pax_global_header00006660000000000000000000000064145711751570014527gustar00rootroot0000000000000052 comment=699bc85d0a0a76bd9cc96adc3199354083de26fe osslsigncode-2.8/000077500000000000000000000000001457117515700140745ustar00rootroot00000000000000osslsigncode-2.8/.github/000077500000000000000000000000001457117515700154345ustar00rootroot00000000000000osslsigncode-2.8/.github/workflows/000077500000000000000000000000001457117515700174715ustar00rootroot00000000000000osslsigncode-2.8/.github/workflows/ci.yml000066400000000000000000000132531457117515700206130ustar00rootroot00000000000000name: CI on: push: pull_request: env: # Customize the CMake build type here (Release, Debug, RelWithDebInfo, etc.) BUILD_TYPE: Release version: osslsigncode-2.8 jobs: build: strategy: fail-fast: false matrix: include: - id: ubuntu-22.04 triplet: x64-linux compiler: gcc os: ubuntu-22.04 generator: Unix Makefiles vcpkg_root: - id: ubuntu-20.04 triplet: x64-linux compiler: gcc os: ubuntu-20.04 generator: Unix Makefiles vcpkg_root: - id: macOS triplet: x64-osx compiler: clang os: macOS-latest generator: Unix Makefiles vcpkg_root: /usr/local/share/vcpkg cache: /Users/runner/.cache/vcpkg/archives - id: windows-x64-vs triplet: x64-windows compiler: vs arch: x64 os: windows-latest generator: Ninja vcpkg_root: C:/vcpkg cache: C:/Users/runneradmin/AppData/Local/vcpkg/archives - id: windows-x86-vs triplet: x86-windows compiler: vs arch: x86 os: windows-latest generator: Ninja vcpkg_root: C:/vcpkg cache: C:/Users/runneradmin/AppData/Local/vcpkg/archives - id: windows-x64-static-vs triplet: x64-windows-static compiler: vs arch: x64 os: windows-latest generator: Ninja vcpkg_root: C:/vcpkg cache: C:/Users/runneradmin/AppData/Local/vcpkg/archives - id: windows-x64-mingw triplet: x64-windows compiler: mingw os: windows-latest generator: Ninja vcpkg_root: C:/vcpkg cache: C:/Users/runneradmin/AppData/Local/vcpkg/archives runs-on: ${{matrix.os}} env: VCPKG_ROOT: ${{matrix.vcpkg_root}} steps: - uses: actions/checkout@v3 - name: Cache the vcpkg archives if: matrix.cache != '' uses: actions/cache@v3 with: path: ${{matrix.cache}} key: ${{matrix.id}}-${{hashFiles('vcpkg.json')}} restore-keys: | ${{matrix.id}}-${{hashFiles('vcpkg.json')}} ${{matrix.id}}- - name: Configure Visual Studio if: matrix.compiler == 'vs' uses: ilammy/msvc-dev-cmd@v1 with: arch: ${{matrix.arch}} - name: Install MSYS2 if: matrix.compiler == 'mingw' uses: msys2/setup-msys2@v2 with: update: true install: mingw-w64-x86_64-ninja - name: Put MSYS2_MinGW64 on PATH if: matrix.compiler == 'mingw' run: echo "D:/a/_temp/msys64/mingw64/bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append - name: Install apt dependencies (Linux) if: runner.os == 'Linux' run: | sudo apt-get update sudo apt-get install -y libssl-dev libcurl4-openssl-dev faketime - name: Install brew dependencies (macOS) if: runner.os == 'macOS' run: | brew install python@3.8 - name: Install Xcode (macOS) if: runner.os == 'macOS' uses: maxim-lobanov/setup-xcode@v1 with: xcode-version: latest-stable - name: Setup the oldest supported version of cmake (macOS) if: runner.os == 'macOS' uses: jwlawson/actions-setup-cmake@v1.12 with: cmake-version: '3.17.0' - name: Show OpenSSL version run: openssl version -a - name: Configure CMake run: cmake -G "${{matrix.generator}}" -S ${{github.workspace}} -B ${{github.workspace}}/build -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}} -DCMAKE_INSTALL_PREFIX=${{github.workspace}}/dist -DVCPKG_TARGET_TRIPLET=${{matrix.triplet}} - name: Build run: cmake --build ${{github.workspace}}/build --config ${{env.BUILD_TYPE}} - name: Start HTTP server (macOS) working-directory: ${{github.workspace}}/build if: runner.os == 'macOS' run: | python3.8 --version python3.8 ./Testing/server_http.py --port 19254 while test ! -s ./Testing/logs/port.log; do sleep 1; done - name: Start HTTP server (Windows) working-directory: ${{github.workspace}}\build if: runner.os == 'Windows' run: | python.exe --version $Args = '.\Testing\server_http.pyw --port 19254' $File = '.\Testing\logs\port.log' Start-Process -FilePath pythonw.exe -ArgumentList $Args while(-not(Test-Path -Path $File -PathType Leaf) -or [String]::IsNullOrWhiteSpace((Get-Content $File))) {Start-Sleep -Seconds 1} Get-Content '.\Testing\logs\server.log' - name: List files (Linux/macOS) if: runner.os != 'Windows' run: find .. -ls - name: List files (Windows) if: runner.os == 'Windows' run: Get-ChildItem -Recurse -Name .. - name: Test working-directory: ${{github.workspace}}/build run: ctest -C ${{env.BUILD_TYPE}} - name: Upload the errors uses: actions/upload-artifact@v3 if: failure() with: name: errors-${{matrix.id}} path: | ${{github.workspace}}/build/Testing/Temporary/LastTest.log ${{github.workspace}}/build/Testing/conf/makecerts.log ${{github.workspace}}/build/Testing/logs/server.log ${{github.workspace}}/build/Testing/logs/port.log - name: Install run: cmake --install ${{github.workspace}}/build - name: Upload the executables uses: actions/upload-artifact@v3 with: name: ${{env.version}}-${{matrix.id}} path: ${{github.workspace}}/dist osslsigncode-2.8/.github/workflows/codeql-analysis.yml000066400000000000000000000040341457117515700233050ustar00rootroot00000000000000name: "CodeQL" on: push: branches: [ "master" ] pull_request: # The branches below must be a subset of the branches above branches: [ "master" ] schedule: - cron: '45 1 * * 2' jobs: analyze: name: Analyze runs-on: ubuntu-latest permissions: actions: read contents: read security-events: write strategy: fail-fast: false matrix: language: [ 'cpp' ] steps: - name: Checkout repository uses: actions/checkout@v3 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. # By default, queries listed here will override any specified in a config file. # Prefix the list here with "+" to use these queries and those in the config file. # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs # queries: security-extended,security-and-quality # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild uses: github/codeql-action/autobuild@v2 # тД╣я╕П Command-line programs to run using the OS shell. # ЁЯУЪ See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun # If the Autobuild fails above, remove it and uncomment the following three lines. # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. # - run: | # echo "Run, Build Application using script" # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 osslsigncode-2.8/.github/workflows/coverity.yml000066400000000000000000000012401457117515700220550ustar00rootroot00000000000000name: Coverity Scan on: push: workflow_dispatch: jobs: coverity: runs-on: ubuntu-latest env: token: ${{secrets.COVERITY_SCAN_TOKEN}} steps: - uses: actions/checkout@v3 if: env.token - name: Get ready for scanning if: env.token run: | sudo apt-get update sudo apt-get install -y libssl-dev libcurl4-openssl-dev cmake -S ${{github.workspace}} -B ${{github.workspace}}/build - uses: vapier/coverity-scan-action@v1 if: env.token with: email: ${{secrets.COVERITY_SCAN_EMAIL}} token: ${{secrets.COVERITY_SCAN_TOKEN}} command: make -C ${{github.workspace}}/build osslsigncode-2.8/.gitignore000066400000000000000000000005411457117515700160640ustar00rootroot00000000000000build/ CMakeFiles/ _CPack_Packages/ Testing/ .vs/ CMakeCache.txt cmake_install.cmake config.h CPackConfig.cmake CPackSourceConfig.cmake CTestTestfile.cmake install_manifest.txt Makefile osslsigncode osslsigncode.exe stamp-h1 .#*# .*.bak .*.orig .*.rej .*~ #*# *.asc *.bak *.bz2 *.d *.def *.dll *.gz *.la *.lib *.lo *.orig *.pc *.pdb *.rej *.u *.rc *~ osslsigncode-2.8/CMakeLists.txt000066400000000000000000000067471457117515700166520ustar00rootroot00000000000000# required cmake version cmake_minimum_required(VERSION 3.17) # autodetect vcpkg CMAKE_TOOLCHAIN_FILE if VCPKG_ROOT is defined # this needs to be configured before the project() directive if(DEFINED ENV{VCPKG_ROOT} AND NOT $ENV{VCPKG_ROOT} STREQUAL "" AND NOT DEFINED CMAKE_TOOLCHAIN_FILE) set(CMAKE_TOOLCHAIN_FILE "$ENV{VCPKG_ROOT}/scripts/buildsystems/vcpkg.cmake" CACHE STRING "") endif(DEFINED ENV{VCPKG_ROOT} AND NOT $ENV{VCPKG_ROOT} STREQUAL "" AND NOT DEFINED CMAKE_TOOLCHAIN_FILE) set(BUILTIN_SOCKET ON CACHE BOOL "") # for static Python # configure basic project information project(osslsigncode VERSION 2.8 DESCRIPTION "OpenSSL based Authenticode signing for PE, CAB, CAT and MSI files" HOMEPAGE_URL "https://github.com/mtrojnar/osslsigncode" LANGUAGES C) # force nonstandard version format for development packages set(DEV "") set(PROJECT_VERSION "${PROJECT_VERSION_MAJOR}.${PROJECT_VERSION_MINOR}${DEV}") # version and contact information set(PACKAGE_STRING "${PROJECT_NAME} ${PROJECT_VERSION}") set(PACKAGE_BUGREPORT "Michal.Trojnara@stunnel.org") # specify the C standard set(CMAKE_C_STANDARD 11) set(CMAKE_C_STANDARD_REQUIRED ON) # load CMake library modules include(FindOpenSSL) include(FindCURL) include(FindZLIB) # load CMake project modules set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${PROJECT_SOURCE_DIR}/cmake") include(SetBashCompletion) include(FindHeaders) # define the target add_executable(osslsigncode) # add compiler/linker flags include(SetCompilerFlags) # create and use config.h configure_file(Config.h.in config.h) target_compile_definitions(osslsigncode PRIVATE HAVE_CONFIG_H=1) # set sources target_sources(osslsigncode PRIVATE osslsigncode.c helpers.c utf.c msi.c pe.c cab.c cat.c appx.c script.c) if(NOT UNIX) target_sources(osslsigncode PRIVATE applink.c) endif(NOT UNIX) # set include directories target_include_directories(osslsigncode PRIVATE "${PROJECT_BINARY_DIR}") # set OpenSSL includes/libraries if(NOT OPENSSL_FOUND) message(FATAL_ERROR "OpenSSL library not found") endif(NOT OPENSSL_FOUND) target_include_directories(osslsigncode PRIVATE ${OPENSSL_INCLUDE_DIR}) target_link_libraries(osslsigncode PRIVATE ${OPENSSL_LIBRARIES}) # set cURL includes/libraries if(CURL_FOUND) target_compile_definitions(osslsigncode PRIVATE ENABLE_CURL=1) target_include_directories(osslsigncode PRIVATE ${CURL_INCLUDE_DIRS}) target_link_libraries(osslsigncode PRIVATE ${CURL_LIBRARIES}) message(STATUS "cURL support enabled") else(CURL_FOUND) message(STATUS "cURL support disabled (library not found)") endif(CURL_FOUND) if(NOT ZLIB_FOUND) message(FATAL_ERROR "Zlib library not found") endif(NOT ZLIB_FOUND) target_include_directories(osslsigncode PRIVATE ${ZLIB_INCLUDE_DIR}) target_link_libraries(osslsigncode PRIVATE ${ZLIB_LIBRARIES}) # add paths to linker search and installed rpath set_target_properties(osslsigncode PROPERTIES INSTALL_RPATH_USE_LINK_PATH TRUE) # testing with CTest include(CMakeTest) # installation rules for a project set(BINDIR "${CMAKE_INSTALL_PREFIX}/bin") install(TARGETS osslsigncode RUNTIME DESTINATION ${BINDIR}) if(UNIX) include(CMakeDist) else(UNIX) install( DIRECTORY ${PROJECT_BINARY_DIR}/ DESTINATION ${BINDIR} FILES_MATCHING PATTERN "*.dll" PATTERN "vcpkg_installed" EXCLUDE PATTERN "CMakeFiles" EXCLUDE PATTERN "Testing" EXCLUDE) endif(UNIX) #[[ Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: ]] osslsigncode-2.8/CMakeSettings.json000066400000000000000000000027731457117515700175010ustar00rootroot00000000000000я╗┐{ "configurations": [ { "name": "x86-Debug", "generator": "Ninja", "configurationType": "Debug", "buildRoot": "${projectDir}\\out\\build\\${name}", "installRoot": "${projectDir}\\out\\install\\${name}", "cmakeCommandArgs": "", "buildCommandArgs": "", "ctestCommandArgs": "", "inheritEnvironments": [ "msvc_x86" ] }, { "name": "x86-Release", "generator": "Ninja", "configurationType": "RelWithDebInfo", "buildRoot": "${projectDir}\\out\\build\\${name}", "installRoot": "${projectDir}\\out\\install\\${name}", "cmakeCommandArgs": "", "buildCommandArgs": "", "ctestCommandArgs": "", "inheritEnvironments": [ "msvc_x86" ] }, { "name": "x64-Debug", "generator": "Ninja", "configurationType": "Debug", "buildRoot": "${projectDir}\\out\\build\\${name}", "installRoot": "${projectDir}\\out\\install\\${name}", "cmakeCommandArgs": "", "buildCommandArgs": "", "ctestCommandArgs": "", "inheritEnvironments": [ "msvc_x64_x64" ], "variables": [] }, { "name": "x64-Release", "generator": "Ninja", "configurationType": "RelWithDebInfo", "buildRoot": "${projectDir}\\out\\build\\${name}", "installRoot": "${projectDir}\\out\\install\\${name}", "cmakeCommandArgs": "", "buildCommandArgs": "", "ctestCommandArgs": "", "inheritEnvironments": [ "msvc_x64_x64" ], "variables": [] } ] }osslsigncode-2.8/COPYING.txt000066400000000000000000001045131457117515700157510ustar00rootroot00000000000000 GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The GNU General Public License is a free, copyleft license for software and other kinds of works. The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We, the Free Software Foundation, use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things. To protect your rights, we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore, you have certain responsibilities if you distribute copies of the software, or if you modify it: responsibilities to respect the freedom of others. For example, if you distribute copies of such a program, whether gratis or for a fee, you must pass on to the recipients the same freedoms that you received. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. Developers that use the GNU GPL protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License giving you legal permission to copy, distribute and/or modify it. For the developers' and authors' protection, the GPL clearly explains that there is no warranty for this free software. For both users' and authors' sake, the GPL requires that modified versions be marked as changed, so that their problems will not be attributed erroneously to authors of previous versions. Some devices are designed to deny users access to install or run modified versions of the software inside them, although the manufacturer can do so. This is fundamentally incompatible with the aim of protecting users' freedom to change the software. The systematic pattern of such abuse occurs in the area of products for individuals to use, which is precisely where it is most unacceptable. Therefore, we have designed this version of the GPL to prohibit the practice for those products. If such problems arise substantially in other domains, we stand ready to extend this provision to those domains in future versions of the GPL, as needed to protect the freedom of users. Finally, every program is threatened constantly by software patents. States should not allow patents to restrict development and use of software on general-purpose computers, but in those that do, we wish to avoid the special danger that patents applied to a free program could make it effectively proprietary. To prevent this, the GPL assures that patents cannot be used to render the program non-free. The precise terms and conditions for copying, distribution and modification follow. TERMS AND CONDITIONS 0. Definitions. "This License" refers to version 3 of the GNU General Public License. "Copyright" also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. "The Program" refers to any copyrightable work licensed under this License. Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals or organizations. To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work. A "covered work" means either the unmodified Program or a work based on the Program. To "propagate" a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying. An interactive user interface displays "Appropriate Legal Notices" to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. 1. Source Code. The "source code" for a work means the preferred form of the work for making modifications to it. "Object code" means any non-source form of a work. A "Standard Interface" means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. The "System Libraries" of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A "Major Component", in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it. The "Corresponding Source" for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work. The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source. The Corresponding Source for a work in source code form is that same work. 2. Basic Permissions. All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law. You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary. 3. Protecting Users' Legal Rights From Anti-Circumvention Law. No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures. When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures. 4. Conveying Verbatim Copies. You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program. You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee. 5. Conveying Modified Source Versions. You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: a) The work must carry prominent notices stating that you modified it, and giving a relevant date. b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to "keep intact all notices". c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it. d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so. A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an "aggregate" if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate. 6. Conveying Non-Source Forms. You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange. b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b. d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d. A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work. A "User Product" is either (1) a "consumer product", which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage. For a particular product received by a particular user, "normally used" refers to a typical or common use of that class of product, regardless of the status of the particular user or of the way in which the particular user actually uses, or expects or is expected to use, the product. A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product. "Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM). The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying. 7. Additional Terms. "Additional permissions" are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms: a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or d) Limiting the use for publicity purposes of names of licensors or authors of the material; or e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors. All other non-permissive additional terms are considered "further restrictions" within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying. If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. 8. Termination. You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11). However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10. 9. Acceptance Not Required for Having Copies. You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so. 10. Automatic Licensing of Downstream Recipients. Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License. An "entity transaction" is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts. You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it. 11. Patents. A "contributor" is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's "contributor version". A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, "control" includes the right to grant patent sublicenses in a manner consistent with the requirements of this License. Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version. In the following three paragraphs, a "patent license" is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To "grant" such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party. If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent license to downstream recipients. "Knowingly relying" means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid. If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify or convey a specific copy of the covered work, then the patent license you grant is automatically extended to all recipients of the covered work and works based on it. A patent license is "discriminatory" if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license (a) in connection with copies of the covered work conveyed by you (or copies made from those copies), or (b) primarily for and in connection with specific products or compilations that contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007. Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law. 12. No Surrender of Others' Freedom. If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. 13. Use with the GNU Affero General Public License. Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU Affero General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the special requirements of the GNU Affero General Public License, section 13, concerning interaction through a network will apply to the combination as such. 14. Revised Versions of this License. The Free Software Foundation may publish revised and/or new versions of the GNU General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU General Public License, you may choose any version ever published by the Free Software Foundation. If the Program specifies that a proxy can decide which future versions of the GNU General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program. Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version. 15. Disclaimer of Warranty. THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. Limitation of Liability. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 17. Interpretation of Sections 15 and 16. If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . Also add information on how to contact you by electronic and paper mail. If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode: Copyright (C) This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, your program's commands might be different; for a GUI interface, you would use an "about box". You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see . The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read . osslsigncode-2.8/Config.h.in000066400000000000000000000006231457117515700160600ustar00rootroot00000000000000/* the configured options and settings for osslsigncode */ #define VERSION_MAJOR "@osslsigncode_VERSION_MAJOR@" #define VERSION_MINOR "@osslsigncode_VERSION_MINOR@" #cmakedefine PACKAGE_STRING "@PACKAGE_STRING@" #cmakedefine PACKAGE_BUGREPORT "@PACKAGE_BUGREPORT@" #cmakedefine HAVE_TERMIOS_H #cmakedefine HAVE_GETPASS #cmakedefine HAVE_SYS_MMAN_H #cmakedefine HAVE_MMAP #cmakedefine HAVE_MAPVIEWOFFILE osslsigncode-2.8/Dockerfile000066400000000000000000000014341457117515700160700ustar00rootroot00000000000000# Stage 1: Build osslsigncode on Alpine FROM alpine:latest AS builder # Install build dependencies RUN apk add --no-cache build-base cmake openssl-dev curl-dev # Copy osslsigncode source code into the image COPY . /source # Build osslsigncode RUN cd /source && \ mkdir -p build && \ cd build && \ rm -f CMakeCache.txt && \ cmake -S .. && \ cmake --build . && \ cmake --install . # Stage 2: Create final image without build environment FROM alpine:latest # Copy compiled binary from builder stage COPY --from=builder /usr/local/bin/osslsigncode /usr/local/bin/osslsigncode # Install necessary runtime libraries (latest version) RUN apk add --no-cache libcrypto3 libcurl # Set working directory WORKDIR /workdir # Declare volume to mount files VOLUME [ "/workdir" ] osslsigncode-2.8/INSTALL.W32.md000066400000000000000000000076531457117515700161110ustar00rootroot00000000000000# osslsigncode Windows install notes ### Building osslsigncode source with MSYS2 MinGW 64-bit and MSYS2 packages: 1) Download and install MSYS2 from https://msys2.github.io/ and follow installation instructions. Once up and running install even mingw-w64-x86_64-gcc, mingw-w64-x86_64-curl. ``` pacman -S mingw-w64-x86_64-gcc mingw-w64-x86_64-curl ``` mingw-w64-x86_64-openssl and mingw-w64-x86_64-zlib packages are installed with dependencies. 2) Run "MSYS2 MinGW 64-bit" and build 64-bit Windows executables. ``` cd osslsigncode-folder x86_64-w64-mingw32-gcc *.c -o osslsigncode.exe \ -lcrypto -lssl -lcurl \ -D 'PACKAGE_STRING="osslsigncode x.y"' \ -D 'PACKAGE_BUGREPORT="Your.Email@example.com"' \ -D ENABLE_CURL ``` 3) Run "Command prompt" and include "c:\msys64\mingw64\bin" folder as part of the path. ``` path=%path%;c:\msys64\mingw64\bin cd osslsigncode-folder osslsigncode.exe -v osslsigncode 2.4, using: OpenSSL 1.1.1g 21 Apr 2020 (Library: OpenSSL 1.1.1g 21 Apr 2020) libcurl/7.70.0 OpenSSL/1.1.1g (Schannel) zlib/1.2.11 brotli/1.0.7 libidn2/2.3.0 libpsl/0.21.0 (+libidn2/2.3.0) libssh2/1.9.0 nghttp2/1.40.0 ``` ### Building OpenSSL, Curl and osslsigncode sources with MSYS2 MinGW 64-bit: 1) Download and install MSYS2 from https://msys2.github.io/ and follow installation instructions. Once up and running install even: perl make autoconf automake libtool pkg-config. ``` pacman -S perl make autoconf automake libtool pkg-config ``` Make sure there are no curl, brotli, libpsl, libidn2 and nghttp2 packages installed: ``` pacman -R mingw-w64-x86_64-curl \ mingw-w64-x86_64-brotli \ mingw-w64-x86_64-libpsl \ mingw-w64-x86_64-libidn2 \ mingw-w64-x86_64-nghttp2 ``` Run "MSYS2 MinGW 64-bit" in the administrator mode. 2) Build and install OpenSSL. ``` cd openssl-(version) ./config --prefix='C:/OpenSSL' --openssldir='C:/OpenSSL' make && make install ``` 3) Build and install curl. ``` cd curl-(version) ./buildconf ./configure --prefix='C:/curl' --with-ssl='C:/OpenSSL' \ --disable-ftp --disable-tftp --disable-file --disable-dict \ --disable-telnet --disable-imap --disable-smb --disable-smtp \ --disable-gopher --disable-pop --disable-pop3 --disable-rtsp \ --disable-ldap --disable-ldaps --disable-unix-sockets \ --disable-pthreads --without-zstd --without-zlib make && make install ``` 3) Build 64-bit Windows executables. ``` cd osslsigncode-folder x86_64-w64-mingw32-gcc *.c -o osslsigncode.exe \ -L 'C:/OpenSSL/lib/' -lcrypto -lssl \ -I 'C:/OpenSSL/include/' \ -L 'C:/curl/lib' -lcurl \ -I 'C:/curl/include' \ -D 'PACKAGE_STRING="osslsigncode x.y"' \ -D 'PACKAGE_BUGREPORT="Your.Email@example.com"' \ -D ENABLE_CURL ``` 4) Run "Command prompt" and copy required libraries. ``` cd osslsigncode-folder copy C:\OpenSSL\bin\libssl-1_1-x64.dll copy C:\OpenSSL\bin\libcrypto-1_1-x64.dll copy C:\curl\bin\libcurl-4.dll osslsigncode.exe -v osslsigncode 2.4, using: OpenSSL 1.1.1k 25 Mar 2021 (Library: OpenSSL 1.1.1k 25 Mar 2021) libcurl/7.78.0 OpenSSL/1.1.1k ``` ### Building OpenSSL, Curl and osslsigncode sources with Microsoft Visual Studio: 1) Install and integrate vcpkg: https://vcpkg.io/en/getting-started.html 2) Git clone osslsigncode: https://github.com/mtrojnar/osslsigncode/ 3) Build osslsigncode with GUI or cmake. Navigate to the build directory and run CMake to configure the osslsigncode project and generate a native build system: ``` mkdir build && cd build && cmake -S .. -G Ninja -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=[installation directory] -DCMAKE_TOOLCHAIN_FILE=[path to vcpkg]/scripts/buildsystems/vcpkg.cmake ``` Then call that build system to actually compile/link the osslsigncode project: ``` cmake --build . ``` 4) Make tests. ``` ctest -C Release ``` 5) Make install (with administrative privileges if necessary). ``` cmake --install . ``` osslsigncode-2.8/LICENSE.txt000066400000000000000000000027471457117515700157310ustar00rootroot00000000000000OpenSSL based Authenticode signing for PE/MSI/Java CAB files. Copyright (C) 2005-2014 Per Allansson Copyright (C) 2018-2022 Micha┼В Trojnara This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . In addition, as a special exception, the copyright holders give permission to link the code of portions of this program with the OpenSSL library under certain conditions as described in each individual source file, and distribute linked combinations including the two. You must obey the GNU General Public License in all respects for all of the code used other than OpenSSL. If you modify file(s) with this exception, you may extend this exception to your version of the file(s), but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. If you delete this exception statement from all source files in the program, then also delete it here. osslsigncode-2.8/NEWS.md000066400000000000000000000156121457117515700151770ustar00rootroot00000000000000# osslsigncode change log ### 2.8 (2024.03.03) - Microsoft PowerShell signing sponsored by Cisco Systems, Inc. - fixed setting unauthenticated attributes (Countersignature, Unauthenticated Data Blob) in a nested signature - added the "-index" option to verify a specific signature or modify its unauthenticated attributes - added CAT file verification - added listing the contents of a CAT file with the "-verbose" option - added the new "extract-data" command to extract a PKCS#7 data content to be signed with "sign" and attached with "attach-signature" - added PKCS9_SEQUENCE_NUMBER authenticated attribute support - added the "-ignore-cdp" option to disable CRL Distribution Points (CDP) online verification - unsuccessful CRL retrieval and verification changed into a critical error - the "-p" option modified to also use to configured proxy to connect CRL Distribution Points - added implicit allowlisting of the Microsoft Root Authority serial number 00C1008B3C3C8811D13EF663ECDF40 - added listing of certificate chain retrieved from the signature in case of verification failure ### 2.7 (2023.09.19) - fixed signing CAB files (by Michael Brown) - fixed handling of unsupported commands (by Maxim Bagryantsev) - fixed writing DIFAT sectors - added APPX support (by Maciej Panek and Ma┼Вgorzata Olsz├│wka) - added a built-in TSA response generation (-TSA-certs, -TSA-key and -TSA-time options) ### 2.6 (2023.05.29) - modular architecture implemented to simplify adding file formats - added verification of CRLs specified in the signing certificate - added MSI DIFAT sectors support (by Max Bagryantsev) - added legacy provider support for OpenSSL 3.0.0 and later - fixed numerous bugs ### 2.5 (2022.08.12) - fixed the Unix executable install path - fixed the hardcoded "pkcs11" engine id - fixed building with MinGW - fixed testing with the python3 distributed with Ubuntu 18.04 ### 2.4 (2022.08.02) - migrated the build system from GNU Autoconf to CMake - added the "-h" option to set the cryptographic hash function for the "attach -signature" and "add" commands - set the default hash function to "sha256" - added the "attach-signature" option to compute and compare the leaf certificate hash for the "add" command - renamed the "-st" option "-time" (the old name is accepted for compatibility) - updated the "-time" option to also set explicit verification time - added the "-ignore-timestamp" option to disable timestamp server signature verification - removed the "-timestamp-expiration" option - fixed several bugs - updated the included documentation - enabled additional compiler/linker hardening options - added CI based on GitHub Actions ### 2.3 (2022.03.06) **CRITICAL SECURITY VULNERABILITIES** This release fixes several critical memory corruption vulnerabilities. A malicious attacker could create a file, which, when processed with osslsigncode, triggers arbitrary code execution. Any previous version of osslsigncode should be immediately upgraded if the tool is used for processing of untrusted files. - fixed several memory safety issues - fixed non-interactive PVK (MSBLOB) key decryption - added a bash completion script - added CA bundle path auto-detection ### 2.2 (2021.08.15) - CAT files support (thanks to James McKenzie) - MSI support rewritten without libgsf dependency, which allows for handling of all the needed MSI metadata, such as dates - "-untrusted" option renamed to "-TSA-CAfile" - "-CRLuntrusted" option renamed to "-TSA-CRLfile" - numerous bug fixes and improvements ### 2.1 (2020-10-11) - certificate chain verification support - timestamp verification support - CRL verification support ("-CRLfile" option) - improved CAB signature support - nested signatures support - user-specified signing time ("-st" option) by vszakats - added more tests - fixed numerous bugs - dropped OpenSSL 1.1.0 support ### 2.0 (2018-12-04) - orphaned project adopted by Micha┼В Trojnara - ported to OpenSSL 1.1.x - ported to SoftHSM2 - add support for pkcs11-based hardware tokens (Patch from Leif Johansson) - improved error reporting of timestamping errors (Patch from Carlo Teubner) ### 1.7.1 (2014-07-11) - MSI: added -add-msi-dse option (Patch from Mikkel Krautz) - MSI: fix build when GSF_CAN_READ_MSI_METADATA defined (Patch from Mikkel Krautz) ### 1.7 (2014-07-10) - add support for nested signatures (Patch from Mikkel Krautz) - fix compilation problem with OpenSSL < 1.0.0 - added OpenSSL linkage exception to license ### 1.6 (2014-01-21) - add support for reading password from file - add support for asking for password (on systems that provide support for it) - add support for compiling and running on Windows (Patch from Heiko Hund) - fix compilation without curl (Fix from Heiko Hund) - added support for giving multiple timestamp servers as arguments (first one that succeeds will be used) - signatures on hierarchical MSI files were broken (Fix from Mikkel Krautz) - MSI: Add support for MsiDigitalSignatureEx signature (Patch from Mikkel Krautz) - add support for adding additional/cross certificates through -ac option (Thanks to Lars Munch for idea + testing) - MSI: Add support for signature extract/remove/verify (Patches from Mikkel Krautz) - PE/MSI: Implement -require-leaf-hash for verify. (Patch from Mikkel Krautz) ### 1.5.2 (2013-03-13) - added support for signing with SHA-384 and SHA-512 - added support for page hashing (-ph option) ### 1.5.1 (2013-03-12) - forgot to bump version number... ### 1.5 (2013-03-12) - added support for signing MSI files (patch from Marc-Andr├й Lureau) - calculate correct PE checksum instead of setting it to 0 (patch from Roland Schwingel) - added support for RFC3161 timestamping (-ts option) - added support for extracting/removing/verifying signature on PE files - fixed problem with not being able to decode timestamps with no newlines - added stricter checks for PE file validity - added support for reading keys from PVK files (requires OpenSSL 1.0.0 or later) - added support for reading certificates from PEM files - renamed program option: -spc to -certs (old option name still valid) ### 1.4 (2011-08-12) - improved build system (patch from Alon Bar-Lev) - support reading cert+key from PKCS12 file (patch from Alon Bar-Lev) - support reading key from PEM file - added support for sha1/sha256 - default hash is now sha1 - added flag for commercial signing (default is individual) ### 1.3.1 (2009-08-07) - support signing of 64-bit executables (fix from Paul Kendall) ### 1.3 (2008-01-31) - fixed padding problem (fix from Ryan Rubley) - allow signing of already signed files (fix from Ryan Rubley) - added Ryan Rubley's PVK-to-DER guide into the README ### 1.2 (2005-01-21) - autoconf:ed (Thanks to Roy Keene) - added documentation - don't override PKCS7_get_signed_attribute, it wasn't actually needed, it was me being confused. - compiles without curl, which means no timestamping - version number output ### 1.1 (2005-01-19) - Initial release osslsigncode-2.8/README.md000066400000000000000000000161751457117515700153650ustar00rootroot00000000000000osslsigncode ============ ## BUILD STATUS [![CI](https://github.com/mtrojnar/osslsigncode/actions/workflows/ci.yml/badge.svg)](https://github.com/mtrojnar/osslsigncode/actions/workflows/ci.yml) ## WHAT IS IT? osslsigncode is a small tool that implements part of the functionality of the Microsoft tool signtool.exe - more exactly the Authenticode signing and timestamping. But osslsigncode is based on OpenSSL and cURL, and thus should be able to compile on most platforms where these exist. ## WHY? Why not use signtool.exe? Because I don't want to go to a Windows machine every time I need to sign a binary - I can compile and build the binaries using Wine on my Linux machine, but I can't sign them since the signtool.exe makes good use of the CryptoAPI in Windows, and these APIs aren't (yet?) fully implemented in Wine, so the signtool.exe tool would fail. And, so, osslsigncode was born. ## WHAT CAN IT DO? It can sign and timestamp PE (EXE/SYS/DLL/etc), CAB, CAT and MSI files. It supports the equivalent of signtool.exe's "-j javasign.dll -jp low", i.e. add a valid signature for a CAB file containing Java files. It supports getting the timestamp through a proxy as well. It also supports signature verification, removal and extraction. ## BUILDING This section covers building osslsigncode for [Unix-like](https://en.wikipedia.org/wiki/Unix-like) operating systems. See [INSTALL.W32.md](https://github.com/mtrojnar/osslsigncode/blob/master/INSTALL.W32.md) for Windows notes. We highly recommend downloading a [release tarball](https://github.com/mtrojnar/osslsigncode/releases) instead of cloning from a git repository. ### Configure, build, make tests and install osslsigncode * Install prerequisites on a Debian-based distributions, such as Ubuntu: ``` sudo apt update && sudo apt install cmake libssl-dev libcurl4-openssl-dev zlib1g-dev python3 ``` * Install prerequisites on macOS with Homebrew: ``` brew install cmake pkg-config openssl@1.1 export PKG_CONFIG_PATH="/usr/local/opt/openssl@1.1/lib/pkgconfig" ``` **NOTE:** osslsigncode requires CMake 3.17 or newer. You may need to use `cmake3` instead of `cmake` to complete the following steps on your system. * Navigate to the build directory and run CMake to configure the osslsigncode project and generate a native build system: ``` mkdir build && cd build && cmake -S .. ``` optional CMake parameters: ``` -DCMAKE_BUILD_TYPE=Debug -DCMAKE_C_COMPILER=clang -DCMAKE_PREFIX_PATH=[openssl directory];[curl directory] -DCMAKE_INSTALL_PREFIX=[installation directory] -DBASH_COMPLETION_USER_DIR=[bash completion installation directory] ``` * Then call that build system to actually compile/link the osslsigncode project (alias `make`): ``` cmake --build . ``` * Make test: ``` ctest -C Release ``` * Make install: ``` sudo cmake --install . ``` * Make tarball (simulate autotools' `make dist`): ``` cmake --build . --target package_source ``` ## USAGE Before you can sign a file you need a Software Publishing Certificate (spc) and a corresponding private key. This article provides a good starting point as to how to do the signing with the Microsoft signtool.exe: http://www.matthew-jones.com/articles/codesigning.html To sign with osslsigncode you need the certificate file mentioned in the article above, in SPC or PEM format, and you will also need the private key which must be a key file in DER or PEM format, or if osslsigncode was compiled against OpenSSL 1.0.0 or later, in PVK format. To sign a PE or MSI file you can now do: ``` osslsigncode sign -certs -key \ -n "Your Application" -i http://www.yourwebsite.com/ \ -in yourapp.exe -out yourapp-signed.exe ``` or if you are using a PEM or PVK key file with a password together with a PEM certificate: ``` osslsigncode sign -certs \ -key -pass \ -n "Your Application" -i http://www.yourwebsite.com/ \ -in yourapp.exe -out yourapp-signed.exe ``` or if you want to add a timestamp as well: ``` osslsigncode sign -certs -key \ -n "Your Application" -i http://www.yourwebsite.com/ \ -t http://timestamp.digicert.com \ -in yourapp.exe -out yourapp-signed.exe ``` You can use a certificate and key stored in a PKCS#12 container: ``` osslsigncode sign -pkcs12 -pass \ -n "Your Application" -i http://www.yourwebsite.com/ \ -in yourapp.exe -out yourapp-signed.exe ``` To sign a CAB file