Pri;Z1okwo<a!XzBU%^YiDImye&Hz9Cy0
z+s4`ad^a!sjXZd|gCO&7&V%#u9m%r1zm~szdUt^!_h!hJ8zar99R-k|J%DZdbm40S
zUk7a4rwcP4zMs{$cbD)B9xB@Q>cY|Y5x{(pGwHj~a~uUMU*as`3xoyukfZ!R0WQG{
zQi(qrKSk&w_UiUPet3e%`)!C%ex?I<@-rK-lOG;)pTg^^ZTd}s?ThvObNa}~2fNve
z`Ttsd<kS0V9zRb2=Ibl)x_Q*LM0^MEH=pqOR%!UVfbIKi_^lNlI#r_ox=E(vTPA=X
zdjR*Wf>GxG9pE~obF5=;Q-CgZ8Q>ino(P!p81}T|@pYVw0k1>)G@U*humRZq7RzG5
zcK=p}^49`B2>D9-?h<h;;1gf;`nX}w@>>Bvs_kLCyG-!qIDCirTuHw~bOY`Jed>Yy
z{Vm{|9`pJ_&=~VS0+=s=_^if%4)CTgd3~Qoy_o(o;CqmNtIq!hVD3iZ7wJWU5Ay5=
z%x{p8{;vS<1Kg%zo{~Nfc!9*{9=V#AD0y5UCL_QXZQF1y0tbN4<2usgne7q4oKg~Q
z0&D?ZsNo3U(||cYXZmKqoQEO^xI}CN{N66y_oC~2H((#`W8ybNh`$@~M8KS{5&k;h
zO2C(E_(i~VfbDO^d>`;K!2hVzd1&j@*Y5%I_3gDXy+jmXNVUfk+7q_=1>ftw0Yf4A
zyMXDS7uWPE0ULm?(=bobx&XhY;U>Tr?S(wyGk+_5XZc$I-vj*1H2(d7cLRP|*Y{xu
zegOT)<AC=eeV)dD5wJZTpNH}IRlv_9{i8blO~3~L+ux$$I_L;so8Mu;d?9m(wx2Rg
zAuOcZ`U?QI?RhHfnFolck*@3&>oLGic`X3U`7Vk_`}vRICcr-E_XW*Q1aM4`*Gz8*
z?EF^E4#1Vf*Y*DlVCT1L9s%r>-!}pCF=40?<y{~S0Cs-6=0|{+fu7Cp5MbxGYyJp0
zN3Tp2Ip%Ny(40*83%T|?1F!*lSmsFkyAm)TRkX`r3E25<n+?pbuK@k4xRU1`nOuo4
z_<*~YXCFJ-=OI@y$*gLRFA(A8_A0rt@j-9wI=d7cZjvf?NpRkx_qadU{_Ci;|62#A
zqf*3~5zmsyDtBRU!h|o_#2laX;b~6FOt-coDHN*5IYVg0@-<EP+D|C7cmxz&7Fx1;
z(aK=x+ThaV4HDtH`Yd*5buAve=)j%5W;DVt1cf4r5bwRlPNLk=35C=6HV-#`LXmVw
z$5y+vV8h~EVK$%&vLO~@hjUcrc9Ep|KdS+r6!A`V2&65EuOs0GeSF6U0e&G!eikUT
zHExExME1i>*gC>TgcdH$eVYf*QsDDFIC1F2aUqhC)tRinUgV6zVMoZ=Vt>5InZgew
z#Wy=+u=xpHVh=1C-YP#2g#CGbJqWUqcbs#VH<C)^w(EJ<VhB6_>U&W3SB{({k=1^v
zLnOo4W5<`2LNt};aLXpx4DM3LP3}O63VyZ7nN{wX>(4Ve<0TDe#9803f`qU)??gci
zo(*!w=r1EVqwuMvSj-v0LlGyeKKbN~p?vT-25Q-o=)_|t>f1|B3@8b^)Oj)T15eI4
z`9&&c1hU2RlsiH@s$BgcC~AN$5$ef(-${NKDkqwAeaS2TQ&LVQl(ulFWt%DrU^xy8
zk+-bNW6KfJ)nCJM662<<7MJ=4mNQWqkoqE*GhTfrD;G1%`8ls#bgfX2u%&XQ#qVZ0
z5u_ojk8?Sr?GIy(`YAJhLTe;4&U&O~)R)1WY3d_k&KUXqu3QAWE{E`x0@04~Ktm3x
zHvf)e`-5Rl6sgn^Us&V0a8|mbeM1cfs-6={jq)`%J|z;5I7?vHfO9fu6b@pXpKSYo
D%m$PH

diff --git a/org.gridsite.core/src/mod_gridsite.c b/org.gridsite.core/src/mod_gridsite.c
index e9c7afb..b01e6f0 100644
--- a/org.gridsite.core/src/mod_gridsite.c
+++ b/org.gridsite.core/src/mod_gridsite.c
@@ -50,6 +50,7 @@
 #include <http_log.h>
 #include <http_protocol.h>
 #include <http_request.h>
+#include <unixd.h>
 