containing java class files: ``` osslsigncode sign -certs -key \ -n "Your Application" -i http://www.yourwebsite.com/ \ -jp low \ -in yourapp.cab -out yourapp-signed.cab ``` Only the 'low' parameter is currently supported. If you want to use PKCS11 token, you should indicate PKCS11 engine and module. An example of using osslsigncode with SoftHSM: ``` osslsigncode sign \ -pkcs11engine /usr/lib64/engines-1.1/pkcs11.so \ -pkcs11module /usr/lib64/pkcs11/libsofthsm2.so \ -pkcs11cert 'pkcs11:token=softhsm-token;object=cert' \ -key 'pkcs11:token=softhsm-token;object=key' \ -in yourapp.exe -out yourapp-signed.exe ``` You can check that the signed file is correct by right-clicking on it in Windows and choose Properties --> Digital Signatures, and then choose the signature from the list, and click on Details. You should then be presented with a dialog that says amongst other things that "This digital signature is OK". ## UNAUTHENTICATED BLOBS The "-addUnauthenticatedBlob" parameter adds a 1024-byte unauthenticated blob of data to the signature in the same area as the timestamp. This can be used while signing, while timestamping, after a file has been code signed, or by itself. This technique (but not this project) is used by Dropbox, GoToMeeting, and Summit Route. ### Example 1. Sign and add blob to unsigned file ```shell osslsigncode sign -addUnauthenticatedBlob -pkcs12 yourcert.pfx -pass your_password -n "Your Company" -i https://YourSite.com/ -in srepp.msi -out srepp_added.msi ``` ### Example 2. Timestamp and add blob to signed file ```shell osslsigncode.exe add -addUnauthenticatedBlob -t http://timestamp.digicert.com -in your_signed_file.exe -out out.exe ``` ### Example 3. Add blob to signed and time-stamped file ```shell osslsigncode.exe add -addUnauthenticatedBlob -in your_signed_file.exe -out out.exe ``` ### WARNING This feature allows for doing dumb things. Be very careful with what you put in the unauthenticated blob, as an attacker could modify this. Do NOT, under any circumstances, put a URL here that you will use to download an additional file. If you do do that, you would need to check the newly downloaded file is code signed AND that it has been signed with your cert AND that it is the version you expect. ## BUGS, QUESTIONS etc. Check whether your your question or suspected bug was already discussed on https://github.com/mtrojnar/osslsigncode/issues. Otherwise, open a new issue. BUT, if you have questions related to generating spc files, converting between different formats and so on, *please* spend a few minutes searching on google for your particular problem since many people probably already have had your problem and solved it as well. osslsigncode-2.8/TODO.md000066400000000000000000000002721457117515700151640ustar00rootroot00000000000000- signature extraction/removal/verificaton on MSI/CAB files - clean up / untangle code - separate timestamping - remove mmap usage to increase portability - fix other stuff marked 'XXX' osslsigncode-2.8/applink.c000066400000000000000000000071711457117515700157040ustar00rootroot00000000000000/* * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ #define APPLINK_STDIN 1 #define APPLINK_STDOUT 2 #define APPLINK_STDERR 3 #define APPLINK_FPRINTF 4 #define APPLINK_FGETS 5 #define APPLINK_FREAD 6 #define APPLINK_FWRITE 7 #define APPLINK_FSETMOD 8 #define APPLINK_FEOF 9 #define APPLINK_FCLOSE 10 /* should not be used */ #define APPLINK_FOPEN 11 /* solely for completeness */ #define APPLINK_FSEEK 12 #define APPLINK_FTELL 13 #define APPLINK_FFLUSH 14 #define APPLINK_FERROR 15 #define APPLINK_CLEARERR 16 #define APPLINK_FILENO 17 /* to be used with below */ #define APPLINK_OPEN 18 /* formally can't be used, as flags can vary */ #define APPLINK_READ 19 #define APPLINK_WRITE 20 #define APPLINK_LSEEK 21 #define APPLINK_CLOSE 22 #define APPLINK_MAX 22 /* always same as last macro */ #ifndef APPMACROS_ONLY # include # include # include # ifdef __BORLANDC__ /* _lseek in is a function-like macro so we can't take its address */ # undef _lseek # define _lseek lseek # endif static void *app_stdin(void) { return stdin; } static void *app_stdout(void) { return stdout; } static void *app_stderr(void) { return stderr; } static int app_feof(FILE *fp) { return feof(fp); } static int app_ferror(FILE *fp) { return ferror(fp); } static void app_clearerr(FILE *fp) { clearerr(fp); } static int app_fileno(FILE *fp) { return _fileno(fp); } static int app_fsetmod(FILE *fp, char mod) { return _setmode(_fileno(fp), mod == 'b' ? _O_BINARY : _O_TEXT); } #ifdef __cplusplus extern "C" { #endif __declspec(dllexport) void ** # if defined(__BORLANDC__) /* * __stdcall appears to be the only way to get the name * decoration right with Borland C. Otherwise it works * purely incidentally, as we pass no parameters. */ __stdcall # else __cdecl # endif #pragma warning(push, 2) OPENSSL_Applink(void) { static int once = 1; static void *OPENSSL_ApplinkTable[APPLINK_MAX + 1] = { (void *)APPLINK_MAX }; if (once) { OPENSSL_ApplinkTable[APPLINK_STDIN] = app_stdin; OPENSSL_ApplinkTable[APPLINK_STDOUT] = app_stdout; OPENSSL_ApplinkTable[APPLINK_STDERR] = app_stderr; OPENSSL_ApplinkTable[APPLINK_FPRINTF] = fprintf; OPENSSL_ApplinkTable[APPLINK_FGETS] = fgets; OPENSSL_ApplinkTable[APPLINK_FREAD] = fread; OPENSSL_ApplinkTable[APPLINK_FWRITE] = fwrite; OPENSSL_ApplinkTable[APPLINK_FSETMOD] = app_fsetmod; OPENSSL_ApplinkTable[APPLINK_FEOF] = app_feof; OPENSSL_ApplinkTable[APPLINK_FCLOSE] = fclose; OPENSSL_ApplinkTable[APPLINK_FOPEN] = fopen; OPENSSL_ApplinkTable[APPLINK_FSEEK] = fseek; OPENSSL_ApplinkTable[APPLINK_FTELL] = ftell; OPENSSL_ApplinkTable[APPLINK_FFLUSH] = fflush; OPENSSL_ApplinkTable[APPLINK_FERROR] = app_ferror; OPENSSL_ApplinkTable[APPLINK_CLEARERR] = app_clearerr; OPENSSL_ApplinkTable[APPLINK_FILENO] = app_fileno; OPENSSL_ApplinkTable[APPLINK_OPEN] = _open; OPENSSL_ApplinkTable[APPLINK_READ] = _read; OPENSSL_ApplinkTable[APPLINK_WRITE] = _write; OPENSSL_ApplinkTable[APPLINK_LSEEK] = _lseek; OPENSSL_ApplinkTable[APPLINK_CLOSE] = _close; once = 0; } return OPENSSL_ApplinkTable; } #pragma warning(pop) #ifdef __cplusplus } #endif #endif osslsigncode-2.8/appx.c000066400000000000000000002761421457117515700152240ustar00rootroot00000000000000/* * APPX file support library * https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT * * Copyright (C) Maciej Panek * Copyright (C) 2023 Micha┼В Trojnara * Author: Ma┼Вgorzata Olsz├│wka * * APPX files do not support nesting (multiple signature) */ #define _FILE_OFFSET_BITS 64 #include "osslsigncode.h" #include "helpers.h" #include #include #ifndef PRIX64 #if defined(_MSC_VER) #define PRIX64 "I64X" #else /* _MSC_VER */ #if ULONG_MAX == 0xFFFFFFFFFFFFFFFF #define PRIX64 "lX" #else /* ULONG_MAX == 0xFFFFFFFFFFFFFFFF */ #define PRIX64 "llX" #endif /* ULONG_MAX == 0xFFFFFFFFFFFFFFFF */ #endif /* _MSC_VER */ #endif /* PRIX64 */ #if defined(_MSC_VER) #define fseeko _fseeki64 #define ftello _ftelli64 #endif /* _MSC_VER */ #define EOCDR_SIZE 22 #define ZIP64_EOCD_LOCATOR_SIZE 20 #define ZIP64_HEADER 0x01 #define COMPRESSION_NONE 0 #define COMPRESSION_DEFLATE 8 #define DATA_DESCRIPTOR_BIT (1 << 3) static const char PKZIP_LH_SIGNATURE[4] = { 'P', 'K', 3, 4 }; static const char PKZIP_CD_SIGNATURE[4] = { 'P', 'K', 1, 2 }; static const char PKZIP_EOCDR_SIGNATURE[4] = { 'P', 'K', 5, 6 }; static const char PKZIP_DATA_DESCRIPTOR_SIGNATURE[4] = { 'P', 'K', 7, 8 }; static const char PKZIP64_EOCD_LOCATOR_SIGNATURE[4] = { 'P', 'K', 6, 7 }; static const char PKZIP64_EOCDR_SIGNATURE[4] = { 'P', 'K', 6, 6 }; static const char *APP_SIGNATURE_FILENAME = "AppxSignature.p7x"; static const char *CONTENT_TYPES_FILENAME = "[Content_Types].xml"; static const char *BLOCK_MAP_FILENAME = "AppxBlockMap.xml"; static const char *APPXBUNDLE_MANIFEST_FILENAME = "AppxMetadata/AppxBundleManifest.xml"; static const char *CODE_INTEGRITY_FILENAME = "AppxMetadata/CodeIntegrity.cat"; static const char *SIGNATURE_CONTENT_TYPES_ENTRY = ""; static const char *SIGNATURE_CONTENT_TYPES_CLOSING_TAG = ""; static const u_char APPX_UUID[] = { 0x4B, 0xDF, 0xC5, 0x0A, 0x07, 0xCE, 0xE2, 0x4D, 0xB7, 0x6E, 0x23, 0xC8, 0x39, 0xA0, 0x9F, 0xD1 }; static const u_char APPXBUNDLE_UUID[] = { 0xB3, 0x58, 0x5F, 0x0F, 0xDE, 0xAA, 0x9A, 0x4B, 0xA4, 0x34, 0x95, 0x74, 0x2D, 0x92, 0xEC, 0xEB }; static const char PKCX_SIGNATURE[4] = { 'P', 'K', 'C', 'X' }; /* P7X format header */ static const char APPX_SIGNATURE[4] = { 'A', 'P', 'P', 'X' }; /* APPX header */ static const char AXPC_SIGNATURE[4] = { 'A', 'X', 'P', 'C' }; /* digest of zip file records */ static const char AXCD_SIGNATURE[4] = { 'A', 'X', 'C', 'D' }; /* digest zip file central directory */ static const char AXCT_SIGNATURE[4] = { 'A', 'X', 'C', 'T' }; /* digest of uncompressed [ContentTypes].xml */ static const char AXBM_SIGNATURE[4] = { 'A', 'X', 'B', 'M' }; /* digest of uncompressed AppxBlockMap.xml */ static const char AXCI_SIGNATURE[4] = { 'A', 'X', 'C', 'I' }; /* digest of uncompressed AppxMetadata/CodeIntegrity.cat (optional) */ static const char *HASH_METHOD_TAG = "HashMethod"; static const char *HASH_METHOD_SHA256 = "http://www.w3.org/2001/04/xmlenc#sha256"; static const char *HASH_METHOD_SHA384 = "http://www.w3.org/2001/04/xmldsig-more#sha384"; static const char *HASH_METHOD_SHA512 = "http://www.w3.org/2001/04/xmlenc#sha512"; /* * Overall .ZIP file format: * * [local file header 1] * [encryption header 1] * [file data 1] * [data descriptor 1] * . * . * . * [local file header n] * [encryption header n] * [file data n] * [data descriptor n] * [archive decryption header] * [archive extra data record] * [central directory header 1] * . * . * . * [central directory header n] * [zip64 end of central directory record] * [zip64 end of central directory locator] * [end of central directory record] */ /* Local file header */ typedef struct { uint16_t version; uint16_t flags; uint16_t compression; uint16_t modTime; uint16_t modDate; uint32_t crc32; uint64_t compressedSize; uint64_t uncompressedSize; uint16_t fileNameLen; uint16_t extraFieldLen; char *fileName; uint8_t *extraField; int compressedSizeInZip64; int uncompressedSizeInZip64; } ZIP_LOCAL_HEADER; /* Data descriptor */ typedef struct { uint32_t crc32; uint64_t compressedSize; uint64_t uncompressedSize; uint8_t *data; } ZIP_OVERRIDE_DATA; /* Central directory structure */ typedef struct zipCentralDirectoryEntry_struct { uint16_t creatorVersion; uint16_t viewerVersion; uint16_t flags; uint16_t compression; uint16_t modTime; uint16_t modDate; uint32_t crc32; uint64_t compressedSize; uint64_t uncompressedSize; uint16_t fileNameLen; uint16_t extraFieldLen; uint16_t fileCommentLen; uint32_t diskNoStart; uint16_t internalAttr; uint32_t externalAttr; uint64_t offsetOfLocalHeader; char *fileName; uint8_t *extraField; char *fileComment; int64_t fileOffset; int64_t entryLen; int compressedSizeInZip64; int uncompressedSizeInZip64; int offsetInZip64; int diskNoInZip64; ZIP_OVERRIDE_DATA *overrideData; struct zipCentralDirectoryEntry_struct *next; } ZIP_CENTRAL_DIRECTORY_ENTRY; /* Zip64 end of central directory record */ typedef struct { uint64_t eocdrSize; uint16_t creatorVersion; uint16_t viewerVersion; uint32_t diskNumber; uint32_t diskWithCentralDirectory; uint64_t diskEntries; uint64_t totalEntries; uint64_t centralDirectorySize; uint64_t centralDirectoryOffset; uint64_t commentLen; char *comment; } ZIP64_EOCDR; /* Zip64 end of central directory locator */ typedef struct { uint32_t diskWithEOCD; uint64_t eocdOffset; uint32_t totalNumberOfDisks; } ZIP64_EOCD_LOCATOR; /* End of central directory record */ typedef struct { uint16_t diskNumber; uint16_t centralDirectoryDiskNumber; uint16_t diskEntries; uint16_t totalEntries; uint32_t centralDirectorySize; uint32_t centralDirectoryOffset; uint16_t commentLen; char *comment; } ZIP_EOCDR; typedef struct { FILE *file; ZIP_CENTRAL_DIRECTORY_ENTRY *centralDirectoryHead; uint64_t centralDirectorySize; uint64_t centralDirectoryOffset; uint64_t centralDirectoryRecordCount; uint64_t eocdrOffset; int64_t eocdrLen; int64_t fileSize; int isZip64; /* this will come handy to rewrite the eocdr */ ZIP_EOCDR eocdr; ZIP64_EOCD_LOCATOR locator; ZIP64_EOCDR eocdr64; } ZIP_FILE; typedef struct { ASN1_INTEGER *a; ASN1_OCTET_STRING *string; ASN1_INTEGER *b; ASN1_INTEGER *c; ASN1_INTEGER *d; ASN1_INTEGER *e; ASN1_INTEGER *f; } AppxSpcSipInfo; DECLARE_ASN1_FUNCTIONS(AppxSpcSipInfo) ASN1_SEQUENCE(AppxSpcSipInfo) = { ASN1_SIMPLE(AppxSpcSipInfo, a, ASN1_INTEGER), ASN1_SIMPLE(AppxSpcSipInfo, string, ASN1_OCTET_STRING), ASN1_SIMPLE(AppxSpcSipInfo, b, ASN1_INTEGER), ASN1_SIMPLE(AppxSpcSipInfo, c, ASN1_INTEGER), ASN1_SIMPLE(AppxSpcSipInfo, d, ASN1_INTEGER), ASN1_SIMPLE(AppxSpcSipInfo, e, ASN1_INTEGER), ASN1_SIMPLE(AppxSpcSipInfo, f, ASN1_INTEGER), } ASN1_SEQUENCE_END(AppxSpcSipInfo) IMPLEMENT_ASN1_FUNCTIONS(AppxSpcSipInfo) struct appx_ctx_st { ZIP_FILE *zip; u_char *calculatedBMHash; u_char *calculatedCTHash; u_char *calculatedCDHash; u_char *calculatedDataHash; u_char *calculatedCIHash; u_char *existingBMHash; u_char *existingCTHash; u_char *existingCDHash; u_char *existingDataHash; u_char *existingCIHash; int isBundle; const EVP_MD *md; int hashlen; } appx_ctx_t; /* FILE_FORMAT method prototypes */ static FILE_FORMAT_CTX *appx_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata); static const EVP_MD *appx_md_get(FILE_FORMAT_CTX *ctx); static ASN1_OBJECT *appx_spc_sip_info_get(u_char **p, int *plen, FILE_FORMAT_CTX *ctx); static PKCS7 *appx_pkcs7_contents_get(FILE_FORMAT_CTX *ctx, BIO *hash, const EVP_MD *md); static int appx_hash_length_get(FILE_FORMAT_CTX *ctx); static int appx_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7); static PKCS7 *appx_pkcs7_extract(FILE_FORMAT_CTX *ctx); static int appx_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); static int appx_process_data(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); static PKCS7 *appx_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash); static int appx_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7); static void appx_bio_free(BIO *hash, BIO *outdata); static void appx_ctx_cleanup(FILE_FORMAT_CTX *ctx); FILE_FORMAT file_format_appx = { .ctx_new = appx_ctx_new, .md_get = appx_md_get, .data_blob_get = appx_spc_sip_info_get, .pkcs7_contents_get = appx_pkcs7_contents_get, .hash_length_get = appx_hash_length_get, .verify_digests = appx_verify_digests, .pkcs7_extract = appx_pkcs7_extract, .remove_pkcs7 = appx_remove_pkcs7, .process_data = appx_process_data, .pkcs7_signature_new = appx_pkcs7_signature_new, .append_pkcs7 = appx_append_pkcs7, .bio_free = appx_bio_free, .ctx_cleanup = appx_ctx_cleanup, }; /* Prototypes */ static BIO *appx_calculate_hashes(FILE_FORMAT_CTX *ctx); static BIO *appx_hash_blob_get(FILE_FORMAT_CTX *ctx); static uint8_t *appx_calc_zip_central_directory_hash(ZIP_FILE *zip, const EVP_MD *md, uint64_t cdOffset); static int appx_write_central_directory(BIO *bio, ZIP_FILE *zip, int removeSignature, uint64_t cdOffset); static uint8_t *appx_calc_zip_data_hash(uint64_t *cdOffset, ZIP_FILE *zip, const EVP_MD *md); static int appx_extract_hashes(FILE_FORMAT_CTX *ctx, SpcIndirectDataContent *content); static int appx_compare_hashes(FILE_FORMAT_CTX *ctx); static int appx_remove_ct_signature_entry(ZIP_FILE *zip, ZIP_CENTRAL_DIRECTORY_ENTRY *entry); static int appx_append_ct_signature_entry(ZIP_FILE *zip, ZIP_CENTRAL_DIRECTORY_ENTRY *entry); static const EVP_MD *appx_get_md(ZIP_FILE *zip); static ZIP_CENTRAL_DIRECTORY_ENTRY *zipGetCDEntryByName(ZIP_FILE *zip, const char *name); static void zipWriteCentralDirectoryEntry(BIO *bio, uint64_t *sizeOnDisk, ZIP_CENTRAL_DIRECTORY_ENTRY *entry, uint64_t offsetDiff); static int zipAppendSignatureFile(BIO *bio, ZIP_FILE *zip, uint8_t *data, uint64_t dataSize); static int zipOverrideFileData(ZIP_CENTRAL_DIRECTORY_ENTRY *entry, uint8_t *data, uint64_t dataSize); static int zipRewriteData(ZIP_FILE *zip, ZIP_CENTRAL_DIRECTORY_ENTRY *entry, BIO *bio, uint64_t *sizeOnDisk); static void zipWriteLocalHeader(BIO *bio, uint64_t *sizeonDisk, ZIP_LOCAL_HEADER *heade); static int zipEntryExist(ZIP_FILE *zip, const char *name); static u_char *zipCalcDigest(ZIP_FILE *zip, const char *fileName, const EVP_MD *md); static size_t zipReadFileDataByName(uint8_t **pData, ZIP_FILE *zip, const char *name); static size_t zipReadFileData(ZIP_FILE *zip, uint8_t **pData, ZIP_CENTRAL_DIRECTORY_ENTRY *entry); static int zipReadLocalHeader(ZIP_LOCAL_HEADER *header, ZIP_FILE *zip, uint64_t compressedSize); static int zipInflate(uint8_t *dest, uint64_t *destLen, uint8_t *source, uLong *sourceLen); static int zipDeflate(uint8_t *dest, uint64_t *destLen, uint8_t *source, uLong sourceLen); static ZIP_FILE *openZip(const char *filename); static void freeZip(ZIP_FILE *zip); static void zipPrintCentralDirectory(ZIP_FILE *zip); static int zipReadCentralDirectory(ZIP_FILE *zip, FILE *file); static ZIP_CENTRAL_DIRECTORY_ENTRY *zipReadNextCentralDirectoryEntry(FILE *file); static void freeZipCentralDirectoryEntry(ZIP_CENTRAL_DIRECTORY_ENTRY *entry); static int readZipEOCDR(ZIP_EOCDR *eocdr, FILE *file); static int readZip64EOCDLocator(ZIP64_EOCD_LOCATOR *locator, FILE *file); static int readZip64EOCDR(ZIP64_EOCDR *eocdr, FILE *file, uint64_t offset); static int get_current_position(BIO *bio, uint64_t *offset); static uint64_t fileGetU64(FILE *file); static uint32_t fileGetU32(FILE *file); static uint16_t fileGetU16(FILE *file); static uint64_t bufferGetU64(uint8_t *buffer, uint64_t *pos); static uint32_t bufferGetU32(uint8_t *buffer, uint64_t *pos); static uint16_t bufferGetU16(uint8_t *buffer, uint64_t *pos); static void bioAddU64(BIO *bio, uint64_t v); static void bioAddU32(BIO *bio, uint32_t v); static void bioAddU16(BIO *bio, uint16_t v); /* * FILE_FORMAT method definitions */ /* * Allocate and return a PE file format context. * [in, out] options: structure holds the input data * [out] hash: message digest BIO * [in] outdata: outdata file BIO * [returns] pointer to PE file format context */ static FILE_FORMAT_CTX *appx_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata) { FILE_FORMAT_CTX *ctx; const EVP_MD *md; ZIP_FILE *zip = openZip(options->infile); /* squash unused parameter warnings */ (void)hash; (void)outdata; if (!zip) { return NULL; /* FAILED */ } if (options->verbose) { zipPrintCentralDirectory(zip); } md = appx_get_md(zip); if (!md) { freeZip(zip); return NULL; /* FAILED */ } ctx = OPENSSL_malloc(sizeof(FILE_FORMAT_CTX)); ctx->appx_ctx = OPENSSL_zalloc(sizeof(appx_ctx_t)); ctx->appx_ctx->zip = zip; ctx->format = &file_format_appx; ctx->options = options; ctx->appx_ctx->md = md; if (zipGetCDEntryByName(zip, APPXBUNDLE_MANIFEST_FILENAME)) { ctx->appx_ctx->isBundle = 1; } if (options->cmd == CMD_SIGN || options->cmd==CMD_ATTACH || options->cmd==CMD_ADD || options->cmd == CMD_EXTRACT_DATA) { printf("Warning: Ignore -h option, use the hash algorithm specified in AppxBlockMap.xml\n"); } if (options->pagehash == 1) printf("Warning: -ph option is only valid for PE files\n"); if (options->jp >= 0) printf("Warning: -jp option is only valid for CAB files\n"); if (options->add_msi_dse == 1) printf("Warning: -add-msi-dse option is only valid for MSI files\n"); return ctx; } /* * Return a hash algorithm specified in the AppxBlockMap.xml file. * [in] ctx: structure holds input and output data * [returns] hash algorithm */ static const EVP_MD *appx_md_get(FILE_FORMAT_CTX *ctx) { return ctx->appx_ctx->md; } /* * Allocate and return SpcSipInfo object. * [out] p: SpcSipInfo data * [out] plen: SpcSipInfo data length * [in] ctx: structure holds input and output data * [returns] pointer to ASN1_OBJECT structure corresponding to SPC_SIPINFO_OBJID */ static ASN1_OBJECT *appx_spc_sip_info_get(u_char **p, int *plen, FILE_FORMAT_CTX *ctx) { ASN1_OBJECT *dtype; AppxSpcSipInfo *si = AppxSpcSipInfo_new(); ASN1_INTEGER_set(si->a, 0x01010000); ASN1_INTEGER_set(si->b, 0); ASN1_INTEGER_set(si->c, 0); ASN1_INTEGER_set(si->d, 0); ASN1_INTEGER_set(si->e, 0); ASN1_INTEGER_set(si->f, 0); if (ctx->appx_ctx->isBundle) { printf("Signing as a bundle\n"); ASN1_OCTET_STRING_set(si->string, APPXBUNDLE_UUID, sizeof(APPXBUNDLE_UUID)); } else { printf("Signing as a package\n"); ASN1_OCTET_STRING_set(si->string, APPX_UUID, sizeof(APPX_UUID)); } *plen = i2d_AppxSpcSipInfo(si, NULL); *p = OPENSSL_malloc((size_t)*plen); i2d_AppxSpcSipInfo(si, p); *p -= *plen; dtype = OBJ_txt2obj(SPC_SIPINFO_OBJID, 1); AppxSpcSipInfo_free(si); return dtype; /* OK */ } /* * Allocate and return a data content to be signed. * [in] ctx: structure holds input and output data * [in] hash: message digest BIO * [in] md: message digest algorithm * [returns] data content */ static PKCS7 *appx_pkcs7_contents_get(FILE_FORMAT_CTX *ctx, BIO *hash, const EVP_MD *md) { ASN1_OCTET_STRING *content; ZIP_CENTRAL_DIRECTORY_ENTRY *entry; BIO *bhash; /* squash unused parameter warnings */ (void)md; (void)hash; /* Create and append a new signature content types entry */ entry = zipGetCDEntryByName(ctx->appx_ctx->zip, CONTENT_TYPES_FILENAME); if (!entry) { printf("Not a valid .appx file: content types file missing\n"); return NULL; /* FAILED */ } if (!appx_append_ct_signature_entry(ctx->appx_ctx->zip, entry)) { return NULL; /* FAILED */ } bhash = appx_calculate_hashes(ctx); if (!bhash) { return NULL; /* FAILED */ } content = spc_indirect_data_content_get(bhash, ctx); BIO_free_all(bhash); return pkcs7_set_content(content); } /* * Get concatenated hashes length. * [in] ctx: structure holds input and output data * [returns] the length of concatenated hashes */ static int appx_hash_length_get(FILE_FORMAT_CTX *ctx) { return ctx->appx_ctx->hashlen; } /* * Calculate message digest and compare to value retrieved from PKCS#7 signedData. * [in] ctx: structure holds input and output data * [in] p7: PKCS#7 signature * [returns] 0 on error or 1 on success */ static int appx_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7) { if (is_content_type(p7, SPC_INDIRECT_DATA_OBJID)) { ASN1_STRING *content_val = p7->d.sign->contents->d.other->value.sequence; const u_char *p = content_val->data; SpcIndirectDataContent *idc = d2i_SpcIndirectDataContent(NULL, &p, content_val->length); if (idc) { BIO *hashes; if (!appx_extract_hashes(ctx, idc)) { printf("Failed to extract hashes from the signature\n"); SpcIndirectDataContent_free(idc); return 0; /* FAILED */ } hashes = appx_calculate_hashes(ctx); if (!hashes) { SpcIndirectDataContent_free(idc); return 0; /* FAILED */ } BIO_free_all(hashes); if (!appx_compare_hashes(ctx)) { printf("Signature hash verification failed\n"); SpcIndirectDataContent_free(idc); return 0; /* FAILED */ } SpcIndirectDataContent_free(idc); } } return 1; /* OK */ } /* * Extract existing signature in DER format. * [in] ctx: structure holds input and output data * [returns] pointer to PKCS#7 structure */ static PKCS7 *appx_pkcs7_extract(FILE_FORMAT_CTX *ctx) { PKCS7 *p7; uint8_t *data = NULL; const u_char *blob; size_t dataSize; /* Check if the signature exists */ if (!zipEntryExist(ctx->appx_ctx->zip, APP_SIGNATURE_FILENAME)) { printf("%s does not exist\n", APP_SIGNATURE_FILENAME); return NULL; /* FAILED */ } dataSize = zipReadFileDataByName(&data, ctx->appx_ctx->zip, APP_SIGNATURE_FILENAME); if (dataSize <= 0) { return NULL; /* FAILED */ } /* P7X format is just 0x504B4358 (PKCX) followed by PKCS#7 data in the DER format */ if (memcmp(data, PKCX_SIGNATURE, 4)) { printf("Invalid PKCX header\n"); OPENSSL_free(data); return NULL; /* FAILED */ } blob = (u_char *)data + 4; p7 = d2i_PKCS7(NULL, &blob, (int)dataSize - 4); OPENSSL_free(data); return p7; } /* * Remove existing signature. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [out] outdata: outdata file BIO * [returns] 1 on error or 0 on success */ static int appx_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) { uint8_t *data = NULL; size_t dataSize; uint64_t cdOffset, noEntries = 0; ZIP_FILE *zip = ctx->appx_ctx->zip; ZIP_CENTRAL_DIRECTORY_ENTRY *entry = zipGetCDEntryByName(zip, CONTENT_TYPES_FILENAME); /* squash the unused parameter warning */ (void)hash; if (!entry) { printf("Not a valid .appx file: content types file missing\n"); return 1; /* FAILED */ } /* read signature data */ dataSize = zipReadFileDataByName(&data, ctx->appx_ctx->zip, APP_SIGNATURE_FILENAME); if (dataSize <= 0) { return 1; /* FAILED, no signature */ } OPENSSL_free(data); if (!appx_remove_ct_signature_entry(zip, entry)) { printf("Failed to remove signature entry\n"); return 1; /* FAILED */ } for (entry = zip->centralDirectoryHead; entry != NULL; entry = entry->next) { if (noEntries == zip->centralDirectoryRecordCount) { printf("Warning: Corrupted central directory structure\n"); return 1; /* FAILED */ } noEntries++; if (!entry->fileName || (entry->fileNameLen == 0)) { printf("Warning: Corrupted file name\n"); return 1; /* FAILED */ } if (strcmp(entry->fileName, APP_SIGNATURE_FILENAME)) { uint64_t dummy; if (!zipRewriteData(zip, entry, outdata, &dummy)) { return 1; /* FAILED */ } } } if (!get_current_position(outdata, &cdOffset)) { printf("Unable to get offset\n"); return 1; /* FAILED */ } if (!appx_write_central_directory(outdata, zip, 1, cdOffset)) { printf("Unable to write central directory\n"); return 1; /* FAILED */ } return 0; /* OK */ } /* * Modify specific type data. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO (unused) * [out] outdata: outdata file BIO (unused) * [returns] 1 on error or 0 on success */ static int appx_process_data(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) { ZIP_CENTRAL_DIRECTORY_ENTRY *entry; /* squash unused parameter warnings */ (void)outdata; (void)hash; /* Create and append a new signature content types entry */ entry = zipGetCDEntryByName(ctx->appx_ctx->zip, CONTENT_TYPES_FILENAME); if (!entry) { printf("Not a valid .appx file: content types file missing\n"); return 1; /* FAILED */ } if (!appx_append_ct_signature_entry(ctx->appx_ctx->zip, entry)) { return 1; /* FAILED */ } return 0; /* OK */ } /* * Create a new PKCS#7 signature. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO (unused) * [returns] pointer to PKCS#7 structure */ static PKCS7 *appx_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash) { ASN1_OCTET_STRING *content; PKCS7 *p7 = NULL; BIO *hashes; /* squash unused parameter warnings */ (void)hash; /* Create hash blob from concatenated APPX hashes */ hashes = appx_calculate_hashes(ctx); if (!hashes) { return NULL; /* FAILED */ } p7 = pkcs7_create(ctx); if (!p7) { printf("Creating a new signature failed\n"); BIO_free_all(hashes); return NULL; /* FAILED */ } if (!add_indirect_data_object(p7)) { printf("Adding SPC_INDIRECT_DATA_OBJID failed\n"); PKCS7_free(p7); BIO_free_all(hashes); return NULL; /* FAILED */ } content = spc_indirect_data_content_get(hashes, ctx); BIO_free_all(hashes); if (!content) { printf("Failed to get spcIndirectDataContent\n"); PKCS7_free(p7); return NULL; /* FAILED */ } if (!sign_spc_indirect_data_content(p7, content)) { printf("Failed to set signed content\n"); PKCS7_free(p7); ASN1_OCTET_STRING_free(content); return NULL; /* FAILED */ } ASN1_OCTET_STRING_free(content); return p7; /* OK */ } /* * Append signature to the outfile. * [in, out] ctx: structure holds input and output data * [out] outdata: outdata file BIO * [in] p7: PKCS#7 signature * [returns] 1 on error or 0 on success */ static int appx_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) { ZIP_FILE *zip = ctx->appx_ctx->zip; ZIP_CENTRAL_DIRECTORY_ENTRY *prev = NULL; ZIP_CENTRAL_DIRECTORY_ENTRY *last = NULL; ZIP_CENTRAL_DIRECTORY_ENTRY *entry; u_char *blob, *der = NULL; int len; uint64_t cdOffset, noEntries = 0; for (entry = zip->centralDirectoryHead; entry != NULL;) { if (noEntries >= zip->centralDirectoryRecordCount) { printf("Warning: Corrupted central directory structure\n"); return 1; /* FAILED */ } noEntries++; last = entry; if (!entry->fileName || (entry->fileNameLen == 0)) { printf("Warning: Corrupted file name\n"); return 1; /* FAILED */ } if (strcmp(entry->fileName, APP_SIGNATURE_FILENAME)) { uint64_t dummy = 0; if (!zipRewriteData(zip, entry, outdata, &dummy)) { return 1; /* FAILED */ } prev = entry; entry = entry->next; } else { /* remove the entry * actually this code is pretty naive - if you remove the entry that was not at the end * everything will go south - the offsets in the CD will not match the local header offsets. * that can be fixed here or left as is - signtool and this tool always appends the signature file at the end. * Might be a problem when someone decides to unpack & repack the .appx zip file */ ZIP_CENTRAL_DIRECTORY_ENTRY *current = entry; entry = entry->next; if (prev) { prev->next = entry; } freeZipCentralDirectoryEntry(current); } } if (!last) { /* not really possible unless an empty zip file, but who knows */ return 1; /* FAILED */ } /* create the signature entry */ if (((len = i2d_PKCS7(p7, NULL)) <= 0) || (der = OPENSSL_malloc((size_t)len)) == NULL) return 1; /* FAILED */ i2d_PKCS7(p7, &der); der -= len; blob = OPENSSL_malloc((size_t)(len + 4)); memcpy(blob, PKCX_SIGNATURE, 4); memcpy(blob + 4, der, (size_t)len); len += 4; if (!zipAppendSignatureFile(outdata, zip, blob, (uint64_t)len)) { OPENSSL_free(blob); printf("Failed to append zip file\n"); return 1; /* FAILED */ } OPENSSL_free(der); OPENSSL_free(blob); if (!get_current_position(outdata, &cdOffset)) { printf("Unable to get offset\n"); return 1; /* FAILED */ } if (!appx_write_central_directory(outdata, zip, 0, cdOffset)) { printf("Unable to write central directory\n"); return 1; /* FAILED */ } return 0; /* OK */ } /* * Free up an entire message digest BIO chain. * [out] hash: message digest BIO * [out] outdata: outdata file BIO * [returns] none */ static void appx_bio_free(BIO *hash, BIO *outdata) { BIO_free_all(outdata); BIO_free_all(hash); } /* * Deallocate a FILE_FORMAT_CTX structure and PE format specific structure. * [out] ctx: structure holds input and output data * [out] hash: message digest BIO * [in] outdata: outdata file BIO * [returns] none */ static void appx_ctx_cleanup(FILE_FORMAT_CTX *ctx) { freeZip(ctx->appx_ctx->zip); OPENSSL_free(ctx->appx_ctx->calculatedBMHash); OPENSSL_free(ctx->appx_ctx->calculatedCTHash); OPENSSL_free(ctx->appx_ctx->calculatedCDHash); OPENSSL_free(ctx->appx_ctx->calculatedDataHash); OPENSSL_free(ctx->appx_ctx->calculatedCIHash); OPENSSL_free(ctx->appx_ctx->existingBMHash); OPENSSL_free(ctx->appx_ctx->existingCTHash); OPENSSL_free(ctx->appx_ctx->existingCDHash); OPENSSL_free(ctx->appx_ctx->existingDataHash); OPENSSL_free(ctx->appx_ctx->existingCIHash); OPENSSL_free(ctx->appx_ctx); OPENSSL_free(ctx); } /* * APPX helper functions */ /* * Calculate ZIP hashes. * [in, out] ctx: structure holds input and output data * [returns] pointer to BIO with calculated APPX hashes */ static BIO *appx_calculate_hashes(FILE_FORMAT_CTX *ctx) { uint64_t cdOffset = 0; ctx->appx_ctx->calculatedBMHash = zipCalcDigest(ctx->appx_ctx->zip, BLOCK_MAP_FILENAME, ctx->appx_ctx->md); ctx->appx_ctx->calculatedCTHash = zipCalcDigest(ctx->appx_ctx->zip, CONTENT_TYPES_FILENAME, ctx->appx_ctx->md); ctx->appx_ctx->calculatedDataHash = appx_calc_zip_data_hash(&cdOffset, ctx->appx_ctx->zip, ctx->appx_ctx->md); ctx->appx_ctx->calculatedCDHash = appx_calc_zip_central_directory_hash(ctx->appx_ctx->zip, ctx->appx_ctx->md, cdOffset); ctx->appx_ctx->calculatedCIHash = zipCalcDigest(ctx->appx_ctx->zip, CODE_INTEGRITY_FILENAME, ctx->appx_ctx->md); if (!ctx->appx_ctx->calculatedBMHash || !ctx->appx_ctx->calculatedCTHash || !ctx->appx_ctx->calculatedCDHash || !ctx->appx_ctx->calculatedDataHash) { printf("One or more hashes calculation failed\n"); return NULL; /* FAILED */ } if (zipEntryExist(ctx->appx_ctx->zip, CODE_INTEGRITY_FILENAME) && !ctx->appx_ctx->calculatedCIHash) { printf("Code integrity file exists, but CI hash calculation failed\n"); return NULL; /* FAILED */ } return appx_hash_blob_get(ctx); } /* * Create hash blob from concatenated APPX hashes. * [in] ctx: structure holds input and output data * [returns] pointer to BIO with calculated APPX hashes */ static BIO *appx_hash_blob_get(FILE_FORMAT_CTX *ctx) { int mdlen = EVP_MD_size(ctx->appx_ctx->md); int dataSize = ctx->appx_ctx->calculatedCIHash ? 4 + 5 * (mdlen + 4) : 4 + 4 * (mdlen + 4); u_char *data = OPENSSL_malloc((size_t)dataSize); int pos = 0; BIO *hashes = BIO_new(BIO_s_mem()); memcpy(data + pos, APPX_SIGNATURE, 4); pos += 4; memcpy(data + pos, AXPC_SIGNATURE, 4); pos += 4; memcpy(data + pos, ctx->appx_ctx->calculatedDataHash, (size_t)mdlen); pos += mdlen; memcpy(data + pos, AXCD_SIGNATURE, 4); pos += 4; memcpy(data + pos, ctx->appx_ctx->calculatedCDHash, (size_t)mdlen); pos += mdlen; memcpy(data + pos, AXCT_SIGNATURE, 4); pos += 4; memcpy(data + pos, ctx->appx_ctx->calculatedCTHash, (size_t)mdlen); pos += mdlen; memcpy(data + pos, AXBM_SIGNATURE, 4); pos += 4; memcpy(data + pos, ctx->appx_ctx->calculatedBMHash, (size_t)mdlen); pos += mdlen; if (ctx->appx_ctx->calculatedCIHash) { memcpy(data + pos, AXCI_SIGNATURE, 4); pos += 4; memcpy(data + pos, ctx->appx_ctx->calculatedCIHash, (size_t)mdlen); pos += mdlen; } if (ctx->options->verbose) { print_hash("Hash of file: ", "\n", data, pos); } ctx->appx_ctx->hashlen = BIO_write(hashes, data, pos); OPENSSL_free(data); return hashes; } /* * Calculate ZIP central directory hash. * [in] zip: structure holds specific ZIP data * [in] md: message digest algorithm type * [in] cdOffset: central directory offset * [returns] hash */ static uint8_t *appx_calc_zip_central_directory_hash(ZIP_FILE *zip, const EVP_MD *md, uint64_t cdOffset) { u_char *mdbuf = NULL; BIO *bhash = BIO_new(BIO_f_md()); if (!BIO_set_md(bhash, md)) { printf("Unable to set the message digest of BIO\n"); BIO_free_all(bhash); return NULL; /* FAILED */ } BIO_push(bhash, BIO_new(BIO_s_null())); if (!appx_write_central_directory(bhash, zip, 1, cdOffset)) { printf("Unable to write central directory\n"); BIO_free_all(bhash); return NULL; /* FAILED */ } mdbuf = OPENSSL_malloc((size_t)EVP_MD_size(md)); BIO_gets(bhash, (char*)mdbuf, EVP_MD_size(md)); BIO_free_all(bhash); return mdbuf; } /* * Write central directory structure. * [out] bio: outdata file BIO * [in] zip: structure holds specific ZIP data * [in] removeSignature: remove signature switch * [in] cdOffset: central directory offset * [returns] 0 on error or 1 on success */ static int appx_write_central_directory(BIO *bio, ZIP_FILE *zip, int removeSignature, uint64_t cdOffset) { ZIP_CENTRAL_DIRECTORY_ENTRY *entry; uint64_t offsetDiff = 0, cdSize = 0; uint16_t noEntries = 0; for (entry = zip->centralDirectoryHead; entry != NULL; entry = entry->next) { /* the signature file is considered non existent for hashing purposes */ uint64_t sizeOnDisk = 0; if (noEntries > zip->centralDirectoryRecordCount) { printf("Warning: Corrupted central directory structure\n"); return 0; /* FAILED */ } if (!entry->fileName || (entry->fileNameLen == 0)) { printf("Warning: Corrupted file name\n"); return 0; /* FAILED */ } if (removeSignature && !strcmp(entry->fileName, APP_SIGNATURE_FILENAME)) { continue; } /* APP_SIGNATURE is nt 'tainted' by offset shift after replacing the contents of [content_types] */ zipWriteCentralDirectoryEntry(bio, &sizeOnDisk, entry, strcmp(entry->fileName, APP_SIGNATURE_FILENAME) ? offsetDiff : 0); cdSize += sizeOnDisk; if (entry->overrideData) { offsetDiff += entry->overrideData->compressedSize - entry->compressedSize; } noEntries++; } if (zip->isZip64) { /* eocdr */ BIO_write(bio, PKZIP64_EOCDR_SIGNATURE, 4); bioAddU64(bio, zip->eocdr64.eocdrSize); bioAddU16(bio, zip->eocdr64.creatorVersion); bioAddU16(bio, zip->eocdr64.viewerVersion); bioAddU32(bio, zip->eocdr64.diskNumber); bioAddU32(bio, zip->eocdr64.diskWithCentralDirectory); bioAddU64(bio, (uint64_t)noEntries); bioAddU64(bio, (uint64_t)noEntries); bioAddU64(bio, cdSize); bioAddU64(bio, cdOffset); if (zip->eocdr64.commentLen > 0) { size_t check; if (!BIO_write_ex(bio, zip->eocdr64.comment, zip->eocdr64.commentLen, &check) || check != zip->eocdr64.commentLen) { return 0; /* FAILED */ } } /* eocdr locator */ BIO_write(bio, PKZIP64_EOCD_LOCATOR_SIGNATURE, 4); bioAddU32(bio, zip->locator.diskWithEOCD); bioAddU64(bio, cdOffset + cdSize); bioAddU32(bio, zip->locator.totalNumberOfDisks); } BIO_write(bio, PKZIP_EOCDR_SIGNATURE, 4); /* those need to be 0s even though packaging tool writes FFFFs here * it will fail verification if not zeros */ bioAddU16(bio, 0); bioAddU16(bio, 0); if (zip->eocdr.diskEntries != UINT16_MAX) { bioAddU16(bio, noEntries); } else { bioAddU16(bio, UINT16_MAX); } if (zip->eocdr.totalEntries != UINT16_MAX) { bioAddU16(bio, noEntries); } else { bioAddU16(bio, UINT16_MAX); } if (zip->eocdr.centralDirectorySize != UINT32_MAX) { bioAddU32(bio, (uint32_t)cdSize); } else { bioAddU32(bio, UINT32_MAX); } if (zip->eocdr.centralDirectoryOffset != UINT32_MAX) { bioAddU32(bio, (uint32_t)cdOffset); } else { bioAddU32(bio, UINT32_MAX); } bioAddU16(bio, zip->eocdr.commentLen); if (zip->eocdr.commentLen > 0) { BIO_write(bio, zip->eocdr.comment, zip->eocdr.commentLen); } return 1; /* OK */ } /* * Calculate ZIP data hash. * [out] cdOffset: central directory offset * [in] zip: structure holds specific ZIP data * [in] md: message digest algorithm type * [returns] hash */ static uint8_t *appx_calc_zip_data_hash(uint64_t *cdOffset, ZIP_FILE *zip, const EVP_MD *md) { ZIP_CENTRAL_DIRECTORY_ENTRY *entry; u_char *mdbuf = NULL; BIO *bhash = BIO_new(BIO_f_md()); uint64_t noEntries = 0; if (!BIO_set_md(bhash, md)) { printf("Unable to set the message digest of BIO\n"); BIO_free_all(bhash); return NULL; /* FAILED */ } BIO_push(bhash, BIO_new(BIO_s_null())); *cdOffset = 0; for (entry = zip->centralDirectoryHead; entry != NULL; entry = entry->next) { /* the signature file is considered not existent for hashing purposes */ uint64_t sizeOnDisk = 0; if (noEntries >= zip->centralDirectoryRecordCount) { printf("Warning: Corrupted central directory structure\n"); BIO_free_all(bhash); return NULL; /* FAILED */ } noEntries++; if (!entry->fileName || (entry->fileNameLen == 0)) { printf("Warning: Corrupted file name\n"); BIO_free_all(bhash); return NULL; /* FAILED */ } if (!strcmp(entry->fileName, APP_SIGNATURE_FILENAME)) { continue; } if (!zipRewriteData(zip, entry, bhash, &sizeOnDisk)) { printf("Rewrite data error\n"); BIO_free_all(bhash); return NULL; /* FAILED */ } *cdOffset += sizeOnDisk; } mdbuf = OPENSSL_malloc((size_t)EVP_MD_size(md)); BIO_gets(bhash, (char*)mdbuf, EVP_MD_size(md)); BIO_free_all(bhash); return mdbuf; } /* * Extract hashes from SpcIndirectDataContent. * [in, out] ctx: structure holds input and output data * [out] content: SpcIndirectDataContent * [returns] 0 on error or 1 on success */ static int appx_extract_hashes(FILE_FORMAT_CTX *ctx, SpcIndirectDataContent *content) { #if 0 AppxSpcSipInfo *si = NULL; const unsigned char *blob = content->data->value->value.sequence->data; d2i_AppxSpcSipInfo(&si, &blob, content->data->value->value.sequence->length); long a = ASN1_INTEGER_get(si->a); long b = ASN1_INTEGER_get(si->b); long c = ASN1_INTEGER_get(si->c); long d = ASN1_INTEGER_get(si->d); long e = ASN1_INTEGER_get(si->e); long f = ASN1_INTEGER_get(si->f); BIO *stdbio = BIO_new_fp(stdout, BIO_NOCLOSE); printf("a: 0x%lX b: 0x%lX c: 0x%lX d: 0x%lX e: 0x%lX f: 0x%lX\n", a, b, c, d, e, f); printf("string: "); ASN1_STRING_print_ex(stdbio, si->string, ASN1_STRFLGS_RFC2253); printf("\n\n"); AppxSpcSipInfo_free(si); BIO_free_all(stdbio); #endif int length = content->messageDigest->digest->length; uint8_t *data = content->messageDigest->digest->data; int mdlen = EVP_MD_size(ctx->appx_ctx->md); int pos = 4; /* we are expecting at least 4 hashes + 4 byte header */ if (length < 4 * mdlen + 4) { printf("Hash too short\n"); return 0; /* FAILED */ } if (memcmp(data, APPX_SIGNATURE, 