 #include <stdio.h>
 #include <sys/types.h>
@@ -78,28 +79,31 @@ module AP_MODULE_DECLARE_DATA gridsite_module;
 
 typedef struct
 {
-   int   auth;
-   int   envs;
-   int   format;
-   int   indexes;
-   char *indexheader;
-   int   gridsitelink;
-   char *adminfile;
-   char *adminuri;
-   char *helpuri;
-   char *dnlists;
-   char *dnlistsuri;
-   char *adminlist;
-   int   gsiproxylimit;
-   char *unzip;
-   char *methods;
-   char *editable;
-   char *headfile;
-   char *footfile;
-   int   downgrade;
-   char *authcookiesdir;
-   int   soap2cgi;
-   char *aclformat;
+   int			auth;
+   int			envs;
+   int			format;
+   int			indexes;
+   char			*indexheader;
+   int			gridsitelink;
+   char			*adminfile;
+   char			*adminuri;
+   char			*helpuri;
+   char			*dnlists;
+   char			*dnlistsuri;
+   char			*adminlist;
+   int			gsiproxylimit;
+   char			*unzip;
+   char			*methods;
+   char			*editable;
+   char			*headfile;
+   char			*footfile;
+   int			downgrade;
+   char			*authcookiesdir;
+   int			soap2cgi;
+   char			*aclformat;
+   char			*execmethod;
+   ap_unix_identity_t	execugid;
+   apr_fileperms_t	diskmode;
 }  mod_gridsite_cfg; /* per-directory config choices */
 
 
@@ -950,9 +954,16 @@ int http_put_method(request_rec *r, mod_gridsite_cfg *conf)
       (r->unparsed_uri[0] != '\0') &&
       (r->unparsed_uri[strlen(r->unparsed_uri) - 1] == '/'))
     {
-      if (apr_dir_make(r->filename, APR_UREAD | APR_UWRITE | APR_UEXECUTE, 
-                          r->pool) != 0) return HTTP_INTERNAL_SERVER_ERROR;
+      if (apr_dir_make(r->filename, 
+                       conf->diskmode 
+                       | APR_UEXECUTE | APR_GEXECUTE | APR_WEXECUTE, 
+                       r->pool) != 0) return HTTP_INTERNAL_SERVER_ERROR;
 
+      /* we force the permissions, rather than accept any existing ones */
+
+      apr_file_perms_set(r->filename, conf->diskmode
+                             | APR_UEXECUTE | APR_GEXECUTE | APR_WEXECUTE);
+                             
       ap_set_content_length(r, 0);
       ap_set_content_type(r, "text/html");
       return OK;
@@ -961,8 +972,12 @@ int http_put_method(request_rec *r, mod_gridsite_cfg *conf)
   /* ***  otherwise assume trying to create a regular file *** */
 
   if (apr_file_open(&fp, r->filename, APR_WRITE | APR_CREATE | APR_BUFFERED,
-      APR_UREAD | APR_UWRITE, r->pool) != 0) return HTTP_INTERNAL_SERVER_ERROR;
+      conf->diskmode, r->pool) != 0) return HTTP_INTERNAL_SERVER_ERROR;
    
+  /* we force the permissions, rather than accept any existing ones */
+
+  apr_file_perms_set(r->filename, conf->diskmode);
+                             
 // TODO: need to add Range: support at some point too
 
   retcode = ap_setup_client_block(r, REQUEST_CHUNKED_DECHUNK);
@@ -1468,6 +1483,17 @@ static void *create_gridsite_dir_config(apr_pool_t *p, char *path)
                                      /* GridSiteAuthCookiesDir dir-path     */
         conf->soap2cgi      = 0;     /* GridSiteSoap2cgi      on/off       */
 	conf->aclformat     = apr_pstrdup(p, "GACL");
+                                     /* GridSiteACLFormat     gacl/xacml */
+	conf->execmethod    = NULL;
+               /* GridSiteExecMethod  suexec/X509DN/directory */
+               
+        conf->execugid.uid     = 0;	/* GridSiteUserGroup User Group */
+        conf->execugid.gid     = 0;	/* ditto */
+        conf->execugid.userdir = 0;	/* ditto */
+        
+        conf->diskmode	= APR_UREAD | APR_UWRITE; 
+              /* GridSiteDiskMode group-mode world-mode
+                 GroupNone | GroupRead | GroupWrite   WorldNone | WorldRead */
       }
     else
       {
@@ -1493,6 +1519,11 @@ static void *create_gridsite_dir_config(apr_pool_t *p, char *path)
         conf->authcookiesdir= NULL;  /* GridSiteAuthCookiesDir dir-path    */
         conf->soap2cgi      = UNSET; /* GridSiteSoap2cgi      on/off       */
 	conf->aclformat     = NULL;  /* GridSiteACLFormat     gacl/xacml   */
+	conf->execmethod    = NULL;  /* GridSiteExecMethod */
+        conf->execugid.uid     = UNSET;	/* GridSiteUserGroup User Group */
+        conf->execugid.gid     = UNSET; /* ditto */
+        conf->execugid.userdir = UNSET; /* ditto */
+        conf->diskmode	    = UNSET; /* GridSiteDiskMode group world */
       }
 
     return conf;
@@ -1573,9 +1604,24 @@ static void *merge_gridsite_dir_config(apr_pool_t *p, void *vserver,
     if (direct->soap2cgi != UNSET) conf->soap2cgi = direct->soap2cgi;
     else                           conf->soap2cgi = server->soap2cgi;
 
-    if (direct->aclformat !=NULL)   conf->aclformat = direct->aclformat;
+    if (direct->aclformat != NULL) conf->aclformat = direct->aclformat;
     else                           conf->aclformat = server->aclformat;
 
+    if (direct->execmethod != NULL) conf->execmethod = direct->execmethod;
+    else                            conf->execmethod = server->execmethod;
+
+    if (direct->execugid.uid != UNSET)
+      { conf->execugid.uid = direct->execugid.uid;
+        conf->execugid.gid = direct->execugid.gid;
+        conf->execugid.userdir = direct->execugid.userdir; }
+    else
+      { conf->execugid.uid = server->execugid.uid;
+        conf->execugid.gid = server->execugid.gid;
+        conf->execugid.userdir = server->execugid.userdir; }
+
+    if (direct->diskmode != UNSET) conf->diskmode = direct->diskmode;
+    else                            conf->diskmode = server->diskmode;
+        
     return conf;
 }
 
@@ -1689,18 +1735,70 @@ static const char *mod_gridsite_take1_cmds(cmd_parms *a, void *cfg,
     }
     else if (strcasecmp(a->cmd->name, "GridSiteACLFormat") == 0)
     {
-      if (strcasecmp(parm,"GACL")==0)
-         ((mod_gridsite_cfg *) cfg)->aclformat = 
-	   apr_pstrdup(a->pool, parm);
-      else if (strcasecmp(parm,"XACML")==0)
-         ((mod_gridsite_cfg *) cfg)->aclformat =
-	   apr_pstrdup(a->pool, parm);
-      else return "GridsiteACLFormat must be either GACL or XACML";
+      if ((strcasecmp(parm,"GACL") != 0) &&
+          (strcasecmp(parm,"XACML") != 0))
+          return "GridsiteACLFormat must be either GACL or XACML";
+      
+      ((mod_gridsite_cfg *) cfg)->aclformat = apr_pstrdup(a->pool, parm);
+    }
+    else if (strcasecmp(a->cmd->name, "GridSiteExecMethod") == 0)
+    {
+      if (strcasecmp(parm, "nosetuid") == 0)
+        {
+          ((mod_gridsite_cfg *) cfg)->execmethod = NULL;
+          return NULL;
+        }
+    
+      if ((strcasecmp(parm, "suexec")    != 0) &&
+          (strcasecmp(parm, "X509DN")    != 0) &&
+          (strcasecmp(parm, "directory") != 0))
+          return "GridsiteExecMethod must be nosetuid, suexec, X509DN or directory";
+      
+      ((mod_gridsite_cfg *) cfg)->execmethod = apr_pstrdup(a->pool, parm);
     }
 