4)) { printf("Hash signature does not match\n"); return 0; /* FAILED */ } while (pos + mdlen + 4 <= length) { if (!memcmp(data + pos, AXPC_SIGNATURE, 4)) { ctx->appx_ctx->existingDataHash = OPENSSL_malloc((size_t)mdlen); memcpy(ctx->appx_ctx->existingDataHash, data + pos + 4, (size_t)mdlen); } else if (!memcmp(data + pos, AXCD_SIGNATURE, 4)) { ctx->appx_ctx->existingCDHash = OPENSSL_malloc((size_t)mdlen); memcpy(ctx->appx_ctx->existingCDHash, data + pos + 4, (size_t)mdlen); } else if (!memcmp(data + pos, AXCT_SIGNATURE, 4)) { ctx->appx_ctx->existingCTHash = OPENSSL_malloc((size_t)mdlen); memcpy(ctx->appx_ctx->existingCTHash, data + pos + 4, (size_t)mdlen); } else if (!memcmp(data + pos, AXBM_SIGNATURE, 4)) { ctx->appx_ctx->existingBMHash = OPENSSL_malloc((size_t)mdlen); memcpy(ctx->appx_ctx->existingBMHash, data + pos + 4, (size_t)mdlen); } else if (!memcmp(data + pos, AXCI_SIGNATURE, 4)) { ctx->appx_ctx->existingCIHash = OPENSSL_malloc((size_t)mdlen); memcpy(ctx->appx_ctx->existingCIHash, data + pos + 4, (size_t)mdlen); } else { printf("Invalid hash signature\n"); return 0; /* FAILED */ } pos += mdlen + 4; } if (!ctx->appx_ctx->existingDataHash) { printf("File hash missing\n"); return 0; /* FAILED */ } if (!ctx->appx_ctx->existingCDHash) { printf("Central directory hash missing\n"); return 0; /* FAILED */ } if (!ctx->appx_ctx->existingBMHash) { printf("Block map hash missing\n"); return 0; /* FAILED */ } if (!ctx->appx_ctx->existingCTHash) { printf("Content types hash missing\n"); return 0; /* FAILED */ } if (zipEntryExist(ctx->appx_ctx->zip, CODE_INTEGRITY_FILENAME) && !ctx->appx_ctx->existingCIHash) { printf("Code integrity hash missing\n"); return 0; /* FAILED */ } return 1; /* OK */ } /* * Compare extracted and calculated hashes. * [in, out] ctx: structure holds input and output data * [returns] 0 on error or 1 on success */ static int appx_compare_hashes(FILE_FORMAT_CTX *ctx) { int mdtype = EVP_MD_nid(ctx->appx_ctx->md); if (ctx->appx_ctx->calculatedBMHash && ctx->appx_ctx->existingBMHash) { printf("Checking Block Map hashes:\n"); if (!compare_digests(ctx->appx_ctx->existingBMHash, ctx->appx_ctx->calculatedBMHash, mdtype)) { return 0; /* FAILED */ } } else { printf("Block map hash missing\n"); return 0; /* FAILED */ } if (ctx->appx_ctx->calculatedCTHash && ctx->appx_ctx->existingCTHash) { printf("Checking Content Types hashes:\n"); if (!compare_digests(ctx->appx_ctx->existingCTHash, ctx->appx_ctx->calculatedCTHash, mdtype)) { return 0; /* FAILED */ } } else { printf("Content Types hash missing\n"); return 0; /* FAILED */ } if (ctx->appx_ctx->calculatedDataHash && ctx->appx_ctx->existingDataHash) { printf("Checking Data hashes:\n"); if (!compare_digests(ctx->appx_ctx->existingDataHash, ctx->appx_ctx->calculatedDataHash, mdtype)) { return 0; /* FAILED */ } } else { printf("Central Directory hash missing\n"); return 0; /* FAILED */ } if (ctx->appx_ctx->calculatedCDHash && ctx->appx_ctx->existingCDHash) { printf("Checking Central Directory hashes:\n"); if (!compare_digests(ctx->appx_ctx->existingCDHash, ctx->appx_ctx->calculatedCDHash, mdtype)) { return 0; /* FAILED */ } } else { printf("Central Directory hash missing\n"); return 0; /* FAILED */ } if (ctx->appx_ctx->calculatedCIHash && ctx->appx_ctx->existingCIHash) { printf("Checking Code Integrity hashes:\n"); if (!compare_digests(ctx->appx_ctx->existingCIHash, ctx->appx_ctx->calculatedCIHash, mdtype)) { return 0; /* FAILED */ } } else if (!ctx->appx_ctx->calculatedCIHash && !ctx->appx_ctx->existingCIHash) { /* this is fine, CI file is optional -> if it is missing we expect both hashes to be non existent */ } else { printf("Code Integrity hash missing\n"); return 0; /* FAILED */ } return 1; /* OK */ } /* * Remove signature content types entry. * [in] zip: structure holds specific ZIP data * [in, out] entry: central directory structure * [returns] 0 on error or 1 on success */ static int appx_remove_ct_signature_entry(ZIP_FILE *zip, ZIP_CENTRAL_DIRECTORY_ENTRY *entry) { uint8_t *data; const char *cpos; size_t dataSize, ipos, len; int ret; dataSize = zipReadFileData(zip, &data, entry); if (dataSize <= 0) { return 0; /* FAILED */ } cpos = strstr((const char *)data, SIGNATURE_CONTENT_TYPES_ENTRY); if (!cpos) { printf("Did not find existing signature entry in %s\n", entry->fileName); OPENSSL_free(data); return 1; /* do not treat as en error */ } /* *cpos > *data */ ipos = (size_t)(cpos - (char *)data); len = strlen(SIGNATURE_CONTENT_TYPES_ENTRY); memmove(data + ipos, data + ipos + len, dataSize - ipos - len); dataSize -= len; ret = zipOverrideFileData(entry, data, (uint64_t)dataSize); OPENSSL_free(data); return ret; } /* * Append signature content types entry. * [in] zip: structure holds specific ZIP data * [in, out] entry: central directory structure * [returns] 0 on error or 1 on success */ static int appx_append_ct_signature_entry(ZIP_FILE *zip, ZIP_CENTRAL_DIRECTORY_ENTRY *entry) { uint8_t *data, *newData; const char *existingEntry, *cpos; size_t dataSize, newSize, ipos, len; int ret; dataSize = zipReadFileData(zip, &data, entry); if (dataSize <= 0) { return 0; /* FAILED */ } existingEntry = strstr((const char *)data, SIGNATURE_CONTENT_TYPES_ENTRY); if (existingEntry) { OPENSSL_free(data); return 1; /* do not append it twice */ } cpos = strstr((const char *)data, SIGNATURE_CONTENT_TYPES_CLOSING_TAG); if (!cpos) { printf("%s parsing error\n", entry->fileName); OPENSSL_free(data); return 0; /* FAILED */ } ipos = (size_t)(cpos - (char *)data); len = strlen(SIGNATURE_CONTENT_TYPES_ENTRY); newSize = dataSize + len; newData = OPENSSL_malloc(newSize); memcpy(newData, data, ipos); memcpy(newData + ipos, SIGNATURE_CONTENT_TYPES_ENTRY, len); memcpy(newData + ipos + len, data + ipos, dataSize - ipos); ret = zipOverrideFileData(entry, newData, (uint64_t)newSize); OPENSSL_free(data); OPENSSL_free(newData); return ret; } /* * Get a hash algorithm specified in the AppxBlockMap.xml file. * [in] zip: structure holds specific ZIP data * [returns] one of SHA256/SHA384/SHA512 digest algorithms */ static const EVP_MD *appx_get_md(ZIP_FILE *zip) { uint8_t *data = NULL; char *start, *end, *pos; char *valueStart = NULL, *valueEnd = NULL; const EVP_MD *md = NULL; size_t slen, dataSize; dataSize = zipReadFileDataByName(&data, zip, BLOCK_MAP_FILENAME); if (dataSize <= 0) { printf("Could not read: %s\n", BLOCK_MAP_FILENAME); return NULL; /* FAILED */ } start = strstr((const char *)data, HASH_METHOD_TAG); if (!start) { printf("Parse error: tag: %s not found in %s\n", HASH_METHOD_TAG, BLOCK_MAP_FILENAME); OPENSSL_free(data); return NULL; /* FAILED */ } start += strlen(HASH_METHOD_TAG); if ((uint8_t *)start >= data + dataSize) { printf("Parse error: data too short in %s\n", BLOCK_MAP_FILENAME); OPENSSL_free(data); return NULL; /* FAILED */ } end = strstr((const char *)start, ">"); if (!end) { printf("Parse error: end of tag not found in %s\n", BLOCK_MAP_FILENAME); OPENSSL_free(data); return NULL; /* FAILED */ } for (pos = start; pos != end; pos++) { if (*pos == '"') { if (!valueStart) { valueStart = pos + 1; } else { valueEnd = pos - 1; } } } if (!valueStart || !valueEnd || valueEnd <= valueStart) { printf("Parse error: value parse error in %s\n", BLOCK_MAP_FILENAME); OPENSSL_free(data); return NULL; /* FAILED */ } slen = (size_t)(valueEnd - valueStart + 1); if (strlen(HASH_METHOD_SHA256) == slen && !memcmp(valueStart, HASH_METHOD_SHA256, slen)) { printf("Hash method is SHA256\n"); md = EVP_sha256(); } else if (strlen(HASH_METHOD_SHA384) == slen && !memcmp(valueStart, HASH_METHOD_SHA384, slen)) { printf("Hash method is SHA384\n"); md = EVP_sha384(); } else if (strlen(HASH_METHOD_SHA512) == slen && !memcmp(valueStart, HASH_METHOD_SHA512, slen)) { printf("Hash method is SHA512\n"); md = EVP_sha512(); } else { printf("Unsupported hash method\n"); OPENSSL_free(data); return NULL; /* FAILED */ } OPENSSL_free(data); return md; } /* * Get central directory structure entry. * [in] zip: structure holds specific ZIP data * [in] name: APPXBUNDLE_MANIFEST_FILENAME or CONTENT_TYPES_FILENAME * [returns] pointer to central directory structure */ static ZIP_CENTRAL_DIRECTORY_ENTRY *zipGetCDEntryByName(ZIP_FILE *zip, const char *name) { ZIP_CENTRAL_DIRECTORY_ENTRY *entry; uint64_t noEntries = 0; for (entry = zip->centralDirectoryHead; entry != NULL; entry = entry->next) { if (noEntries >= zip->centralDirectoryRecordCount) { printf("Warning: Corrupted central directory structure\n"); return NULL; /* FAILED */ } noEntries++; if (!entry->fileName || (entry->fileNameLen == 0)) { printf("Warning: Corrupted file name\n"); return NULL; /* FAILED */ } if (!strcmp(entry->fileName, name)) { return entry; } } return NULL; /* FAILED */ } /* * Write central directory entry. * [out] bio: outdata file BIO * [out] sizeOnDisk: size of central directory structure * [in] entry: central directory structure * [in] offsetDiff: central directory offset * [returns] none */ static void zipWriteCentralDirectoryEntry(BIO *bio, uint64_t *sizeOnDisk, ZIP_CENTRAL_DIRECTORY_ENTRY *entry, uint64_t offsetDiff) { uint16_t zip64ChunkSize = 0; BIO_write(bio, PKZIP_CD_SIGNATURE, 4); bioAddU16(bio, entry->creatorVersion); bioAddU16(bio, entry->viewerVersion); bioAddU16(bio, entry->flags); bioAddU16(bio, entry->compression); bioAddU16(bio, entry->modTime); bioAddU16(bio, entry->modDate); bioAddU32(bio, entry->overrideData ? entry->overrideData->crc32 : entry->crc32); bioAddU32(bio, entry->compressedSizeInZip64 ? UINT32_MAX : entry->overrideData ? (uint32_t)entry->overrideData->compressedSize : (uint32_t)entry->compressedSize); bioAddU32(bio, entry->uncompressedSizeInZip64 ? UINT32_MAX : entry->overrideData ? (uint32_t)entry->overrideData->uncompressedSize : (uint32_t)entry->uncompressedSize); bioAddU16(bio, entry->fileNameLen); bioAddU16(bio, entry->extraFieldLen); bioAddU16(bio, entry->fileCommentLen); bioAddU16(bio, entry->diskNoInZip64 ? UINT16_MAX : (uint16_t)entry->diskNoStart); bioAddU16(bio, entry->internalAttr); bioAddU32(bio, entry->externalAttr); bioAddU32(bio, entry->offsetInZip64 ? UINT32_MAX : (uint32_t)(entry->offsetOfLocalHeader + offsetDiff)); if (entry->fileNameLen > 0 && entry->fileName) { BIO_write(bio, entry->fileName, entry->fileNameLen); } if (entry->uncompressedSizeInZip64) { zip64ChunkSize += 8; } if (entry->compressedSizeInZip64) { zip64ChunkSize += 8; } if (entry->offsetInZip64) { zip64ChunkSize += 8; } if (entry->diskNoInZip64) { zip64ChunkSize += 4; } if (zip64ChunkSize > 0) { bioAddU16(bio, ZIP64_HEADER); bioAddU16(bio, zip64ChunkSize); if (entry->uncompressedSizeInZip64) { bioAddU64(bio, entry->overrideData ? entry->overrideData->uncompressedSize : entry->uncompressedSize); } if (entry->compressedSizeInZip64) { bioAddU64(bio, entry->overrideData ? entry->overrideData->compressedSize : entry->compressedSize); } if (entry->offsetInZip64) { bioAddU64(bio, entry->offsetOfLocalHeader + offsetDiff); } if (entry->diskNoInZip64) { bioAddU32(bio, entry->diskNoStart); } } #if 0 if (entry->extraFieldLen > 0 && entry->extraField) { /* TODO, if override daata, need to rewrite the extra field */ BIO_write(bio, entry->extraField, entry->extraFieldLen); } #endif if (entry->fileCommentLen > 0 && entry->fileComment) { BIO_write(bio, entry->fileComment, entry->fileCommentLen); } *sizeOnDisk = (uint64_t)46 + entry->fileNameLen + entry->extraFieldLen + entry->fileCommentLen; } /* * Append signature file blob to outdata bio. * [out] bio: outdata file BIO * [in] zip: structure holds specific ZIP data * [in] data: pointer to signature file blob * [in] dataSize: signature file blob length * [returns] 0 on error or 1 on success */ static int zipAppendSignatureFile(BIO *bio, ZIP_FILE *zip, uint8_t *data, uint64_t dataSize) { ZIP_CENTRAL_DIRECTORY_ENTRY *entry; ZIP_LOCAL_HEADER header; time_t tim; struct tm *timeinfo; uint64_t offset, crc, len, pos = 0, dummy = 0, written = 0; uint64_t size = dataSize, sizeToWrite = dataSize; uint8_t *dataToWrite = data; int ret; memset(&header, 0, sizeof(ZIP_LOCAL_HEADER)); dataToWrite = OPENSSL_malloc(dataSize); ret = zipDeflate(dataToWrite, &size, data, dataSize); if (ret != Z_OK) { printf("Zip deflate failed: %d\n", ret); OPENSSL_free(dataToWrite); return 0; /* FAILED */ } sizeToWrite = size; time(&tim); timeinfo = localtime(&tim); header.version = 0x14; header.flags = 0; header.compression = COMPRESSION_DEFLATE; header.modTime = (uint16_t)(timeinfo->tm_hour << 11 | \ timeinfo->tm_min << 5 | \ timeinfo->tm_sec >> 1); header.modDate = (uint16_t)((timeinfo->tm_year - 80) << 9 | \ (timeinfo->tm_mon + 1) << 5 | \ timeinfo->tm_mday); size = dataSize; crc = crc32(0L, Z_NULL, 0); while (size > 0) { len = MIN(size, UINT32_MAX); crc = crc32(crc, data + pos, (uint32_t)len); pos += len; size -= len; } header.crc32 = (uint32_t)crc; header.uncompressedSize = dataSize; header.compressedSize = sizeToWrite; header.fileNameLen = (uint16_t)strlen(APP_SIGNATURE_FILENAME); /* this will be reassigned to CD entry and freed there */ header.fileName = OPENSSL_zalloc(header.fileNameLen + 1); memcpy(header.fileName, APP_SIGNATURE_FILENAME, header.fileNameLen); header.extraField = NULL; header.extraFieldLen = 0; if (!get_current_position(bio, &offset)) { printf("Unable to get offset\n"); OPENSSL_free(dataToWrite); return 0; /* FAILED */ } zipWriteLocalHeader(bio, &dummy, &header); while (sizeToWrite > 0) { uint64_t toWrite = sizeToWrite < SIZE_64K ? sizeToWrite : SIZE_64K; size_t check; if (!BIO_write_ex(bio, dataToWrite + written, toWrite, &check) || check != toWrite) { OPENSSL_free(dataToWrite); return 0; /* FAILED */ } sizeToWrite -= toWrite; written += toWrite; } OPENSSL_free(dataToWrite); entry = OPENSSL_zalloc(sizeof(ZIP_CENTRAL_DIRECTORY_ENTRY)); entry->creatorVersion = 0x2D; entry->viewerVersion = header.version; entry->flags = header.flags; entry->compression = header.compression; entry->modTime = header.modTime; entry->modDate = header.modDate; entry->crc32 = header.crc32; entry->uncompressedSize = header.uncompressedSize; entry->compressedSize = header.compressedSize; /* take ownership of the fileName pointer */ entry->fileName = header.fileName; entry->fileNameLen = header.fileNameLen; entry->extraField = header.extraField; entry->extraFieldLen = header.extraFieldLen; entry->fileCommentLen = 0; entry->fileComment = NULL; entry->diskNoStart = 0; entry->offsetOfLocalHeader = offset; entry->next = NULL; entry->entryLen = entry->fileNameLen + entry->extraFieldLen + entry->fileCommentLen + 46; if (!zip->centralDirectoryHead) { zip->centralDirectoryHead = entry; } else { ZIP_CENTRAL_DIRECTORY_ENTRY *last = zip->centralDirectoryHead; while (last->next) { last = last->next; } last->next = entry; } return 1; /* OK */ } /* * Override file data. * [out] entry: central directory structure * [in] data: pointer to data * [in] dataSize: data size * [returns] 0 on error or 1 on success */ static int zipOverrideFileData(ZIP_CENTRAL_DIRECTORY_ENTRY *entry, uint8_t *data, uint64_t dataSize) { uint64_t crc, len, pos = 0, size = dataSize; int ret; if (entry->overrideData) { OPENSSL_free(entry->overrideData->data); OPENSSL_free(entry->overrideData); entry->overrideData = NULL; } entry->overrideData = OPENSSL_malloc(sizeof(ZIP_OVERRIDE_DATA)); entry->overrideData->data = OPENSSL_malloc(dataSize); crc = crc32(0L, Z_NULL, 0); while (size > 0) { len = MIN(size, UINT32_MAX); crc = crc32(crc, data + pos, (uint32_t)len); pos += len; size -= len; } entry->overrideData->crc32 = (uint32_t)crc; entry->overrideData->uncompressedSize = dataSize; size = dataSize; ret = zipDeflate(entry->overrideData->data, &size, data, dataSize); if (ret != Z_OK) { printf("Zip deflate failed: %d\n", ret); return 0; /* FAILED */ } entry->overrideData->compressedSize = size; return 1; /* OK */ } /* * Rewrite data to outdata bio. * [in, out] zip: structure holds specific ZIP data * [out] entry: central directory structure * [out] bio: outdata file BIO * [out] sizeOnDisk: outdata size * [returns] 0 on error or 1 on success */ static int zipRewriteData(ZIP_FILE *zip, ZIP_CENTRAL_DIRECTORY_ENTRY *entry, BIO *bio, uint64_t *sizeOnDisk) { size_t check; ZIP_LOCAL_HEADER header; memset(&header, 0, sizeof(header)); if (entry->offsetOfLocalHeader >= (uint64_t)zip->fileSize) { printf("Corrupted relative offset of local header : 0x%08" PRIX64 "\n", entry->offsetOfLocalHeader); return 0; /* FAILED */ } if (fseeko(zip->file, (int64_t)entry->offsetOfLocalHeader, SEEK_SET) < 0) { return 0; /* FAILED */ } if (!zipReadLocalHeader(&header, zip, entry->compressedSize)) { return 0; /* FAILED */ } if (entry->overrideData) { header.compressedSize = entry->overrideData->compressedSize; header.uncompressedSize = entry->overrideData->uncompressedSize; header.crc32 = entry->overrideData->crc32; } zipWriteLocalHeader(bio, sizeOnDisk, &header); if (entry->overrideData) { if (!BIO_write_ex(bio, entry->overrideData->data, entry->overrideData->compressedSize, &check) || check != entry->overrideData->compressedSize) { return 0; /* FAILED */ } if (entry->compressedSize > (uint64_t)zip->fileSize - entry->offsetOfLocalHeader) { printf("Corrupted compressedSize : 0x%08" PRIX64 "\n", entry->compressedSize); return 0; /* FAILED */ } if (fseeko(zip->file, (int64_t)entry->compressedSize, SEEK_CUR) < 0) { return 0; /* FAILED */ } *sizeOnDisk += entry->overrideData->compressedSize; } else { uint64_t len = entry->compressedSize; uint8_t *data = OPENSSL_malloc(SIZE_64K); while (len > 0) { uint64_t toWrite = len < SIZE_64K ? len : SIZE_64K; size_t size = fread(data, 1, toWrite, zip->file); if (size != toWrite) { OPENSSL_free(data); return 0; /* FAILED */ } if (!BIO_write_ex(bio, data, toWrite, &check) || check != toWrite) { OPENSSL_free(data); return 0; /* FAILED */ } *sizeOnDisk += toWrite; len -= toWrite; } OPENSSL_free(data); } if (header.flags & DATA_DESCRIPTOR_BIT) { BIO_write(bio, PKZIP_DATA_DESCRIPTOR_SIGNATURE, 4); bioAddU32(bio, header.crc32); if (zip->isZip64) { bioAddU64(bio, header.compressedSize); bioAddU64(bio, header.uncompressedSize); } else { bioAddU32(bio, (uint32_t)header.compressedSize); bioAddU32(bio, (uint32_t)header.uncompressedSize); } if (zip->isZip64) { if (fseeko(zip->file, 24, SEEK_CUR) < 0) { return 0; /* FAILED */ } *sizeOnDisk += 24; } else { if (fseeko(zip->file, 16, SEEK_CUR) < 0) { return 0; /* FAILED */ } *sizeOnDisk += 16; } } OPENSSL_free(header.fileName); OPENSSL_free(header.extraField); return 1; /* OK */ } /* * Write local file header to outdata bio. * [out] bio: outdata file BIO * [out] sizeonDisk: data size * [in] header: local file header structure * [returns] none */ static void zipWriteLocalHeader(BIO *bio, uint64_t *sizeonDisk, ZIP_LOCAL_HEADER *header) { BIO_write(bio, PKZIP_LH_SIGNATURE, 4); bioAddU16(bio, header->version); bioAddU16(bio, header->flags); bioAddU16(bio, header->compression); bioAddU16(bio, header->modTime); bioAddU16(bio, header->modDate); if (header->flags & DATA_DESCRIPTOR_BIT) { bioAddU32(bio, 0); bioAddU32(bio, 0); bioAddU32(bio, 0); } else { bioAddU32(bio, header->crc32); bioAddU32(bio, header->compressedSizeInZip64 ? UINT32_MAX : (uint32_t)header->compressedSize); bioAddU32(bio, header->uncompressedSizeInZip64 ? UINT32_MAX : (uint32_t)header->uncompressedSize); } bioAddU16(bio, header->fileNameLen); bioAddU16(bio, header->extraFieldLen); if (header->fileNameLen > 0) { BIO_write(bio, header->fileName, header->fileNameLen); } if (header->extraFieldLen > 0) { BIO_write(bio, header->extraField, header->extraFieldLen); } *sizeonDisk = (uint64_t)30 + header->fileNameLen + header->extraFieldLen; } /* * Check if a given ZIP file exists. * [in] zip: structure holds specific ZIP data * [in] name: APP_SIGNATURE_FILENAME or CODE_INTEGRITY_FILENAME * [returns] 0 on error or 1 on success */ static int zipEntryExist(ZIP_FILE *zip, const char *name) { ZIP_CENTRAL_DIRECTORY_ENTRY *entry; uint64_t noEntries = 0; for (entry = zip->centralDirectoryHead; entry != NULL; entry = entry->next) { if (noEntries >= zip->centralDirectoryRecordCount) { printf("Warning: Corrupted central directory structure\n"); return 0; /* FAILED */ } noEntries++; if (!entry->fileName || (entry->fileNameLen == 0)) { printf("Warning: Corrupted file name\n"); return 0; /* FAILED */ } if (!strcmp(entry->fileName, name)) { return 1; /* OK */ } } return 0; /* FAILED */ } /* * Calculate ZIP container file hash. * [in] zip: structure holds specific ZIP data * [in] fileName: one of ZIP container file * [in] md: message digest algorithm type * [returns] hash */ static u_char *zipCalcDigest(ZIP_FILE *zip, const char *fileName, const EVP_MD *md) { uint8_t *data = NULL; size_t dataSize; u_char *mdbuf = NULL; BIO *bhash; dataSize = zipReadFileDataByName(&data, zip, fileName); if (dataSize <= 0) { return NULL; /* FAILED */ } bhash = BIO_new(BIO_f_md()); if (!BIO_set_md(bhash, md)) { printf("Unable to set the message digest of BIO\n"); OPENSSL_free(data); BIO_free_all(bhash); return NULL; /* FAILED */ } BIO_push(bhash, BIO_new(BIO_s_null())); if (!bio_hash_data(bhash, (char *)data, 0, dataSize)) { OPENSSL_free(data); BIO_free_all(bhash); return NULL; /* FAILED */ } mdbuf = OPENSSL_malloc((size_t)EVP_MD_size(md)); BIO_gets(bhash, (char*)mdbuf, EVP_MD_size(md)); OPENSSL_free(data); BIO_free_all(bhash); return mdbuf; } /* * Read file data by name. * [out] pData: pointer to data * [in] zip: structure holds specific ZIP data * [in] name: one of ZIP container file * [returns] 0 on error or data size on success */ static size_t zipReadFileDataByName(uint8_t **pData, ZIP_FILE *zip, const char *name) { ZIP_CENTRAL_DIRECTORY_ENTRY *entry; uint64_t noEntries = 0; for (entry = zip->centralDirectoryHead; entry != NULL; entry = entry->next) { if (noEntries >= zip->centralDirectoryRecordCount) { printf("Warning: Corrupted central directory structure\n"); return 0; /* FAILED */ } noEntries++; if (!entry->fileName || (entry->fileNameLen == 0)) { printf("Warning: Corrupted file name\n"); return 0; /* FAILED */ } if (!strcmp(entry->fileName, name)) { return zipReadFileData(zip, pData, entry); } } return 0; /* FAILED */ } /* * Read file data. * [in, out] zip: structure holds specific ZIP data * [out] pData: pointer to data * [in] entry: central directory structure * [returns] 0 on error or data size on success */ static size_t zipReadFileData(ZIP_FILE *zip, uint8_t **pData, ZIP_CENTRAL_DIRECTORY_ENTRY *entry) { FILE *file = zip->file; uint8_t *compressedData = NULL; uint64_t compressedSize = 0; uint64_t uncompressedSize = 0; size_t size, dataSize = 0; if (entry->offsetOfLocalHeader >= (uint64_t)zip->fileSize) { printf("Corrupted relative offset of local header : 0x%08" PRIX64 "\n", entry->offsetOfLocalHeader); return 0; /* FAILED */ } if (fseeko(file, (int64_t)entry->offsetOfLocalHeader, SEEK_SET) < 0) { return 0; /* FAILED */ } if (entry->overrideData) { compressedSize = entry->overrideData->compressedSize; uncompressedSize = entry->overrideData->uncompressedSize; compressedData = OPENSSL_zalloc(compressedSize + 1); memcpy(compressedData, entry->overrideData->data, compressedSize); } else { ZIP_LOCAL_HEADER header; compressedSize = entry->compressedSize; uncompressedSize = entry->uncompressedSize; memset(&header, 0, sizeof(header)); if (!zipReadLocalHeader(&header, zip, compressedSize)) { return 0; /* FAILED */ } if (header.fileNameLen != entry->fileNameLen || memcmp(header.fileName, entry->fileName, header.fileNameLen) || header.compressedSize != compressedSize || header.uncompressedSize != uncompressedSize || header.compression != entry->compression) { printf("Local header does not match central directory entry\n"); return 0; /* FAILED */ } /* we don't really need those */ OPENSSL_free(header.fileName); OPENSSL_free(header.extraField); if (compressedSize > (uint64_t)zip->fileSize - entry->offsetOfLocalHeader) { printf("Corrupted compressedSize : 0x%08" PRIX64 "\n", entry->compressedSize); return 0; /* FAILED */ } compressedData = OPENSSL_zalloc(compressedSize + 1); size = fread(compressedData, 1, compressedSize, file); if (size != compressedSize) { OPENSSL_free(compressedData); return 0; /* FAILED */ } compressedData[compressedSize] = 0; } if (entry->compression == COMPRESSION_NONE) { if (compressedSize == 0) { OPENSSL_free(compressedData); return 0; /* FAILED */ } *pData = compressedData; dataSize = compressedSize; } else if (entry->compression == COMPRESSION_DEFLATE) { uint8_t *uncompressedData = OPENSSL_zalloc(uncompressedSize + 1); uint64_t destLen = uncompressedSize; uint64_t sourceLen = compressedSize; int ret; ret = zipInflate(uncompressedData, &destLen, compressedData, (uLong *)&sourceLen); OPENSSL_free(compressedData); if (ret != Z_OK) { printf("Data decompresssion failed, zlib error: %d\n", ret); OPENSSL_free(uncompressedData); return 0; /* FAILED */ } else { if (destLen == 0) { OPENSSL_free(uncompressedData); return 0; /* FAILED */ } *pData = uncompressedData; dataSize = destLen; } } else { printf("Unsupported compression mode: %d\n", entry->compression); OPENSSL_free(compressedData); return 0; /* FAILED */ } return dataSize; } /* * Read local file header from a ZIP file. * [out] header: local file header * [in, out] zip: structure holds specific ZIP data * [in] compressedSize: compressed size * [returns] 0 on error or 1 on success */ static int zipReadLocalHeader(ZIP_LOCAL_HEADER *header, ZIP_FILE *zip, uint64_t compressedSize) { char signature[4]; size_t size; FILE *file = zip->file; size = fread(signature, 1, 4, file); if (size != 4) { return 0; /* FAILED */ } if (memcmp(signature, PKZIP_LH_SIGNATURE, 4)) { printf("The input file is not a valid zip file - local header signature does not match\n"); return 0; /* FAILED */ } /* version needed to extract (2 bytes) */ header->version = fileGetU16(file); /* general purpose bit flag (2 bytes) */ header->flags = fileGetU16(file); /* compression method (2 bytes) */ header->compression = fileGetU16(file); /* last mod file time (2 bytes) */ header->modTime = fileGetU16(file); /* last mod file date (2 bytes) */ header->modDate = fileGetU16(file); /* crc-32 (4 bytes) */ header->crc32 = fileGetU32(file); /* compressed size (4 bytes) */ header->compressedSize = fileGetU32(file); /* uncompressed size (4 bytes) */ header->uncompressedSize = fileGetU32(file); /* file name length (2 bytes) */ header->fileNameLen = fileGetU16(file); /* extra file name length (2 bytes) */ header->extraFieldLen = fileGetU16(file); /* file name (variable size) */ if (header->fileNameLen > 0) { header->fileName = OPENSSL_zalloc(header->fileNameLen + 1); size = fread(header->fileName, 1, header->fileNameLen, file); if (size != header->fileNameLen) { return 0; /* FAILED */ } header->fileName[header->fileNameLen] = 0; } else { header->fileName = NULL; } /* extra field (variable size) */ if (header->extraFieldLen > 0) { header->extraField = OPENSSL_zalloc(header->extraFieldLen + 1); size = fread(header->extraField, 1, header->extraFieldLen, file); if (size != header->extraFieldLen) { return 0; /* FAILED */ } header->extraField[header->extraFieldLen] = 0; } else { header->extraField = NULL; } if (header->flags & DATA_DESCRIPTOR_BIT) { /* Read data descriptor */ int64_t offset = ftello(file); if (offset < 0 || offset >= zip->fileSize) { return 0; /* FAILED */ } if (compressedSize > (uint64_t)(zip->fileSize - offset)) { printf("Corrupted compressedSize : 0x%08" PRIX64 "\n", compressedSize); return 0; /* FAILED */ } if (fseeko(file, (int64_t)compressedSize, SEEK_CUR) < 0) { return 0; /* FAILED */ } size = fread(signature, 1, 4, file); if (size != 4) { return 0; /* FAILED */ } if (memcmp(signature, PKZIP_DATA_DESCRIPTOR_SIGNATURE, 4)) { printf("The input file is not a valid zip file - flags indicate data descriptor, but data descriptor signature does not match\n"); OPENSSL_free(header->fileName); OPENSSL_free(header->extraField); return 0; /* FAILED */ } header->crc32 = fileGetU32(file); if (zip->isZip64) { header->compressedSize = fileGetU64(file); header->uncompressedSize = fileGetU64(file); } else { header->compressedSize = fileGetU32(file); header->uncompressedSize = fileGetU32(file); } if (fseeko(file, offset, SEEK_SET) < 0) { return 0; /* FAILED */ } } if (header->uncompressedSize == UINT32_MAX || header->compressedSize == UINT32_MAX) { if (header->extraFieldLen > 4) { uint64_t pos = 0; uint16_t len; uint16_t op = bufferGetU16(header->extraField, &pos); if (op != ZIP64_HEADER) { printf("Expected zip64 header in local header extra field, got : 0x%X\n", op); OPENSSL_free(header->fileName); OPENSSL_free(header->extraField); header->fileName = NULL; header->extraField = NULL; return 0; /* FAILED */ } len = bufferGetU16(header->extraField, &pos); if (header->uncompressedSize == UINT32_MAX) { if (len >= 8) { header->uncompressedSize = bufferGetU64(header->extraField, &pos); header->uncompressedSizeInZip64 = 1; } else { printf("Invalid zip64 local header entry\n"); OPENSSL_free(header->fileName); OPENSSL_free(header->extraField); header->fileName = NULL; header->extraField = NULL; return 0; /* FAILED */ } } if (header->compressedSize == UINT32_MAX) { if (len >= 16) { header->compressedSize = bufferGetU64(header->extraField, &pos); header->compressedSizeInZip64 = 1; } else { printf("Invalid zip64 local header entry\n"); OPENSSL_free(header->fileName); OPENSSL_free(header->extraField); header->fileName = NULL; header->extraField = NULL; return 0; /* FAILED */ } } } else { OPENSSL_free(header->fileName); OPENSSL_free(header->extraField); header->fileName = NULL; header->extraField = NULL; return 0; /* FAILED */ } } return 1; /* OK */ } /* * Decompresses the source buffer into the destination buffer. * see: uncompress2(), but windowBits is set to тАУ15 for raw inflate * https://github.com/madler/zlib/blob/09155eaa2f9270dc4ed1fa13e2b4b2613e6e4851/uncompr.c#L27 * [out] dest: destination buffer * [out] destLen: size of the decompressed data * [in] source: source buffer * [in] sourceLen: length of the source buffer * [returns] returns ZIP error or Z_OK if success */ static int zipInflate(uint8_t *dest, uint64_t *destLen, uint8_t *source, uLong *sourceLen) { z_stream stream; int err; const uInt max = (uInt)-1; /* 0xFFFFFFFF */ uLong len, left; /* for detection of incomplete stream when *destLen == 0 */ static u_char buf[] = { 0x00 }; /* reset stream */ memset(&stream, 0, sizeof stream); len = *sourceLen; if (*destLen) { left = *destLen; *destLen = 0; } else { left = 1; dest = buf; } stream.next_in = source; stream.avail_in = 0; stream.zalloc = (alloc_func)0; stream.zfree = (free_func)0; stream.opaque = (voidpf)0; err = inflateInit2(&stream, -MAX_WBITS); if (err != Z_OK) { return err; } stream.next_out = dest; stream.avail_out = 0; do { if (stream.avail_out == 0) { stream.avail_out = left > (uLong)max ? max : (uInt)left; left -= stream.avail_out; } if (stream.avail_in == 0) { stream.avail_in = len > (uLong)max ? max : (uInt)len; len -= stream.avail_in; } /* coverity[overrun-buffer-arg] max value 0xFFFFFFFF is intended */ err = inflate(&stream, Z_NO_FLUSH); } while (err == Z_OK); *sourceLen -= len + stream.avail_in; if (dest != buf) { *destLen = stream.total_out; } else if (stream.total_out && err == Z_BUF_ERROR) { left = 1; } inflateEnd(&stream); return err == Z_STREAM_END ? Z_OK : err == Z_NEED_DICT ? Z_DATA_ERROR : err == Z_BUF_ERROR && left + stream.avail_out ? Z_DATA_ERROR : err; } /* * Compresses the source buffer into the destination buffer. * see: compress2(), but windowBits is set to -15 for raw deflate * https://github.com/madler/zlib/blob/09155eaa2f9270dc4ed1fa13e2b4b2613e6e4851/compress.c#L22 * [out] dest: destination buffer * [out] destLen: actual size of the compressed buffer * [in] source: source buffer * [in] sourceLen: length of the source buffer * [in] level: deflateInit2 parameter (8) * [returns] returns ZIP error or Z_OK if success */ static int zipDeflate(uint8_t *dest, uint64_t *destLen, uint8_t *source, uLong sourceLen) { z_stream stream; int err; const uInt max = (uInt)-1; /* 0xFFFFFFFF */ uLong left; /* reset stream */ memset(&stream, 0, sizeof stream); left = *destLen; *destLen = 0; stream.zalloc = (alloc_func)0; stream.zfree = (free_func)0; stream.opaque = (voidpf)0; err = deflateInit2(&stream, 8, Z_DEFLATED, -MAX_WBITS, 8, Z_DEFAULT_STRATEGY); if (err != Z_OK) { return err; } stream.next_out = dest; stream.avail_out = 0; stream.next_in = source; stream.avail_in = 0; do { if (stream.avail_out == 0) { stream.avail_out = left > (uLong)max ? max : (uInt)left; left -= stream.avail_out; } if (stream.avail_in == 0) { stream.avail_in = sourceLen > (uLong)max ? max : (uInt)sourceLen; sourceLen -= stream.avail_in; } /* coverity[overrun-buffer-arg] max value 0xFFFFFFFF is intended */ err = deflate(&stream, sourceLen ? Z_NO_FLUSH : Z_FINISH); } while (err == Z_OK); #if 0 deflate(&stream, Z_SYNC_FLUSH); #endif *destLen = stream.total_out; deflateEnd(&stream); return err == Z_STREAM_END ? Z_OK : err; } /* * Open input file and create ZIP_FILE structure. * [in] filename: input file * [returns] pointer to ZIP_FILE structure */ static ZIP_FILE *openZip(const char *filename) { ZIP_FILE *zip; FILE *file = fopen(filename, "rb"); if (!file) { return NULL; /* FAILED */ } /* oncde we read eocdr, comment might be allocated and we need to take care of it -> create the ZIP_FILE structure */ zip = OPENSSL_zalloc(sizeof(ZIP_FILE)); zip->file = file; if (!readZipEOCDR(&zip->eocdr, file)) { freeZip(zip); return NULL; /* FAILED */ } if (fseeko(file, 0, SEEK_END) < 0) { freeZip(zip); return NULL; /* FAILED */ } zip->fileSize = ftello(file); if (zip->fileSize < 0) { freeZip(zip); return NULL; /* FAILED */ } if (zip->eocdr.centralDirectoryOffset == UINT32_MAX || zip->eocdr.centralDirectorySize == UINT32_MAX) { /* probably a zip64 file */ if (!readZip64EOCDLocator(&zip->locator, file)) { freeZip(zip); return NULL; /* FAILED */ } if (zip->locator.eocdOffset >= (uint64_t)zip->fileSize) { printf("Corrupted end of central directory locator offset : 0x%08" PRIX64 "\n", zip->locator.eocdOffset); freeZip(zip); return 0; /* FAILED */ } if (!readZip64EOCDR(&zip->eocdr64, file, zip->locator.eocdOffset)) { freeZip(zip); return NULL; /* FAILED */ } zip->isZip64 = 1; zip->eocdrOffset = zip->locator.eocdOffset; zip->eocdrLen = zip->fileSize - (int64_t)zip->eocdrOffset; if (zip->eocdrLen < 0) { freeZip(zip); return NULL; /* FAILED */ } zip->centralDirectoryOffset = zip->eocdr64.centralDirectoryOffset; zip->centralDirectorySize = zip->eocdr64.centralDirectorySize; zip->centralDirectoryRecordCount = zip->eocdr64.totalEntries; } else { if (zip->fileSize < EOCDR_SIZE) { freeZip(zip); return NULL; /* FAILED */ } zip->eocdrOffset = (uint64_t)zip->fileSize - EOCDR_SIZE; zip->eocdrLen = EOCDR_SIZE; zip->centralDirectoryOffset = zip->eocdr.centralDirectoryOffset; zip->centralDirectorySize = zip->eocdr.centralDirectorySize; zip->centralDirectoryRecordCount = (uint64_t)zip->eocdr.totalEntries; if (zip->centralDirectoryRecordCount > UINT16_MAX) { printf("Corrupted total number of entries in the central directory : 0x%08" PRIX64 "\n", zip->centralDirectoryRecordCount); freeZip(zip); return NULL; /* FAILED */ } } if (zip->centralDirectoryOffset >= (uint64_t)zip->fileSize) { printf("Corrupted central directory offset : 0x%08" PRIX64 "\n", zip->centralDirectoryOffset); freeZip(zip); return NULL; /* FAILED */ } if (!zipReadCentralDirectory(zip, file)) { freeZip(zip); return NULL; /* FAILED */ } return zip; } /* * Free up ZIP_FILE structure. * [in] ZIP_FILE structure * [returns] none */ static void freeZip(ZIP_FILE *zip) { ZIP_CENTRAL_DIRECTORY_ENTRY *entry, *next = NULL; uint64_t noEntries = 0; fclose(zip->file); OPENSSL_free(zip->eocdr.comment); OPENSSL_free(zip->eocdr64.comment); for (entry = zip->centralDirectoryHead; entry != NULL; entry = next) { if (noEntries > zip->centralDirectoryRecordCount) { printf("Warning: Corrupted central directory structure\n"); freeZipCentralDirectoryEntry(entry); return; } noEntries++; next = entry->next; freeZipCentralDirectoryEntry(entry); } OPENSSL_free(zip); } /* * Log additional output. * [in] ZIP_FILE structure * [returns] none */ static void zipPrintCentralDirectory(ZIP_FILE *zip) { ZIP_CENTRAL_DIRECTORY_ENTRY *entry; uint64_t noEntries = 0; printf("Central directory entry count: %" PRIu64"\n", zip->centralDirectoryRecordCount); for (entry = zip->centralDirectoryHead; entry != NULL; entry = entry->next) { if (noEntries >= zip->centralDirectoryRecordCount) { printf("Warning: Corrupted central directory structure\n"); } noEntries++; printf("Name: %s Compressed: %" PRIu64" Uncompressed: %" PRIu64" Offset: %" PRIu64"\n", entry->fileName, entry->compressedSize, entry->uncompressedSize, entry->offsetOfLocalHeader); } } /* * Read central directory. * [in, out] zip: structure holds specific ZIP data * [in, out] file: FILE pointer to the input file * [returns] 0 on error or 1 on success */ static int zipReadCentralDirectory(ZIP_FILE *zip, FILE *file) { ZIP_CENTRAL_DIRECTORY_ENTRY *prev = NULL; uint64_t i; if (fseeko(file, (int64_t)zip->centralDirectoryOffset, SEEK_SET) < 0) { return 0; /* FAILED */ } for (i = 0; i < zip->centralDirectoryRecordCount; i++) { ZIP_CENTRAL_DIRECTORY_ENTRY *entry = zipReadNextCentralDirectoryEntry(file); if (!entry) { return 0; /* FAILED */ } if (prev) { prev->next = entry; } else if (!zip->centralDirectoryHead) { zip->centralDirectoryHead = entry; } else { printf("Corrupted central directory structure\n"); OPENSSL_free(entry); return 0; /* FAILED */ } prev = entry; } return 1; /* OK */ } /* * Initialize central directory structure. * [in] file: FILE pointer to the input file * [returns] pointer to the central directory structure */ static ZIP_CENTRAL_DIRECTORY_ENTRY *zipReadNextCentralDirectoryEntry(FILE *file) { ZIP_CENTRAL_DIRECTORY_ENTRY *entry; char signature[4]; size_t size = fread(signature, 1, 4, file); if (size != 4) { return NULL; /* FAILED */ } if (memcmp(signature, PKZIP_CD_SIGNATURE, 4)) { printf("The input file is not a valid zip file - could not find Central Directory record\n"); return NULL; /* FAILED */ } entry = OPENSSL_zalloc(sizeof(ZIP_CENTRAL_DIRECTORY_ENTRY)); entry->fileOffset = ftello(file) - 4; if (entry->fileOffset < 0) { freeZipCentralDirectoryEntry(entry); return NULL; /* FAILED */ } /* version made by (2 bytes) */ entry->creatorVersion = fileGetU16(file); /* version needed to extract (2 bytes) */ entry->viewerVersion = fileGetU16(file); /* general purpose bit flag (2 bytes) */ entry->flags = fileGetU16(file); /* compression method (2 bytes) */ entry->compression = fileGetU16(file); /* last mod file time (2 bytes) */ entry->modTime = fileGetU16(file); /* last mod file date (2 bytes) */ entry->modDate = fileGetU16(file); /* crc-32 (4 bytes) */ entry->crc32 = fileGetU32(file); /* compressed size (4 bytes), 0xFFFFFFFF for ZIP64 format */ entry->compressedSize = fileGetU32(file); /* uncompressed size (4 bytes), 0xFFFFFFFF for ZIP64 format */ entry->uncompressedSize = fileGetU32(file); /* file name length (2 bytes) */ entry->fileNameLen = fileGetU16(file); /* extra field length (2 bytes) */ entry->extraFieldLen = fileGetU16(file); /* file comment length (2 bytes) */ entry->fileCommentLen = fileGetU16(file); /* disk number start (2 bytes), 0xFFFFFFFF for ZIP64 format */ entry->diskNoStart = fileGetU16(file); /* internal file attributes (2 bytes) */ entry->internalAttr = fileGetU16(file); /* external file attributes (4 bytes) */ entry->externalAttr = fileGetU32(file); /* relative offset of local header (4 bytes), 0xFFFFFFFF for ZIP64 format */ entry->offsetOfLocalHeader = fileGetU32(file); /* file name (variable size) */ if (entry->fileNameLen > 0) { entry->fileName = OPENSSL_zalloc(entry->fileNameLen + 1); size = fread(entry->fileName, 1, entry->fileNameLen, file); if (size != entry->fileNameLen) { freeZipCentralDirectoryEntry(entry); return NULL; /* FAILED */ } entry->fileName[entry->fileNameLen] = 0; } /* extra field (variable size) */ if (entry->extraFieldLen > 0) { entry->extraField = OPENSSL_zalloc(entry->extraFieldLen + 1); size = fread(entry->extraField, 1, entry->extraFieldLen, file); if (size != entry->extraFieldLen) { freeZipCentralDirectoryEntry(entry); return NULL; /* FAILED */ } entry->extraField[entry->extraFieldLen] = 0; } /* file comment (variable size) */ if (entry->fileCommentLen > 0) { entry->fileComment = OPENSSL_zalloc(entry->fileCommentLen + 1); size = fread(entry->fileComment, 1, entry->fileCommentLen, file); if (size != entry->fileCommentLen) { freeZipCentralDirectoryEntry(entry); return NULL; /* FAILED */ } entry->fileComment[entry->fileCommentLen] = 0; } if (entry->uncompressedSize == UINT32_MAX || entry->compressedSize == UINT32_MAX || entry->offsetOfLocalHeader == UINT32_MAX || entry->diskNoStart == UINT16_MAX) { if (entry->extraFieldLen > 4) { uint64_t pos = 0; uint64_t len; uint16_t header = bufferGetU16(entry->extraField, &pos); if (header != ZIP64_HEADER) { printf("Expected zip64 header in central directory extra field, got : 0x%X\n", header); freeZipCentralDirectoryEntry(entry); return NULL; /* FAILED */ } len = bufferGetU16(entry->extraField, &pos); if (entry->uncompressedSize == UINT32_MAX) { if (len >= 8) { entry->uncompressedSize = bufferGetU64(entry->extraField, &pos); entry->uncompressedSizeInZip64 = 1; } else { printf("Invalid zip64 central directory entry\n"); freeZipCentralDirectoryEntry(entry); return NULL; /* FAILED */ } } if (entry->compressedSize == UINT32_MAX) { if (len >= 16) { entry->compressedSize = bufferGetU64(entry->extraField, &pos); entry->compressedSizeInZip64 = 1; } else { printf("Invalid zip64 central directory entry\n"); freeZipCentralDirectoryEntry(entry); return NULL; /* FAILED */ } } if (entry->offsetOfLocalHeader == UINT32_MAX) { if (len >= 24) { entry->offsetOfLocalHeader = bufferGetU64(entry->extraField, &pos); entry->offsetInZip64 = 1; } else { printf("Invalid zip64 central directory entry\n"); freeZipCentralDirectoryEntry(entry); return NULL; /* FAILED */ } } if (entry->diskNoStart == UINT16_MAX) { if (len >= 28) { entry->diskNoStart = bufferGetU32(entry->extraField, &pos); entry->diskNoInZip64 = 1; } else { printf("Invalid zip64 central directory entry\n"); freeZipCentralDirectoryEntry(entry); return NULL; /* FAILED */ } } } else { freeZipCentralDirectoryEntry(entry); return NULL; /* FAILED */ } } entry->entryLen = ftello(file) - entry->fileOffset; if (entry->entryLen < 0) { freeZipCentralDirectoryEntry(entry); return NULL; /* FAILED */ } return entry; } /* * Free up central directory structure. * [in] central directory structure * [returns] none */ static void freeZipCentralDirectoryEntry(ZIP_CENTRAL_DIRECTORY_ENTRY *entry) { OPENSSL_free(entry->fileName); OPENSSL_free(entry->extraField); OPENSSL_free(entry->fileComment); if (entry->overrideData) { OPENSSL_free(entry->overrideData->data); } OPENSSL_free(entry->overrideData); OPENSSL_free(entry); } /* * Read Zip end of central directory record. * [out] eocdr: end of central directory record * [in, out] file: FILE pointer to the input file * [returns] 0 on error or 1 on success */ static int readZipEOCDR(ZIP_EOCDR *eocdr, FILE *file) { char signature[4]; size_t size; if (fseeko(file, -EOCDR_SIZE, SEEK_END) < 0) { return 0; /* FAILED */ } size = fread(signature, 1, 4, file); if (size != 4) { return 0; /* FAILED */ } if (memcmp(signature, PKZIP_EOCDR_SIGNATURE, 4)) { /* Not a valid ZIP file - could not find End of Central Directory record */ return 0; /* FAILED */ } /* number of this disk (2 bytes) */ eocdr->diskNumber = fileGetU16(file); /* number of the disk with the start of the central directory (2 bytes) */ eocdr->centralDirectoryDiskNumber = fileGetU16(file); /* total number of entries in the central directory on this disk (2 bytes) */ eocdr->diskEntries = fileGetU16(file); /* total number of entries in the central directory (2 bytes) */ eocdr->totalEntries = fileGetU16(file); /* size of the central directory (4 bytes) */ eocdr->centralDirectorySize = fileGetU32(file); /* offset of start of central directory with respect * to the starting disk number (4 bytes) */ eocdr->centralDirectoryOffset = fileGetU32(file); /* .ZIP file comment length (2 bytes) */ eocdr->commentLen = fileGetU16(file); #if 0 if (eocdr->centralDirectoryDiskNumber > 1 || eocdr->diskNumber > 1 || eocdr->centralDirectoryDiskNumber != eocdr->diskNumber || eocdr->diskEntries != eocdr->totalEntries) { printf("The input file is a multipart archive - not supported\n"); return 0; /* FAILED */ } #endif if (eocdr->commentLen > 0) { eocdr->comment = OPENSSL_zalloc(eocdr->commentLen + 1); size = fread(eocdr->comment, 1, eocdr->commentLen, file); if (size != eocdr->commentLen) { return 0; /* FAILED */ } eocdr->comment[eocdr->commentLen] = 0; } else { eocdr->comment = NULL; } return 1; /* OK */ } /* * Read Zip64 end of central directory locator. * [out] locator: Zip64 end of central directory locator * [in, out] file: FILE pointer to the input file * [returns] 0 on error or 1 on success */ static int readZip64EOCDLocator(ZIP64_EOCD_LOCATOR *locator, FILE *file) { char signature[4]; size_t size; if (fseeko(file, -(EOCDR_SIZE + ZIP64_EOCD_LOCATOR_SIZE), SEEK_END) < 0) { return 0; /* FAILED */ } size = fread(signature, 1, 4, file); if (size != 4) { return 0; /* FAILED */ } if (memcmp(signature, PKZIP64_EOCD_LOCATOR_SIGNATURE, 4)) { printf("The input file is not a valid zip file - could not find zip64 EOCD locator\n"); return 0; /* FAILED */ } locator->diskWithEOCD = fileGetU32(file); locator->eocdOffset = fileGetU64(file); locator->totalNumberOfDisks = fileGetU32(file); return 1; /* OK */ } /* * Read Zip64 end of central directory record * [out] eocdr: Zip64 end of central directory record * [in, out] file: FILE pointer to the input file * [in] offset: eocdr struct offset in the file * [returns] 0 on error or 1 on success */ static int readZip64EOCDR(ZIP64_EOCDR *eocdr, FILE *file, uint64_t offset) { char signature[4]; size_t size; if (fseeko(file, (int64_t)offset, SEEK_SET) < 0) { return 0; /* FAILED */ } size = fread(signature, 1, 4, file); if (size != 4) { return 0; /* FAILED */ } if (memcmp(signature, PKZIP64_EOCDR_SIGNATURE, 4)) { printf("The input file is not a valid zip file - could not find zip64 End of Central Directory record\n"); return 0; /* FAILED */ } /* size of zip64 end of central directory record (8 bytes) */ eocdr->eocdrSize = fileGetU64(file); /* version made by (2 bytes) */ eocdr->creatorVersion = fileGetU16(file); /* version needed to extract (2 bytes) */ eocdr->viewerVersion = fileGetU16(file); /* number of this disk (4 bytes) */ eocdr->diskNumber = fileGetU32(file); /* number of the disk with the start of the central directory (4 bytes) */ eocdr->diskWithCentralDirectory = fileGetU32(file); /* total number of entries in the central directory on this disk (8 bytes) */ eocdr->diskEntries = fileGetU64(file); /* total number of entries in the central directory (8 bytes) */ eocdr->totalEntries = fileGetU64(file); /* size of the central directory (8 bytes) */ eocdr->centralDirectorySize = fileGetU64(file); /* offset of start of central directory with respect * to the starting disk number (8 bytes) */ eocdr->centralDirectoryOffset = fileGetU64(file); /* zip64 extensible data sector (comment) */ eocdr->commentLen = eocdr->eocdrSize - 44; if (eocdr->commentLen > UINT16_MAX) { printf("Corrupted file comment length : 0x%08" PRIX64 "\n", eocdr->commentLen); return 0; /* FAILED */ } if (eocdr->commentLen > 0) { eocdr->comment = OPENSSL_malloc(eocdr->commentLen); size = fread(eocdr->comment, 1, eocdr->commentLen, file); if (size != eocdr->commentLen) { return 0; /* FAILED */ } } if (eocdr->diskWithCentralDirectory > 1 || eocdr->diskNumber > 1 || eocdr->diskWithCentralDirectory != eocdr->diskNumber || eocdr->totalEntries != eocdr->diskEntries) { printf("The input file is a multipart archive - not supported\n"); return 0; /* FAILED */ } return 1; /* OK */ } static int get_current_position(BIO *bio, uint64_t *offset) { FILE *file = NULL; int64_t pos; BIO_get_fp(bio, &file); pos = ftello(file); if (pos < 0) { return 0; /* FAILED */ } *offset = (uint64_t)pos; return 1; /* OK */ } static uint64_t fileGetU64(FILE *file) { uint64_t l = fileGetU32(file); uint64_t h = fileGetU32(file); /* coverity[byte_swapping] */ return h << 32 | l; } /* coverity[ -tainted_data_return ] */ static uint32_t fileGetU32(FILE *file) { uint8_t b[4]; size_t size = fread(b, 1, 4, file); if (size != 4) { return 0; /* FAILED */ } return (uint32_t)(b[3] << 24 | b[2] << 16 | b[1] << 8 | b[0]); } /* coverity[ -tainted_data_return ] */ static uint16_t fileGetU16(FILE *file) { uint8_t b[2]; size_t size = fread(b, 1, 2, file); if (size != 2) { return 0; /* FAILED */ } return (uint16_t)(b[1] << 8 | b[0]); } static uint64_t bufferGetU64(uint8_t *buffer, uint64_t *pos) { uint64_t l = bufferGetU32(buffer, pos); uint64_t h = bufferGetU32(buffer, pos); return h << 32 | l; } static uint32_t bufferGetU32(uint8_t *buffer, uint64_t *pos) { uint32_t ret = (uint32_t)(buffer[*pos + 3] << 24 | \ buffer[*pos + 2] << 16 | \ buffer[*pos + 1] << 8 | \ buffer[*pos]); *pos += 4; return ret; } static uint16_t bufferGetU16(uint8_t *buffer, uint64_t *pos) { uint16_t ret = (uint16_t)(buffer[*pos + 1] << 8 | buffer[*pos]); *pos += 2; return ret; } void bioAddU64(BIO *bio, uint64_t v) { uint32_t l = v & UINT32_MAX; uint32_t h = (uint32_t)(v >> 32); bioAddU32(bio, l); bioAddU32(bio, h); } static void bioAddU32(BIO *bio, uint32_t v) { uint8_t b[4]; b[0] = (u_char)((v) & UINT8_MAX); b[1] = (u_char)(((v) >> 8) & UINT8_MAX); b[2] = (u_char)(((v) >> 16) & UINT8_MAX); b[3] = (u_char)(((v) >> 24) & UINT8_MAX); BIO_write(bio, b, 4); } static void bioAddU16(BIO *bio, uint16_t v) { uint8_t b[2]; b[0] = (u_char)((v) & UINT8_MAX); b[1] = (u_char)(((v) >> 8) & UINT8_MAX); BIO_write(bio, b, 2); } /* Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: */ osslsigncode-2.8/cab.c000066400000000000000000000772541457117515700150040ustar00rootroot00000000000000/* * CAB file support library * * Copyright (C) 2021-2023 Micha┼В Trojnara * Author: Ma┼Вgorzata Olsz├│wka * * Reference specifications: * https://www.file-recovery.com/cab-signature-format.htm * https://learn.microsoft.com/en-us/previous-versions/ms974336(v=msdn.10) */ #include "osslsigncode.h" #include "helpers.h" /* * FLAG_PREV_CABINET is set if the cabinet file is not the first in a set * of cabinet files. When this bit is set, the szCabinetPrev and szDiskPrev * fields are present in this CFHEADER. */ #define FLAG_PREV_CABINET 0x0001 /* * FLAG_NEXT_CABINET is set if the cabinet file is not the last in a set of * cabinet files. When this bit is set, the szCabinetNext and szDiskNext * fields are present in this CFHEADER. */ #define FLAG_NEXT_CABINET 0x0002 /* * FLAG_RESERVE_PRESENT is set if the cabinet file contains any reserved * fields. When this bit is set, the cbCFHeader, cbCFFolder, and cbCFData * fields are present in this CFHEADER. */ #define FLAG_RESERVE_PRESENT 0x0004 struct cab_ctx_st { uint32_t header_size; uint32_t sigpos; uint32_t siglen; uint32_t fileend; uint16_t flags; }; /* FILE_FORMAT method prototypes */ static FILE_FORMAT_CTX *cab_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata); static ASN1_OBJECT *cab_obsolete_link_get(u_char **p, int *plen, FILE_FORMAT_CTX *ctx); static PKCS7 *cab_pkcs7_contents_get(FILE_FORMAT_CTX *ctx, BIO *hash, const EVP_MD *md); static int cab_hash_length_get(FILE_FORMAT_CTX *ctx); static u_char *cab_digest_calc(FILE_FORMAT_CTX *ctx, const EVP_MD *md); static int cab_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7); static PKCS7 *cab_pkcs7_extract(FILE_FORMAT_CTX *ctx); static PKCS7 *cab_pkcs7_extract_to_nest(FILE_FORMAT_CTX *ctx); static int cab_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); static int cab_process_data(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); static PKCS7 *cab_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash); static int cab_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7); static void cab_update_data_size(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7); static void cab_bio_free(BIO *hash, BIO *outdata); static void cab_ctx_cleanup(FILE_FORMAT_CTX *ctx); static int cab_is_detaching_supported(void); FILE_FORMAT file_format_cab = { .ctx_new = cab_ctx_new, .data_blob_get = cab_obsolete_link_get, .pkcs7_contents_get = cab_pkcs7_contents_get, .hash_length_get = cab_hash_length_get, .digest_calc = cab_digest_calc, .verify_digests = cab_verify_digests, .pkcs7_extract = cab_pkcs7_extract, .pkcs7_extract_to_nest = cab_pkcs7_extract_to_nest, .remove_pkcs7 = cab_remove_pkcs7, .process_data = cab_process_data, .pkcs7_signature_new = cab_pkcs7_signature_new, .append_pkcs7 = cab_append_pkcs7, .update_data_size = cab_update_data_size, .bio_free = cab_bio_free, .ctx_cleanup = cab_ctx_cleanup, .is_detaching_supported = cab_is_detaching_supported }; /* Prototypes */ static CAB_CTX *cab_ctx_get(char *indata, uint32_t filesize); static int cab_add_jp_attribute(PKCS7 *p7, int jp); static size_t cab_write_optional_names(BIO *outdata, char *indata, size_t len, uint16_t flags); static int cab_modify_header(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); static int cab_add_header(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); static int cab_check_file(FILE_FORMAT_CTX *ctx); /* * FILE_FORMAT method definitions */ /* * Allocate and return a CAB file format context. * [in, out] options: structure holds the input data * [out] hash: message digest BIO * [in] outdata: outdata file BIO * [returns] pointer to CAB file format context */ static FILE_FORMAT_CTX *cab_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata) { FILE_FORMAT_CTX *ctx; CAB_CTX *cab_ctx; uint32_t filesize; filesize = get_file_size(options->infile); if (filesize == 0) return NULL; /* FAILED */ options->indata = map_file(options->infile, filesize); if (!options->indata) { return NULL; /* FAILED */ } if (memcmp(options->indata, "MSCF", 4)) { unmap_file(options->indata, filesize); return NULL; /* FAILED */ } cab_ctx = cab_ctx_get(options->indata, filesize); if (!cab_ctx) { unmap_file(options->indata, filesize); return NULL; /* FAILED */ } ctx = OPENSSL_malloc(sizeof(FILE_FORMAT_CTX)); ctx->format = &file_format_cab; ctx->options = options; ctx->cab_ctx = cab_ctx; /* Push hash on outdata, if hash is NULL the function does nothing */ BIO_push(hash, outdata); if (options->pagehash == 1) printf("Warning: -ph option is only valid for PE files\n"); if (options->add_msi_dse == 1) printf("Warning: -add-msi-dse option is only valid for MSI files\n"); return ctx; } /* * Allocate and return SpcLink object. * [out] p: SpcLink data * [out] plen: SpcLink data length * [in] ctx: structure holds input and output data (unused) * [returns] pointer to ASN1_OBJECT structure corresponding to SPC_CAB_DATA_OBJID */ static ASN1_OBJECT *cab_obsolete_link_get(u_char **p, int *plen, FILE_FORMAT_CTX *ctx) { ASN1_OBJECT *dtype; SpcLink *link = spc_link_obsolete_get(); /* squash the unused parameter warning */ (void)ctx; *plen = i2d_SpcLink(link, NULL); *p = OPENSSL_malloc((size_t)*plen); i2d_SpcLink(link, p); *p -= *plen; dtype = OBJ_txt2obj(SPC_CAB_DATA_OBJID, 1); SpcLink_free(link); return dtype; /* OK */ } /* * Allocate and return a data content to be signed. * [in] ctx: structure holds input and output data * [in] hash: message digest BIO * [in] md: message digest algorithm * [returns] data content */ static PKCS7 *cab_pkcs7_contents_get(FILE_FORMAT_CTX *ctx, BIO *hash, const EVP_MD *md) { ASN1_OCTET_STRING *content; /* squash the unused parameter warning, use initialized message digest BIO */ (void)md; /* Strip current signature and modify header */ if (ctx->cab_ctx->header_size == 20) { if (!cab_modify_header(ctx, hash, NULL)) return NULL; /* FAILED */ } else { if (!cab_add_header(ctx, hash, NULL)) return NULL; /* FAILED */ } content = spc_indirect_data_content_get(hash, ctx); return pkcs7_set_content(content); } /* * [in] ctx: structure holds input and output data * [returns] the size of the message digest when passed an EVP_MD structure (the size of the hash) */ static int cab_hash_length_get(FILE_FORMAT_CTX *ctx) { return EVP_MD_size(ctx->options->md); } /* * Compute a message digest value of the signed or unsigned CAB file. * [in] ctx: structure holds input and output data * [in] md: message digest algorithm * [returns] pointer to calculated message digest */ static u_char *cab_digest_calc(FILE_FORMAT_CTX *ctx, const EVP_MD *md) { uint32_t idx, fileend, coffFiles; u_char *mdbuf = NULL; BIO *bhash = BIO_new(BIO_f_md()); if (!BIO_set_md(bhash, md)) { printf("Unable to set the message digest of BIO\n"); BIO_free_all(bhash); return 0; /* FAILED */ } BIO_push(bhash, BIO_new(BIO_s_null())); /* u1 signature[4] 4643534D MSCF: 0-3 */ BIO_write(bhash, ctx->options->indata, 4); /* u4 reserved1 00000000: 4-7 skipped */ if (ctx->cab_ctx->sigpos) { uint16_t nfolders, flags; /* * u4 cbCabinet - size of this cabinet file in bytes: 8-11 * u4 reserved2 00000000: 12-15 */ BIO_write(bhash, ctx->options->indata + 8, 8); /* u4 coffFiles - offset of the first CFFILE entry: 16-19 */ coffFiles = GET_UINT32_LE(ctx->options->indata + 16); BIO_write(bhash, ctx->options->indata + 16, 4); /* * u4 reserved3 00000000: 20-23 * u1 versionMinor 03: 24 * u1 versionMajor 01: 25 */ BIO_write(bhash, ctx->options->indata + 20, 6); /* u2 cFolders - number of CFFOLDER entries in this cabinet: 26-27 */ nfolders = GET_UINT16_LE(ctx->options->indata + 26); BIO_write(bhash, ctx->options->indata + 26, 2); /* u2 cFiles - number of CFFILE entries in this cabinet: 28-29 */ BIO_write(bhash, ctx->options->indata + 28, 2); /* u2 flags: 30-31 */ flags = GET_UINT16_LE(ctx->options->indata + 30); BIO_write(bhash, ctx->options->indata + 30, 2); /* u2 setID must be the same for all cabinets in a set: 32-33 */ BIO_write(bhash, ctx->options->indata + 32, 2); /* * u2 iCabinet - number of this cabinet file in a set: 34-35 skipped * u2 cbCFHeader: 36-37 skipped * u1 cbCFFolder: 38 skipped * u1 cbCFData: 39 skipped * u22 abReserve: 40-55 skipped * - Additional data offset: 44-47 skipped * - Additional data size: 48-51 skipped */ /* u22 abReserve: 56-59 */ BIO_write(bhash, ctx->options->indata + 56, 4); idx = 60; fileend = ctx->cab_ctx->sigpos; /* TODO */ if (flags & FLAG_PREV_CABINET) { uint8_t byte; /* szCabinetPrev */ do { byte = GET_UINT8_LE(ctx->options->indata + idx); BIO_write(bhash, ctx->options->indata + idx, 1); idx++; } while (byte && idx < fileend); /* szDiskPrev */ do { byte = GET_UINT8_LE(ctx->options->indata + idx); BIO_write(bhash, ctx->options->indata + idx, 1); idx++; } while (byte && idx < fileend); } if (flags & FLAG_NEXT_CABINET) { uint8_t byte; /* szCabinetNext */ do { byte = GET_UINT8_LE(ctx->options->indata + idx); BIO_write(bhash, ctx->options->indata + idx, 1); idx++; } while (byte && idx < fileend); /* szDiskNext */ do { byte = GET_UINT8_LE(ctx->options->indata + idx); BIO_write(bhash, ctx->options->indata + idx, 1); idx++; } while (byte && idx < fileend); } /* * (u8 * cFolders) CFFOLDER - structure contains information about * one of the folders or partial folders stored in this cabinet file */ while (nfolders && idx < fileend) { BIO_write(bhash, ctx->options->indata + idx, 8); idx += 8; nfolders--; } if (idx != coffFiles) { printf("Corrupt coffFiles value: 0x%08X\n", coffFiles); BIO_free_all(bhash); return 0; /* FAILED */ } } else { /* read what's left of the unsigned CAB file */ idx = 8; fileend = ctx->cab_ctx->fileend; } /* (variable) ab - the compressed data bytes */ if (!bio_hash_data(bhash, ctx->options->indata, idx, fileend)) { printf("Unable to calculate digest\n"); BIO_free_all(bhash); return 0; /* FAILED */ } mdbuf = OPENSSL_malloc((size_t)EVP_MD_size(md)); BIO_gets(bhash, (char*)mdbuf, EVP_MD_size(md)); BIO_free_all(bhash); return mdbuf; /* OK */ } /* * Calculate message digest and compare to value retrieved from PKCS#7 signedData. * [in] ctx: structure holds input and output data * [in] p7: PKCS#7 signature * [returns] 0 on error or 1 on success */ static int cab_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7) { int mdtype = -1; const EVP_MD *md; u_char mdbuf[EVP_MAX_MD_SIZE]; u_char *cmdbuf; if (is_content_type(p7, SPC_INDIRECT_DATA_OBJID)) { ASN1_STRING *content_val = p7->d.sign->contents->d.other->value.sequence; const u_char *p = content_val->data; SpcIndirectDataContent *idc = d2i_SpcIndirectDataContent(NULL, &p, content_val->length); if (idc) { if (idc->messageDigest && idc->messageDigest->digest && idc->messageDigest->digestAlgorithm) { mdtype = OBJ_obj2nid(idc->messageDigest->digestAlgorithm->algorithm); memcpy(mdbuf, idc->messageDigest->digest->data, (size_t)idc->messageDigest->digest->length); } SpcIndirectDataContent_free(idc); } } if (mdtype == -1) { printf("Failed to extract current message digest\n\n"); return 0; /* FAILED */ } md = EVP_get_digestbynid(mdtype); cmdbuf = cab_digest_calc(ctx, md); if (!cmdbuf) { printf("Failed to calculate message digest\n\n"); return 0; /* FAILED */ } if (!compare_digests(mdbuf, cmdbuf, mdtype)) { printf("Signature verification: failed\n\n"); OPENSSL_free(cmdbuf); return 0; /* FAILED */ } OPENSSL_free(cmdbuf); return 1; /* OK */ } /* * Extract existing signature in DER format. * [in] ctx: structure holds input and output data * pointer to PKCS#7 structure */ static PKCS7 *cab_pkcs7_extract(FILE_FORMAT_CTX *ctx) { const u_char *blob; if (!cab_check_file(ctx)) { return NULL; /* FAILED */ } blob = (u_char *)ctx->options->indata + ctx->cab_ctx->sigpos; return d2i_PKCS7(NULL, &blob, ctx->cab_ctx->siglen); } /* * Extract existing signature in DER format. * [in] ctx: structure holds input and output data * pointer to PKCS#7 structure */ static PKCS7 *cab_pkcs7_extract_to_nest(FILE_FORMAT_CTX *ctx) { return cab_pkcs7_extract(ctx); } /* * Remove existing signature. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO (unused) * [out] outdata: outdata file BIO * [returns] 1 on error or 0 on success */ static int cab_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) { size_t i, written, len; uint32_t tmp; uint16_t nfolders, flags; char *buf; /* squash the unused parameter warning */ (void)hash; if (!cab_check_file(ctx)) { return 1; /* FAILED, no signature */ } buf = OPENSSL_malloc(SIZE_64K); /* * u1 signature[4] 4643534D MSCF: 0-3 * u4 reserved1 00000000: 4-7 */ BIO_write(outdata, ctx->options->indata, 8); /* u4 cbCabinet - size of this cabinet file in bytes: 8-11 */ tmp = GET_UINT32_LE(ctx->options->indata + 8) - 24; PUT_UINT32_LE(tmp, buf); BIO_write(outdata, buf, 4); /* u4 reserved2 00000000: 12-15 */ BIO_write(outdata, ctx->options->indata + 12, 4); /* u4 coffFiles - offset of the first CFFILE entry: 16-19 */ tmp = GET_UINT32_LE(ctx->options->indata + 16) - 24; PUT_UINT32_LE(tmp, buf); BIO_write(outdata, buf, 4); /* * u4 reserved3 00000000: 20-23 * u1 versionMinor 03: 24 * u1 versionMajor 01: 25 * u2 cFolders - number of CFFOLDER entries in this cabinet: 26-27 * u2 cFiles - number of CFFILE entries in this cabinet: 28-29 */ BIO_write(outdata, ctx->options->indata + 20, 10); /* u2 flags: 30-31 */ flags = GET_UINT16_LE(ctx->options->indata + 30); /* coverity[result_independent_of_operands] only least significant byte is affected */ PUT_UINT16_LE(flags & (FLAG_PREV_CABINET | FLAG_NEXT_CABINET), buf); BIO_write(outdata, buf, 2); /* * u2 setID must be the same for all cabinets in a set: 32-33 * u2 iCabinet - number of this cabinet file in a set: 34-35 */ BIO_write(outdata, ctx->options->indata + 32, 4); i = cab_write_optional_names(outdata, ctx->options->indata, 60, flags); /* * (u8 * cFolders) CFFOLDER - structure contains information about * one of the folders or partial folders stored in this cabinet file */ nfolders = GET_UINT16_LE(ctx->options->indata + 26); while (nfolders) { tmp = GET_UINT32_LE(ctx->options->indata + i); tmp -= 24; PUT_UINT32_LE(tmp, buf); BIO_write(outdata, buf, 4); BIO_write(outdata, ctx->options->indata + i + 4, 4); i+=8; nfolders--; } OPENSSL_free(buf); /* Write what's left - the compressed data bytes */ len = ctx->cab_ctx->fileend - ctx->cab_ctx->siglen - i; while (len > 0) { if (!BIO_write_ex(outdata, ctx->options->indata + i, len, &written)) return 1; /* FAILED */ len -= written; i += written; } return 0; /* OK */ } /* * Modify specific type data and calculate a hash (message digest) of data. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [out] outdata: outdata file BIO * [returns] 1 on error or 0 on success */ static int cab_process_data(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) { /* Strip current signature and modify header */ if (ctx->cab_ctx->header_size == 20) { if (!cab_modify_header(ctx, hash, outdata)) return 1; /* FAILED */ } else { if (!cab_add_header(ctx, hash, outdata)) return 1; /* FAILED */ } return 0; /* OK */ } /* * Create a new PKCS#7 signature. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [returns] pointer to PKCS#7 structure */ static PKCS7 *cab_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash) { ASN1_OCTET_STRING *content; PKCS7 *p7 = pkcs7_create(ctx); if (!p7) { printf("Creating a new signature failed\n"); return NULL; /* FAILED */ } if (ctx->options->jp >= 0 && !cab_add_jp_attribute(p7, ctx->options->jp)) { printf("Adding jp attribute failed\n"); PKCS7_free(p7); return NULL; /* FAILED */ } if (!add_indirect_data_object(p7)) { printf("Adding SPC_INDIRECT_DATA_OBJID failed\n"); PKCS7_free(p7); return NULL; /* FAILED */ } content = spc_indirect_data_content_get(hash, ctx); if (!content) { printf("Failed to get spcIndirectDataContent\n"); return NULL; /* FAILED */ } if (!sign_spc_indirect_data_content(p7, content)) { printf("Failed to set signed content\n"); PKCS7_free(p7); ASN1_OCTET_STRING_free(content); return NULL; /* FAILED */ } ASN1_OCTET_STRING_free(content); return p7; } /* * Append signature to the outfile. * [in, out] ctx: structure holds input and output data (unused) * [out] outdata: outdata file BIO * [in] p7: PKCS#7 signature * [returns] 1 on error or 0 on success */ static int cab_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) { u_char *p = NULL; int len; /* signature length */ int padlen; /* signature padding length */ /* squash the unused parameter warning */ (void)ctx; if (((len = i2d_PKCS7(p7, NULL)) <= 0) || (p = OPENSSL_malloc((size_t)len)) == NULL) { printf("i2d_PKCS memory allocation failed: %d\n", len); return 1; /* FAILED */ } i2d_PKCS7(p7, &p); p -= len; padlen = len % 8 ? 8 - len % 8 : 0; BIO_write(outdata, p, len); /* pad (with 0's) asn1 blob to 8 byte boundary */ if (padlen > 0) { memset(p, 0, (size_t)padlen); BIO_write(outdata, p, padlen); } OPENSSL_free(p); return 0; /* OK */ } /* * Update additional data size. * Additional data size is located at offset 0x30 (from file beginning) * and consist of 4 bytes (little-endian order). * [in, out] ctx: structure holds input and output data * [out] outdata: outdata file BIO * [in] p7: PKCS#7 signature * [returns] none */ static void cab_update_data_size(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) { int len, padlen; u_char buf[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; /* squash the unused parameter warning */ (void)ctx; if (!p7) { /* CMD_REMOVE * additional header does not exist so additional data size is unused */ return; } (void)BIO_seek(outdata, 0x30); len = i2d_PKCS7(p7, NULL); padlen = len % 8 ? 8 - len % 8 : 0; PUT_UINT32_LE(len + padlen, buf); BIO_write(outdata, buf, 4); } /* * Free up an entire message digest BIO chain. * [out] hash: message digest BIO * [out] outdata: outdata file BIO (unused) * [returns] none */ static void cab_bio_free(BIO *hash, BIO *outdata) { /* squash the unused parameter warning */ (void)outdata; BIO_free_all(hash); } /* * Deallocate a FILE_FORMAT_CTX structure and CAB format specific structure, * unmap indata file. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [in] outdata: outdata file BIO * [returns] none */ static void cab_ctx_cleanup(FILE_FORMAT_CTX *ctx) { unmap_file(ctx->options->indata, ctx->cab_ctx->fileend); OPENSSL_free(ctx->cab_ctx); OPENSSL_free(ctx); } static int cab_is_detaching_supported(void) { return 1; /* OK */ } /* * CAB helper functions */ /* * Verify mapped CAB file and create CAB format specific structure. * [in] indata: mapped CAB file * [in] filesize: size of CAB file * [returns] pointer to CAB format specific structure */ static CAB_CTX *cab_ctx_get(char *indata, uint32_t filesize) { CAB_CTX *cab_ctx; uint32_t reserved, header_size = 0, sigpos = 0, siglen = 0; uint16_t flags; if (filesize < 44) { printf("CAB file is too short\n"); return NULL; /* FAILED */ } reserved = GET_UINT32_LE(indata + 4); if (reserved) { printf("Reserved1: 0x%08X\n", reserved); return NULL; /* FAILED */ } /* flags specify bit-mapped values that indicate the presence of optional data */ flags = GET_UINT16_LE(indata + 30); if (flags & FLAG_PREV_CABINET) { /* FLAG_NEXT_CABINET works */ printf("Multivolume cabinet file is unsupported: flags 0x%04X\n", flags); return NULL; /* FAILED */ } if (flags & FLAG_RESERVE_PRESENT) { /* * Additional headers is located at offset 36 (cbCFHeader, cbCFFolder, cbCFData); * size of header (4 bytes, little-endian order) must be 20 (checkpoint). */ header_size = GET_UINT32_LE(indata + 36); if (header_size != 20) { printf("Additional header size: 0x%08X\n", header_size); return NULL; /* FAILED */ } reserved = GET_UINT32_LE(indata + 40); if (reserved != 0x00100000) { printf("abReserved: 0x%08X\n", reserved); return NULL; /* FAILED */ } /* * File size is defined at offset 8, however if additional header exists, this size is not valid. * sigpos - additional data offset is located at offset 44 (from file beginning) * and consist of 4 bytes (little-endian order) * siglen - additional data size is located at offset 48 (from file beginning) * and consist of 4 bytes (little-endian order) * If there are additional headers, size of the CAB archive file is calcualted * as additional data offset plus additional data size. */ sigpos = GET_UINT32_LE(indata + 44); siglen = GET_UINT32_LE(indata + 48); if ((sigpos < filesize && sigpos + siglen != filesize) || (sigpos >= filesize)) { printf("Additional data offset:\t%u bytes\nAdditional data size:\t%u bytes\n", sigpos, siglen); printf("File size:\t\t%u bytes\n", filesize); return NULL; /* FAILED */ } if ((sigpos > 0 && siglen == 0) || (sigpos == 0 && siglen > 0)) { printf("Corrupt signature\n"); return NULL; /* FAILED */ } } cab_ctx = OPENSSL_zalloc(sizeof(CAB_CTX)); cab_ctx->header_size = header_size; cab_ctx->sigpos = sigpos; cab_ctx->siglen = siglen; cab_ctx->fileend = filesize; cab_ctx->flags = flags; return cab_ctx; /* OK */ } /* * Add level of permissions in Microsoft Internet Explorer 4.x for CAB files, * only low level is supported. * [in, out] p7: PKCS#7 signature * [in] jp: low (0) level * [returns] 0 on error or 1 on success */ static int cab_add_jp_attribute(PKCS7 *p7, int jp) { STACK_OF(PKCS7_SIGNER_INFO) *signer_info; PKCS7_SIGNER_INFO *si; ASN1_STRING *astr; const u_char *attrs = NULL; const u_char java_attrs_low[] = { 0x30, 0x06, 0x03, 0x02, 0x00, 0x01, 0x30, 0x00 }; signer_info = PKCS7_get_signer_info(p7); if (!signer_info) return 0; /* FAILED */ si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) return 0; /* FAILED */ switch (jp) { case 0: attrs = java_attrs_low; break; case 1: /* XXX */ case 2: /* XXX */ default: break; } if (attrs) { astr = ASN1_STRING_new(); ASN1_STRING_set(astr, attrs, sizeof java_attrs_low); return PKCS7_add_signed_attribute(si, OBJ_txt2nid(MS_JAVA_SOMETHING), V_ASN1_SEQUENCE, astr); } return 1; /* OK */ } /* * Write name of previous and next cabinet file. * Multivolume cabinet file is unsupported TODO. * [out] outdata: outdata file BIO * [in] indata: mapped CAB file * [in] len: offset * [in] flags: FLAG_PREV_CABINET, FLAG_NEXT_CABINET * [returns] offset */ static size_t cab_write_optional_names(BIO *outdata, char *indata, size_t i, uint16_t flags) { if (flags & FLAG_PREV_CABINET) { /* szCabinetPrev */ while (GET_UINT8_LE(indata + i)) { BIO_write(outdata, indata + i, 1); i++; } BIO_write(outdata, indata + i, 1); i++; /* szDiskPrev */ while (GET_UINT8_LE(indata + i)) { BIO_write(outdata, indata + i, 1); i++; } BIO_write(outdata, indata + i, 1); i++; } if (flags & FLAG_NEXT_CABINET) { /* szCabinetNext */ while (GET_UINT8_LE(indata + i)) { BIO_write(outdata, indata + i, 1); i++; } BIO_write(outdata, indata + i, 1); i++; /* szDiskNext */ while (GET_UINT8_LE(indata + i)) { BIO_write(outdata, indata + i, 1); i++; } BIO_write(outdata, indata + i, 1); i++; } return i; } /* * Modify CAB header. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [out] outdata: outdata file BIO * [returns] 0 on error or 1 on success */ static int cab_modify_header(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) { size_t i, written, len; uint16_t nfolders, flags; u_char buf[] = {0x00, 0x00}; /* u1 signature[4] 4643534D MSCF: 0-3 */ BIO_write(hash, ctx->options->indata, 4); /* u4 reserved1 00000000: 4-7 */ BIO_write(outdata, ctx->options->indata + 4, 4); /* * u4 cbCabinet - size of this cabinet file in bytes: 8-11 * u4 reserved2 00000000: 12-15 * u4 coffFiles - offset of the first CFFILE entry: 16-19 * u4 reserved3 00000000: 20-23 * u1 versionMinor 03: 24 * u1 versionMajor 01: 25 * u2 cFolders - number of CFFOLDER entries in this cabinet: 26-27 * u2 cFiles - number of CFFILE entries in this cabinet: 28-29 */ BIO_write(hash, ctx->options->indata + 8, 22); /* u2 flags: 30-31 */ flags = GET_UINT16_LE(ctx->options->indata + 30); PUT_UINT16_LE(flags, buf); BIO_write(hash, buf, 2); /* u2 setID must be the same for all cabinets in a set: 32-33 */ BIO_write(hash, ctx->options->indata + 32, 2); /* * u2 iCabinet - number of this cabinet file in a set: 34-35 * u2 cbCFHeader: 36-37 * u1 cbCFFolder: 38 * u1 cbCFData: 39 * u16 abReserve: 40-55 * - Additional data offset: 44-47 * - Additional data size: 48-51 */ BIO_write(outdata, ctx->options->indata + 34, 22); /* u4 abReserve: 56-59 */ BIO_write(hash, ctx->options->indata + 56, 4); i = cab_write_optional_names(outdata, ctx->options->indata, 60, flags); /* * (u8 * cFolders) CFFOLDER - structure contains information about * one of the folders or partial folders stored in this cabinet file */ nfolders = GET_UINT16_LE(ctx->options->indata + 26); while (nfolders) { BIO_write(hash, ctx->options->indata + i, 8); i += 8; nfolders--; } /* Write what's left - the compressed data bytes */ len = ctx->cab_ctx->sigpos - i; while (len > 0) { if (!BIO_write_ex(hash, ctx->options->indata + i, len, &written)) return 0; /* FAILED */ len -= written; i += written; } return 1; /* OK */ } /* * Add signed CAB header. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [out] outdata: outdata file BIO * [returns] 0 on error or 1 on success */ static int cab_add_header(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) { size_t i, written, len; uint32_t tmp; uint16_t nfolders, flags; u_char cabsigned[] = { 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0xde, 0xad, 0xbe, 0xef, /* size of cab file */ 0xde, 0xad, 0xbe, 0xef, /* size of asn1 blob */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; char *buf = OPENSSL_malloc(SIZE_64K); memset(buf, 0, SIZE_64K); /* u1 signature[4] 4643534D MSCF: 0-3 */ BIO_write(hash, ctx->options->indata, 4); /* u4 reserved1 00000000: 4-7 */ BIO_write(outdata, ctx->options->indata + 4, 4); /* u4 cbCabinet - size of this cabinet file in bytes: 8-11 */ tmp = GET_UINT32_LE(ctx->options->indata + 8) + 24; PUT_UINT32_LE(tmp, buf); BIO_write(hash, buf, 4); /* u4 reserved2 00000000: 12-15 */ BIO_write(hash, ctx->options->indata + 12, 4); /* u4 coffFiles - offset of the first CFFILE entry: 16-19 */ tmp = GET_UINT32_LE(ctx->options->indata + 16) + 24; PUT_UINT32_LE(tmp, buf + 4); BIO_write(hash, buf + 4, 4); /* * u4 reserved3 00000000: 20-23 * u1 versionMinor 03: 24 * u1 versionMajor 01: 25 * u2 cFolders - number of CFFOLDER entries in this cabinet: 26-27 * u2 cFiles - number of CFFILE entries in this cabinet: 28-29 */ memcpy(buf + 4, ctx->options->indata + 20, 10); flags = GET_UINT16_LE(ctx->options->indata + 30); buf[4+10] = (char)flags | FLAG_RESERVE_PRESENT; /* u2 setID must be the same for all cabinets in a set: 32-33 */ memcpy(buf + 16, ctx->options->indata + 32, 2); BIO_write(hash, buf + 4, 14); /* u2 iCabinet - number of this cabinet file in a set: 34-35 */ BIO_write(outdata, ctx->options->indata + 34, 2); memcpy(cabsigned + 8, buf, 4); BIO_write(outdata, cabsigned, 20); BIO_write(hash, cabsigned+20, 4); i = cab_write_optional_names(outdata, ctx->options->indata, 36, flags); /* * (u8 * cFolders) CFFOLDER - structure contains information about * one of the folders or partial folders stored in this cabinet file */ nfolders = GET_UINT16_LE(ctx->options->indata + 26); while (nfolders) { tmp = GET_UINT32_LE(ctx->options->indata + i); tmp += 24; PUT_UINT32_LE(tmp, buf); BIO_write(hash, buf, 4); BIO_write(hash, ctx->options->indata + i + 4, 4); i += 8; nfolders--; } OPENSSL_free(buf); /* Write what's left - the compressed data bytes */ len = ctx->cab_ctx->fileend - i; while (len > 0) { if (!BIO_write_ex(hash, ctx->options->indata + i, len, &written)) return 0; /* FAILED */ len -= written; i += written; } return 1; /* OK */ } /* * Check if the signature exists. * [in, out] ctx: structure holds input and output data * [returns] 0 on error or 1 on success */ static int cab_check_file(FILE_FORMAT_CTX *ctx) { if (!ctx) { printf("Init error\n\n"); return 0; /* FAILED */ } if (ctx->cab_ctx->header_size != 20) { printf("No signature found\n\n"); return 0; /* FAILED */ } if (ctx->cab_ctx->sigpos == 0 || ctx->cab_ctx->siglen == 0 || ctx->cab_ctx->sigpos > ctx->cab_ctx->fileend) { printf("No signature found\n\n"); return 0; /* FAILED */ } return 1; /* OK */ } /* Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: */ osslsigncode-2.8/cat.c000066400000000000000000000343441457117515700150170ustar00rootroot00000000000000/* * CAT file support library * * Copyright (C) 2021-2023 Micha┼В Trojnara * Author: Ma┼Вgorzata Olsz├│wka * * Catalog files are a bit odd, in that they are only a PKCS7 blob. * CAT files do not support nesting (multiple signature) */ #include "osslsigncode.h" #include "helpers.h" typedef struct { ASN1_BMPSTRING *tag; ASN1_INTEGER *flags; ASN1_OCTET_STRING *value; } CatNameValueContent; DECLARE_ASN1_FUNCTIONS(CatNameValueContent) ASN1_SEQUENCE(CatNameValueContent) = { ASN1_SIMPLE(CatNameValueContent, tag, ASN1_BMPSTRING), ASN1_SIMPLE(CatNameValueContent, flags, ASN1_INTEGER), ASN1_SIMPLE(CatNameValueContent, value, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(CatNameValueContent) IMPLEMENT_ASN1_FUNCTIONS(CatNameValueContent) struct cat_ctx_st { uint32_t sigpos; uint32_t siglen; uint32_t fileend; PKCS7 *p7; }; /* FILE_FORMAT method prototypes */ static FILE_FORMAT_CTX *cat_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata); static int cat_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7); static PKCS7 *cat_pkcs7_extract(FILE_FORMAT_CTX *ctx); static PKCS7 *cat_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash); static int cat_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7); static void cat_bio_free(BIO *hash, BIO *outdata); static void cat_ctx_cleanup(FILE_FORMAT_CTX *ctx); FILE_FORMAT file_format_cat = { .ctx_new = cat_ctx_new, .verify_digests = cat_verify_digests, .pkcs7_extract = cat_pkcs7_extract, .pkcs7_signature_new = cat_pkcs7_signature_new, .append_pkcs7 = cat_append_pkcs7, .bio_free = cat_bio_free, .ctx_cleanup = cat_ctx_cleanup, }; /* Prototypes */ static CAT_CTX *cat_ctx_get(char *indata, uint32_t filesize); static int cat_add_ms_ctl_object(PKCS7 *p7); static int cat_sign_ms_ctl_content(PKCS7 *p7, PKCS7 *contents); static int cat_list_content(PKCS7 *p7); static int cat_print_content_member_digest(ASN1_TYPE *content); static int cat_print_content_member_name(ASN1_TYPE *content); static void cat_print_base64(ASN1_OCTET_STRING *value); static void cat_print_utf16_as_ascii(ASN1_OCTET_STRING *value); static int cat_check_file(FILE_FORMAT_CTX *ctx); /* * FILE_FORMAT method definitions */ /* * Allocate and return a CAT file format context. * [in, out] options: structure holds the input data * [out] hash: message digest BIO (unused) * [in] outdata: outdata file BIO (unused) * [returns] pointer to CAT file format context */ static FILE_FORMAT_CTX *cat_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata) { FILE_FORMAT_CTX *ctx; CAT_CTX *cat_ctx; uint32_t filesize; if (options->cmd == CMD_REMOVE || options->cmd==CMD_ATTACH || options->cmd == CMD_EXTRACT_DATA) { printf("Unsupported command\n"); return NULL; /* FAILED */ } filesize = get_file_size(options->infile); if (filesize == 0) return NULL; /* FAILED */ options->indata = map_file(options->infile, filesize); if (!options->indata) { return NULL; /* FAILED */ } cat_ctx = cat_ctx_get(options->indata, filesize); if (!cat_ctx) { unmap_file(options->indata, filesize); return NULL; /* FAILED */ } ctx = OPENSSL_malloc(sizeof(FILE_FORMAT_CTX)); ctx->format = &file_format_cat; ctx->options = options; ctx->cat_ctx = cat_ctx; /* Push hash on outdata, if hash is NULL the function does nothing */ BIO_push(hash, outdata); if (options->cmd == CMD_VERIFY) printf("Warning: Use -catalog option to verify that a file, listed in catalog file, is signed\n"); if (options->jp >= 0) printf("Warning: -jp option is only valid for CAB files\n"); if (options->pagehash == 1) printf("Warning: -ph option is only valid for PE files\n"); if (options->add_msi_dse == 1) printf("Warning: -add-msi-dse option is only valid for MSI files\n"); return ctx; } /* * ContentInfo value is the inner content of pkcs7-signedData. * An extra verification is not necessary when a content type data * is the inner content of the signed-data type. */ static int cat_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7) { /* squash unused parameter warnings */ (void)ctx; (void)p7; return 1; /* OK */ } /* * Extract existing signature in DER format. * [in] ctx: structure holds input and output data * [returns] pointer to PKCS#7 structure */ static PKCS7 *cat_pkcs7_extract(FILE_FORMAT_CTX *ctx) { if (!cat_check_file(ctx)) { return NULL; /* FAILED */ } return PKCS7_dup(ctx->cat_ctx->p7); } /* * Create a new PKCS#7 signature. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO (unused) * [returns] pointer to PKCS#7 structure */ static PKCS7 *cat_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash) { PKCS7 *p7 = NULL; /* squash unused parameter warnings */ (void)hash; p7 = pkcs7_create(ctx); if (!p7) { printf("Creating a new signature failed\n"); return NULL; /* FAILED */ } if (!cat_add_ms_ctl_object(p7)) { printf("Adding MS_CTL_OBJID failed\n"); PKCS7_free(p7); return NULL; /* FAILED */ } if (!cat_sign_ms_ctl_content(p7, ctx->cat_ctx->p7->d.sign->contents)) { printf("Failed to set signed content\n"); PKCS7_free(p7); return 0; /* FAILED */ } return p7; /* OK */ } /* * Append signature to the outfile. * [in, out] ctx: structure holds input and output data * [out] outdata: outdata file BIO * [in] p7: PKCS#7 signature * [returns] 1 on error or 0 on success */ static int cat_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) { return data_write_pkcs7(ctx, outdata, p7); } /* * Free up an entire message digest BIO chain. * [out] hash: message digest BIO * [out] outdata: outdata file BIO (unused) * [returns] none */ static void cat_bio_free(BIO *hash, BIO *outdata) { /* squash the unused parameter warning */ (void)outdata; BIO_free_all(hash); } /* * Deallocate a FILE_FORMAT_CTX structure and CAT format specific structure, * unmap indata file. * [in, out] ctx: structure holds all input and output data * [out] hash: message digest BIO * [in] outdata: outdata file BIO * [returns] none */ static void cat_ctx_cleanup(FILE_FORMAT_CTX *ctx) { unmap_file(ctx->options->indata, ctx->cat_ctx->fileend); PKCS7_free(ctx->cat_ctx->p7); OPENSSL_free(ctx->cat_ctx); OPENSSL_free(ctx); } /* * CAT helper functions */ /* * Verify mapped PKCS#7 (CAT) file and create CAT format specific structure. * [in] indata: mapped file * [in] filesize: size of file * [returns] pointer to CAT format specific structure */ static CAT_CTX *cat_ctx_get(char *indata, uint32_t filesize) { CAT_CTX *cat_ctx; PKCS7 *p7; p7 = pkcs7_read_data(indata, filesize); if (!p7) return NULL; /* FAILED */ if (!PKCS7_type_is_signed(p7)) { PKCS7_free(p7); return NULL; /* FAILED */ } cat_ctx = OPENSSL_zalloc(sizeof(CAT_CTX)); cat_ctx->p7 = p7; cat_ctx->sigpos = 0; cat_ctx->siglen = filesize; cat_ctx->fileend = filesize; return cat_ctx; /* OK */ } /* * Add "1.3.6.1.4.1.311.10.1" MS_CTL_OBJID signed attribute * [in, out] p7: new PKCS#7 signature * [returns] 0 on error or 1 on success */ static int cat_add_ms_ctl_object(PKCS7 *p7) { STACK_OF(PKCS7_SIGNER_INFO) *signer_info; PKCS7_SIGNER_INFO *si; signer_info = PKCS7_get_signer_info(p7); if (!signer_info) return 0; /* FAILED */ si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) return 0; /* FAILED */ if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT, OBJ_txt2obj(MS_CTL_OBJID, 1))) return 0; /* FAILED */ return 1; /* OK */ } /* * Sign the MS CTL blob. * Certificate Trust List (CTL) is a list of file names or thumbprints. * All the items in this list are authenticated (approved) by the signing entity. * [in, out] p7: new PKCS#7 signature * [in] contents: Certificate Trust List (CTL) * [returns] 0 on error or 1 on success */ static int cat_sign_ms_ctl_content(PKCS7 *p7, PKCS7 *contents) { u_char *content; int seqhdrlen, content_length; seqhdrlen = asn1_simple_hdr_len(contents->d.other->value.sequence->data, contents->d.other->value.sequence->length); content = contents->d.other->value.sequence->data + seqhdrlen; content_length = contents->d.other->value.sequence->length - seqhdrlen; if (!pkcs7_sign_content(p7, content, content_length)) { printf("Failed to sign content\n"); return 0; /* FAILED */ } if (!PKCS7_set_content(p7, PKCS7_dup(contents))) { printf("PKCS7_set_content failed\n"); return 0; /* FAILED */ } return 1; /* OK */ } /* * Print each member of the CAT file by using the "-verbose" option. * [in, out] p7: catalog file to verify * [returns] 1 on error or 0 on success */ static int cat_list_content(PKCS7 *p7) { MsCtlContent *ctlc; int i; ctlc = ms_ctl_content_get(p7); if (!ctlc) { printf("Failed to extract MS_CTL_OBJID data\n"); return 1; /* FAILED */ } printf("\nCatalog members:\n"); for (i = 0; i < sk_CatalogInfo_num(ctlc->header_attributes); i++) { int j, found = 0; CatalogInfo *header_attr = sk_CatalogInfo_value(ctlc->header_attributes, i); if (header_attr == NULL) continue; for (j = 0; j < sk_CatalogAuthAttr_num(header_attr->attributes); j++) { char object_txt[128]; CatalogAuthAttr *attribute; ASN1_TYPE *content; attribute = sk_CatalogAuthAttr_value(header_attr->attributes, j); if (!attribute) continue; content = catalog_content_get(attribute); if (!content) continue; object_txt[0] = 0x00; OBJ_obj2txt(object_txt, sizeof object_txt, attribute->type, 1); if (!strcmp(object_txt, CAT_NAMEVALUE_OBJID)) { /* CAT_NAMEVALUE_OBJID OID: 1.3.6.1.4.1.311.12.2.1 */ found |= cat_print_content_member_name(content); } else if (!strcmp(object_txt, SPC_INDIRECT_DATA_OBJID)) { /* SPC_INDIRECT_DATA_OBJID OID: 1.3.6.1.4.1.311.2.1.4 */ found |= cat_print_content_member_digest(content); } ASN1_TYPE_free(content); } if (found) printf("\n"); } MsCtlContent_free(ctlc); ERR_print_errors_fp(stdout); return 0; /* OK */ } /* * Print a hash algorithm and a message digest from the SPC_INDIRECT_DATA_OBJID attribute. * [in] content: catalog file content * [returns] 0 on error or 1 on success */ static int cat_print_content_member_digest(ASN1_TYPE *content) { SpcIndirectDataContent *idc; u_char mdbuf[EVP_MAX_MD_SIZE]; const u_char *data ; int mdtype = -1; ASN1_STRING *value; value = content->value.sequence; data = ASN1_STRING_get0_data(value); idc = d2i_SpcIndirectDataContent(NULL, &data, ASN1_STRING_length(value)); if (!idc) return 0; /* FAILED */ if (idc->messageDigest && idc->messageDigest->digest && idc->messageDigest->digestAlgorithm) { /* get a digest algorithm a message digest of the file from the content */ mdtype = OBJ_obj2nid(idc->messageDigest->digestAlgorithm->algorithm); memcpy(mdbuf, idc->messageDigest->digest->data, (size_t)idc->messageDigest->digest->length); } SpcIndirectDataContent_free(idc); if (mdtype == -1) { printf("Failed to extract current message digest\n\n"); return 0; /* FAILED */ } printf("\tHash algorithm: %s\n", OBJ_nid2sn(mdtype)); print_hash("\tMessage digest", "", mdbuf, EVP_MD_size(EVP_get_digestbynid(mdtype))); return 1; /* OK */ } /* * Print a file name from the CAT_NAMEVALUE_OBJID attribute. * [in] content: catalog file content * [returns] 0 on error or 1 on success */ static int cat_print_content_member_name(ASN1_TYPE *content) { CatNameValueContent *nvc; const u_char *data = NULL; ASN1_STRING *value; value = content->value.sequence; data = ASN1_STRING_get0_data(value); nvc = d2i_CatNameValueContent(NULL, &data, ASN1_STRING_length(value)); if (!nvc) { return 0; /* FAILED */ } printf("\tFile name: "); if (ASN1_INTEGER_get(nvc->flags) & 0x00020000) { cat_print_base64(nvc->value); } else { cat_print_utf16_as_ascii(nvc->value); } printf("\n"); CatNameValueContent_free(nvc); return 1; /* OK */ } /* * Print a CAT_NAMEVALUE_OBJID attribute represented in base-64 encoding. * [in] value: catalog member file name * [returns] none */ static void cat_print_base64(ASN1_OCTET_STRING *value) { BIO *stdbio, *b64; stdbio = BIO_new_fp(stdout, BIO_NOCLOSE); b64 = BIO_new(BIO_f_base64()); BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); stdbio = BIO_push(b64, stdbio); ASN1_STRING_print_ex(stdbio, value, 0); BIO_free_all(stdbio); } /* * Print a CAT_NAMEVALUE_OBJID attribute represented in plaintext. * [in] value: catalog member file name * [returns] none */ static void cat_print_utf16_as_ascii(ASN1_OCTET_STRING *value) { const u_char *data; int len, i; data = ASN1_STRING_get0_data(value); len = ASN1_STRING_length(value); for (i = 0; i < len && (data[i] || data[i+1]); i+=2) putchar(isprint(data[i]) && !data[i+1] ? data[i] : '.'); } /* * Check if the signature exists. * [in, out] ctx: structure holds input and output data * [returns] 0 on error or 1 on success */ static int cat_check_file(FILE_FORMAT_CTX *ctx) { STACK_OF(PKCS7_SIGNER_INFO) *signer_info; PKCS7_SIGNER_INFO *si; if (!ctx) { printf("Init error\n\n"); return 0; /* FAILED */ } signer_info = PKCS7_get_signer_info(ctx->cat_ctx->p7); if (!signer_info) { printf("Failed catalog file\n\n"); return 0; /* FAILED */ } si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) { printf("No signature found\n\n"); return 0; /* FAILED */ } if (ctx->options->verbose) { (void)cat_list_content(ctx->cat_ctx->p7); } return 1; /* OK */ } /* Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: */ osslsigncode-2.8/cmake/000077500000000000000000000000001457117515700151545ustar00rootroot00000000000000osslsigncode-2.8/cmake/CMakeDist.cmake000066400000000000000000000027351457117515700177710ustar00rootroot00000000000000# make dist # cmake --build . --target package_source set(CPACK_PACKAGE_NAME ${PROJECT_NAME}) set(CPACK_PACKAGE_VERSION ${PROJECT_VERSION}) set(CPACK_PACKAGE_DESCRIPTION_SUMMARY "OpenSSL based Authenticode signing for PE, CAB, CAT and MSI files") set(CPACK_PACKAGE_INSTALL_DIRECTORY ${CPACK_PACKAGE_NAME}) set(CPACK_RESOURCE_FILE_README "${CMAKE_CURRENT_SOURCE_DIR}/README.md") set(CPACK_RESOURCE_FILE_LICENSE "${CMAKE_CURRENT_SOURCE_DIR}/COPYING.txt") set(CPACK_SOURCE_PACKAGE_FILE_NAME "${CPACK_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}") set(CPACK_SOURCE_GENERATOR "TGZ") set(CPACK_SOURCE_IGNORE_FILES "\.git/;\.gitignore") list(APPEND CPACK_SOURCE_IGNORE_FILES "Makefile") list(APPEND CPACK_SOURCE_IGNORE_FILES "CMakeCache.txt") list(APPEND CPACK_SOURCE_IGNORE_FILES "CMakeFiles") list(APPEND CPACK_SOURCE_IGNORE_FILES "CPackConfig.cmake") list(APPEND CPACK_SOURCE_IGNORE_FILES "CPackSourceConfig.cmake") list(APPEND CPACK_SOURCE_IGNORE_FILES "CTestTestfile.cmake") list(APPEND CPACK_SOURCE_IGNORE_FILES "cmake_install.cmake") list(APPEND CPACK_SOURCE_IGNORE_FILES "config.h") list(APPEND CPACK_SOURCE_IGNORE_FILES "/CMakeFiles/") list(APPEND CPACK_SOURCE_IGNORE_FILES "/Testing/") list(APPEND CPACK_SOURCE_IGNORE_FILES "/_CPack_Packages/") list(APPEND CPACK_SOURCE_IGNORE_FILES "/build/") include(CPack) add_custom_target(dist COMMAND ${CMAKE_MAKE_PROGRAM} package_source) #[[ Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: ]] osslsigncode-2.8/cmake/CMakeTest.cmake000066400000000000000000000655171457117515700200140ustar00rootroot00000000000000# make test # ctest -C Release ########## Configure ########## option(STOP_SERVER "Stop HTTP server after tests" ON) # Remove http proxy configuration that may change behavior unset(ENV{HTTP_PROXY}) unset(ENV{http_proxy}) include(FindPython3) set(TEST_DIR "${PROJECT_BINARY_DIR}/Testing") file(COPY "${CMAKE_CURRENT_SOURCE_DIR}/tests/files" "${CMAKE_CURRENT_SOURCE_DIR}/tests/conf" "${CMAKE_CURRENT_SOURCE_DIR}/tests/client_http.py" DESTINATION "${TEST_DIR}/") file(MAKE_DIRECTORY "${TEST_DIR}/logs") set(FILES "${TEST_DIR}/files") set(CERTS "${TEST_DIR}/certs") set(CONF "${TEST_DIR}/conf") set(LOGS "${TEST_DIR}/logs") set(CLIENT_HTTP "${TEST_DIR}/client_http.py") if(UNIX) file(COPY "${CMAKE_CURRENT_SOURCE_DIR}/tests/server_http.py" DESTINATION "${TEST_DIR}/") set(SERVER_HTTP "${TEST_DIR}/server_http.py") else(UNIX) file(COPY "${CMAKE_CURRENT_SOURCE_DIR}/tests/server_http.pyw" DESTINATION "${TEST_DIR}/") set(SERVER_HTTP "${TEST_DIR}/server_http.pyw") endif(UNIX) file(COPY "${CMAKE_CURRENT_SOURCE_DIR}/tests/certs/ca-bundle.crt" DESTINATION "${CONF}") if(WIN32 OR APPLE) if(WIN32) message(STATUS "Use pythonw to start HTTP server: \"pythonw.exe Testing\\server_http.pyw\"") else(WIN32) message(STATUS "Use python3 to start HTTP server: \"python3 Testing/server_http.py --port 19254\"") endif(WIN32) set(default_certs 1) else(WIN32 OR APPLE) if(Python3_FOUND) if(EXISTS ${LOGS}/port.log) # Stop HTTP server if running message(STATUS "Try to kill HTTP server") execute_process( COMMAND ${Python3_EXECUTABLE} "${CLIENT_HTTP}" WORKING_DIRECTORY ${PROJECT_BINARY_DIR} OUTPUT_VARIABLE client_output RESULT_VARIABLE client_result) if(NOT client_result) # Successfully closed message(STATUS "${client_output}") endif(NOT client_result) endif(EXISTS ${LOGS}/port.log) # Start Time Stamping Authority and CRL distribution point HTTP server execute_process( COMMAND ${Python3_EXECUTABLE} "${SERVER_HTTP}" WORKING_DIRECTORY ${PROJECT_BINARY_DIR} OUTPUT_FILE ${LOGS}/server.log ERROR_FILE ${LOGS}/server.log RESULT_VARIABLE server_error) if(server_error) message(STATUS "HTTP server failed: ${server_error}") message(STATUS "Use python3 to start HTTP server: \"python3 Testing/server_http.py --port 19254\"") set(default_certs 1) else(server_error) # Check if file exists and is no-empty while(NOT EXISTS ${LOGS}/port.log) execute_process(COMMAND sleep 1) endwhile(NOT EXISTS ${LOGS}/port.log) file(READ ${LOGS}/port.log PORT) while(NOT PORT) execute_process(COMMAND sleep 1) file(READ ${LOGS}/port.log PORT) endwhile(NOT PORT) file(STRINGS ${LOGS}/server.log server_log) message(STATUS "${server_log}") # Generate new cTest certificates if(NOT SED_EXECUTABLE) find_program(SED_EXECUTABLE sed) mark_as_advanced(SED_EXECUTABLE) endif(NOT SED_EXECUTABLE) execute_process( COMMAND ${SED_EXECUTABLE} -i.bak s/:19254/:${PORT}/ "${CONF}/openssl_intermediate_crldp.cnf" COMMAND ${SED_EXECUTABLE} -i.bak s/:19254/:${PORT}/ "${CONF}/openssl_tsa_root.cnf") execute_process( COMMAND "${CONF}/makecerts.sh" WORKING_DIRECTORY ${CONF} OUTPUT_VARIABLE makecerts_output RESULT_VARIABLE default_certs) message(STATUS "${makecerts_output}") endif(server_error) endif(Python3_FOUND) endif(WIN32 OR APPLE) # Copy the set of default certificates if(default_certs) message(STATUS "Default certificates used by cTest") set(PORT 19254) file(COPY "${CMAKE_CURRENT_SOURCE_DIR}/tests/certs" DESTINATION "${TEST_DIR}") endif(default_certs) # Compute a SHA256 hash of the leaf certificate (in DER form) execute_process( COMMAND ${CMAKE_COMMAND} -E sha256sum "${CERTS}/cert.der" OUTPUT_VARIABLE sha256sum) string(SUBSTRING ${sha256sum} 0 64 leafhash) ########## Testing ########## enable_testing() set(extensions_all "exe" "ex_" "msi" "256appx" "512appx" "cat" "ps1" "psc1" "mof") set(extensions_nocat "exe" "ex_" "msi" "256appx" "512appx" "ps1" "psc1" "mof") set(extensions_nocatappx "exe" "ex_" "msi" "ps1" "psc1" "mof") set(formats "pem" "der") # Test 1 # Print osslsigncode version add_test(NAME version COMMAND osslsigncode --version) ### Sign ### # Tests 2-7 # Sign with PKCS#12 container with legacy RC2-40-CBC private key and certificate encryption algorithm foreach(ext ${extensions_all}) add_test( NAME legacy_${ext} COMMAND osslsigncode "sign" "-pkcs12" "${CERTS}/legacy.p12" "-readpass" "${CERTS}/password.txt" "-ac" "${CERTS}/CAcross.pem" "-time" "1556668800" # Signing time: May 1 00:00:00 2019 GMT "-add-msi-dse" "-comm" "-ph" "-jp" "low" "-h" "sha512" "-i" "https://www.osslsigncode.com/" "-n" "osslsigncode" "-in" "${FILES}/unsigned.${ext}" "-out" "${FILES}/legacy.${ext}") endforeach(ext ${extensions_all}) # Tests 8-13 # Sign with PKCS#12 container with legacy RC2-40-CBC private key and certificate encryption algorithm # Disable legacy mode and don't automatically load the legacy provider # Option "-nolegacy" requires OpenSSL 3.0.0 or later # This tests are expected to fail if(OPENSSL_VERSION VERSION_GREATER_EQUAL 3.0.0) foreach(ext ${extensions_all}) add_test( NAME nolegacy_${ext} COMMAND osslsigncode "sign" "-pkcs12" "${CERTS}/legacy.p12" "-readpass" "${CERTS}/password.txt" "-nolegacy" # Disable legacy mode "-ac" "${CERTS}/CAcross.pem" "-time" "1556668800" # Signing time: May 1 00:00:00 2019 GMT "-add-msi-dse" "-comm" "-ph" "-jp" "low" "-h" "sha512" "-i" "https://www.osslsigncode.com/" "-n" "osslsigncode" "-in" "${FILES}/unsigned.${ext}" "-out" "${FILES}/nolegacy.${ext}") set_tests_properties( nolegacy_${ext} PROPERTIES WILL_FAIL TRUE) endforeach(ext ${extensions_all}) endif(OPENSSL_VERSION VERSION_GREATER_EQUAL 3.0.0) # Tests 14-19 # Sign with PKCS#12 container with AES-256-CBC private key and certificate encryption algorithm foreach(ext ${extensions_all}) add_test( NAME signed_${ext} COMMAND osslsigncode "sign" "-pkcs12" "${CERTS}/cert.p12" "-readpass" "${CERTS}/password.txt" "-ac" "${CERTS}/CAcross.pem" "-time" "1556668800" # Signing time: May 1 00:00:00 2019 GMT "-add-msi-dse" "-comm" "-ph" "-jp" "low" "-h" "sha512" "-i" "https://www.osslsigncode.com/" "-n" "osslsigncode" "-in" "${FILES}/unsigned.${ext}" "-out" "${FILES}/signed.${ext}") endforeach(ext ${extensions_all}) # Tests 20-25 # Sign with revoked certificate foreach(ext ${extensions_all}) add_test( NAME revoked_${ext} COMMAND osslsigncode "sign" "-certs" "${CERTS}/revoked.pem" "-key" "${CERTS}/keyp.pem" "-readpass" "${CERTS}/password.txt" "-ac" "${CERTS}/CAcross.pem" "-time" "1556668800" # Signing time: May 1 00:00:00 2019 GMT "-add-msi-dse" "-comm" "-ph" "-jp" "low" "-h" "sha512" "-i" "https://www.osslsigncode.com/" "-n" "osslsigncode" "-in" "${FILES}/unsigned.${ext}" "-out" "${FILES}/revoked.${ext}") endforeach(ext ${extensions_all}) # Tests 26-30 # Remove signature # Unsupported command for CAT files foreach(ext ${extensions_nocat}) add_test( NAME removed_${ext} COMMAND osslsigncode "remove-signature" "-in" "${FILES}/signed.${ext}" "-out" "${FILES}/removed.${ext}") set_tests_properties( removed_${ext} PROPERTIES DEPENDS "signed_${ext}" REQUIRED_FILES "${FILES}/signed.${ext}") endforeach(ext ${extensions_nocat}) # Tests 31-36 # Extract PKCS#7 signature in PEM format foreach(ext ${extensions_all}) add_test( NAME extract_pem_${ext} COMMAND osslsigncode "extract-signature" "-pem" # PEM format "-in" "${FILES}/signed.${ext}" "-out" "${FILES}/${ext}.pem") set_tests_properties( extract_pem_${ext} PROPERTIES DEPENDS "signed_${ext}" REQUIRED_FILES "${FILES}/signed.${ext}") endforeach(ext ${extensions_all}) # Tests 37-42 # Extract PKCS#7 signature in default DER format foreach(ext ${extensions_all}) add_test( NAME extract_der_${ext} COMMAND osslsigncode "extract-signature" "-in" "${FILES}/signed.${ext}" "-out" "${FILES}/${ext}.der") set_tests_properties( extract_der_${ext} PROPERTIES DEPENDS "signed_${ext}" REQUIRED_FILES "${FILES}/signed.${ext}") endforeach(ext ${extensions_all}) # Tests 43-52 # Attach a nested signature in PEM or DER format # Unsupported command for CAT files foreach(ext ${extensions_nocat}) foreach(format ${formats}) add_test( NAME attached_${format}_${ext} COMMAND osslsigncode "attach-signature" # sign options "-require-leaf-hash" "SHA256:${leafhash}" "-add-msi-dse" "-h" "sha512" "-nest" "-sigin" "${FILES}/${ext}.${format}" "-in" "${FILES}/signed.${ext}" "-out" "${FILES}/attached_${format}.${ext}" # verify options "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT "-CAfile" "${CERTS}/CACert.pem" "-CRLfile" "${CERTS}/CACertCRL.pem") set_tests_properties( attached_${format}_${ext} PROPERTIES DEPENDS "signed_${ext}:extract_${format}_${ext}" REQUIRED_FILES "${FILES}/signed.${ext}" REQUIRED_FILES "${FILES}/${ext}.${format}") endforeach(format ${formats}) endforeach(ext ${extensions_nocat}) # Tests 53-58 # Add an unauthenticated blob to a previously-signed file foreach(ext ${extensions_all}) add_test( NAME added_${ext} COMMAND osslsigncode "add" "-addUnauthenticatedBlob" "-add-msi-dse" "-h" "sha512" "-in" "${FILES}/signed.${ext}" "-out" "${FILES}/added.${ext}") set_tests_properties( added_${ext} PROPERTIES DEPENDS "signed_${ext}" REQUIRED_FILES "${FILES}/signed.${ext}") endforeach(ext ${extensions_all}) # Tests 59-64 # Add the new nested signature instead of replacing the first one # APPX files do not support nesting (multiple signature) foreach(ext ${extensions_all}) add_test( NAME nested_${ext} COMMAND osslsigncode "sign" "-nest" "-certs" "${CERTS}/cert.pem" "-key" "${CERTS}/key.der" "-pass" "passme" "-ac" "${CERTS}/CAcross.pem" "-time" "1556755200" # Signing time: May 2 00:00:00 2019 GMT "-add-msi-dse" "-comm" "-ph" "-jp" "low" "-h" "sha512" "-i" "https://www.osslsigncode.com/" "-n" "osslsigncode" "-in" "${FILES}/signed.${ext}" "-out" "${FILES}/nested.${ext}") set_tests_properties( nested_${ext} PROPERTIES DEPENDS "signed_${ext}" REQUIRED_FILES "${FILES}/signed.${ext}") endforeach(ext ${extensions_all}) ### Verify signature ### # Tests 65-67 # Verify PE/MSI/CAB files signed in the catalog file # CAT and APPX files do not support detached PKCS#7 signature foreach(ext ${extensions_nocatappx}) add_test( NAME verify_catalog_${ext} COMMAND osslsigncode "verify" "-catalog" "${FILES}/signed.cat" # catalog file "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT "-require-leaf-hash" "SHA256:${leafhash}" "-CAfile" "${CERTS}/CACert.pem" "-CRLfile" "${CERTS}/CACertCRL.pem" "-in" "${FILES}/unsigned.${ext}") set_tests_properties( verify_catalog_${ext} PROPERTIES DEPENDS "signed_${ext}" REQUIRED_FILES "${FILES}/signed.cat" REQUIRED_FILES "${FILES}/unsigned.${ext}") endforeach(ext ${extensions_nocatappx}) # Tests 68-97 # Verify signature set(files "legacy" "signed" "nested" "added" "revoked") foreach(file ${files}) foreach(ext ${extensions_all}) add_test( NAME verify_${file}_${ext} COMMAND osslsigncode "verify" "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT "-CAfile" "${CERTS}/CACert.pem" "-CRLfile" "${CERTS}/CACertCRL.pem" "-in" "${FILES}/${file}.${ext}") set_tests_properties( verify_${file}_${ext} PROPERTIES DEPENDS "${file}_${ext}" REQUIRED_FILES "${FILES}/${file}.${ext}") endforeach(ext ${extensions_all}) endforeach(file ${files}) # "revoked" tests are expected to fail set(files "revoked") foreach(file ${files}) foreach(ext ${extensions_all}) set_tests_properties( verify_${file}_${ext} PROPERTIES WILL_FAIL TRUE) endforeach(ext ${extensions_all}) endforeach(file ${files}) # Tests 98-102 # Verify removed signature # "removed" tests are expected to fail # "remove-signature" command is unsupported for CAT files set(files "removed") foreach(file ${files}) foreach(ext ${extensions_nocat}) add_test( NAME verify_${file}_${ext} COMMAND osslsigncode "verify" "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT "-CAfile" "${CERTS}/CACert.pem" "-CRLfile" "${CERTS}/CACertCRL.pem" "-in" "${FILES}/${file}.${ext}") set_tests_properties( verify_${file}_${ext} PROPERTIES DEPENDS "${file}_${ext}" REQUIRED_FILES "${FILES}/${file}.${ext}" WILL_FAIL TRUE) endforeach(ext ${extensions_nocat}) endforeach(file ${files}) # Tests 103-112 # Verify attached signature # "attach-signature" command is unsupported for CAT files set(files "attached_pem" "attached_der") foreach(file ${files}) foreach(ext ${extensions_nocat}) add_test( NAME verify_${file}_${ext} COMMAND osslsigncode "verify" "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT "-CAfile" "${CERTS}/CACert.pem" "-CRLfile" "${CERTS}/CACertCRL.pem" "-in" "${FILES}/${file}.${ext}") set_tests_properties( verify_${file}_${ext} PROPERTIES DEPENDS "${file}_${ext}" REQUIRED_FILES "${FILES}/${file}.${ext}") endforeach(ext ${extensions_nocat}) endforeach(file ${files}) if((Python3_FOUND OR server_error) AND CURL_FOUND) ### Sign with Time-Stamp Authority ### # Tests 113-142 # Sign with the RFC3161 Time-Stamp Authority # Use "cert" "expired" "revoked" without X509v3 CRL Distribution Points extension # and "cert_crldp" "revoked_crldp" contain X509v3 CRL Distribution Points extension set(pem_certs "cert" "expired" "revoked" "cert_crldp" "revoked_crldp") foreach(ext ${extensions_all}) foreach(cert ${pem_certs}) add_test( NAME sign_ts_${cert}_${ext} COMMAND osslsigncode "sign" "-certs" "${CERTS}/${cert}.pem" "-key" "${CERTS}/key.pem" "-ac" "${CERTS}/CAcross.pem" "-comm" "-ph" "-jp" "low" "-h" "sha384" "-i" "https://www.osslsigncode.com/" "-n" "osslsigncode" "-time" "1556668800" # Signing time: May 1 00:00:00 2019 GMT "-ts" "http://127.0.0.1:${PORT}" "-in" "${FILES}/unsigned.${ext}" "-out" "${FILES}/ts_${cert}.${ext}") set_tests_properties( sign_ts_${cert}_${ext} PROPERTIES ENVIRONMENT "HTTP_PROXY=;http_proxy=;" REQUIRED_FILES "${LOGS}/port.log") endforeach(cert ${pem_certs}) endforeach(ext ${extensions_all}) ### Verify Time-Stamp Authority ### # Tests 143-148 # Signature verification time: Sep 1 00:00:00 2019 GMT foreach(ext ${extensions_all}) add_test( NAME verify_ts_cert_${ext} COMMAND osslsigncode "verify" "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT "-CAfile" "${CERTS}/CACert.pem" "-TSA-CAfile" "${CERTS}/TSACA.pem" "-in" "${FILES}/ts_cert.${ext}") set_tests_properties( verify_ts_cert_${ext} PROPERTIES ENVIRONMENT "HTTP_PROXY=;http_proxy=;" DEPENDS "sign_ts_cert_${ext}" REQUIRED_FILES "${FILES}/ts_cert.${ext}" REQUIRED_FILES "${LOGS}/port.log") endforeach(ext ${extensions_all}) # Tests 149-154 # Signature verification time: Jan 1 00:00:00 2035 GMT foreach(ext ${extensions_all}) add_test( NAME verify_ts_future_${ext} COMMAND osslsigncode "verify" "-time" "2051222400" # Signature verification time: Jan 1 00:00:00 2035 GMT "-CAfile" "${CERTS}/CACert.pem" "-TSA-CAfile" "${CERTS}/TSACA.pem" "-in" "${FILES}/ts_cert.${ext}") set_tests_properties( verify_ts_future_${ext} PROPERTIES ENVIRONMENT "HTTP_PROXY=;http_proxy=;" DEPENDS "sign_ts_cert_${ext}" REQUIRED_FILES "${FILES}/ts_cert.${ext}" REQUIRED_FILES "${LOGS}/port.log") endforeach(ext ${extensions_all}) # Tests 155-160 # Verify with ignored timestamp # This tests are expected to fail foreach(ext ${extensions_all}) add_test( NAME verify_ts_ignore_${ext} COMMAND osslsigncode "verify" "-time" "2051222400" # Signature verification time: Jan 1 00:00:00 2035 GMT "-ignore-timestamp" "-CAfile" "${CERTS}/CACert.pem" "-TSA-CAfile" "${CERTS}/TSACA.pem" "-in" "${FILES}/ts_cert.${ext}") set_tests_properties( verify_ts_ignore_${ext} PROPERTIES ENVIRONMENT "HTTP_PROXY=;http_proxy=;" DEPENDS "sign_ts_cert_${ext}" REQUIRED_FILES "${FILES}/ts_cert.${ext}" REQUIRED_FILES "${LOGS}/port.log" WILL_FAIL TRUE) endforeach(ext ${extensions_all}) ### Verify CRL Distribution Points ### # Tests 161-166 # Verify file signed with X509v3 CRL Distribution Points extension # Signature verification time: Sep 1 00:00:00 2019 GMT # Check X509v3 CRL Distribution Points extension, don't use "-CRLfile" and "-TSA-CRLfile" options foreach(ext ${extensions_all}) add_test( NAME verify_ts_cert_crldp_${ext} COMMAND osslsigncode "verify" "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT "-CAfile" "${CERTS}/CACert.pem" "-TSA-CAfile" "${CERTS}/TSACA.pem" "-in" "${FILES}/ts_cert_crldp.${ext}") set_tests_properties( verify_ts_cert_crldp_${ext} PROPERTIES ENVIRONMENT "HTTP_PROXY=;http_proxy=;" DEPENDS "sign_ts_cert_crldp_${ext}" REQUIRED_FILES "${FILES}/ts_cert_crldp.${ext}" REQUIRED_FILES "${LOGS}/port.log") endforeach(ext ${extensions_all}) # Tests 167-183 # Verify with expired or revoked certificate without X509v3 CRL Distribution Points extension # This tests are expected to fail set(failed_certs "expired" "revoked") foreach(ext ${extensions_all}) foreach(cert ${failed_certs}) add_test( NAME verify_ts_${cert}_${ext} COMMAND osslsigncode "verify" "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT "-CAfile" "${CERTS}/CACert.pem" "-CRLfile" "${CERTS}/CACertCRL.pem" "-TSA-CAfile" "${CERTS}/TSACA.pem" "-in" "${FILES}/ts_${cert}.${ext}") set_tests_properties( verify_ts_${cert}_${ext} PROPERTIES ENVIRONMENT "HTTP_PROXY=;http_proxy=;" DEPENDS "sign_ts_${cert}_${ext}" REQUIRED_FILES "${FILES}/ts_${cert}.${ext}" REQUIRED_FILES "${LOGS}/port.log" WILL_FAIL TRUE) endforeach(cert ${failed_certs}) endforeach(ext ${extensions_all}) # Tests 178-184 # Verify with revoked certificate contains X509v3 CRL Distribution Points extension # Check X509v3 CRL Distribution Points extension, don't use "-CRLfile" and "-TSA-CRLfile" options # This test is expected to fail foreach(ext ${extensions_all}) add_test( NAME verify_ts_revoked_crldp_${ext} COMMAND osslsigncode "verify" "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT "-CAfile" "${CERTS}/CACert.pem" "-TSA-CAfile" "${CERTS}/TSACA.pem" "-in" "${FILES}/ts_revoked_crldp.${ext}") set_tests_properties( verify_ts_revoked_crldp_${ext} PROPERTIES ENVIRONMENT "HTTP_PROXY=;http_proxy=;" DEPENDS "sign_ts_revoked_crldp_${ext}" REQUIRED_FILES "${FILES}/ts_revoked_crldp.${ext}" REQUIRED_FILES "${LOGS}/port.log" WILL_FAIL TRUE) endforeach(ext ${extensions_all}) # Tests 185-234 # Unsupported command "extract-data" for CAT files foreach(ext ${extensions_nocat}) # Extract PKCS#7 with data content, output in PEM format add_test( NAME data_${ext}_pem COMMAND osslsigncode "extract-data" "-ph" "-h" "sha384" "-add-msi-dse" "-pem" # PEM format "-in" "${FILES}/unsigned.${ext}" "-out" "${FILES}/data_${ext}.pem") # Extract PKCS#7 with data content, output in default DER format add_test( NAME data_${ext}_der COMMAND osslsigncode "extract-data" "-ph" "-h" "sha384" "-add-msi-dse" "-in" "${FILES}/unsigned.${ext}" "-out" "${FILES}/data_${ext}.der") # Sign a data content, output in DER format foreach(data_format ${formats}) add_test( NAME signed_data_${ext}_${data_format} COMMAND osslsigncode "sign" "-pkcs12" "${CERTS}/cert.p12" "-readpass" "${CERTS}/password.txt" "-ac" "${CERTS}/CAcross.pem" "-time" "1556668800" # Signing time: May 1 00:00:00 2019 GMT "-add-msi-dse" "-comm" "-ph" "-jp" "low" "-h" "sha384" "-i" "https://www.osslsigncode.com/" "-n" "osslsigncode" "-in" "${FILES}/data_${ext}.${data_format}" "-out" "${FILES}/signed_data_${ext}_${data_format}.der") endforeach(data_format ${formats}) # Sign a data content, output in PEM format foreach(data_format ${formats}) add_test( NAME signed_data_pem_${ext}_${data_format} COMMAND osslsigncode "sign" "-pkcs12" "${CERTS}/cert.p12" "-readpass" "${CERTS}/password.txt" "-ac" "${CERTS}/CAcross.pem" "-time" "1556668800" # Signing time: May 1 00:00:00 2019 GMT "-add-msi-dse" "-comm" "-ph" "-jp" "low" "-h" "sha384" "-i" "https://www.osslsigncode.com/" "-n" "osslsigncode" "-pem" # PEM format "-in" "${FILES}/data_${ext}.${data_format}" "-out" "${FILES}/signed_data_${ext}_${data_format}.pem") endforeach(data_format ${formats}) # Attach signature in PEM or DER format foreach(data_format ${formats}) foreach(format ${formats}) add_test( NAME attached_data_${ext}_${data_format}_${format} COMMAND osslsigncode "attach-signature" # sign options "-require-leaf-hash" "SHA256:${leafhash}" "-add-msi-dse" "-h" "sha384" "-sigin" "${FILES}/signed_data_${ext}_${data_format}.${format}" "-in" "${FILES}/unsigned.${ext}" "-out" "${FILES}/attached_data_${data_format}_${format}.${ext}" # verify options "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT "-CAfile" "${CERTS}/CACert.pem" "-CRLfile" "${CERTS}/CACertCRL.pem") set_tests_properties( attached_${format}_${ext} PROPERTIES DEPENDS "signed_data_${ext}_${data_format}:data_${ext}_${format}") endforeach(format ${formats}) endforeach(data_format ${formats}) endforeach(ext ${extensions_nocat}) ### Cleanup ### # Stop HTTP server if(STOP_SERVER) add_test(NAME stop_server COMMAND ${Python3_EXECUTABLE} "${CLIENT_HTTP}") set_tests_properties( stop_server PROPERTIES REQUIRED_FILES "${LOGS}/port.log") else(STOP_SERVER) message(STATUS "Keep HTTP server after tests") endif(STOP_SERVER) else((Python3_FOUND OR server_error) AND CURL_FOUND) message(STATUS "CTest skips some tests") endif((Python3_FOUND OR server_error) AND CURL_FOUND) # Delete test files set(names "legacy" "signed" "signed_crldp" "nested" "revoked" "removed" "added") foreach(ext ${extensions_all}) foreach(name ${names}) set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/${name}.${ext}") endforeach(name ${names}) foreach(cert ${pem_certs}) set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/ts_${cert}.${ext}") endforeach(cert ${pem_certs}) foreach(format ${formats}) set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/${ext}.${format}") set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/${ext}.${format}") set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/attached_${format}.${ext}") set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/data_${ext}.${format}") foreach(data_format ${formats}) set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/signed_data_${ext}_${format}.${data_format}") set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/attached_data_${data_format}_${format}.${ext}") endforeach(data_format ${formats}) endforeach(format ${formats}) set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/jreq.tsq") set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/jresp.tsr") endforeach(ext ${extensions_all}) add_test(NAME remove_files COMMAND ${CMAKE_COMMAND} -E rm -f ${OUTPUT_FILES}) #[[ Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: ]] osslsigncode-2.8/cmake/FindHeaders.cmake000066400000000000000000000012351457117515700203330ustar00rootroot00000000000000include(CheckIncludeFile) include(CheckFunctionExists) if(UNIX) check_function_exists(getpass HAVE_GETPASS) check_include_file(termios.h HAVE_TERMIOS_H) check_include_file(sys/mman.h HAVE_SYS_MMAN_H) if(HAVE_SYS_MMAN_H) check_function_exists(mmap HAVE_MMAP) endif(HAVE_SYS_MMAN_H) else(UNIX) check_include_file(windows.h HAVE_MAPVIEWOFFILE) endif(UNIX) if(NOT (HAVE_MMAP OR HAVE_MAPVIEWOFFILE)) message(FATAL_ERROR "Error: Need file mapping function to build.") endif(NOT (HAVE_MMAP OR HAVE_MAPVIEWOFFILE)) #[[ Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: ]] osslsigncode-2.8/cmake/SetBashCompletion.cmake000066400000000000000000000023571457117515700215500ustar00rootroot00000000000000# This list describes the default variables included in the bash-completion package: # BASH_COMPLETION_VERSION "@VERSION@" # BASH_COMPLETION_PREFIX "@prefix@" # BASH_COMPLETION_COMPATDIR "@sysconfdir@/bash_completion.d" # BASH_COMPLETION_COMPLETIONSDIR "@datadir@/@PACKAGE@/completions" # BASH_COMPLETION_HELPERSDIR "@datadir@/@PACKAGE@/helpers" # BASH_COMPLETION_FOUND "TRUE" # https://github.com/scop/bash-completion/blob/master/bash-completion-config.cmake.in if(NOT MSVC) if(BASH_COMPLETION_USER_DIR) set(BASH_COMPLETION_COMPLETIONSDIR "${BASH_COMPLETION_USER_DIR}/bash-completion/completions") else(BASH_COMPLETION_USER_DIR) find_package(bash-completion QUIET) if(NOT BASH_COMPLETION_FOUND) set(SHAREDIR "${CMAKE_INSTALL_PREFIX}/share") set(BASH_COMPLETION_COMPLETIONSDIR "${SHAREDIR}/bash-completion/completions") endif(NOT BASH_COMPLETION_FOUND) endif(BASH_COMPLETION_USER_DIR) message(STATUS "Using bash completions dir ${BASH_COMPLETION_COMPLETIONSDIR}") install(FILES "osslsigncode.bash" DESTINATION ${BASH_COMPLETION_COMPLETIONSDIR}) endif(NOT MSVC) #[[ Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: ]] osslsigncode-2.8/cmake/SetCompilerFlags.cmake000066400000000000000000000121141457117515700213600ustar00rootroot00000000000000include(CheckCCompilerFlag) set(CMAKE_REQUIRED_QUIET ON) function(add_debug_flag_if_supported flagname targets) check_c_compiler_flag("${flagname}" HAVE_FLAG_${flagname}) if (HAVE_FLAG_${flagname}) foreach(target ${targets}) target_compile_options(${target} PRIVATE $<$:${flagname}>) endforeach(target ${targets}) endif(HAVE_FLAG_${flagname}) endfunction(add_debug_flag_if_supported flagname targets) function(add_compile_flag_to_targets targets) set(CHECKED_DEBUG_FLAGS "-ggdb" "-g" "-O2" "-pedantic" "-Wall" "-Wextra" "-Wno-long-long" "-Wconversion" "-D_FORTIFY_SOURCE=2" "-Wformat=2" "-Wredundant-decls" "-Wcast-qual" "-Wnull-dereference" "-Wno-deprecated-declarations" "-Wmissing-declarations" "-Wmissing-prototypes" "-Wmissing-noreturn" "-Wmissing-braces" "-Wparentheses" "-Wstrict-aliasing=3" "-Wstrict-overflow=2" "-Wlogical-op" "-Wwrite-strings" "-Wcast-align=strict" "-Wdisabled-optimization" "-Wshift-overflow=2" "-Wundef" "-Wshadow" "-Wmisleading-indentation" "-Wabsolute-value" "-Wunused-parameter" "-Wunused-function") foreach(flag ${CHECKED_DEBUG_FLAGS}) add_debug_flag_if_supported(${flag} ${targets}) endforeach(flag ${CHECKED_DEBUG_FLAGS}) endfunction(add_compile_flag_to_targets targets) function(add_compile_flags target) if(MSVC) # Enable parallel builds target_compile_options(${target} PRIVATE /MP) # Use address space layout randomization, generate PIE code for ASLR (default on) target_link_options(${target} PRIVATE /DYNAMICBASE) # Create terminal server aware application (default on) target_link_options(${target} PRIVATE /TSAWARE) # Mark the binary as compatible with Intel Control-flow Enforcement Technology (CET) Shadow Stack target_link_options(${target} PRIVATE /CETCOMPAT) # Enable compiler generation of Control Flow Guard security checks target_compile_options(${target} PRIVATE /guard:cf) target_link_options(${target} PRIVATE /guard:cf) # Buffer Security Check target_compile_options(${target} PRIVATE /GS) # Suppress startup banner target_link_options(${target} PRIVATE /NOLOGO) # Generate debug info target_link_options(${target} PRIVATE /DEBUG) if("${CMAKE_SIZEOF_VOID_P}" STREQUAL "8") # High entropy ASLR for 64 bits targets (default on) target_link_options(${target} PRIVATE /HIGHENTROPYVA) # Enable generation of EH Continuation (EHCONT) metadata by the compiler #target_compile_options(${target} PRIVATE /guard:ehcont) #target_link_options(${target} PRIVATE /guard:ehcont) else("${CMAKE_SIZEOF_VOID_P}" STREQUAL "8") # Can handle addresses larger than 2 gigabytes target_link_options(${target} PRIVATE /LARGEADDRESSAWARE) # Safe structured exception handlers (x86 only) target_link_options(${target} PRIVATE /SAFESEH) endif("${CMAKE_SIZEOF_VOID_P}" STREQUAL "8") target_compile_options(${target} PRIVATE $<$:/D_FORTIFY_SOURCE=2>) # Unrecognized compiler options are errors target_compile_options(${target} PRIVATE $<$:/options:strict>) else(MSVC) check_c_compiler_flag("-fstack-protector-all" HAVE_STACK_PROTECTOR_ALL) if(HAVE_STACK_PROTECTOR_ALL) target_link_options(${target} PRIVATE -fstack-protector-all) else(HAVE_STACK_PROTECTOR_ALL) check_c_compiler_flag("-fstack-protector" HAVE_STACK_PROTECTOR) if(HAVE_STACK_PROTECTOR) target_link_options(${target} PRIVATE -fstack-protector) else(HAVE_STACK_PROTECTOR) message(WARNING "No stack protection supported") endif(HAVE_STACK_PROTECTOR) endif(HAVE_STACK_PROTECTOR_ALL) # Support address space layout randomization (ASLR) if(NOT (MINGW OR CYGWIN OR CMAKE_C_COMPILER_ID STREQUAL "AppleClang" OR ((CMAKE_SYSTEM_NAME MATCHES Darwin) AND (CMAKE_C_COMPILER_ID MATCHES Clang)))) target_compile_options(${target} PRIVATE -fPIE) target_link_options(${target} PRIVATE -fPIE -pie) target_link_options(${target} PRIVATE -Wl,-z,relro) target_link_options(${target} PRIVATE -Wl,-z,now) target_link_options(${target} PRIVATE -Wl,-z,noexecstack) endif(NOT (MINGW OR CYGWIN OR CMAKE_C_COMPILER_ID STREQUAL "AppleClang" OR ((CMAKE_SYSTEM_NAME MATCHES Darwin) AND (CMAKE_C_COMPILER_ID MATCHES Clang)))) target_link_options(${target} PRIVATE -fstack-check) add_compile_flag_to_targets(${target}) endif(MSVC) endfunction(add_compile_flags target) add_compile_flags(osslsigncode) #[[ Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: ]] osslsigncode-2.8/helpers.c000066400000000000000000000577331457117515700157210ustar00rootroot00000000000000/* * osslsigncode support library * * Copyright (C) 2021-2023 Micha┼В Trojnara * Author: Ma┼Вgorzata Olsz├│wka */ #include "osslsigncode.h" #include "helpers.h" /* Prototypes */ static SpcSpOpusInfo *spc_sp_opus_info_create(FILE_FORMAT_CTX *ctx); static int spc_indirect_data_content_create(u_char **blob, int *len, FILE_FORMAT_CTX *ctx); static int pkcs7_signer_info_add_spc_sp_opus_info(PKCS7_SIGNER_INFO *si, FILE_FORMAT_CTX *ctx); static int pkcs7_signer_info_add_signing_time(PKCS7_SIGNER_INFO *si, FILE_FORMAT_CTX *ctx); static int pkcs7_signer_info_add_purpose(PKCS7_SIGNER_INFO *si, FILE_FORMAT_CTX *ctx); static int pkcs7_signer_info_add_sequence_number(PKCS7_SIGNER_INFO *si, FILE_FORMAT_CTX *ctx); static STACK_OF(X509) *X509_chain_get_sorted(FILE_FORMAT_CTX *ctx, int signer); static int X509_compare(const X509 *const *a, const X509 *const *b); /* * Common functions */ /* * [in] infile * [returns] file size */ uint32_t get_file_size(const char *infile) { int ret; #ifdef _WIN32 struct _stat64 st; ret = _stat64(infile, &st); #else struct stat st; ret = stat(infile, &st); #endif if (ret) { printf("Failed to open file: %s\n", infile); return 0; } if (st.st_size < 4) { printf("Unrecognized file type - file is too short: %s\n", infile); return 0; } if (st.st_size > UINT32_MAX) { printf("Unsupported file - too large: %s\n", infile); return 0; } return (uint32_t)st.st_size; } /* * [in] infile: starting address for the new mapping * [returns] pointer to the mapped area */ char *map_file(const char *infile, const size_t size) { char *indata = NULL; #ifdef WIN32 HANDLE fhandle, fmap; (void)size; fhandle = CreateFile(infile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL); if (fhandle == INVALID_HANDLE_VALUE) { return NULL; } fmap = CreateFileMapping(fhandle, NULL, PAGE_READONLY, 0, 0, NULL); CloseHandle(fhandle); if (fmap == NULL) { return NULL; } indata = (char *)MapViewOfFile(fmap, FILE_MAP_READ, 0, 0, 0); CloseHandle(fmap); #else #ifdef HAVE_SYS_MMAN_H int fd = open(infile, O_RDONLY); if (fd < 0) { return NULL; } indata = mmap(0, size, PROT_READ, MAP_PRIVATE, fd, 0); if (indata == MAP_FAILED) { close(fd); return NULL; } close(fd); #else printf("No file mapping function\n"); return NULL; #endif /* HAVE_SYS_MMAN_H */ #endif /* WIN32 */ return indata; } /* * [in] indata: starting address space * [in] size: mapped area length * [returns] none */ void unmap_file(char *indata, const size_t size) { if (!indata) return; #ifdef WIN32 (void)size; UnmapViewOfFile(indata); #else munmap(indata, size); #endif /* WIN32 */ } /* * Retrieve a decoded PKCS#7 structure * [in] data: encoded PEM or DER data * [in] size: data size * [returns] pointer to PKCS#7 structure */ PKCS7 *pkcs7_read_data(char *data, uint32_t size) { PKCS7 *p7 = NULL; BIO *bio; const char pemhdr[] = "-----BEGIN PKCS7-----"; bio = BIO_new_mem_buf(data, (int)size); if (size >= sizeof pemhdr && !memcmp(data, pemhdr, sizeof pemhdr - 1)) { /* PEM format */ p7 = PEM_read_bio_PKCS7(bio, NULL, NULL, NULL); } else { /* DER format */ p7 = d2i_PKCS7_bio(bio, NULL); } BIO_free_all(bio); return p7; } /* * [in, out] ctx: structure holds input and output data * [out] outdata: BIO outdata file * [in] p7: PKCS#7 signature * [returns] 1 on error or 0 on success */ int data_write_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) { int ret; (void)BIO_reset(outdata); if (ctx->options->output_pkcs7) { /* PEM format */ ret = !PEM_write_bio_PKCS7(outdata, p7); } else { /* default DER format */ ret = !i2d_PKCS7_bio(outdata, p7); } if (ret) { printf("Unable to write pkcs7 object\n"); } return ret; } /* * Allocate, set type, add content and return a new PKCS#7 signature * [in] ctx: structure holds input and output data * [returns] pointer to PKCS#7 structure */ PKCS7 *pkcs7_create(FILE_FORMAT_CTX *ctx) { int i, signer = -1; PKCS7 *p7; PKCS7_SIGNER_INFO *si = NULL; STACK_OF(X509) *chain = NULL; p7 = PKCS7_new(); PKCS7_set_type(p7, NID_pkcs7_signed); PKCS7_content_new(p7, NID_pkcs7_data); if (ctx->options->cert != NULL) { /* * the private key and corresponding certificate are parsed from the PKCS12 * structure or loaded from the security token, so we may omit to check * the consistency of a private key with the public key in an X509 certificate */ si = PKCS7_add_signature(p7, ctx->options->cert, ctx->options->pkey, ctx->options->md); if (si == NULL) return NULL; /* FAILED */ } else { /* find the signer's certificate located somewhere in the whole certificate chain */ for (i=0; ioptions->certs); i++) { X509 *signcert = sk_X509_value(ctx->options->certs, i); if (X509_check_private_key(signcert, ctx->options->pkey)) { si = PKCS7_add_signature(p7, signcert, ctx->options->pkey, ctx->options->md); signer = i; break; } } if (si == NULL) { printf("Failed to checking the consistency of a private key: %s\n", ctx->options->keyfile); printf(" with a public key in any X509 certificate: %s\n\n", ctx->options->certfile); return NULL; /* FAILED */ } } if (!pkcs7_signer_info_add_signing_time(si, ctx)) { return NULL; /* FAILED */ } if (!pkcs7_signer_info_add_purpose(si, ctx)) { return NULL; /* FAILED */ } if ((ctx->options->desc || ctx->options->url) && !pkcs7_signer_info_add_spc_sp_opus_info(si, ctx)) { printf("Couldn't allocate memory for opus info\n"); return NULL; /* FAILED */ } if ((ctx->options->nested_number >= 0) && !pkcs7_signer_info_add_sequence_number(si, ctx)) { return NULL; /* FAILED */ } /* create X509 chain sorted in ascending order by their DER encoding */ chain = X509_chain_get_sorted(ctx, signer); if (chain == NULL) { printf("Failed to create a sorted certificate chain\n"); return NULL; /* FAILED */ } /* add sorted certificate chain */ for (i=0; ioptions->crls) { for (i=0; ioptions->crls); i++) PKCS7_add_crl(p7, sk_X509_CRL_value(ctx->options->crls, i)); } sk_X509_free(chain); return p7; /* OK */ } /* * PE, MSI, CAB and APPX file specific * Add "1.3.6.1.4.1.311.2.1.4" SPC_INDIRECT_DATA_OBJID signed attribute * [in, out] p7: new PKCS#7 signature * [returns] 0 on error or 1 on success */ int add_indirect_data_object(PKCS7 *p7) { STACK_OF(PKCS7_SIGNER_INFO) *signer_info; PKCS7_SIGNER_INFO *si; signer_info = PKCS7_get_signer_info(p7); if (!signer_info) return 0; /* FAILED */ si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) return 0; /* FAILED */ if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT, OBJ_txt2obj(SPC_INDIRECT_DATA_OBJID, 1))) return 0; /* FAILED */ return 1; /* OK */ } /* * PE, MSI, CAB and APPX format specific * Sign the MS Authenticode spcIndirectDataContent blob. * The spcIndirectDataContent structure is used in Authenticode signatures * to store the digest and other attributes of the signed file. * [in, out] p7: new PKCS#7 signature * [in] content: spcIndirectDataContent * [returns] 0 on error or 1 on success */ int sign_spc_indirect_data_content(PKCS7 *p7, ASN1_OCTET_STRING *content) { int len, inf, tag, class; long plen; const u_char *data, *p; PKCS7 *td7; p = data = ASN1_STRING_get0_data(content); len = ASN1_STRING_length(content); inf = ASN1_get_object(&p, &plen, &tag, &class, len); if (inf != V_ASN1_CONSTRUCTED || tag != V_ASN1_SEQUENCE || !pkcs7_sign_content(p7, p, (int)plen)) { printf("Failed to sign spcIndirectDataContent\n"); return 0; /* FAILED */ } td7 = PKCS7_new(); if (!td7) { return 0; /* FAILED */ } td7->type = OBJ_txt2obj(SPC_INDIRECT_DATA_OBJID, 1); td7->d.other = ASN1_TYPE_new(); td7->d.other->type = V_ASN1_SEQUENCE; td7->d.other->value.sequence = ASN1_STRING_new(); ASN1_STRING_set(td7->d.other->value.sequence, data, len); if (!PKCS7_set_content(p7, td7)) { printf("PKCS7_set_content failed\n"); PKCS7_free(td7); return 0; /* FAILED */ } return 1; /* OK */ } /* * Add encapsulated content to signed PKCS7 structure. * [in] content: spcIndirectDataContent * [returns] new PKCS#7 signature with encapsulated content */ PKCS7 *pkcs7_set_content(ASN1_OCTET_STRING *content) { PKCS7 *p7, *td7; p7 = PKCS7_new(); if (!p7) { return NULL; /* FAILED */ } if (!PKCS7_set_type(p7, NID_pkcs7_signed)) { PKCS7_free(p7); return NULL; /* FAILED */ } if (!PKCS7_content_new(p7, NID_pkcs7_data)) { PKCS7_free(p7); return NULL; /* FAILED */ } td7 = PKCS7_new(); if (!td7) { PKCS7_free(p7); return NULL; /* FAILED */ } td7->type = OBJ_txt2obj(SPC_INDIRECT_DATA_OBJID, 1); td7->d.other = ASN1_TYPE_new(); td7->d.other->type = V_ASN1_SEQUENCE; td7->d.other->value.sequence = content; if (!PKCS7_set_content(p7, td7)) { PKCS7_free(td7); PKCS7_free(p7); return NULL; /* FAILED */ } return p7; } /* * Return spcIndirectDataContent. * [in] hash: message digest BIO * [in] ctx: structure holds input and output data * [returns] content */ ASN1_OCTET_STRING *spc_indirect_data_content_get(BIO *hash, FILE_FORMAT_CTX *ctx) { ASN1_OCTET_STRING *content; u_char mdbuf[5 * EVP_MAX_MD_SIZE + 24]; int mdlen, hashlen, len = 0; u_char *data, *p = NULL; content = ASN1_OCTET_STRING_new(); if (!content) { return NULL; /* FAILED */ } if (!spc_indirect_data_content_create(&p, &len, ctx)) { ASN1_OCTET_STRING_free(content); return NULL; /* FAILED */ } hashlen = ctx->format->hash_length_get(ctx); if (hashlen > EVP_MAX_MD_SIZE) { /* APPX format specific */ mdlen = BIO_read(hash, (char*)mdbuf, hashlen); } else { mdlen = BIO_gets(hash, (char*)mdbuf, EVP_MAX_MD_SIZE); } data = OPENSSL_malloc((size_t)(len + mdlen)); memcpy(data, p, (size_t)len); OPENSSL_free(p); memcpy(data + len, mdbuf, (size_t)mdlen); if (!ASN1_OCTET_STRING_set(content, data, len + mdlen)) { ASN1_OCTET_STRING_free(content); OPENSSL_free(data); return NULL; /* FAILED */ } OPENSSL_free(data); return content; } /* * Signs the data and place the signature in p7 * [in, out] p7: new PKCS#7 signature * [in] data: content data * [in] len: content length */ int pkcs7_sign_content(PKCS7 *p7, const u_char *data, int len) { BIO *p7bio; if ((p7bio = PKCS7_dataInit(p7, NULL)) == NULL) { printf("PKCS7_dataInit failed\n"); return 0; /* FAILED */ } BIO_write(p7bio, data, len); (void)BIO_flush(p7bio); if (!PKCS7_dataFinal(p7, p7bio)) { printf("PKCS7_dataFinal failed\n"); BIO_free_all(p7bio); return 0; /* FAILED */ } BIO_free_all(p7bio); return 1; /* OK */ } /* Return the header length (tag and length octets) of the ASN.1 type * [in] p: ASN.1 data * [in] len: ASN.1 data length * [returns] header length */ int asn1_simple_hdr_len(const u_char *p, int len) { if (len <= 2 || p[0] > 0x31) return 0; return (p[1]&0x80) ? (2 + (p[1]&0x7f)) : 2; } /* * [in, out] hash: BIO with message digest method * [in] indata: starting address space * [in] idx: offset * [in] fileend: the length of the hashed area * [returns] 0 on error or 1 on success */ int bio_hash_data(BIO *hash, char *indata, size_t idx, size_t fileend) { while (idx < fileend) { size_t want, written; want = fileend - idx; if (want > SIZE_64K) want = SIZE_64K; if (!BIO_write_ex(hash, indata + idx, want, &written)) return 0; /* FAILED */ idx += written; } return 1; /* OK */ } /* * [in] descript1, descript2: descriptions * [in] mdbuf: message digest * [in] len: message digest length * [returns] none */ void print_hash(const char *descript1, const char *descript2, const u_char *mdbuf, int len) { char *hexbuf = NULL; int size, i, j = 0; size = 2 * len + 1; hexbuf = OPENSSL_malloc((size_t)size); for (i = 0; i < len; i++) { #ifdef WIN32 j += sprintf_s(hexbuf + j, size - j, "%02X", mdbuf[i]); #else j += sprintf(hexbuf + j, "%02X", mdbuf[i]); #endif /* WIN32 */ } printf("%s: %s %s\n", descript1, hexbuf, descript2); OPENSSL_free(hexbuf); } /* * [in] p7: new PKCS#7 signature * [in] objid: Microsoft OID Authenticode * [returns] 0 on error or 1 on success */ int is_content_type(PKCS7 *p7, const char *objid) { ASN1_OBJECT *indir_objid; int ret; indir_objid = OBJ_txt2obj(objid, 1); ret = p7 && PKCS7_type_is_signed(p7) && !OBJ_cmp(p7->d.sign->contents->type, indir_objid) && (p7->d.sign->contents->d.other->type == V_ASN1_SEQUENCE || p7->d.sign->contents->d.other->type == V_ASN1_OCTET_STRING); ASN1_OBJECT_free(indir_objid); return ret; } /* * [in] p7: new PKCS#7 signature * [returns] pointer to MsCtlContent structure */ MsCtlContent *ms_ctl_content_get(PKCS7 *p7) { ASN1_STRING *value; const u_char *data; if (!is_content_type(p7, MS_CTL_OBJID)) { printf("Failed to find MS_CTL_OBJID\n"); return NULL; /* FAILED */ } value = p7->d.sign->contents->d.other->value.sequence; data = ASN1_STRING_get0_data(value); return d2i_MsCtlContent(NULL, &data, ASN1_STRING_length(value)); } /* * [in] attribute: catalog attribute * [returns] catalog content */ ASN1_TYPE *catalog_content_get(CatalogAuthAttr *attribute) { ASN1_STRING *value; STACK_OF(ASN1_TYPE) *contents; ASN1_TYPE *content; const u_char *contents_data; value = attribute->contents->value.sequence; contents_data = ASN1_STRING_get0_data(value); contents = d2i_ASN1_SET_ANY(NULL, &contents_data, ASN1_STRING_length(value)); if (!contents) return 0; /* FAILED */ content = sk_ASN1_TYPE_value(contents, 0); sk_ASN1_TYPE_free(contents); return content; } /* * PE and CAB format specific * [in] none * [returns] pointer to SpcLink */ SpcLink *spc_link_obsolete_get(void) { const u_char obsolete[] = { 0x00, 0x3c, 0x00, 0x3c, 0x00, 0x3c, 0x00, 0x4f, 0x00, 0x62, 0x00, 0x73, 0x00, 0x6f, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x74, 0x00, 0x65, 0x00, 0x3e, 0x00, 0x3e, 0x00, 0x3e }; SpcLink *link = SpcLink_new(); link->type = 2; link->value.file = SpcString_new(); link->value.file->type = 0; link->value.file->value.unicode = ASN1_BMPSTRING_new(); ASN1_STRING_set(link->value.file->value.unicode, obsolete, sizeof obsolete); return link; } /* * [in] mdbuf, cmdbuf: message digests * [in] mdtype: message digest algorithm type * [returns] 0 on error or 1 on success */ int compare_digests(u_char *mdbuf, u_char *cmdbuf, int mdtype) { int mdlen = EVP_MD_size(EVP_get_digestbynid(mdtype)); int mdok = !memcmp(mdbuf, cmdbuf, (size_t)mdlen); printf("Message digest algorithm : %s\n", OBJ_nid2sn(mdtype)); print_hash("Current message digest ", "", mdbuf, mdlen); print_hash("Calculated message digest ", mdok ? "\n" : " MISMATCH!!!\n", cmdbuf, mdlen); return mdok; } /* * Helper functions */ /* * [in] ctx: FILE_FORMAT_CTX structure * [returns] pointer to SpcSpOpusInfo structure */ static SpcSpOpusInfo *spc_sp_opus_info_create(FILE_FORMAT_CTX *ctx) { SpcSpOpusInfo *info = SpcSpOpusInfo_new(); if (ctx->options->desc) { info->programName = SpcString_new(); info->programName->type = 1; info->programName->value.ascii = ASN1_IA5STRING_new(); ASN1_STRING_set((ASN1_STRING *)info->programName->value.ascii, ctx->options->desc, (int)strlen(ctx->options->desc)); } if (ctx->options->url) { info->moreInfo = SpcLink_new(); info->moreInfo->type = 0; info->moreInfo->value.url = ASN1_IA5STRING_new(); ASN1_STRING_set((ASN1_STRING *)info->moreInfo->value.url, ctx->options->url, (int)strlen(ctx->options->url)); } return info; } /* * [out] blob: SpcIndirectDataContent data * [out] len: SpcIndirectDataContent data length * [in] ctx: FILE_FORMAT_CTX structure * [returns] 0 on error or 1 on success */ static int spc_indirect_data_content_create(u_char **blob, int *len, FILE_FORMAT_CTX *ctx) { u_char *p = NULL; int mdtype, hashlen, l = 0; void *hash; SpcIndirectDataContent *idc = SpcIndirectDataContent_new(); if (!ctx->format->data_blob_get || !ctx->format->hash_length_get) { return 0; /* FAILED */ } if (ctx->format->md_get) { /* APPX file specific - use a hash algorithm specified in the AppxBlockMap.xml file */ mdtype = EVP_MD_nid(ctx->format->md_get(ctx)); } else { mdtype = EVP_MD_nid(ctx->options->md); } idc->data->value = ASN1_TYPE_new(); idc->data->value->type = V_ASN1_SEQUENCE; idc->data->value->value.sequence = ASN1_STRING_new(); idc->data->type = ctx->format->data_blob_get(&p, &l, ctx); idc->data->value->value.sequence->data = p; idc->data->value->value.sequence->length = l; idc->messageDigest->digestAlgorithm->algorithm = OBJ_nid2obj(mdtype); idc->messageDigest->digestAlgorithm->parameters = ASN1_TYPE_new(); idc->messageDigest->digestAlgorithm->parameters->type = V_ASN1_NULL; hashlen = ctx->format->hash_length_get(ctx); hash = OPENSSL_zalloc((size_t)hashlen); ASN1_OCTET_STRING_set(idc->messageDigest->digest, hash, hashlen); OPENSSL_free(hash); *len = i2d_SpcIndirectDataContent(idc, NULL); *blob = OPENSSL_malloc((size_t)*len); p = *blob; i2d_SpcIndirectDataContent(idc, &p); SpcIndirectDataContent_free(idc); *len -= hashlen; return 1; /* OK */ } /* * [in, out] si: PKCS7_SIGNER_INFO structure * [in] ctx: FILE_FORMAT_CTX structure * [returns] 0 on error or 1 on success */ static int pkcs7_signer_info_add_spc_sp_opus_info(PKCS7_SIGNER_INFO *si, FILE_FORMAT_CTX *ctx) { SpcSpOpusInfo *opus; ASN1_STRING *astr; int len; u_char *p = NULL; opus = spc_sp_opus_info_create(ctx); if ((len = i2d_SpcSpOpusInfo(opus, NULL)) <= 0 || (p = OPENSSL_malloc((size_t)len)) == NULL) { SpcSpOpusInfo_free(opus); return 0; /* FAILED */ } i2d_SpcSpOpusInfo(opus, &p); p -= len; astr = ASN1_STRING_new(); ASN1_STRING_set(astr, p, len); OPENSSL_free(p); SpcSpOpusInfo_free(opus); return PKCS7_add_signed_attribute(si, OBJ_txt2nid(SPC_SP_OPUS_INFO_OBJID), V_ASN1_SEQUENCE, astr); } /* * Add a custom, non-trusted time to the PKCS7 structure to prevent OpenSSL * adding the _current_ time. This allows to create a deterministic signature * when no trusted timestamp server was specified, making osslsigncode * behaviour closer to signtool.exe (which doesn't include any non-trusted * time in this case.) * [in, out] si: PKCS7_SIGNER_INFO structure * [in] ctx: structure holds input and output data * [returns] 0 on error or 1 on success */ static int pkcs7_signer_info_add_signing_time(PKCS7_SIGNER_INFO *si, FILE_FORMAT_CTX *ctx) { if (ctx->options->time == INVALID_TIME) /* -time option was not specified */ return 1; /* SUCCESS */ return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime, V_ASN1_UTCTIME, ASN1_TIME_adj(NULL, ctx->options->time, 0, 0)); } /* * [in, out] si: PKCS7_SIGNER_INFO structure * [in] ctx: structure holds input and output data * [returns] 0 on error or 1 on success */ static int pkcs7_signer_info_add_purpose(PKCS7_SIGNER_INFO *si, FILE_FORMAT_CTX *ctx) { static const u_char purpose_ind[] = { 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x15 }; static const u_char purpose_comm[] = { 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x16 }; ASN1_STRING *purpose = ASN1_STRING_new(); if (ctx->options->comm) { ASN1_STRING_set(purpose, purpose_comm, sizeof purpose_comm); } else { ASN1_STRING_set(purpose, purpose_ind, sizeof purpose_ind); } return PKCS7_add_signed_attribute(si, OBJ_txt2nid(SPC_STATEMENT_TYPE_OBJID), V_ASN1_SEQUENCE, purpose); } /* * [in, out] si: PKCS7_SIGNER_INFO structure * [in] ctx: structure holds input and output data * [returns] 0 on error or 1 on success */ static int pkcs7_signer_info_add_sequence_number(PKCS7_SIGNER_INFO *si, FILE_FORMAT_CTX *ctx) { ASN1_INTEGER *number = ASN1_INTEGER_new(); if (!number) return 0; /* FAILED */ if (!ASN1_INTEGER_set(number, ctx->options->nested_number + 1)) { ASN1_INTEGER_free(number); return 0; /* FAILED */ } return PKCS7_add_signed_attribute(si, OBJ_txt2nid(PKCS9_SEQUENCE_NUMBER), V_ASN1_INTEGER, number); } /* * Create certificate chain sorted in ascending order by their DER encoding. * [in] ctx: structure holds input and output data * [in] signer: signer's certificate number in the certificate chain * [returns] sorted certificate chain */ static STACK_OF(X509) *X509_chain_get_sorted(FILE_FORMAT_CTX *ctx, int signer) { int i; STACK_OF(X509) *chain = sk_X509_new(X509_compare); /* add the signer's certificate */ if (ctx->options->cert != NULL && !sk_X509_push(chain, ctx->options->cert)) { sk_X509_free(chain); return NULL; } if (signer != -1 && !sk_X509_push(chain, sk_X509_value(ctx->options->certs, signer))) { sk_X509_free(chain); return NULL; } /* add the certificate chain */ for (i=0; ioptions->certs); i++) { if (i == signer) continue; if (!sk_X509_push(chain, sk_X509_value(ctx->options->certs, i))) { sk_X509_free(chain); return NULL; } } /* add all cross certificates */ if (ctx->options->xcerts) { for (i=0; ioptions->xcerts); i++) { if (!sk_X509_push(chain, sk_X509_value(ctx->options->xcerts, i))) { sk_X509_free(chain); return NULL; } } } /* sort certificate chain using the supplied comparison function */ sk_X509_sort(chain); return chain; } /* * X.690-compliant certificate comparison function * Windows requires catalog files to use PKCS#7 * content ordering specified in X.690 section 11.6 * https://support.microsoft.com/en-us/topic/october-13-2020-kb4580358-security-only-update-d3f6eb3c-d7c4-a9cb-0de6-759386bf7113 * This algorithm is different from X509_cmp() * [in] a_ptr, b_ptr: pointers to X509 certificates * [returns] certificates order */ static int X509_compare(const X509 *const *a, const X509 *const *b) { u_char *a_data, *b_data, *a_tmp, *b_tmp; size_t a_len, b_len; int ret; a_len = (size_t)i2d_X509(*a, NULL); a_tmp = a_data = OPENSSL_malloc(a_len); i2d_X509(*a, &a_tmp); b_len = (size_t)i2d_X509(*b, NULL); b_tmp = b_data = OPENSSL_malloc(b_len); i2d_X509(*b, &b_tmp); ret = memcmp(a_data, b_data, MIN(a_len, b_len)); OPENSSL_free(a_data); OPENSSL_free(b_data); if (ret == 0 && a_len != b_len) /* identical up to the length of the shorter DER */ ret = a_len < b_len ? -1 : 1; /* shorter is smaller */ return ret; } /* Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: */ osslsigncode-2.8/helpers.h000066400000000000000000000026341457117515700157140ustar00rootroot00000000000000/* * osslsigncode support library * * Copyright (C) 2021-2023 Micha┼В Trojnara * Author: Ma┼Вgorzata Olsz├│wka */ /* Common functions */ uint32_t get_file_size(const char *infile); char *map_file(const char *infile, const size_t size); void unmap_file(char *indata, const size_t size); PKCS7 *pkcs7_read_data(char *indata, uint32_t size); int data_write_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7); PKCS7 *pkcs7_create(FILE_FORMAT_CTX *ctx); int add_indirect_data_object(PKCS7 *p7); int sign_spc_indirect_data_content(PKCS7 *p7, ASN1_OCTET_STRING *content); PKCS7 *pkcs7_set_content(ASN1_OCTET_STRING *content); ASN1_OCTET_STRING *spc_indirect_data_content_get(BIO *hash, FILE_FORMAT_CTX *ctx); int pkcs7_sign_content(PKCS7 *p7, const u_char *data, int len); int asn1_simple_hdr_len(const u_char *p, int len); int bio_hash_data(BIO *hash, char *indata, size_t idx, size_t fileend); void print_hash(const char *descript1, const char *descript2, const u_char *hashbuf, int length); int is_content_type(PKCS7 *p7, const char *objid); MsCtlContent *ms_ctl_content_get(PKCS7 *p7); ASN1_TYPE *catalog_content_get(CatalogAuthAttr *attribute); SpcLink *spc_link_obsolete_get(void); int compare_digests(u_char *mdbuf, u_char *cmdbuf, int mdtype); /* Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: */ osslsigncode-2.8/misc/000077500000000000000000000000001457117515700150275ustar00rootroot00000000000000osslsigncode-2.8/misc/pagehash.py000066400000000000000000000061541457117515700171670ustar00rootroot00000000000000#!/usr/bin/python import struct import sys import hashlib from pyasn1.type import univ from pyasn1.codec.ber import encoder, decoder f = open(sys.argv[1], 'rb') filehdr = f.read(1024) if filehdr[0:2] != 'MZ': print "Not a DOS file." sys.exit(0) pepos = struct.unpack('config.py < * Author: Ma┼Вgorzata Olsz├│wka * * Reference specifications: * http://en.wikipedia.org/wiki/Compound_File_Binary_Format * https://msdn.microsoft.com/en-us/library/dd942138.aspx * https://github.com/microsoft/compoundfilereader */ #include "osslsigncode.h" #include "helpers.h" #define MAXREGSECT 0xfffffffa /* maximum regular sector number */ #define DIFSECT 0xfffffffc /* specifies a DIFAT sector in the FAT */ #define FATSECT 0xfffffffd /* specifies a FAT sector in the FAT */ #define ENDOFCHAIN 0xfffffffe /* end of a linked chain of sectors */ #define NOSTREAM 0xffffffff /* terminator or empty pointer */ #define FREESECT 0xffffffff /* empty unallocated free sectors */ #define DIR_UNKNOWN 0 #define DIR_STORAGE 1 #define DIR_STREAM 2 #define DIR_ROOT 5 #define RED_COLOR 0 #define BLACK_COLOR 1 #define DIFAT_IN_HEADER 109 #define MINI_STREAM_CUTOFF_SIZE 0x00001000 /* 4096 bytes */ #define HEADER_SIZE 0x200 /* 512 bytes, independent of sector size */ #define MAX_SECTOR_SIZE 0x1000 /* 4096 bytes */ #define HEADER_SIGNATURE 0x00 /* 0xD0, 0xCF, 0x11, 0xE0, 0xA1, 0xB1, 0x1A, 0xE1 */ #define HEADER_CLSID 0x08 /* reserved and unused */ #define HEADER_MINOR_VER 0x18 /* SHOULD be set to 0x003E */ #define HEADER_MAJOR_VER 0x1a /* MUST be set to either 0x0003 (version 3) or 0x0004 (version 4) */ #define HEADER_BYTE_ORDER 0x1c /* 0xfe 0xff == Intel Little Endian */ #define HEADER_SECTOR_SHIFT 0x1e /* MUST be set to 0x0009, or 0x000c */ #define HEADER_MINI_SECTOR_SHIFT 0x20 /* MUST be set to 0x0006 */ #define RESERVED 0x22 /* reserved and unused */ #define HEADER_DIR_SECTORS_NUM 0x28 #define HEADER_FAT_SECTORS_NUM 0x2c #define HEADER_DIR_SECTOR_LOC 0x30 #define HEADER_TRANSACTION 0x34 #define HEADER_MINI_STREAM_CUTOFF 0x38 /* 4096 bytes */ #define HEADER_MINI_FAT_SECTOR_LOC 0x3c #define HEADER_MINI_FAT_SECTORS_NUM 0x40 #define HEADER_DIFAT_SECTOR_LOC 0x44 #define HEADER_DIFAT_SECTORS_NUM 0x48 #define HEADER_DIFAT 0x4c #define DIRENT_SIZE 0x80 /* 128 bytes */ #define DIRENT_MAX_NAME_SIZE 0x40 /* 64 bytes */ #define DIRENT_NAME 0x00 #define DIRENT_NAME_LEN 0x40 /* length in bytes incl 0 terminator */ #define DIRENT_TYPE 0x42 #define DIRENT_COLOUR 0x43 #define DIRENT_LEFT_SIBLING_ID 0x44 #define DIRENT_RIGHT_SIBLING_ID 0x48 #define DIRENT_CHILD_ID 0x4c #define DIRENT_CLSID 0x50 #define DIRENT_STATE_BITS 0x60 #define DIRENT_CREATE_TIME 0x64 #define DIRENT_MODIFY_TIME 0x6c #define DIRENT_START_SECTOR_LOC 0x74 #define DIRENT_FILE_SIZE 0x78 static const u_char msi_magic[] = { 0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1, 0x1a, 0xe1 }; static const u_char digital_signature[] = { 0x05, 0x00, 0x44, 0x00, 0x69, 0x00, 0x67, 0x00, 0x69, 0x00, 0x74, 0x00, 0x61, 0x00, 0x6C, 0x00, 0x53, 0x00, 0x69, 0x00, 0x67, 0x00, 0x6E, 0x00, 0x61, 0x00, 0x74, 0x00, 0x75, 0x00, 0x72, 0x00, 0x65, 0x00, 0x00, 0x00 }; static const u_char digital_signature_ex[] = { 0x05, 0x00, 0x4D, 0x00, 0x73, 0x00, 0x69, 0x00, 0x44, 0x00, 0x69, 0x00, 0x67, 0x00, 0x69, 0x00, 0x74, 0x00, 0x61, 0x00, 0x6C, 0x00, 0x53, 0x00, 0x69, 0x00, 0x67, 0x00, 0x6E, 0x00, 0x61, 0x00, 0x74, 0x00, 0x75, 0x00, 0x72, 0x00, 0x65, 0x00, 0x45, 0x00, 0x78, 0x00, 0x00, 0x00 }; static const u_char msi_root_entry[] = { 0x52, 0x00, 0x6F, 0x00, 0x6F, 0x00, 0x74, 0x00, 0x20, 0x00, 0x45, 0x00, 0x6E, 0x00, 0x74, 0x00, 0x72, 0x00, 0x79, 0x00, 0x00, 0x00 }; static const u_char msi_zeroes[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; typedef struct { u_char signature[8]; /* 0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1, 0x1a, 0xe1 */ u_char unused_clsid[16]; /* reserved and unused */ uint16_t minorVersion; uint16_t majorVersion; uint16_t byteOrder; uint16_t sectorShift; /* power of 2 */ uint16_t miniSectorShift; /* power of 2 */ u_char reserved[6]; /* reserved and unused */ uint32_t numDirectorySector; uint32_t numFATSector; uint32_t firstDirectorySectorLocation; uint32_t transactionSignatureNumber; /* reserved */ uint32_t miniStreamCutoffSize; uint32_t firstMiniFATSectorLocation; uint32_t numMiniFATSector; uint32_t firstDIFATSectorLocation; uint32_t numDIFATSector; uint32_t headerDIFAT[DIFAT_IN_HEADER]; } MSI_FILE_HDR; typedef struct { u_char name[DIRENT_MAX_NAME_SIZE]; uint16_t nameLen; uint8_t type; uint8_t colorFlag; uint32_t leftSiblingID; uint32_t rightSiblingID; uint32_t childID; u_char clsid[16]; u_char stateBits[4]; u_char creationTime[8]; u_char modifiedTime[8]; uint32_t startSectorLocation; u_char size[8]; } MSI_ENTRY; typedef struct msi_dirent_struct { u_char name[DIRENT_MAX_NAME_SIZE]; uint16_t nameLen; uint8_t type; MSI_ENTRY *entry; STACK_OF(MSI_DIRENT) *children; struct msi_dirent_struct *next; /* for cycle detection */ } MSI_DIRENT; DEFINE_STACK_OF(MSI_DIRENT) typedef struct { const u_char *m_buffer; uint32_t m_bufferLen; MSI_FILE_HDR *m_hdr; uint32_t m_sectorSize; uint32_t m_minisectorSize; uint32_t m_miniStreamStartSector; } MSI_FILE; typedef struct { char *header; char *ministream; char *minifat; char *fat; char *difat; uint32_t dirtreeLen; uint32_t miniStreamLen; uint32_t minifatLen; uint32_t fatLen; uint32_t difatLen; uint32_t ministreamsMemallocCount; uint32_t minifatMemallocCount; uint32_t fatMemallocCount; uint32_t difatMemallocCount; uint32_t dirtreeSectorsCount; uint32_t minifatSectorsCount; uint32_t fatSectorsCount; uint32_t miniSectorNum; uint32_t sectorNum; uint32_t sectorSize; } MSI_OUT; struct msi_ctx_st { MSI_FILE *msi; MSI_DIRENT *dirent; u_char *p_msiex; /* MsiDigitalSignatureEx stream data */ uint32_t len_msiex; /* MsiDigitalSignatureEx stream data length */ uint32_t fileend; }; /* FILE_FORMAT method prototypes */ static FILE_FORMAT_CTX *msi_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata); static ASN1_OBJECT *msi_spc_sip_info_get(u_char **p, int *plen, FILE_FORMAT_CTX *ctx); static PKCS7 *msi_pkcs7_contents_get(FILE_FORMAT_CTX *ctx, BIO *hash, const EVP_MD *md); static int msi_hash_length_get(FILE_FORMAT_CTX *ctx); static u_char *msi_digest_calc(FILE_FORMAT_CTX *ctx, const EVP_MD *md); static int msi_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7); static PKCS7 *msi_pkcs7_extract(FILE_FORMAT_CTX *ctx); static PKCS7 *msi_pkcs7_extract_to_nest(FILE_FORMAT_CTX *ctx); static int msi_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); static int msi_process_data(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); static PKCS7 *msi_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash); static int msi_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7); static void msi_bio_free(BIO *hash, BIO *outdata); static void msi_ctx_cleanup(FILE_FORMAT_CTX *ctx); static int msi_is_detaching_supported(void); FILE_FORMAT file_format_msi = { .ctx_new = msi_ctx_new, .data_blob_get = msi_spc_sip_info_get, .pkcs7_contents_get = msi_pkcs7_contents_get, .hash_length_get = msi_hash_length_get, .digest_calc = msi_digest_calc, .verify_digests = msi_verify_digests, .pkcs7_extract = msi_pkcs7_extract, .pkcs7_extract_to_nest = msi_pkcs7_extract_to_nest, .remove_pkcs7 = msi_remove_pkcs7, .process_data = msi_process_data, .pkcs7_signature_new = msi_pkcs7_signature_new, .append_pkcs7 = msi_append_pkcs7, .bio_free = msi_bio_free, .ctx_cleanup = msi_ctx_cleanup, .is_detaching_supported = msi_is_detaching_supported }; /* Prototypes */ static MSI_CTX *msi_ctx_get(char *indata, uint32_t filesize); static PKCS7 *msi_pkcs7_get_digital_signature(FILE_FORMAT_CTX *ctx, MSI_ENTRY *ds); static int recurse_entry(MSI_FILE *msi, uint32_t entryID, MSI_DIRENT *parent); static int msi_file_write(MSI_FILE *msi, MSI_DIRENT *dirent, u_char *p_msi, uint32_t len_msi, u_char *p_msiex, uint32_t len_msiex, BIO *outdata); static MSI_ENTRY *msi_signatures_get(MSI_DIRENT *dirent, MSI_ENTRY **dse); static int msi_file_read(MSI_FILE *msi, MSI_ENTRY *entry, uint32_t offset, char *buffer, uint32_t len); static int msi_dirent_delete(MSI_DIRENT *dirent, const u_char *name, uint16_t nameLen); static BIO *msi_digest_calc_bio(FILE_FORMAT_CTX *ctx, BIO *hash); static int msi_calc_MsiDigitalSignatureEx(FILE_FORMAT_CTX *ctx, BIO *hash); static int msi_check_MsiDigitalSignatureEx(FILE_FORMAT_CTX *ctx, MSI_ENTRY *dse, PKCS7 *p7); static int msi_hash_dir(MSI_FILE *msi, MSI_DIRENT *dirent, BIO *hash, int is_root); static MSI_ENTRY *msi_root_entry_get(MSI_FILE *msi); static void msi_file_free(MSI_FILE *msi); static MSI_FILE *msi_file_new(char *buffer, uint32_t len); static int msi_dirent_new(MSI_FILE *msi, MSI_ENTRY *entry, MSI_DIRENT *parent, MSI_DIRENT **ret); static void msi_dirent_free(MSI_DIRENT *dirent); static int msi_prehash_dir(MSI_DIRENT *dirent, BIO *hash, int is_root); static int msi_check_file(FILE_FORMAT_CTX *ctx); /* * FILE_FORMAT method definitions */ /* * Allocate and return a MSI file format context. * [in, out] options: structure holds the input data * [out] hash: message digest BIO * [in] outdata: outdata file BIO (unused) * [returns] pointer to MSI file format context */ static FILE_FORMAT_CTX *msi_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata) { FILE_FORMAT_CTX *ctx; MSI_CTX *msi_ctx; uint32_t filesize; /* squash the unused parameter warning */ (void)outdata; filesize = get_file_size(options->infile); if (filesize == 0) return NULL; /* FAILED */ options->indata = map_file(options->infile, filesize); if (!options->indata) { return NULL; /* FAILED */ } if (memcmp(options->indata, msi_magic, sizeof msi_magic)) { unmap_file(options->indata, filesize); return NULL; /* FAILED */ } msi_ctx = msi_ctx_get(options->indata, filesize); if (!msi_ctx) { unmap_file(options->indata, filesize); return NULL; /* FAILED */ } ctx = OPENSSL_malloc(sizeof(FILE_FORMAT_CTX)); ctx->format = &file_format_msi; ctx->options = options; ctx->msi_ctx = msi_ctx; if (hash) BIO_push(hash, BIO_new(BIO_s_null())); if (options->pagehash == 1) printf("Warning: -ph option is only valid for PE files\n"); if (options->jp >= 0) printf("Warning: -jp option is only valid for CAB files\n"); return ctx; } /* * Allocate and return SpcSipInfo object. * Subject Interface Package (SIP) is an internal Microsoft API for * transforming arbitrary files into a digestible stream. * These ClassIDs are found in the indirect data section and identify * the type of processor needed to validate the signature. * [out] p: SpcSipInfo data * [out] plen: SpcSipInfo data length * [in] ctx: structure holds input and output data (unused) * [returns] pointer to ASN1_OBJECT structure corresponding to SPC_SIPINFO_OBJID */ static ASN1_OBJECT *msi_spc_sip_info_get(u_char **p, int *plen, FILE_FORMAT_CTX *ctx) { const u_char SpcUUIDSipInfoMsi[] = { 0xf1, 0x10, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46 }; ASN1_OBJECT *dtype; SpcSipInfo *si = SpcSipInfo_new(); /* squash the unused parameter warning */ (void)ctx; ASN1_INTEGER_set(si->a, 1); ASN1_INTEGER_set(si->b, 0); ASN1_INTEGER_set(si->c, 0); ASN1_INTEGER_set(si->d, 0); ASN1_INTEGER_set(si->e, 0); ASN1_INTEGER_set(si->f, 0); ASN1_OCTET_STRING_set(si->string, SpcUUIDSipInfoMsi, sizeof SpcUUIDSipInfoMsi); *plen = i2d_SpcSipInfo(si, NULL); *p = OPENSSL_malloc((size_t)*plen); i2d_SpcSipInfo(si, p); *p -= *plen; dtype = OBJ_txt2obj(SPC_SIPINFO_OBJID, 1); SpcSipInfo_free(si); return dtype; /* OK */ } /* * Allocate and return a data content to be signed. * [in] ctx: structure holds input and output data * [in] hash: message digest BIO * [in] md: message digest algorithm * [returns] data content */ static PKCS7 *msi_pkcs7_contents_get(FILE_FORMAT_CTX *ctx, BIO *hash, const EVP_MD *md) { ASN1_OCTET_STRING *content; /* squash the unused parameter warning, use initialized message digest BIO */ (void)md; if (ctx->options->add_msi_dse && !msi_calc_MsiDigitalSignatureEx(ctx, hash)) { printf("Unable to calc MsiDigitalSignatureEx\n"); return NULL; /* FAILED */ } if (!msi_hash_dir(ctx->msi_ctx->msi, ctx->msi_ctx->dirent, hash, 1)) { printf("Unable to msi_handle_dir()\n"); return NULL; /* FAILED */ } content = spc_indirect_data_content_get(hash, ctx); return pkcs7_set_content(content); } /* * Compute a simple sha1/sha256 message digest of the MSI file * for use with a catalog file. * [in] ctx: structure holds input and output data * [in] md: message digest algorithm * [returns] pointer to calculated message digest */ static u_char *msi_digest_calc(FILE_FORMAT_CTX *ctx, const EVP_MD *md) { u_char *mdbuf = NULL; BIO *bhash = BIO_new(BIO_f_md()); if (!BIO_set_md(bhash, md)) { printf("Unable to set the message digest of BIO\n"); BIO_free_all(bhash); return NULL; /* FAILED */ } BIO_push(bhash, BIO_new(BIO_s_null())); if (!bio_hash_data(bhash, ctx->options->indata, 0, ctx->msi_ctx->fileend)) { printf("Unable to calculate digest\n"); BIO_free_all(bhash); return NULL; /* FAILED */ } mdbuf = OPENSSL_malloc((size_t)EVP_MD_size(md)); BIO_gets(bhash, (char *)mdbuf, EVP_MD_size(md)); BIO_free_all(bhash); return mdbuf; /* OK */ } /* * Calculate DigitalSignature and MsiDigitalSignatureEx and compare to values * retrieved from PKCS#7 signedData. * [in] ctx: structure holds input and output data * [in] p7: PKCS#7 signature * [returns] 0 on error or 1 on success */ static int msi_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7) { int mdok, mdlen, mdtype = -1; u_char mdbuf[EVP_MAX_MD_SIZE]; u_char cmdbuf[EVP_MAX_MD_SIZE]; u_char cexmdbuf[EVP_MAX_MD_SIZE]; u_char *cdigest = NULL; const EVP_MD *md; BIO *hash; if (is_content_type(p7, SPC_INDIRECT_DATA_OBJID)) { ASN1_STRING *content_val = p7->d.sign->contents->d.other->value.sequence; const u_char *p = content_val->data; SpcIndirectDataContent *idc = d2i_SpcIndirectDataContent(NULL, &p, content_val->length); if (idc) { if (idc->messageDigest && idc->messageDigest->digest && idc->messageDigest->digestAlgorithm) { mdtype = OBJ_obj2nid(idc->messageDigest->digestAlgorithm->algorithm); memcpy(mdbuf, idc->messageDigest->digest->data, (size_t)idc->messageDigest->digest->length); } SpcIndirectDataContent_free(idc); } } if (mdtype == -1) { printf("Failed to extract current message digest\n\n"); return 0; /* FAILED */ } printf("Message digest algorithm : %s\n", OBJ_nid2sn(mdtype)); md = EVP_get_digestbynid(mdtype); hash = BIO_new(BIO_f_md()); if (!BIO_set_md(hash, md)) { printf("Unable to set the message digest of BIO\n"); BIO_free_all(hash); return 0; /* FAILED */ } BIO_push(hash, BIO_new(BIO_s_null())); if (ctx->msi_ctx->p_msiex) { BIO *prehash = BIO_new(BIO_f_md()); if (EVP_MD_size(md) != (int)ctx->msi_ctx->len_msiex) { printf("Incorrect MsiDigitalSignatureEx stream data length\n\n"); BIO_free_all(hash); BIO_free_all(prehash); return 0; /* FAILED */ } if (!BIO_set_md(prehash, md)) { printf("Unable to set the message digest of BIO\n"); BIO_free_all(hash); BIO_free_all(prehash); return 0; /* FAILED */ } BIO_push(prehash, BIO_new(BIO_s_null())); print_hash("Current MsiDigitalSignatureEx ", "", (u_char *)ctx->msi_ctx->p_msiex, (int)ctx->msi_ctx->len_msiex); if (!msi_prehash_dir(ctx->msi_ctx->dirent, prehash, 1)) { printf("Failed to calculate pre-hash used for MsiDigitalSignatureEx\n\n"); BIO_free_all(hash); BIO_free_all(prehash); return 0; /* FAILED */ } BIO_gets(prehash, (char*)cexmdbuf, EVP_MAX_MD_SIZE); BIO_free_all(prehash); BIO_write(hash, (char*)cexmdbuf, EVP_MD_size(md)); print_hash("Calculated MsiDigitalSignatureEx ", "", cexmdbuf, EVP_MD_size(md)); } if (!msi_hash_dir(ctx->msi_ctx->msi, ctx->msi_ctx->dirent, hash, 1)) { printf("Failed to calculate DigitalSignature\n\n"); BIO_free_all(hash); return 0; /* FAILED */ } print_hash("Current DigitalSignature ", "", mdbuf, EVP_MD_size(md)); BIO_gets(hash, (char*)cmdbuf, EVP_MAX_MD_SIZE); BIO_free_all(hash); mdok = !memcmp(mdbuf, cmdbuf, (size_t)EVP_MD_size(md)); print_hash("Calculated DigitalSignature ", mdok ? "" : " MISMATCH!!!