     return NULL;
 }
 
+static const char *mod_gridsite_take2_cmds(cmd_parms *a, void *cfg,
+                                       const char *parm1, const char *parm2)
+{
+    if (strcasecmp(a->cmd->name, "GridSiteUserGroup") == 0)
+    {
+      if (!(unixd_config.suexec_enabled))
+          return "Using GridSiteUserGroup will "
+                 "require rebuilding Apache with suexec support!";
+    
+      /* NB ap_uname2id/ap_gname2id are NOT thread safe - but OK
+         as long as not used in .htaccess, just at server start time */
+
+      ((mod_gridsite_cfg *) cfg)->execugid.uid = ap_uname2id(parm1);
+      ((mod_gridsite_cfg *) cfg)->execugid.gid = ap_gname2id(parm2);
+      ((mod_gridsite_cfg *) cfg)->execugid.userdir = 0;
+    }
+    else if (strcasecmp(a->cmd->name, "GridSiteDiskMode") == 0)
+    {
+      if ((strcasecmp(parm1, "GroupNone" ) != 0) &&
+          (strcasecmp(parm1, "GroupRead" ) != 0) &&
+          (strcasecmp(parm1, "GroupWrite") != 0))
+        return "First parameter of GridSiteDiskMode must be "
+               "GroupNone, GroupRead or GroupWrite!";
+          
+      if ((strcasecmp(parm2, "WorldNone" ) != 0) &&
+          (strcasecmp(parm2, "WorldRead" ) != 0))
+        return "Second parameter of GridSiteDiskMode must be "
+               "WorldNone or WorldRead!";
+          
+      ((mod_gridsite_cfg *) cfg)->diskmode = 
+       APR_UREAD | APR_UWRITE 
+       | ( APR_GREAD               * (strcasecmp(parm1, "GroupRead") == 0))
+       | ((APR_GREAD | APR_GWRITE) * (strcasecmp(parm1, "GroupWrite") == 0))
+       | ((APR_GREAD | APR_WREAD)  * (strcasecmp(parm2, "WorldRead") == 0));
+    }
+    
+    return NULL;
+}
+
 static const char *mod_gridsite_flag_cmds(cmd_parms *a, void *cfg,
                                       int flag)
 {
@@ -1792,6 +1890,17 @@ static const command_rec mod_gridsite_cmds[] =
     AP_INIT_TAKE1("GridSiteACLFormat", mod_gridsite_take1_cmds,
                  NULL, OR_FILEINFO, "format to save access control lists in"),
 
+    AP_INIT_TAKE1("GridSiteExecMethod", mod_gridsite_take1_cmds,
+                 NULL, OR_FILEINFO, "execution strategy used by gsexec"),
+                 
+    AP_INIT_TAKE2("GridSiteUserGroup", mod_gridsite_take2_cmds, 
+                  NULL, OR_FILEINFO,
+                  "user and group of gsexec processes in suexec mode"),
+          
+    AP_INIT_TAKE2("GridSiteDiskMode", mod_gridsite_take2_cmds, 
+                  NULL, OR_FILEINFO,
+                  "group and world file modes for new files/directories"),
+          
     {NULL}
 };
 
@@ -2064,6 +2173,14 @@ static int mod_gridsite_perm_handler(request_rec *r)
         if (((mod_gridsite_cfg *) cfg)->aclformat != NULL)
 	          apr_table_setn(env, "GRST_ACL_FORMAT",
                               ((mod_gridsite_cfg *) cfg)->aclformat);
+
+        if (((mod_gridsite_cfg *) cfg)->execmethod != NULL)
+	          apr_table_setn(env, "GRST_EXEC_METHOD",
+                              ((mod_gridsite_cfg *) cfg)->execmethod);
+
+        apr_table_setn(env, "GRST_DISK_MODE",
+ 	                     apr_psprintf(r->pool, "0x%04x",
+    	                      ((mod_gridsite_cfg *)cfg)->diskmode));
       }
 
     if (((mod_gridsite_cfg *) cfg)->auth)
@@ -2345,6 +2462,27 @@ static int mod_gridsite_handler(request_rec *r)
    return mod_gridsite_nondir_handler(r, conf);
 }
 
+static ap_unix_identity_t *mod_gridsite_get_suexec_id_doer(const request_rec *r)
+{
+   mod_gridsite_cfg *conf;
+    
+   conf = (mod_gridsite_cfg *)
+                    ap_get_module_config(r->per_dir_config, &gridsite_module);
+
+   if ((conf->execugid.uid != UNSET) && 
+       (conf->execmethod != NULL)) 
+     {
+     
+     /* also push GRST_EXEC_DIRECTORY into request environment here too */
+     
+       return &(conf->execugid);
+     }
+       
+       
+       
+   return NULL;
+}
+
 static void register_hooks(apr_pool_t *p)
 {
     /* set up the Soap2cgi input and output filters */
@@ -2369,6 +2507,9 @@ static void register_hooks(apr_pool_t *p)
     ap_hook_fixups(mod_gridsite_perm_handler,NULL,NULL,APR_HOOK_REALLY_LAST);
     
     ap_hook_handler(mod_gridsite_handler, NULL, NULL, APR_HOOK_FIRST);    
+    
+    ap_hook_get_suexec_identity(mod_gridsite_get_suexec_id_doer,
+                                NULL, NULL, APR_HOOK_MIDDLE);
 }
 
 module AP_MODULE_DECLARE_DATA gridsite_module =
-- 
1.8.2.3