\n", cmdbuf, EVP_MD_size(md)); if (!mdok) { printf("Signature verification: failed\n\n"); return 0; /* FAILED */ } cdigest = msi_digest_calc(ctx, md); if (!cdigest) { printf("Failed to calculate simple message digest\n\n"); return 0; /* FAILED */ } mdlen = EVP_MD_size(EVP_get_digestbynid(mdtype)); print_hash("Calculated message digest ", "\n", cdigest, mdlen); OPENSSL_free(cdigest); return 1; /* OK */ } /* * Extract existing signature in DER format. * [in] ctx: structure holds input and output data * [returns] pointer to PKCS#7 structure */ static PKCS7 *msi_pkcs7_extract(FILE_FORMAT_CTX *ctx) { PKCS7 *p7; MSI_ENTRY *ds; if (!msi_check_file(ctx)) { return NULL; /* FAILED, no signature */ } ds = msi_signatures_get(ctx->msi_ctx->dirent, NULL); if (!ds) { printf("MSI file has no signature\n"); return NULL; /* FAILED */ } p7 = msi_pkcs7_get_digital_signature(ctx, ds); if (!p7) { printf("Unable to extract existing signature\n"); return NULL; /* FAILED */ } return p7; } /* * Extract existing signature in DER format. * Perform a sanity check for the MsiDigitalSignatureEx section. * [in] ctx: structure holds input and output data * [returns] pointer to PKCS#7 structure */ static PKCS7 *msi_pkcs7_extract_to_nest(FILE_FORMAT_CTX *ctx) { PKCS7 *p7; MSI_ENTRY *ds, *dse = NULL; if (!msi_check_file(ctx)) { return NULL; /* FAILED, no signature */ } ds = msi_signatures_get(ctx->msi_ctx->dirent, &dse); if (!ds) { printf("MSI file has no signature\n"); return NULL; /* FAILED */ } p7 = msi_pkcs7_get_digital_signature(ctx, ds); if (!p7) { printf("Unable to extract existing signature\n"); return NULL; /* FAILED */ } /* perform a sanity check for the MsiDigitalSignatureEx section */ if (!msi_check_MsiDigitalSignatureEx(ctx, dse, p7)) { PKCS7_free(p7); return NULL; /* FAILED */ } return p7; } /* * Remove existing signature. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO (unused) * [out] outdata: outdata file BIO * [returns] 1 on error or 0 on success */ static int msi_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) { MSI_ENTRY *ds; /* squash the unused parameter warning */ (void)hash; ds = msi_signatures_get(ctx->msi_ctx->dirent, NULL); if (!ds) { return 1; /* FAILED, no signature */ } if (!msi_dirent_delete(ctx->msi_ctx->dirent, digital_signature_ex, sizeof digital_signature_ex)) { return 1; /* FAILED */ } if (!msi_dirent_delete(ctx->msi_ctx->dirent, digital_signature, sizeof digital_signature)) { return 1; /* FAILED */ } if (!msi_file_write(ctx->msi_ctx->msi, ctx->msi_ctx->dirent, NULL, 0, NULL, 0, outdata)) { printf("Saving the msi file failed\n"); return 1; /* FAILED */ } return 0; /* OK */ } /* * Calculate a hash (message digest) of data. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [out] outdata: outdata file BIO (unused) * [returns] 1 on error or 0 on success */ static int msi_process_data(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) { /* squash the unused parameter warning */ (void)outdata; hash = msi_digest_calc_bio(ctx, hash); if (!hash) { return 1; /* FAILED */ } return 0; /* OK */ } /* * Create a new PKCS#7 signature. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [returns] pointer to PKCS#7 structure */ static PKCS7 *msi_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash) { ASN1_OCTET_STRING *content; PKCS7 *p7 = pkcs7_create(ctx); if (!p7) { printf("Creating a new signature failed\n"); return NULL; /* FAILED */ } if (!add_indirect_data_object(p7)) { printf("Adding SPC_INDIRECT_DATA_OBJID failed\n"); PKCS7_free(p7); return NULL; /* FAILED */ } content = spc_indirect_data_content_get(hash, ctx); if (!content) { printf("Failed to get spcIndirectDataContent\n"); return NULL; /* FAILED */ } if (!sign_spc_indirect_data_content(p7, content)) { printf("Failed to set signed content\n"); PKCS7_free(p7); ASN1_OCTET_STRING_free(content); return NULL; /* FAILED */ } ASN1_OCTET_STRING_free(content); return p7; } /* * Append signature to the outfile. * [in, out] ctx: structure holds input and output data * [out] outdata: outdata file BIO * [in] p7: PKCS#7 signature * [returns] 1 on error or 0 on success */ static int msi_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) { u_char *p = NULL; int len; /* signature length */ if (((len = i2d_PKCS7(p7, NULL)) <= 0) || (p = OPENSSL_malloc((size_t)len)) == NULL) { printf("i2d_PKCS memory allocation failed: %d\n", len); return 1; /* FAILED */ } i2d_PKCS7(p7, &p); p -= len; if (!msi_file_write(ctx->msi_ctx->msi, ctx->msi_ctx->dirent, p, (uint32_t)len, ctx->msi_ctx->p_msiex, ctx->msi_ctx->len_msiex, outdata)) { printf("Saving the msi file failed\n"); OPENSSL_free(p); return 1; /* FAILED */ } OPENSSL_free(p); return 0; /* OK */ } /* * Free up an entire outdata BIO chain. * [out] hash: message digest BIO * [out] outdata: outdata file BIO * [returns] none */ static void msi_bio_free(BIO *hash, BIO *outdata) { BIO_free_all(hash); BIO_free_all(outdata); } /* * Deallocate a FILE_FORMAT_CTX structure and MSI format specific structures, * unmap indata file. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [out] outdata: outdata file BIO * [returns] none */ static void msi_ctx_cleanup(FILE_FORMAT_CTX *ctx) { unmap_file(ctx->options->indata, ctx->msi_ctx->fileend); msi_file_free(ctx->msi_ctx->msi); msi_dirent_free(ctx->msi_ctx->dirent); OPENSSL_free(ctx->msi_ctx->p_msiex); OPENSSL_free(ctx->msi_ctx); OPENSSL_free(ctx); } static int msi_is_detaching_supported(void) { return 1; /* OK */ } /* * MSI helper functions */ /* * Verify mapped MSI file and create MSI format specific structure. * [in] indata: mapped MSI file * [in] filesize: size of MSI file * [returns] pointer to MSI format specific structure */ static MSI_CTX *msi_ctx_get(char *indata, uint32_t filesize) { MSI_ENTRY *root; MSI_FILE *msi; MSI_DIRENT *dirent; MSI_CTX *msi_ctx; msi = msi_file_new(indata, filesize); if (!msi) { printf("Failed to parse MSI_FILE struct\n"); return NULL; /* FAILED */ } root = msi_root_entry_get(msi); if (!root) { printf("Failed to get file entry\n"); msi_file_free(msi); return NULL; /* FAILED */ } if (!msi_dirent_new(msi, root, NULL, &(dirent))) { printf("Failed to parse MSI_DIRENT struct\n"); msi_file_free(msi); return NULL; /* FAILED */ } msi_ctx = OPENSSL_zalloc(sizeof(MSI_CTX)); msi_ctx->msi = msi; msi_ctx->dirent = dirent; msi_ctx->fileend = filesize; return msi_ctx; /* OK */ } static PKCS7 *msi_pkcs7_get_digital_signature(FILE_FORMAT_CTX *ctx, MSI_ENTRY *ds) { PKCS7 *p7 = NULL; const u_char *blob; char *p; uint32_t len = GET_UINT32_LE(ds->size); if (len == 0 || len >= MAXREGSECT) { printf("Corrupted DigitalSignature stream length 0x%08X\n", len); return NULL; /* FAILED */ } p = OPENSSL_malloc((size_t)len); if (!msi_file_read(ctx->msi_ctx->msi, ds, 0, p, len)) { printf("DigitalSignature stream data error\n"); OPENSSL_free(p); return NULL; } blob = (u_char *)p; p7 = d2i_PKCS7(NULL, &blob, len); OPENSSL_free(p); if (!p7) { printf("Failed to extract PKCS7 data\n"); return NULL; } return p7; } /* Get absolute address from sector and offset */ static const u_char *sector_offset_to_address(MSI_FILE *msi, uint32_t sector, uint32_t offset) { if (sector >= MAXREGSECT || offset >= msi->m_sectorSize || (msi->m_bufferLen - offset) / msi->m_sectorSize <= sector) { printf("Corrupted file\n"); return NULL; /* FAILED */ } return msi->m_buffer + (sector + 1) * msi->m_sectorSize + offset; } static uint32_t get_fat_sector_location(MSI_FILE *msi, uint32_t fatSectorNumber) { uint32_t entriesPerSector, difatSectorLocation, fatSectorLocation; const u_char *address; if (fatSectorNumber < DIFAT_IN_HEADER) { return LE_UINT32(msi->m_hdr->headerDIFAT[fatSectorNumber]); } else { fatSectorNumber -= DIFAT_IN_HEADER; entriesPerSector = msi->m_sectorSize / 4 - 1; difatSectorLocation = msi->m_hdr->firstDIFATSectorLocation; while (fatSectorNumber >= entriesPerSector) { fatSectorNumber -= entriesPerSector; address = sector_offset_to_address(msi, difatSectorLocation, msi->m_sectorSize - 4); if (!address) { printf("Failed to get a next sector address\n"); return NOSTREAM; /* FAILED */ } difatSectorLocation = GET_UINT32_LE(address); } address = sector_offset_to_address(msi, difatSectorLocation, fatSectorNumber * 4); if (!address) { printf("Failed to get a next sector address\n"); return NOSTREAM; /* FAILED */ } fatSectorLocation = GET_UINT32_LE(address); if (fatSectorLocation == 0 || fatSectorLocation >= FREESECT) { printf("Get corrupted sector location 0x%08X\n", fatSectorLocation); return NOSTREAM; /* FAILED */ } return fatSectorLocation; } } /* Lookup FAT */ static uint32_t get_next_sector(MSI_FILE *msi, uint32_t sector) { const u_char *address; uint32_t nextSectorLocation; uint32_t entriesPerSector = msi->m_sectorSize / 4; uint32_t fatSectorNumber = sector / entriesPerSector; uint32_t fatSectorLocation = get_fat_sector_location(msi, fatSectorNumber); if (fatSectorLocation == NOSTREAM) { printf("Failed to get a fat sector location\n"); return NOSTREAM; /* FAILED */ } address = sector_offset_to_address(msi, fatSectorLocation, sector % entriesPerSector * 4); if (!address) { printf("Failed to get a next sector address\n"); return NOSTREAM; /* FAILED */ } nextSectorLocation = GET_UINT32_LE(address); if (nextSectorLocation == 0 || nextSectorLocation >= FREESECT) { printf("Get corrupted sector location 0x%08X\n", nextSectorLocation); return NOSTREAM; /* FAILED */ } return nextSectorLocation; } /* Locate the final sector/offset when original offset expands multiple sectors */ static int locate_final_sector(MSI_FILE *msi, uint32_t sector, uint32_t offset, uint32_t *finalSector, uint32_t *finalOffset) { while (offset >= msi->m_sectorSize) { offset -= msi->m_sectorSize; sector = get_next_sector(msi, sector); if (sector == NOSTREAM) { printf("Failed to get a next sector\n"); return 0; /* FAILED */ } } *finalSector = sector; *finalOffset = offset; return 1; /* OK */ } /* Get absolute address from mini sector and offset */ static const u_char *mini_sector_offset_to_address(MSI_FILE *msi, uint32_t sector, uint32_t offset) { if (sector >= MAXREGSECT || offset >= msi->m_minisectorSize || (msi->m_bufferLen - offset) / msi->m_minisectorSize <= sector) { printf("Corrupted file\n"); return NULL; /* FAILED */ } if (!locate_final_sector(msi, msi->m_miniStreamStartSector, sector * msi->m_minisectorSize + offset, §or, &offset)) { printf("Failed to locate a final sector\n"); return NULL; /* FAILED */ } return sector_offset_to_address(msi, sector, offset); } /* * Copy as many as possible in each step * copylen typically iterate as: msi->m_sectorSize - offset --> msi->m_sectorSize --> msi->m_sectorSize --> ... --> remaining */ static int read_stream(MSI_FILE *msi, uint32_t sector, uint32_t offset, char *buffer, uint32_t len) { if (!locate_final_sector(msi, sector, offset, §or, &offset)) { printf("Failed to locate a final sector\n"); return 0; /* FAILED */ } while (len > 0) { const u_char *address; uint32_t copylen; address = sector_offset_to_address(msi, sector, offset); if (!address) { printf("Failed to get a next sector address\n"); return 0; /* FAILED */ } copylen = MIN(len, msi->m_sectorSize - offset); if (msi->m_buffer + msi->m_bufferLen < address + copylen) { printf("Corrupted file\n"); return 0; /* FAILED */ } memcpy(buffer, address, copylen); buffer += copylen; len -= copylen; sector = get_next_sector(msi, sector); if (sector == 0) { printf("Failed to get a next sector\n"); return 0; /* FAILED */ } offset = 0; } return 1; /* OK */ } /* Lookup miniFAT */ static uint32_t get_next_mini_sector(MSI_FILE *msi, uint32_t miniSector) { uint32_t sector, offset, nextMiniSectorLocation; const u_char *address; if (!locate_final_sector(msi, msi->m_hdr->firstMiniFATSectorLocation, miniSector * 4, §or, &offset)) { printf("Failed to locate a final sector\n"); return NOSTREAM; /* FAILED */ } address = sector_offset_to_address(msi, sector, offset); if (!address) { printf("Failed to get a next mini sector address\n"); return NOSTREAM; /* FAILED */ } nextMiniSectorLocation = GET_UINT32_LE(address); if (nextMiniSectorLocation == 0 || nextMiniSectorLocation >= FREESECT) { printf("Get corrupted sector location 0x%08X\n", nextMiniSectorLocation); return NOSTREAM; /* FAILED */ } return nextMiniSectorLocation; } static int locate_final_mini_sector(MSI_FILE *msi, uint32_t sector, uint32_t offset, uint32_t *finalSector, uint32_t *finalOffset) { while (offset >= msi->m_minisectorSize) { offset -= msi->m_minisectorSize; sector = get_next_mini_sector(msi, sector); if (sector == NOSTREAM) { printf("Failed to get a next mini sector\n"); return 0; /* FAILED */ } } *finalSector = sector; *finalOffset = offset; return 1; /* OK */ } /* Same logic as "read_stream" except that use mini stream functions instead */ static int read_mini_stream(MSI_FILE *msi, uint32_t sector, uint32_t offset, char *buffer, uint32_t len) { if (!locate_final_mini_sector(msi, sector, offset, §or, &offset)) { printf("Failed to locate a final mini sector\n"); return 0; /* FAILED */ } while (len > 0) { const u_char *address; uint32_t copylen; address = mini_sector_offset_to_address(msi, sector, offset); if (!address) { printf("Failed to get a next mini sector address\n"); return 0; /* FAILED */ } copylen = MIN(len, msi->m_minisectorSize - offset); if (msi->m_buffer + msi->m_bufferLen < address + copylen) { printf("Corrupted file\n"); return 0; /* FAILED */ } memcpy(buffer, address, copylen); buffer += copylen; len -= copylen; sector = get_next_mini_sector(msi, sector); if (sector == NOSTREAM) { printf("Failed to get a next mini sector\n"); return 0; /* FAILED */ } offset = 0; } return 1; /* OK */ } /* * Get file (stream) data start with "offset". * The buffer must have enough space to store "len" bytes. Typically "len" is derived by the steam length. */ static int msi_file_read(MSI_FILE *msi, MSI_ENTRY *entry, uint32_t offset, char *buffer, uint32_t len) { if (len < msi->m_hdr->miniStreamCutoffSize) { if (!read_mini_stream(msi, entry->startSectorLocation, offset, buffer, len)) return 0; /* FAILED */ } else { if (!read_stream(msi, entry->startSectorLocation, offset, buffer, len)) return 0; /* FAILED */ } return 1; /* OK */ } /* Parse MSI_FILE_HDR struct */ static MSI_FILE_HDR *parse_header(char *data) { MSI_FILE_HDR *header = (MSI_FILE_HDR *)OPENSSL_malloc(HEADER_SIZE); /* initialise 512 bytes */ memset(header, 0, sizeof(MSI_FILE_HDR)); memcpy(header->signature, data + HEADER_SIGNATURE, sizeof header->signature); /* Minor Version field SHOULD be set to 0x003E. */ header->minorVersion = GET_UINT16_LE(data + HEADER_MINOR_VER); if (header->minorVersion !=0x003E ) { printf("Warning: Minor Version field SHOULD be 0x003E, but is: 0x%04X\n", header->minorVersion); } /* Major Version field MUST be set to either 0x0003 (version 3) or 0x0004 (version 4). */ header->majorVersion = GET_UINT16_LE(data + HEADER_MAJOR_VER); if (header->majorVersion != 0x0003 && header->majorVersion != 0x0004) { printf("Unknown Major Version: 0x%04X\n", header->majorVersion); OPENSSL_free(header); return NULL; /* FAILED */ } /* Byte Order field MUST be set to 0xFFFE, specifies little-endian byte order. */ header->byteOrder = GET_UINT16_LE(data + HEADER_BYTE_ORDER); if (header->byteOrder != 0xFFFE) { printf("Unknown Byte Order: 0x%04X\n", header->byteOrder); OPENSSL_free(header); return NULL; /* FAILED */ } /* Sector Shift field MUST be set to 0x0009, or 0x000c, depending on the Major Version field. * This field specifies the sector size of the compound file as a power of 2. */ header->sectorShift = GET_UINT16_LE(data + HEADER_SECTOR_SHIFT); if ((header->majorVersion == 0x0003 && header->sectorShift != 0x0009) || (header->majorVersion == 0x0004 && header->sectorShift != 0x000C)) { printf("Unknown Sector Shift: 0x%04X\n", header->sectorShift); OPENSSL_free(header); return NULL; /* FAILED */ } /* Mini Sector Shift field MUST be set to 0x0006. * This field specifies the sector size of the Mini Stream as a power of 2. * The sector size of the Mini Stream MUST be 64 bytes. */ header->miniSectorShift = GET_UINT16_LE(data + HEADER_MINI_SECTOR_SHIFT); if (header->miniSectorShift != 0x0006) { printf("Unknown Mini Sector Shift: 0x%04X\n", header->miniSectorShift); OPENSSL_free(header); return NULL; /* FAILED */ } /* Number of Directory Sectors field contains the count of the number * of directory sectors in the compound file. * If Major Version is 3, the Number of Directory Sectors MUST be zero. */ header->numDirectorySector = GET_UINT32_LE(data + HEADER_DIR_SECTORS_NUM); if (header->majorVersion == 0x0003 && header->numDirectorySector != 0x00000000) { printf("Unsupported Number of Directory Sectors: 0x%08X\n", header->numDirectorySector); OPENSSL_free(header); return NULL; /* FAILED */ } header->numFATSector = GET_UINT32_LE(data + HEADER_FAT_SECTORS_NUM); header->firstDirectorySectorLocation = GET_UINT32_LE(data + HEADER_DIR_SECTOR_LOC); header->transactionSignatureNumber = GET_UINT32_LE(data + HEADER_TRANSACTION); /* Mini Stream Cutoff Size field MUST be set to 0x00001000. * This field specifies the maximum size of a user-defined data stream that is allocated * from the mini FAT and mini stream, and that cutoff is 4,096 bytes. * Any user-defined data stream that is greater than or equal to this cutoff size * must be allocated as normal sectors from the FAT. */ header->miniStreamCutoffSize = GET_UINT32_LE(data + HEADER_MINI_STREAM_CUTOFF); if (header->miniStreamCutoffSize != 0x00001000) { printf("Unsupported Mini Stream Cutoff Size: 0x%08X\n", header->miniStreamCutoffSize); OPENSSL_free(header); return NULL; /* FAILED */ } header->firstMiniFATSectorLocation = GET_UINT32_LE(data + HEADER_MINI_FAT_SECTOR_LOC); header->numMiniFATSector = GET_UINT32_LE(data + HEADER_MINI_FAT_SECTORS_NUM); header->firstDIFATSectorLocation = GET_UINT32_LE(data + HEADER_DIFAT_SECTOR_LOC); header->numDIFATSector = GET_UINT32_LE(data + HEADER_DIFAT_SECTORS_NUM); memcpy(header->headerDIFAT, data + HEADER_DIFAT, sizeof header->headerDIFAT); return header; } /* Parse MSI_ENTRY struct */ static MSI_ENTRY *parse_entry(MSI_FILE *msi, const u_char *data, int is_root) { uint32_t inlen; MSI_ENTRY *entry = (MSI_ENTRY *)OPENSSL_malloc(sizeof(MSI_ENTRY)); /* initialise 128 bytes */ memset(entry, 0, sizeof(MSI_ENTRY)); entry->nameLen = GET_UINT16_LE(data + DIRENT_NAME_LEN); /* This length MUST NOT exceed 64, the maximum size of the Directory Entry Name field */ if (entry->nameLen == 0 || entry->nameLen > 64) { printf("Corrupted Directory Entry Name Length\n"); OPENSSL_free(entry); return NULL; /* FAILED */ } memcpy(entry->name, data + DIRENT_NAME, entry->nameLen); /* The root directory entry's Name field MUST contain the null-terminated * string "Root Entry" in Unicode UTF-16. */ if (is_root && (entry->nameLen != sizeof msi_root_entry || memcmp(entry->name, msi_root_entry, entry->nameLen))) { printf("Corrupted Root Directory Entry's Name\n"); OPENSSL_free(entry); return NULL; /* FAILED */ } entry->type = GET_UINT8_LE(data + DIRENT_TYPE); entry->colorFlag = GET_UINT8_LE(data + DIRENT_COLOUR); entry->leftSiblingID = GET_UINT32_LE(data + DIRENT_LEFT_SIBLING_ID); entry->rightSiblingID = GET_UINT32_LE(data + DIRENT_RIGHT_SIBLING_ID); entry->childID = GET_UINT32_LE(data + DIRENT_CHILD_ID); memcpy(entry->clsid, data + DIRENT_CLSID, 16); memcpy(entry->stateBits, data + DIRENT_STATE_BITS, 4); memcpy(entry->creationTime, data + DIRENT_CREATE_TIME, 8); /* The Creation Time field in the root storage directory entry MUST be all zeroes but the Modified Time field in the root storage directory entry MAY be all zeroes */ if (is_root && memcmp(entry->creationTime, msi_zeroes, 8)) { printf("Corrupted Root Directory Entry's Creation Time\n"); OPENSSL_free(entry); return NULL; /* FAILED */ } memcpy(entry->modifiedTime, data + DIRENT_MODIFY_TIME, 8); entry->startSectorLocation = GET_UINT32_LE(data + DIRENT_START_SECTOR_LOC); memcpy(entry->size, data + DIRENT_FILE_SIZE, 8); /* For a version 3 compound file 512-byte sector size, the value of this field MUST be less than or equal to 0x80000000 */ inlen = GET_UINT32_LE(entry->size); if ((msi->m_sectorSize == 0x0200 && inlen > 0x80000000) || (msi->m_bufferLen <= inlen)) { printf("Corrupted Stream Size 0x%08X\n", inlen); OPENSSL_free(entry); return NULL; /* FAILED */ } return entry; } /* * Get entry (directory or file) by its ID. * Pass "0" to get the root directory entry. -- This is the start point to navigate the compound file. * Use the returned object to access child entries. */ static MSI_ENTRY *get_entry(MSI_FILE *msi, uint32_t entryID, int is_root) { uint32_t sector = 0; uint32_t offset = 0; const u_char *address; /* Corrupted file */ if (!is_root && entryID == 0) { printf("Corrupted entryID\n"); return NULL; /* FAILED */ } if (msi->m_bufferLen / sizeof(MSI_ENTRY) <= entryID) { printf("Invalid argument entryID\n"); return NULL; /* FAILED */ } /* The first entry in the first sector of the directory chain is known as the root directory entry so it can not contain the directory stream */ if (msi->m_hdr->firstDirectorySectorLocation == 0 && entryID == 0) { printf("Corrupted First Directory Sector Location\n"); return NULL; /* FAILED */ } if (!locate_final_sector(msi, msi->m_hdr->firstDirectorySectorLocation, entryID * sizeof(MSI_ENTRY), §or, &offset)) { printf("Failed to locate a final sector\n"); return NULL; /* FAILED */ } address = sector_offset_to_address(msi, sector, offset); if (!address) { printf("Failed to get a final address\n"); return NULL; /* FAILED */ } return parse_entry(msi, address, is_root); } static MSI_ENTRY *msi_root_entry_get(MSI_FILE *msi) { return get_entry(msi, 0, TRUE); } static void msi_file_free(MSI_FILE *msi) { if (!msi) return; OPENSSL_free(msi->m_hdr); OPENSSL_free(msi); } /* Parse MSI_FILE struct */ static MSI_FILE *msi_file_new(char *buffer, uint32_t len) { MSI_FILE *msi; MSI_ENTRY *root; MSI_FILE_HDR *header; if (buffer == NULL || len == 0) { printf("Invalid argument\n"); return NULL; /* FAILED */ } header = parse_header(buffer); if (!header) { printf("Failed to parse MSI_FILE_HDR struct\n"); return NULL; /* FAILED */ } msi = (MSI_FILE *)OPENSSL_malloc(sizeof(MSI_FILE)); msi->m_buffer = (const u_char *)(buffer); msi->m_bufferLen = len; msi->m_hdr = header; msi->m_sectorSize = 1 << msi->m_hdr->sectorShift; msi->m_minisectorSize = 1 << msi->m_hdr->miniSectorShift; msi->m_miniStreamStartSector = 0; if (msi->m_bufferLen < sizeof *(msi->m_hdr) || memcmp(msi->m_hdr->signature, msi_magic, sizeof msi_magic)) { printf("Wrong file format\n"); msi_file_free(msi); return NULL; /* FAILED */ } /* The file must contains at least 3 sectors */ if (msi->m_bufferLen < msi->m_sectorSize * 3) { printf("The file must contains at least 3 sectors\n"); msi_file_free(msi); return NULL; /* FAILED */ } root = msi_root_entry_get(msi); if (!root) { printf("Failed to get msi root entry\n"); msi_file_free(msi); return NULL; /* FAILED */ } msi->m_miniStreamStartSector = root->startSectorLocation; OPENSSL_free(root); return msi; } /* Recursively create a tree of MSI_DIRENT structures */ static int msi_dirent_new(MSI_FILE *msi, MSI_ENTRY *entry, MSI_DIRENT *parent, MSI_DIRENT **ret) { MSI_DIRENT *dirent; static int cnt; static MSI_DIRENT *tortoise, *hare; if (!entry) { return 1; /* OK */ } if (entry->nameLen == 0 || entry->nameLen > 64) { printf("Corrupted Directory Entry Name Length\n"); return 0; /* FAILED */ } /* detect cycles in previously visited entries (parents, siblings) */ if (!ret) { /* initialized (non-root entry) */ if (!memcmp(entry, tortoise->entry, sizeof(MSI_ENTRY))) { printf("MSI_ENTRY cycle detected at level %d\n", cnt); OPENSSL_free(entry); return 0; /* FAILED */ } } dirent = (MSI_DIRENT *)OPENSSL_malloc(sizeof(MSI_DIRENT)); memcpy(dirent->name, entry->name, entry->nameLen); dirent->nameLen = entry->nameLen; dirent->type = entry->type; dirent->entry = entry; dirent->children = sk_MSI_DIRENT_new_null(); dirent->next = NULL; /* fail-safe */ /* Floyd's cycle-finding algorithm */ if (!ret) { /* initialized (non-root entry) */ if (cnt++ & 1) /* move the tortoise every other invocation of msi_dirent_new() */ tortoise = tortoise->next; hare->next = dirent; /* build a linked list of visited entries */ hare = dirent; /* move the hare every time */ } else { /* initialization needed (root entry) */ cnt = 0; tortoise = dirent; hare = dirent; } if (parent && !sk_MSI_DIRENT_push(parent->children, dirent)) { printf("Failed to insert MSI_DIRENT\n"); return 0; /* FAILED */ } if (ret) *ret = dirent; if (!recurse_entry(msi, entry->leftSiblingID, parent) || !recurse_entry(msi, entry->rightSiblingID, parent) || !recurse_entry(msi, entry->childID, dirent)) { printf("Failed to add a sibling or a child to the tree\n"); return 0; /* FAILED */ } return 1; /* OK */ } /* Add a sibling or a child to the tree */ /* NOTE: These links are a tree, not a linked list */ static int recurse_entry(MSI_FILE *msi, uint32_t entryID, MSI_DIRENT *parent) { MSI_ENTRY *node; /* The special NOSTREAM (0xFFFFFFFF) value is used as a terminator */ if (entryID == NOSTREAM) /* stop condition */ return 1; /* OK */ node = get_entry(msi, entryID, FALSE); if (!node) { printf("Corrupted ID: 0x%08X\n", entryID); return 0; /* FAILED */ } if (!msi_dirent_new(msi, node, parent, NULL)) { return 0; /* FAILED */ } return 1; /* OK */ } /* Return DigitalSignature and MsiDigitalSignatureEx */ static MSI_ENTRY *msi_signatures_get(MSI_DIRENT *dirent, MSI_ENTRY **dse) { int i; MSI_ENTRY *ds = NULL; for (i = 0; i < sk_MSI_DIRENT_num(dirent->children); i++) { MSI_DIRENT *child = sk_MSI_DIRENT_value(dirent->children, i); if (!memcmp(child->name, digital_signature, MIN(child->nameLen, sizeof digital_signature))) { ds = child->entry; } else if (dse && !memcmp(child->name, digital_signature_ex, MIN(child->nameLen, sizeof digital_signature_ex))) { *dse = child->entry; } else { continue; } } return ds; } /* Recursively free MSI_DIRENT struct */ static void msi_dirent_free(MSI_DIRENT *dirent) { if (!dirent) return; sk_MSI_DIRENT_pop_free(dirent->children, msi_dirent_free); OPENSSL_free(dirent->entry); OPENSSL_free(dirent); } /* Sorted list of MSI streams in this order is needed for hashing */ static int dirent_cmp_hash(const MSI_DIRENT *const *a, const MSI_DIRENT *const *b) { const MSI_DIRENT *dirent_a = *a; const MSI_DIRENT *dirent_b = *b; int diff = memcmp(dirent_a->name, dirent_b->name, MIN(dirent_a->nameLen, dirent_b->nameLen)); /* apparently the longer wins */ if (diff == 0) { return dirent_a->nameLen > dirent_b->nameLen ? -1 : 1; } return diff; } /* Sorting relationship for directory entries, the left sibling MUST always be less than the right sibling */ static int dirent_cmp_tree(const MSI_DIRENT *const *a, const MSI_DIRENT *const *b) { const MSI_DIRENT *dirent_a = *a; const MSI_DIRENT *dirent_b = *b; uint16_t codepoint_a, codepoint_b; int i; if (dirent_a->nameLen != dirent_b->nameLen) { return dirent_a->nameLen < dirent_b->nameLen ? -1 : 1; } for (i=0; inameLen-2; i=i+2) { codepoint_a = GET_UINT16_LE(dirent_a->name + i); codepoint_b = GET_UINT16_LE(dirent_b->name + i); if (codepoint_a != codepoint_b) { return codepoint_a < codepoint_b ? -1 : 1; } } return 0; } /* * Calculate the pre-hash used for 'MsiDigitalSignatureEx' * signatures in MSI files. The pre-hash hashes only metadata (file names, * file sizes, creation times and modification times), whereas the basic * 'DigitalSignature' MSI signature only hashes file content. * * The hash is written to the hash BIO. */ /* Hash a MSI stream's extended metadata */ static void prehash_metadata(MSI_ENTRY *entry, BIO *hash) { if (entry->type != DIR_ROOT) { BIO_write(hash, entry->name, entry->nameLen - 2); } if (entry->type != DIR_STREAM) { BIO_write(hash, entry->clsid, sizeof entry->clsid); } else { BIO_write(hash, entry->size, (sizeof entry->size)/2); } BIO_write(hash, entry->stateBits, sizeof entry->stateBits); if (entry->type != DIR_ROOT) { BIO_write(hash, entry->creationTime, sizeof entry->creationTime); BIO_write(hash, entry->modifiedTime, sizeof entry->modifiedTime); } } /* Recursively hash a MSI directory's extended metadata */ static int msi_prehash_dir(MSI_DIRENT *dirent, BIO *hash, int is_root) { int i, ret = 0; STACK_OF(MSI_DIRENT) *children; if (!dirent || !dirent->children) { return ret; } children = sk_MSI_DIRENT_dup(dirent->children); prehash_metadata(dirent->entry, hash); sk_MSI_DIRENT_set_cmp_func(children, &dirent_cmp_hash); sk_MSI_DIRENT_sort(children); for (i = 0; i < sk_MSI_DIRENT_num(children); i++) { MSI_DIRENT *child = sk_MSI_DIRENT_value(children, i); if (is_root && (!memcmp(child->name, digital_signature, MIN(child->nameLen, sizeof digital_signature)) || !memcmp(child->name, digital_signature_ex, MIN(child->nameLen, sizeof digital_signature_ex)))) { continue; } if (child->type == DIR_STREAM) { prehash_metadata(child->entry, hash); } if (child->type == DIR_STORAGE) { if (!msi_prehash_dir(child, hash, 0)) { goto out; } } } ret = 1; /* OK */ out: sk_MSI_DIRENT_free(children); return ret; } /* Recursively hash a MSI directory (storage) */ static int msi_hash_dir(MSI_FILE *msi, MSI_DIRENT *dirent, BIO *hash, int is_root) { int i, ret = 0; STACK_OF(MSI_DIRENT) *children; if (!dirent || !dirent->children) { return ret; } children = sk_MSI_DIRENT_dup(dirent->children); sk_MSI_DIRENT_set_cmp_func(children, &dirent_cmp_hash); sk_MSI_DIRENT_sort(children); for (i = 0; i < sk_MSI_DIRENT_num(children); i++) { MSI_DIRENT *child = sk_MSI_DIRENT_value(children, i); if (is_root && (!memcmp(child->name, digital_signature, MIN(child->nameLen, sizeof digital_signature)) || !memcmp(child->name, digital_signature_ex, MIN(child->nameLen, sizeof digital_signature_ex)))) { /* Skip DigitalSignature and MsiDigitalSignatureEx streams */ continue; } if (child->type == DIR_STREAM) { char *indata; uint32_t inlen = GET_UINT32_LE(child->entry->size); if (inlen == 0 || inlen >= MAXREGSECT) { /* Skip null and corrupted streams */ continue; } indata = (char *)OPENSSL_malloc(inlen); if (!msi_file_read(msi, child->entry, 0, indata, inlen)) { printf("Failed to read stream data\n"); OPENSSL_free(indata); goto out; } BIO_write(hash, indata, (int)inlen); OPENSSL_free(indata); } if (child->type == DIR_STORAGE) { if (!msi_hash_dir(msi, child, hash, 0)) { printf("Failed to hash a MSI storage\n"); goto out; } } } BIO_write(hash, dirent->entry->clsid, sizeof dirent->entry->clsid); ret = 1; /* OK */ out: sk_MSI_DIRENT_free(children); return ret; } static void ministream_append(MSI_OUT *out, char *buf, uint32_t len) { uint32_t needSectors = (len + out->sectorSize - 1) / out->sectorSize; if (out->miniStreamLen + len >= (uint64_t)out->ministreamsMemallocCount * out->sectorSize) { out->ministreamsMemallocCount += needSectors; out->ministream = OPENSSL_realloc(out->ministream, (size_t)(out->ministreamsMemallocCount * out->sectorSize)); } memcpy(out->ministream + out->miniStreamLen, buf, (size_t)len); out->miniStreamLen += len; } static void minifat_append(MSI_OUT *out, char *buf, uint32_t len) { if (out->minifatLen == (uint64_t)out->minifatMemallocCount * out->sectorSize) { out->minifatMemallocCount += 1; out->minifat = OPENSSL_realloc(out->minifat, (size_t)(out->minifatMemallocCount * out->sectorSize)); } memcpy(out->minifat + out->minifatLen, buf, (size_t)len); out->minifatLen += len; } static void fat_append(MSI_OUT *out, char *buf, uint32_t len) { if (out->fatLen == (uint64_t)out->fatMemallocCount * out->sectorSize) { out->fatMemallocCount += 1; out->fat = OPENSSL_realloc(out->fat, (size_t)(out->fatMemallocCount * out->sectorSize)); } memcpy(out->fat + out->fatLen, buf, (size_t)len); out->fatLen += len; } static void difat_append(MSI_OUT *out, char *buf, uint32_t len) { if (out->difatLen == (uint64_t)out->difatMemallocCount * out->sectorSize) { out->difatMemallocCount += 1; out->difat = OPENSSL_realloc(out->difat, (size_t)(out->difatMemallocCount * out->sectorSize)); } memcpy(out->difat + out->difatLen, buf, (size_t)len); out->difatLen += len; } static int msi_dirent_delete(MSI_DIRENT *dirent, const u_char *name, uint16_t nameLen) { int i; for (i = 0; i < sk_MSI_DIRENT_num(dirent->children); i++) { MSI_DIRENT *child = sk_MSI_DIRENT_value(dirent->children, i); if (memcmp(child->name, name, MIN(child->nameLen, nameLen))) { continue; } if (child->type != DIR_STREAM) { printf("Can't delete or replace storages\n"); return 0; /* FAILED */ } sk_MSI_DIRENT_delete(dirent->children, i); msi_dirent_free(child); } return 1; /* OK */ } static MSI_DIRENT *dirent_add(const u_char *name, uint16_t nameLen) { MSI_DIRENT *dirent = (MSI_DIRENT *)OPENSSL_malloc(sizeof(MSI_DIRENT)); MSI_ENTRY *entry = (MSI_ENTRY *)OPENSSL_malloc(sizeof(MSI_ENTRY)); memcpy(dirent->name, name, nameLen); dirent->nameLen = nameLen; dirent->type = DIR_STREAM; dirent->children = sk_MSI_DIRENT_new_null(); memcpy(entry->name, name, nameLen); entry->nameLen = nameLen; entry->type = DIR_STREAM; entry->colorFlag = BLACK_COLOR; /* make everything black */ entry->leftSiblingID = NOSTREAM; entry->rightSiblingID = NOSTREAM; entry->childID = NOSTREAM; memset(entry->clsid, 0, 16); memset(entry->stateBits, 0, 4); memset(entry->creationTime, 0, 8); memset(entry->modifiedTime, 0, 8); entry->startSectorLocation = NOSTREAM; memset(entry->size, 0, 8); dirent->entry = entry; return dirent; } static int dirent_insert(MSI_DIRENT *dirent, const u_char *name, uint16_t nameLen) { MSI_DIRENT *new_dirent; if (!msi_dirent_delete(dirent, name, nameLen)) { return 0; /* FAILED */ } /* create new dirent */ new_dirent = dirent_add(name, nameLen); sk_MSI_DIRENT_push(dirent->children, new_dirent); return 1; /* OK */ } static int signature_insert(MSI_DIRENT *dirent, uint32_t len_msiex) { if (len_msiex > 0) { if (!dirent_insert(dirent, digital_signature_ex, sizeof digital_signature_ex)) { return 0; /* FAILED */ } } else { if (!msi_dirent_delete(dirent, digital_signature_ex, sizeof digital_signature_ex)) { return 0; /* FAILED */ } } if (!dirent_insert(dirent, digital_signature, sizeof digital_signature)) { return 0; /* FAILED */ } return 1; /* OK */ } static uint32_t stream_read(MSI_FILE *msi, MSI_ENTRY *entry, u_char *p_msi, uint32_t len_msi, u_char *p_msiex, uint32_t len_msiex, char **indata, uint32_t inlen, int is_root) { if (is_root && !memcmp(entry->name, digital_signature, sizeof digital_signature)) { /* DigitalSignature */ inlen = len_msi; *indata = OPENSSL_malloc((size_t)inlen); memcpy(*indata, p_msi, (size_t)inlen); } else if (is_root && !memcmp(entry->name, digital_signature_ex, sizeof digital_signature_ex)) { /* MsiDigitalSignatureEx */ inlen = len_msiex; *indata = OPENSSL_malloc((size_t)inlen); memcpy(*indata, p_msiex, (size_t)inlen); } else if (inlen != 0) { *indata = (char *)OPENSSL_malloc(inlen); if (!msi_file_read(msi, entry, 0, *indata, inlen)) { return 0; /* FAILED */ } } return inlen; } /* Recursively handle data from MSI_DIRENT struct */ static int stream_handle(MSI_FILE *msi, MSI_DIRENT *dirent, u_char *p_msi, uint32_t len_msi, u_char *p_msiex, uint32_t len_msiex, BIO *outdata, MSI_OUT *out, int is_root) { int i; if (dirent->type == DIR_ROOT) { if (len_msi > 0 && !signature_insert(dirent, len_msiex)) { printf("Insert new signature failed\n"); return 0; /* FAILED */ } out->ministreamsMemallocCount = (GET_UINT32_LE(dirent->entry->size) + out->sectorSize - 1)/out->sectorSize; out->ministream = OPENSSL_malloc((uint64_t)out->ministreamsMemallocCount * out->sectorSize); } for (i = 0; i < sk_MSI_DIRENT_num(dirent->children); i++) { MSI_DIRENT *child = sk_MSI_DIRENT_value(dirent->children, i); if (child->type == DIR_STORAGE) { if (!stream_handle(msi, child, NULL, 0, NULL, 0, outdata, out, 0)) { return 0; /* FAILED */ } } else { /* DIR_STREAM */ char buf[MAX_SECTOR_SIZE]; char *indata = NULL; uint32_t inlen = GET_UINT32_LE(child->entry->size); if (inlen >= MAXREGSECT) { printf("Corrupted stream length 0x%08X\n", inlen); return 0; /* FAILED */ } /* DigitalSignature or MsiDigitalSignatureEx: inlen == 0 */ inlen = stream_read(msi, child->entry, p_msi, len_msi, p_msiex, len_msiex, &indata, inlen, is_root); if (inlen == 0) { OPENSSL_free(indata); continue; /* skip a null stream */ } /* set the size of the user-defined data if this is a stream object */ PUT_UINT32_LE(inlen, buf); memcpy(child->entry->size, buf, sizeof child->entry->size); if (inlen < MINI_STREAM_CUTOFF_SIZE) { /* set the index into the mini FAT to track the chain of sectors through the mini stream */ child->entry->startSectorLocation = out->miniSectorNum; ministream_append(out, indata, inlen); /* fill to the end with known data, such as all zeroes */ if (inlen % msi->m_minisectorSize > 0) { uint32_t remain = msi->m_minisectorSize - inlen % msi->m_minisectorSize; memset(buf, 0, (size_t)remain); ministream_append(out, buf, remain); } while (inlen > msi->m_minisectorSize) { out->miniSectorNum += 1; PUT_UINT32_LE(out->miniSectorNum, buf); minifat_append(out, buf, 4); inlen -= msi->m_minisectorSize; } PUT_UINT32_LE(ENDOFCHAIN, buf); minifat_append(out, buf, 4); out->miniSectorNum += 1; } else { /* set the first sector location if this is a stream object */ child->entry->startSectorLocation = out->sectorNum; /* stream save */ BIO_write(outdata, indata, (int)inlen); /* fill to the end with known data, such as all zeroes */ if (inlen % out->sectorSize > 0) { uint32_t remain = out->sectorSize - inlen % out->sectorSize; memset(buf, 0, (size_t)remain); BIO_write(outdata, buf, (int)remain); } /* set a sector chain in the FAT */ while (inlen > out->sectorSize) { out->sectorNum += 1; PUT_UINT32_LE(out->sectorNum, buf); fat_append(out, buf, 4); inlen -= out->sectorSize; } PUT_UINT32_LE(ENDOFCHAIN, buf); fat_append(out, buf, 4); out->sectorNum += 1; } OPENSSL_free(indata); } } return 1; /* OK */ } static void ministream_save(MSI_DIRENT *dirent, BIO *outdata, MSI_OUT *out) { char buf[MAX_SECTOR_SIZE]; uint32_t i, remain; uint32_t ministreamSectorsCount = (out->miniStreamLen + out->sectorSize - 1) / out->sectorSize; /* set the first sector of the mini stream in the entry root object */ dirent->entry->startSectorLocation = out->sectorNum; /* ministream save */ BIO_write(outdata, out->ministream, (int)out->miniStreamLen); OPENSSL_free(out->ministream); /* fill to the end with known data, such as all zeroes */ if (out->miniStreamLen % out->sectorSize > 0) { remain = out->sectorSize - out->miniStreamLen % out->sectorSize; memset(buf, 0, (size_t)remain); BIO_write(outdata, buf, (int)remain); } /* set a sector chain in the FAT */ for (i=1; isectorNum + i, buf); fat_append(out, buf, 4); } /* mark the end of the mini stream data */ PUT_UINT32_LE(ENDOFCHAIN, buf); fat_append(out, buf, 4); out->sectorNum += ministreamSectorsCount; } static void minifat_save(BIO *outdata, MSI_OUT *out) { char buf[MAX_SECTOR_SIZE]; uint32_t i, remain; /* set Mini FAT Starting Sector Location in the header */ if (out->minifatLen == 0) { PUT_UINT32_LE(ENDOFCHAIN, buf); memcpy(out->header + HEADER_MINI_FAT_SECTOR_LOC, buf, 4); return; } PUT_UINT32_LE(out->sectorNum, buf); memcpy(out->header + HEADER_MINI_FAT_SECTOR_LOC, buf, 4); /* minifat save */ BIO_write(outdata, out->minifat, (int)out->minifatLen); /* marks the end of the stream */ PUT_UINT32_LE(ENDOFCHAIN, buf); BIO_write(outdata, buf, 4); out->minifatLen += 4; /* empty unallocated free sectors in the last Mini FAT sector */ if (out->minifatLen % out->sectorSize > 0) { remain = out->sectorSize - out->minifatLen % out->sectorSize; memset(buf, (int)FREESECT, (size_t)remain); BIO_write(outdata, buf, (int)remain); } /* set a sector chain in the FAT */ out->minifatSectorsCount = (out->minifatLen + out->sectorSize - 1) / out->sectorSize; for (i=1; iminifatSectorsCount; i++) { PUT_UINT32_LE(out->sectorNum + i, buf); fat_append(out, buf, 4); } /* mark the end of the mini FAT chain */ PUT_UINT32_LE(ENDOFCHAIN, buf); fat_append(out, buf, 4); out->sectorNum += out->minifatSectorsCount; } static char *msi_dirent_get(MSI_ENTRY *entry) { char buf[8]; char *data = OPENSSL_malloc(DIRENT_SIZE); /* initialise 128 bytes */ memset(data, 0, DIRENT_SIZE); memcpy(data + DIRENT_NAME, entry->name, entry->nameLen); memset(data + DIRENT_NAME + entry->nameLen, 0, DIRENT_MAX_NAME_SIZE - entry->nameLen); PUT_UINT16_LE(entry->nameLen, buf); memcpy(data + DIRENT_NAME_LEN, buf, 2); PUT_UINT8_LE(entry->type, buf); memcpy(data + DIRENT_TYPE, buf, 1); PUT_UINT8_LE(entry->colorFlag, buf); memcpy(data + DIRENT_COLOUR, buf, 1); PUT_UINT32_LE(entry->leftSiblingID, buf); memcpy(data + DIRENT_LEFT_SIBLING_ID, buf, 4); PUT_UINT32_LE(entry->rightSiblingID, buf); memcpy(data + DIRENT_RIGHT_SIBLING_ID, buf, 4); PUT_UINT32_LE(entry->childID, buf); memcpy(data + DIRENT_CHILD_ID, buf, 4); memcpy(data + DIRENT_CLSID, entry->clsid, 16); memcpy(data + DIRENT_STATE_BITS, entry->stateBits, 4); memcpy(data + DIRENT_CREATE_TIME, entry->creationTime, 8); memcpy(data + DIRENT_MODIFY_TIME, entry->modifiedTime, 8); PUT_UINT32_LE(entry->startSectorLocation, buf); memcpy(data + DIRENT_START_SECTOR_LOC, buf, 4); memcpy(data + DIRENT_FILE_SIZE, entry->size, 4); memset(data + DIRENT_FILE_SIZE + 4, 0, 4); return data; } static char *msi_unused_dirent_get(void) { char *data = OPENSSL_malloc(DIRENT_SIZE); /* initialise 127 bytes */ memset(data, 0, DIRENT_SIZE); memset(data + DIRENT_LEFT_SIBLING_ID, (int)NOSTREAM, 4); memset(data + DIRENT_RIGHT_SIBLING_ID, (int)NOSTREAM, 4); memset(data + DIRENT_CHILD_ID, (int)NOSTREAM, 4); return data; } static int dirents_save(MSI_DIRENT *dirent, BIO *outdata, MSI_OUT *out, uint32_t *streamId, int count, int last) { int i, childenNum; char *entry; STACK_OF(MSI_DIRENT) *children; if (!dirent || !dirent->children) { return count; } children = sk_MSI_DIRENT_dup(dirent->children); sk_MSI_DIRENT_set_cmp_func(children, &dirent_cmp_tree); sk_MSI_DIRENT_sort(children); childenNum = sk_MSI_DIRENT_num(children); /* make everything black */ dirent->entry->colorFlag = BLACK_COLOR; dirent->entry->leftSiblingID = NOSTREAM; if (dirent->type == DIR_STORAGE) { if (last) { dirent->entry->rightSiblingID = NOSTREAM; } else { /* make linked list rather than tree, only use next - right sibling */ count += childenNum; dirent->entry->rightSiblingID = *streamId + (uint32_t)count + 1; } } else { /* DIR_ROOT */ dirent->entry->rightSiblingID = NOSTREAM; } dirent->entry->childID = *streamId + 1; entry = msi_dirent_get(dirent->entry); BIO_write(outdata, entry, DIRENT_SIZE); OPENSSL_free(entry); out->dirtreeLen += DIRENT_SIZE; for (i = 0; i < childenNum; i++) { MSI_DIRENT *child = sk_MSI_DIRENT_value(children, i); int last_dir = i == childenNum - 1 ? 1 : 0; *streamId += 1; if (child->type == DIR_STORAGE) { count += dirents_save(child, outdata, out, streamId, count, last_dir); } else { /* DIR_STREAM */ count = 0; child->entry->colorFlag = BLACK_COLOR; child->entry->leftSiblingID = NOSTREAM; if (last_dir) { child->entry->rightSiblingID = NOSTREAM; } else { child->entry->rightSiblingID = *streamId + 1; } entry = msi_dirent_get(child->entry); BIO_write(outdata, entry, DIRENT_SIZE); OPENSSL_free(entry); out->dirtreeLen += DIRENT_SIZE; } } sk_MSI_DIRENT_free(children); return count; } static void dirtree_save(MSI_DIRENT *dirent, BIO *outdata, MSI_OUT *out) { char buf[MAX_SECTOR_SIZE]; char *unused_entry; uint32_t i, remain, streamId = 0; /* set Directory Starting Sector Location in the header */ PUT_UINT32_LE(out->sectorNum, buf); memcpy(out->header + HEADER_DIR_SECTOR_LOC, buf, 4); /* set the size of the mini stream in the root object */ if (dirent->type == DIR_ROOT) { PUT_UINT32_LE(out->miniStreamLen, buf); memcpy(dirent->entry->size, buf, sizeof dirent->entry->size); } /* sort and save all directory entries */ dirents_save(dirent, outdata, out, &streamId, 0, 0); /* set free (unused) directory entries */ unused_entry = msi_unused_dirent_get(); if (out->dirtreeLen % out->sectorSize > 0) { remain = out->sectorSize - out->dirtreeLen % out->sectorSize; while (remain > 0) { BIO_write(outdata, unused_entry, DIRENT_SIZE); remain -= DIRENT_SIZE; } } OPENSSL_free(unused_entry); /* set a sector chain in the FAT */ out->dirtreeSectorsCount = (out->dirtreeLen + out->sectorSize - 1) / out->sectorSize; for (i=1; idirtreeSectorsCount; i++) { PUT_UINT32_LE(out->sectorNum + i, buf); fat_append(out, buf, 4); } /* mark the end of the directory chain */ PUT_UINT32_LE(ENDOFCHAIN, buf); fat_append(out, buf, 4); out->sectorNum += out->dirtreeSectorsCount; } static int fat_save(BIO *outdata, MSI_OUT *out) { char buf[MAX_SECTOR_SIZE]; uint32_t i, j, remain, difatSectors, difatEntriesPerSector = 0, fatSectorIndex, lastFatSectorIndex; remain = (out->fatLen + out->sectorSize - 1) / out->sectorSize; out->fatSectorsCount = (out->fatLen + remain * 4 + out->sectorSize - 1) / out->sectorSize; if (out->fatSectorsCount > DIFAT_IN_HEADER) { difatEntriesPerSector = (out->sectorSize / 4) - 1; difatSectors = (out->fatSectorsCount - DIFAT_IN_HEADER + difatEntriesPerSector - 1) / difatEntriesPerSector; } else { difatSectors = 0; } /* set 109 FAT sectors in HEADER_DIFAT table */ for (i = 0; i < MIN(out->fatSectorsCount, DIFAT_IN_HEADER); i++) { PUT_UINT32_LE(out->sectorNum + i, buf); memcpy(out->header + HEADER_DIFAT + i * 4, buf, 4); } out->sectorNum += out->fatSectorsCount; if (out->fatSectorsCount > DIFAT_IN_HEADER) { /* Set DIFAT start sector number in header */ PUT_UINT32_LE(out->sectorNum, buf); memcpy(out->header + HEADER_DIFAT_SECTOR_LOC, buf, 4); /* Set total DIFAT sectors number in header */ PUT_UINT32_LE(difatSectors, buf); memcpy(out->header + HEADER_DIFAT_SECTORS_NUM, buf, 4); remain = out->fatSectorsCount - DIFAT_IN_HEADER; fatSectorIndex = out->sectorNum - remain; lastFatSectorIndex = out->sectorNum; /* Fill DIFAT sectors */ for (i = 0; i < difatSectors; i++) { for (j = 0; j < difatEntriesPerSector; j++, fatSectorIndex++) { if (fatSectorIndex < lastFatSectorIndex) { PUT_UINT32_LE(fatSectorIndex, buf + j * 4); } else { PUT_UINT32_LE(FREESECT, buf + j * 4); } } /* Add next DIFAT sector link or mark end of chain */ if (i + 1 >= difatSectors) { PUT_UINT32_LE(ENDOFCHAIN, buf + out->sectorSize - 4); } else { PUT_UINT32_LE(out->sectorNum + 1, buf + out->sectorSize - 4); } difat_append(out, buf, out->sectorSize); out->sectorNum++; } } /* mark FAT sectors in the FAT chain */ PUT_UINT32_LE(FATSECT, buf); for (i=0; ifatSectorsCount; i++) { fat_append(out, buf, 4); } /* mark DIFAT sectors in the FAT chain */ PUT_UINT32_LE(DIFSECT, buf); for (i = 0; i < difatSectors; i++) { fat_append(out, buf, 4); } /* empty unallocated free sectors in the last FAT sector */ if (out->fatLen % out->sectorSize > 0) { remain = out->sectorSize - out->fatLen % out->sectorSize; memset(buf, (int)FREESECT, (size_t)remain); fat_append(out, buf, remain); } BIO_write(outdata, out->fat, (int)out->fatLen); BIO_write(outdata, out->difat, (int)out->difatLen); return 1; /* OK */ } static void header_save(BIO *outdata, MSI_OUT *out) { char buf[MAX_SECTOR_SIZE]; uint32_t remain; /* set Number of FAT sectors in the header */ PUT_UINT32_LE(out->fatSectorsCount, buf); memcpy(out->header + HEADER_FAT_SECTORS_NUM, buf, 4); /* set Number of Mini FAT sectors in the header */ PUT_UINT32_LE(out->minifatSectorsCount, buf); memcpy(out->header + HEADER_MINI_FAT_SECTORS_NUM, buf, 4); /* set Number of Directory Sectors in the header if Major Version is 4 */ if (out->sectorSize == 4096) { PUT_UINT32_LE(out->dirtreeSectorsCount, buf); memcpy(out->header + HEADER_DIR_SECTORS_NUM, buf, 4); } (void)BIO_seek(outdata, 0); BIO_write(outdata, out->header, HEADER_SIZE); remain = out->sectorSize - HEADER_SIZE; memset(buf, 0, (size_t)remain); BIO_write(outdata, buf, (int)remain); } static char *header_new(MSI_FILE_HDR *hdr, MSI_OUT *out) { int i; char buf[4]; char *data = OPENSSL_malloc(HEADER_SIZE); static u_char dead_food[] = { 0xde, 0xad, 0xf0, 0x0d }; /* initialise 512 bytes */ memset(data, 0, HEADER_SIZE); memcpy(data + HEADER_SIGNATURE, msi_magic, sizeof msi_magic); memset(data + HEADER_CLSID, 0, 16); PUT_UINT16_LE(hdr->minorVersion, buf); memcpy(data + HEADER_MINOR_VER, buf, 2); if (out->sectorSize == 4096) { PUT_UINT16_LE(0x0004, buf); } else { PUT_UINT16_LE(0x0003, buf); } memcpy(data + HEADER_MAJOR_VER, buf, 2); PUT_UINT16_LE(hdr->byteOrder, buf); memcpy(data + HEADER_BYTE_ORDER, buf, 2); PUT_UINT16_LE(hdr->sectorShift, buf); if (out->sectorSize == 4096) { PUT_UINT16_LE(0x000C, buf); } else { PUT_UINT16_LE(0x0009, buf); } memcpy(data + HEADER_SECTOR_SHIFT, buf, 2); PUT_UINT16_LE(hdr->miniSectorShift, buf); memcpy(data + HEADER_MINI_SECTOR_SHIFT, buf, 2); memset(data + RESERVED, 0, 6); memset(data + HEADER_DIR_SECTORS_NUM, 0, 4); /* not used for version 3 */ memcpy(data + HEADER_FAT_SECTORS_NUM, dead_food, 4); memcpy(data + HEADER_DIR_SECTOR_LOC, dead_food, 4); memset(data + HEADER_TRANSACTION, 0, 4); /* reserved */ PUT_UINT32_LE(MINI_STREAM_CUTOFF_SIZE, buf); memcpy(data + HEADER_MINI_STREAM_CUTOFF, buf, 4); memcpy(data + HEADER_MINI_FAT_SECTOR_LOC, dead_food, 4); memcpy(data + HEADER_MINI_FAT_SECTORS_NUM, dead_food, 4); PUT_UINT32_LE(ENDOFCHAIN, buf); memcpy(data + HEADER_DIFAT_SECTOR_LOC, buf, 4); memset(data + HEADER_DIFAT_SECTORS_NUM, 0, 4); /* no DIFAT */ memcpy(data + HEADER_DIFAT, dead_food, 4); /* sector number for FAT */ for (i = 1; i < DIFAT_IN_HEADER; i++) { memset(data + HEADER_DIFAT + 4*i, (int)FREESECT, 4); /* free FAT sectors */ } return data; } static int msiout_set(MSI_FILE *msi, uint32_t len_msi, uint32_t len_msiex, MSI_OUT *out) { uint32_t msi_size, msiex_size; out->sectorSize = msi->m_sectorSize; if (len_msi <= MINI_STREAM_CUTOFF_SIZE) { msi_size = ((len_msi + msi->m_minisectorSize - 1) / msi->m_minisectorSize) * msi->m_minisectorSize; } else { msi_size = ((len_msi + msi->m_sectorSize - 1) / msi->m_sectorSize) * msi->m_sectorSize; } msiex_size = ((len_msiex + msi->m_minisectorSize - 1) / msi->m_minisectorSize) * msi->m_minisectorSize; /* * no DIFAT sectors will be needed in a file that is smaller than * 6,813 MB (version 3 files), respectively 436,004 MB (version 4 files) */ if (msi->m_bufferLen + msi_size + msiex_size > 7143936) { out->sectorSize = 4096; } out->header = header_new(msi->m_hdr, out); out->minifatMemallocCount = msi->m_hdr->numMiniFATSector; out->fatMemallocCount = msi->m_hdr->numFATSector; out->ministream = NULL; out->minifat = OPENSSL_malloc((uint64_t)out->minifatMemallocCount * out->sectorSize); out->fat = OPENSSL_malloc((uint64_t)out->fatMemallocCount * out->sectorSize); out->miniSectorNum = 0; out->sectorNum = 0; return 1; /* OK */ } static int msi_file_write(MSI_FILE *msi, MSI_DIRENT *dirent, u_char *p_msi, uint32_t len_msi, u_char *p_msiex, uint32_t len_msiex, BIO *outdata) { MSI_OUT out; int ret = 0; memset(&out, 0, sizeof(MSI_OUT)); if (!msiout_set(msi, len_msi, len_msiex, &out)) { goto out; /* FAILED */ } (void)BIO_seek(outdata, out.sectorSize); if (!stream_handle(msi, dirent, p_msi, len_msi, p_msiex, len_msiex, outdata, &out, 1)) { goto out; /* FAILED */ } ministream_save(dirent, outdata, &out); minifat_save(outdata, &out); dirtree_save(dirent, outdata, &out); if (!fat_save(outdata, &out)) { goto out; /* FAILED */ } header_save(outdata, &out); ret = 1; /* OK */ out: OPENSSL_free(out.header); OPENSSL_free(out.fat); OPENSSL_free(out.minifat); return ret; } /* * Compute a message digest value of a signed or unsigned MSI file. * [in] ctx: structure holds input and output data * [in] md: message digest algorithm * [returns] calculated message digest BIO */ static BIO *msi_digest_calc_bio(FILE_FORMAT_CTX *ctx, BIO *hash) { if (ctx->options->add_msi_dse && !msi_calc_MsiDigitalSignatureEx(ctx, hash)) { printf("Unable to calc MsiDigitalSignatureEx\n"); return NULL; /* FAILED */ } if (!msi_hash_dir(ctx->msi_ctx->msi, ctx->msi_ctx->dirent, hash, 1)) { printf("Unable to msi_handle_dir()\n"); return NULL; /* FAILED */ } return hash; } /* * MsiDigitalSignatureEx is an enhanced signature type that * can be used when signing MSI files. In addition to * file content, it also hashes some file metadata, specifically * file names, file sizes, creation times and modification times. * * The file content hashing part stays the same, so the * msi_handle_dir() function can be used across both variants. * * When an MsiDigitalSignatureEx section is present in an MSI file, * the meaning of the DigitalSignature section changes: Instead * of being merely a file content hash (as what is output by the * msi_handle_dir() function), it is now hashes both content * and metadata. * * Here is how it works: * * First, a "pre-hash" is calculated. This is the "metadata" hash. * It iterates over the files in the MSI in the same order as the * file content hashing method would - but it only processes the * metadata. * * Once the pre-hash is calculated, a new hash is created for * calculating the hash of the file content. The output of the * pre-hash is added as the first element of the file content hash. * * After the pre-hash is written, what follows is the "regular" * stream of data that would normally be written when performing * file content hashing. * * The output of this hash, which combines both metadata and file * content, is what will be output in signed form to the * DigitalSignature section when in 'MsiDigitalSignatureEx' mode. * * As mentioned previously, this new mode of operation is signalled * by the presence of a 'MsiDigitalSignatureEx' section in the MSI * file. This section must come after the 'DigitalSignature' * section, and its content must be the output of the pre-hash * ("metadata") hash. */ static int msi_calc_MsiDigitalSignatureEx(FILE_FORMAT_CTX *ctx, BIO *hash) { size_t written; BIO *prehash = BIO_new(BIO_f_md()); if (!BIO_set_md(prehash, ctx->options->md)) { printf("Unable to set the message digest of BIO\n"); BIO_free_all(prehash); return 0; /* FAILED */ } BIO_push(prehash, BIO_new(BIO_s_null())); if (!msi_prehash_dir(ctx->msi_ctx->dirent, prehash, 1)) { printf("Unable to calculate MSI pre-hash ('metadata') hash\n"); return 0; /* FAILED */ } if (ctx->msi_ctx->p_msiex) { /* attach-signature counts MsiDigitalSignatureEx stream data twice */ OPENSSL_free(ctx->msi_ctx->p_msiex); ctx->msi_ctx->p_msiex = NULL; } ctx->msi_ctx->p_msiex = OPENSSL_malloc(EVP_MAX_MD_SIZE); ctx->msi_ctx->len_msiex = (uint32_t)BIO_gets(prehash, (char *)ctx->msi_ctx->p_msiex, EVP_MAX_MD_SIZE); if (!BIO_write_ex(hash, ctx->msi_ctx->p_msiex, ctx->msi_ctx->len_msiex, &written) || written != ctx->msi_ctx->len_msiex) return 0; /* FAILED */ BIO_free_all(prehash); return 1; /* OK */ } /* * Perform a sanity check for the MsiDigitalSignatureEx section. * If the file we're attempting to sign has an MsiDigitalSignatureEx * section, we can't add a nested signature of a different MD type * without breaking the initial signature. */ static int msi_check_MsiDigitalSignatureEx(FILE_FORMAT_CTX *ctx, MSI_ENTRY *dse, PKCS7 *p7) { if (dse && GET_UINT32_LE(dse->size) != (uint32_t)EVP_MD_size(ctx->options->md)) { X509_ALGOR *alg; const ASN1_OBJECT *aoid; alg = sk_X509_ALGOR_value(p7->d.sign->md_algs, 0); X509_ALGOR_get0(&aoid, NULL, NULL, alg); printf("Message digest algorithm found : %s\n", OBJ_nid2sn(OBJ_obj2nid(aoid))); printf("It is not possible to add a nested signature of a different MD type to the MSI file " "without invalidating the initial signature, as the file contains MsiDigitalSignatureEx.\n" "The file should be signed again, rather than adding a nested signature.\n"); return 0; /* FAILED */ } if (!dse && ctx->options->add_msi_dse) { printf("It is not possible to add a nested signature using the -add-msi-dse parameter " "without invalidating the initial signature, as the file does not contain MsiDigitalSignatureEx.\n" "The file should be signed again, rather than adding a nested signature.\n"); return 0; /* FAILED */ } if (dse && !ctx->options->add_msi_dse) { printf("It is not possible to add a signature without using the -add-msi-dse parameter, " "as doing so would invalidate the initial signature due to the presence of MsiDigitalSignatureEx.\n" "In this case, consider using the -add-msi-dse option.\n"); return 0; /* FAILED */ } return 1; /* OK */ } /* * [in] ctx: structure holds input and output data * [returns] the size of the message digest when passed an EVP_MD structure (the size of the hash) */ static int msi_hash_length_get(FILE_FORMAT_CTX *ctx) { return EVP_MD_size(ctx->options->md); } /* * Get DigitalSignature and MsiDigitalSignatureEx streams * to check if the signature exists. * [in, out] ctx: structure holds input and output datafv * [returns] 0 on error or 1 on successs */ static int msi_check_file(FILE_FORMAT_CTX *ctx) { char *indata = NULL; uint32_t inlen; MSI_ENTRY *ds, *dse = NULL; if (!ctx) { printf("Init error\n\n"); return 0; /* FAILED */ } ds = msi_signatures_get(ctx->msi_ctx->dirent, &dse); if (!ds) { printf("MSI file has no signature\n\n"); return 0; /* FAILED */ } inlen = GET_UINT32_LE(ds->size); if (inlen == 0 || inlen >= MAXREGSECT) { printf("Corrupted DigitalSignature stream length 0x%08X\n", inlen); return 0; /* FAILED */ } indata = OPENSSL_malloc((size_t)inlen); if (!msi_file_read(ctx->msi_ctx->msi, ds, 0, indata, inlen)) { printf("DigitalSignature stream data error\n\n"); OPENSSL_free(indata); return 0; /* FAILED */ } if (!dse) { printf("Warning: MsiDigitalSignatureEx stream doesn't exist\n"); } else { ctx->msi_ctx->len_msiex = GET_UINT32_LE(dse->size); if (ctx->msi_ctx->len_msiex == 0 || ctx->msi_ctx->len_msiex >= MAXREGSECT) { printf("Corrupted MsiDigitalSignatureEx stream length 0x%08X\n", ctx->msi_ctx->len_msiex); OPENSSL_free(indata); return 0; /* FAILED */ } ctx->msi_ctx->p_msiex = OPENSSL_malloc((size_t)ctx->msi_ctx->len_msiex); if (!msi_file_read(ctx->msi_ctx->msi, dse, 0, (char *)ctx->msi_ctx->p_msiex, ctx->msi_ctx->len_msiex)) { printf("MsiDigitalSignatureEx stream data error\n\n"); OPENSSL_free(indata); return 0; /* FAILED */ } } OPENSSL_free(indata); return 1; /* OK */ } /* Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: */ osslsigncode-2.8/osslsigncode.bash000066400000000000000000000046431457117515700174360ustar00rootroot00000000000000# bash completion for osslsigncode -*- shell-script -*- # Copyright (C) 2021-2022 Micha┼В Trojnara # Author: Ma┼Вgorzata Olsz├│wka bind 'set show-all-if-ambiguous on' bind 'set completion-ignore-case on' COMP_WORDBREAKS=${COMP_WORDBREAKS//:} _comp_cmd_osslsigncode() { local cur prev words cword _init_completion || return local commands command options timestamps rfc3161 commands="--help --version -v sign add attach-signature extract-signature remove-signature verify" timestamps="http://timestamp.digicert.com http://time.certum.pl http://timestamp.sectigo.com http://timestamp.globalsign.com/?signature=sha2" rfc3161="http://timestamp.digicert.com http://time.certum.pl http://timestamp.entrust.net/TSS/RFC3161sha2TS http://tss.accv.es:8318/tsa http://kstamp.keynectis.com/KSign/ http://sha256timestamp.ws.symantec.com/sha256/timestamp" if ((cword == 1)); then COMPREPLY=($(compgen -W "${commands}" -- ${cur})) else command=${words[1]} case $prev in -ac | -c | -catalog | -certs | -spc | -key | -pkcs12 | -pass | \ -readpass | -pkcs11engine | -pkcs11module | -in | -out | -sigin | \ -n | -CAfile | -CRLfile | -TSA-CAfile | -TSA-CRLfile) _filedir return ;; -h | -require-leaf-hash) COMPREPLY=($(compgen -W 'md5 sha1 sha2 sha256 sha384 sha512' \ -- "$cur")) return ;; -jp) COMPREPLY=($(compgen -W 'low medium high' -- "$cur")) return ;; -t) COMPREPLY=($(compgen -W "${timestamps}" -- "$cur")) return ;; -ts) COMPREPLY=($(compgen -W "${rfc3161}" -- "$cur")) return ;; -i | -p) _known_hosts_real -- "$cur" return ;; esac if [[ $cur == -* ]]; then # possible options for the command options=$(_parse_help "$1" "$command --help" 2>/dev/null) COMPREPLY=($(compgen -W "${options}" -- ${cur})) fi fi } && complete -F _comp_cmd_osslsigncode osslsigncode # ex: filetype=sh osslsigncode-2.8/osslsigncode.c000066400000000000000000005006241457117515700167430ustar00rootroot00000000000000/* OpenSSL based Authenticode signing for PE/MSI/Java CAB files. Copyright (C) 2005-2015 Per Allansson Copyright (C) 2018-2023 Micha┼В Trojnara This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . In addition, as a special exception, the copyright holders give permission to link the code of portions of this program with the OpenSSL library under certain conditions as described in each individual source file, and distribute linked combinations including the two. You must obey the GNU General Public License in all respects for all of the code used other than OpenSSL. If you modify file(s) with this exception, you may extend this exception to your version of the file(s), but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. If you delete this exception statement from all source files in the program, then also delete it here. */ /* Implemented with good help from: * Peter Gutmann's analysis of Authenticode: https://www.cs.auckland.ac.nz/~pgut001/pubs/authenticode.txt * MS CAB SDK documentation https://docs.microsoft.com/en-us/previous-versions/ms974336(v=msdn.10) * MS PE/COFF documentation https://docs.microsoft.com/en-us/windows/win32/debug/pe-format * MS Windows Authenticode PE Signature Format http://msdn.microsoft.com/en-US/windows/hardware/gg463183 (Although the part of how the actual checksumming is done is not how it is done inside Windows. The end result is however the same on all "normal" PE files.) * tail -c, tcpdump, mimencode & openssl asn1parse :) */ #include "osslsigncode.h" #include "helpers.h" /* * $ echo -n 3006030200013000 | xxd -r -p | openssl asn1parse -i -inform der * 0:d=0 hl=2 l= 6 cons: SEQUENCE * 2:d=1 hl=2 l= 2 prim: BIT STRING * 6:d=1 hl=2 l= 0 cons: SEQUENCE */ const u_char java_attrs_low[] = { 0x30, 0x06, 0x03, 0x02, 0x00, 0x01, 0x30, 0x00 }; /* * $ echo -n 300c060a2b060104018237020115 | xxd -r -p | openssl asn1parse -i -inform der * 0:d=0 hl=2 l= 12 cons: SEQUENCE * 2:d=1 hl=2 l= 10 prim: OBJECT :Microsoft Individual Code Signing */ const u_char purpose_ind[] = { 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x15 }; /* * $ echo -n 300c060a2b060104018237020116 | xxd -r -p | openssl asn1parse -i -inform der * 0:d=0 hl=2 l= 12 cons: SEQUENCE * 2:d=1 hl=2 l= 10 prim: OBJECT :Microsoft Commercial Code Signing */ const u_char purpose_comm[] = { 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x16 }; /* * ASN.1 definitions (more or less from official MS Authenticode docs) */ ASN1_CHOICE(SpcString) = { ASN1_IMP_OPT(SpcString, value.unicode, ASN1_BMPSTRING, 0), ASN1_IMP_OPT(SpcString, value.ascii, ASN1_IA5STRING, 1) } ASN1_CHOICE_END(SpcString) IMPLEMENT_ASN1_FUNCTIONS(SpcString) ASN1_SEQUENCE(SpcSerializedObject) = { ASN1_SIMPLE(SpcSerializedObject, classId, ASN1_OCTET_STRING), ASN1_SIMPLE(SpcSerializedObject, serializedData, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(SpcSerializedObject) IMPLEMENT_ASN1_FUNCTIONS(SpcSerializedObject) ASN1_CHOICE(SpcLink) = { ASN1_IMP_OPT(SpcLink, value.url, ASN1_IA5STRING, 0), ASN1_IMP_OPT(SpcLink, value.moniker, SpcSerializedObject, 1), ASN1_EXP_OPT(SpcLink, value.file, SpcString, 2) } ASN1_CHOICE_END(SpcLink) IMPLEMENT_ASN1_FUNCTIONS(SpcLink) ASN1_SEQUENCE(SpcSpOpusInfo) = { ASN1_EXP_OPT(SpcSpOpusInfo, programName, SpcString, 0), ASN1_EXP_OPT(SpcSpOpusInfo, moreInfo, SpcLink, 1) } ASN1_SEQUENCE_END(SpcSpOpusInfo) IMPLEMENT_ASN1_FUNCTIONS(SpcSpOpusInfo) ASN1_SEQUENCE(SpcSipInfo) = { ASN1_SIMPLE(SpcSipInfo, a, ASN1_INTEGER), ASN1_SIMPLE(SpcSipInfo, string, ASN1_OCTET_STRING), ASN1_SIMPLE(SpcSipInfo, b, ASN1_INTEGER), ASN1_SIMPLE(SpcSipInfo, c, ASN1_INTEGER), ASN1_SIMPLE(SpcSipInfo, d, ASN1_INTEGER), ASN1_SIMPLE(SpcSipInfo, e, ASN1_INTEGER), ASN1_SIMPLE(SpcSipInfo, f, ASN1_INTEGER), } ASN1_SEQUENCE_END(SpcSipInfo) IMPLEMENT_ASN1_FUNCTIONS(SpcSipInfo) ASN1_SEQUENCE(SpcAttributeTypeAndOptionalValue) = { ASN1_SIMPLE(SpcAttributeTypeAndOptionalValue, type, ASN1_OBJECT), ASN1_OPT(SpcAttributeTypeAndOptionalValue, value, ASN1_ANY) } ASN1_SEQUENCE_END(SpcAttributeTypeAndOptionalValue) IMPLEMENT_ASN1_FUNCTIONS(SpcAttributeTypeAndOptionalValue) ASN1_SEQUENCE(AlgorithmIdentifier) = { ASN1_SIMPLE(AlgorithmIdentifier, algorithm, ASN1_OBJECT), ASN1_OPT(AlgorithmIdentifier, parameters, ASN1_ANY) } ASN1_SEQUENCE_END(AlgorithmIdentifier) IMPLEMENT_ASN1_FUNCTIONS(AlgorithmIdentifier) ASN1_SEQUENCE(DigestInfo) = { ASN1_SIMPLE(DigestInfo, digestAlgorithm, AlgorithmIdentifier), ASN1_SIMPLE(DigestInfo, digest, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(DigestInfo) IMPLEMENT_ASN1_FUNCTIONS(DigestInfo) ASN1_SEQUENCE(SpcIndirectDataContent) = { ASN1_SIMPLE(SpcIndirectDataContent, data, SpcAttributeTypeAndOptionalValue), ASN1_SIMPLE(SpcIndirectDataContent, messageDigest, DigestInfo) } ASN1_SEQUENCE_END(SpcIndirectDataContent) IMPLEMENT_ASN1_FUNCTIONS(SpcIndirectDataContent) ASN1_SEQUENCE(CatalogAuthAttr) = { ASN1_SIMPLE(CatalogAuthAttr, type, ASN1_OBJECT), ASN1_OPT(CatalogAuthAttr, contents, ASN1_ANY) } ASN1_SEQUENCE_END(CatalogAuthAttr) IMPLEMENT_ASN1_FUNCTIONS(CatalogAuthAttr) /* * Structures for Authenticode Timestamp */ ASN1_SEQUENCE(TimeStampRequestBlob) = { ASN1_SIMPLE(TimeStampRequestBlob, type, ASN1_OBJECT), ASN1_EXP_OPT(TimeStampRequestBlob, signature, ASN1_OCTET_STRING, 0) } ASN1_SEQUENCE_END(TimeStampRequestBlob) IMPLEMENT_ASN1_FUNCTIONS(TimeStampRequestBlob) ASN1_SEQUENCE(TimeStampRequest) = { ASN1_SIMPLE(TimeStampRequest, type, ASN1_OBJECT), ASN1_SIMPLE(TimeStampRequest, blob, TimeStampRequestBlob) } ASN1_SEQUENCE_END(TimeStampRequest) IMPLEMENT_ASN1_FUNCTIONS(TimeStampRequest) ASN1_SEQUENCE(CatalogInfo) = { ASN1_SIMPLE(CatalogInfo, digest, ASN1_OCTET_STRING), ASN1_SET_OF(CatalogInfo, attributes, CatalogAuthAttr) } ASN1_SEQUENCE_END(CatalogInfo) IMPLEMENT_ASN1_FUNCTIONS(CatalogInfo) ASN1_SEQUENCE(MsCtlContent) = { ASN1_SIMPLE(MsCtlContent, type, SpcAttributeTypeAndOptionalValue), ASN1_SIMPLE(MsCtlContent, identifier, ASN1_OCTET_STRING), ASN1_SIMPLE(MsCtlContent, time, ASN1_UTCTIME), ASN1_SIMPLE(MsCtlContent, version, SpcAttributeTypeAndOptionalValue), ASN1_SEQUENCE_OF(MsCtlContent, header_attributes, CatalogInfo), ASN1_OPT(MsCtlContent, filename, ASN1_ANY) } ASN1_SEQUENCE_END(MsCtlContent) IMPLEMENT_ASN1_FUNCTIONS(MsCtlContent) /* Prototypes */ static time_t time_t_get_asn1_time(const ASN1_TIME *s); static time_t time_t_get_si_time(PKCS7_SIGNER_INFO *si); static ASN1_UTCTIME *asn1_time_get_si_time(PKCS7_SIGNER_INFO *si); static time_t time_t_get_cms_time(CMS_ContentInfo *cms); static CMS_ContentInfo *cms_get_timestamp(PKCS7_SIGNED *p7_signed, PKCS7_SIGNER_INFO *countersignature); static int cursig_set_nested(PKCS7 *cursig, PKCS7 *p7); static int nested_signatures_number_get(PKCS7 *p7); static int X509_attribute_chain_append_object(STACK_OF(X509_ATTRIBUTE) **unauth_attr, u_char *p, int len, const char *oid); static STACK_OF(PKCS7) *signature_list_create(PKCS7 *p7); static int PKCS7_compare(const PKCS7 *const *a, const PKCS7 *const *b); static PKCS7 *pkcs7_get_sigfile(FILE_FORMAT_CTX *ctx); static int blob_has_nl = 0; /* A timestamp request looks like this: POST HTTP/1.1 Content-Type: application/octet-stream Content-Length: ... Accept: application/octet-stream User-Agent: Transport Host: ... Cache-Control: no-cache .. and the blob has the following ASN1 structure: 0:d=0 hl=4 l= 291 cons: SEQUENCE 4:d=1 hl=2 l= 10 prim: OBJECT :1.3.6.1.4.1.311.3.2.1 16:d=1 hl=4 l= 275 cons: SEQUENCE 20:d=2 hl=2 l= 9 prim: OBJECT :pkcs7-data 31:d=2 hl=4 l= 260 cons: cont [ 0 ] 35:d=3 hl=4 l= 256 prim: OCTET STRING .. and it returns a base64 encoded PKCS#7 structure. */ /* * Encode RFC3161 timestamp request and write it into BIO * [in] p7: new PKCS#7 signature * [in] md: message digest algorithm type * [returns] pointer to BIO with RFC3161 Timestamp Request */ static BIO *bio_encode_rfc3161_request(PKCS7 *p7, const EVP_MD *md) { STACK_OF(PKCS7_SIGNER_INFO) *signer_info; PKCS7_SIGNER_INFO *si; u_char mdbuf[EVP_MAX_MD_SIZE]; TS_MSG_IMPRINT *msg_imprint = NULL; X509_ALGOR *alg = NULL; TS_REQ *req = NULL; BIO *bout = NULL, *bhash = NULL; u_char *p; int len; signer_info = PKCS7_get_signer_info(p7); if (!signer_info) goto out; si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) goto out; bhash = BIO_new(BIO_f_md()); if (!BIO_set_md(bhash, md)) { printf("Unable to set the message digest of BIO\n"); goto out; } BIO_push(bhash, BIO_new(BIO_s_null())); BIO_write(bhash, si->enc_digest->data, si->enc_digest->length); BIO_gets(bhash, (char*)mdbuf, EVP_MD_size(md)); req = TS_REQ_new(); if (!req) goto out; if (!TS_REQ_set_version(req, 1)) goto out; msg_imprint = TS_MSG_IMPRINT_new(); if (!msg_imprint) goto out; alg = X509_ALGOR_new(); if (!alg) goto out; X509_ALGOR_set_md(alg, md); if (!X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_nid(md)), V_ASN1_NULL, NULL)) goto out; if (!TS_MSG_IMPRINT_set_algo(msg_imprint, alg)) goto out; if (!TS_MSG_IMPRINT_set_msg(msg_imprint, mdbuf, EVP_MD_size(md))) goto out; if (!TS_REQ_set_msg_imprint(req, msg_imprint)) goto out; /* TSA is expected to include its signing certificate in the response, flag 0xFF */ if (!TS_REQ_set_cert_req(req, 1)) goto out; len = i2d_TS_REQ(req, NULL); p = OPENSSL_malloc((size_t)len); len = i2d_TS_REQ(req, &p); p -= len; bout = BIO_new(BIO_s_mem()); BIO_write(bout, p, len); OPENSSL_free(p); (void)BIO_flush(bout); out: BIO_free_all(bhash); TS_MSG_IMPRINT_free(msg_imprint); X509_ALGOR_free(alg); TS_REQ_free(req); return bout; } /* * Encode authenticode timestamp request and write it into BIO * [in] p7: new PKCS#7 signature * [returns] pointer to BIO with authenticode Timestamp Request */ static BIO *bio_encode_authenticode_request(PKCS7 *p7) { STACK_OF(PKCS7_SIGNER_INFO) *signer_info; PKCS7_SIGNER_INFO *si; TimeStampRequest *req; BIO *bout, *b64; u_char *p; int len; signer_info = PKCS7_get_signer_info(p7); if (!signer_info) return 0; /* FAILED */ si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) return 0; /* FAILED */ req = TimeStampRequest_new(); req->type = OBJ_txt2obj(SPC_TIME_STAMP_REQUEST_OBJID, 1); req->blob->type = OBJ_nid2obj(NID_pkcs7_data); req->blob->signature = si->enc_digest; len = i2d_TimeStampRequest(req, NULL); p = OPENSSL_malloc((size_t)len); len = i2d_TimeStampRequest(req, &p); p -= len; req->blob->signature = NULL; TimeStampRequest_free(req); bout = BIO_new(BIO_s_mem()); b64 = BIO_new(BIO_f_base64()); bout = BIO_push(b64, bout); BIO_write(bout, p, len); OPENSSL_free(p); (void)BIO_flush(bout); return bout; } /* * If successful the RFC 3161 timestamp will be written into * the PKCS7 SignerInfo structure as an unauthenticated attribute - cont[1]. * [in, out] p7: new PKCS#7 signature * [in] response: RFC3161 response * [in] verbose: additional output mode * [returns] 1 on error or 0 on success */ static int attach_rfc3161_response(PKCS7 *p7, TS_RESP *response, int verbose) { PKCS7_SIGNER_INFO *si; TS_STATUS_INFO *status; PKCS7 *token; u_char *p; int i, len; STACK_OF(PKCS7_SIGNER_INFO) *signer_info = PKCS7_get_signer_info(p7); if (!signer_info) return 1; /* FAILED */ si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) return 1; /* FAILED */ if (!response) return 1; /* FAILED */ status = TS_RESP_get_status_info(response); if (ASN1_INTEGER_get(TS_STATUS_INFO_get0_status(status)) != 0) { if (verbose) { const STACK_OF(ASN1_UTF8STRING) *reasons = TS_STATUS_INFO_get0_text(status); printf("Timestamping failed: status %ld\n", ASN1_INTEGER_get(TS_STATUS_INFO_get0_status(status))); for (i = 0; i < sk_ASN1_UTF8STRING_num(reasons); i++) { ASN1_UTF8STRING *reason = sk_ASN1_UTF8STRING_value(reasons, i); printf("%s\n", ASN1_STRING_get0_data(reason)); } } return 1; /* FAILED */ } token = TS_RESP_get_token(response); if (((len = i2d_PKCS7(token, NULL)) <= 0) || (p = OPENSSL_malloc((size_t)len)) == NULL) { if (verbose) { printf("Failed to convert pkcs7: %d\n", len); ERR_print_errors_fp(stdout); } return 1; /* FAILED */ } len = i2d_PKCS7(token, &p); p -= len; if (!X509_attribute_chain_append_object(&(si->unauth_attr), p, len, SPC_RFC3161_OBJID)) { OPENSSL_free(p); return 1; /* FAILED */ } OPENSSL_free(p); return 0; /* OK */ } /* * If successful the authenticode timestamp will be written into * the PKCS7 SignerInfo structure as an unauthenticated attribute - cont[1]: * p7->d.sign->signer_info->unauth_attr * [in, out] p7: new PKCS#7 signature * [in] resp: PKCS#7 authenticode response * [in] verbose: additional output mode * [returns] 1 on error or 0 on success */ static int attach_authenticode_response(PKCS7 *p7, PKCS7 *resp, int verbose) { PKCS7_SIGNER_INFO *info, *si; u_char *p; int len, i; STACK_OF(PKCS7_SIGNER_INFO) *signer_info; if (!resp) { return 1; /* FAILED */ } for(i = sk_X509_num(resp->d.sign->cert)-1; i>=0; i--) { PKCS7_add_certificate(p7, sk_X509_value(resp->d.sign->cert, i)); } signer_info = PKCS7_get_signer_info(resp); if (!signer_info) { PKCS7_free(resp); return 1; /* FAILED */ } info = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!info) { PKCS7_free(resp); return 1; /* FAILED */ } if (((len = i2d_PKCS7_SIGNER_INFO(info, NULL)) <= 0) || (p = OPENSSL_malloc((size_t)len)) == NULL) { if (verbose) { printf("Failed to convert signer info: %d\n", len); ERR_print_errors_fp(stdout); } PKCS7_free(resp); return 1; /* FAILED */ } len = i2d_PKCS7_SIGNER_INFO(info, &p); p -= len; PKCS7_free(resp); signer_info = PKCS7_get_signer_info(p7); if (!signer_info) return 1; /* FAILED */ si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) return 1; /* FAILED */ if (!X509_attribute_chain_append_object(&(si->unauth_attr), p, len, PKCS9_COUNTER_SIGNATURE)) { OPENSSL_free(p); return 1; /* FAILED */ } OPENSSL_free(p); return 0; /* OK */ } #ifdef ENABLE_CURL static void print_proxy(char *proxy) { if (proxy) { printf ("Using configured proxy: %s\n", proxy); } else { char *http_proxy, *https_proxy; http_proxy = getenv("http_proxy"); if (!http_proxy) http_proxy = getenv("HTTP_PROXY"); if (http_proxy && *http_proxy != '\0') printf ("Using environmental HTTP proxy: %s\n", http_proxy); https_proxy = getenv("https_proxy"); if (!https_proxy) https_proxy = getenv("HTTPS_PROXY"); if (https_proxy && *https_proxy != '\0') printf ("Using environmental HTTPS proxy: %s\n", https_proxy); } } /* * Callback for writing received data */ static size_t curl_write(void *ptr, size_t sz, size_t nmemb, void *stream) { size_t written, len = sz * nmemb; if (len > 0 && !blob_has_nl) { if (memchr(ptr, '\n', len)) blob_has_nl = 1; } if (!BIO_write_ex((BIO*)stream, ptr, len, &written) || written != len) return 0; /* FAILED */ return written; } /* * Get data from HTTP server. * [out] http_code: HTTP status * [in] url: URL of the CRL distribution point or Time-Stamp Authority HTTP server * [in] bout: timestamp request * [in] proxy: proxy to getting the timestamp through * [in] noverifypeer: do not verify the Time-Stamp Authority's SSL certificate * [in] verbose: additional output mode * [in] content: CRL distribution point (0), RFC3161 TSA (1), Authenticode TSA (2) * [returns] pointer to BIO with X509 Certificate Revocation List */ static BIO *bio_get_http(long *http_code, char *url, BIO *bout, char *proxy, int noverifypeer, int verbose, int content) { CURL *curl; struct curl_slist *slist = NULL; CURLcode res; BIO *bin; u_char *p = NULL; long len = 0; if (!url) { return NULL; /* FAILED */ } print_proxy(proxy); /* Start a libcurl easy session and set options for a curl easy handle */ printf("Connecting to %s\n", url); curl = curl_easy_init(); if (proxy) { res = curl_easy_setopt(curl, CURLOPT_PROXY, proxy); if (res != CURLE_OK) { printf("CURL failure: %s %s\n", curl_easy_strerror(res), url); } if (!strncmp("http:", proxy, 5)) { res = curl_easy_setopt(curl, CURLOPT_PROXYTYPE, CURLPROXY_HTTP); if (res != CURLE_OK) { printf("CURL failure: %s %s\n", curl_easy_strerror(res), url); } } if (!strncmp("socks:", proxy, 6)) { res = curl_easy_setopt(curl, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5); if (res != CURLE_OK) { printf("CURL failure: %s %s\n", curl_easy_strerror(res), url); } } } res = curl_easy_setopt(curl, CURLOPT_URL, url); if (res != CURLE_OK) { printf("CURL failure: %s %s\n", curl_easy_strerror(res), url); } /* * ask libcurl to show us the verbose output * curl_easy_setopt(curl, CURLOPT_VERBOSE, 42); */ if (noverifypeer) { res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE); if (res != CURLE_OK) { printf("CURL failure: %s %s\n", curl_easy_strerror(res), url); } } if (content == 1) { /* RFC3161 Timestamp */ slist = curl_slist_append(slist, "Content-Type: application/timestamp-query"); slist = curl_slist_append(slist, "Accept: application/timestamp-reply"); } else if (content == 2) { /* Authenticode Timestamp */ slist = curl_slist_append(slist, "Content-Type: application/octet-stream"); slist = curl_slist_append(slist, "Accept: application/octet-stream"); } if (content > 0) { /* Timestamp */ slist = curl_slist_append(slist, "User-Agent: Transport"); slist = curl_slist_append(slist, "Cache-Control: no-cache"); res = curl_easy_setopt(curl, CURLOPT_HTTPHEADER, slist); if (res != CURLE_OK) { printf("CURL failure: %s %s\n", curl_easy_strerror(res), url); } len = BIO_get_mem_data(bout, &p); res = curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, len); if (res != CURLE_OK) { printf("CURL failure: %s %s\n", curl_easy_strerror(res), url); } res = curl_easy_setopt(curl, CURLOPT_POSTFIELDS, (char*)p); if (res != CURLE_OK) { printf("CURL failure: %s %s\n", curl_easy_strerror(res), url); } res = curl_easy_setopt(curl, CURLOPT_POST, 1); if (res != CURLE_OK) { printf("CURL failure: %s %s\n", curl_easy_strerror(res), url); } } bin = BIO_new(BIO_s_mem()); BIO_set_mem_eof_return(bin, 0); res = curl_easy_setopt(curl, CURLOPT_WRITEDATA, bin); if (res != CURLE_OK) { printf("CURL failure: %s %s\n", curl_easy_strerror(res), url); } res = curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, curl_write); if (res != CURLE_OK) { printf("CURL failure: %s %s\n", curl_easy_strerror(res), url); } /* Perform the request */ res = curl_easy_perform(curl); curl_slist_free_all(slist); if (res != CURLE_OK) { BIO_free_all(bin); if (verbose) printf("CURL failure: %s %s\n", curl_easy_strerror(res), url); curl_easy_cleanup(curl); return NULL; /* FAILED */ } else { /* CURLE_OK (0) */ (void)BIO_flush(bin); curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, http_code); } /* End a libcurl easy handle */ curl_easy_cleanup(curl); return bin; } #endif /* ENABLE_CURL */ /* * Decode a curl response from BIO and write it into the PKCS7 structure * Add timestamp to the PKCS7 SignerInfo structure: * sig->d.sign->signer_info->unauth_attr * [in, out] p7: new PKCS#7 signature * [in] ctx: structure holds input and output data * [in] url: URL of the Time-Stamp Authority server * [in] rfc3161: Authenticode / RFC3161 Timestamp switch * [returns] 1 on error or 0 on success */ static int add_timestamp(PKCS7 *p7, FILE_FORMAT_CTX *ctx, char *url, int rfc3161) { BIO *bout, *bin; int verbose = ctx->options->verbose || ctx->options->ntsurl == 1; int res = 1; long http_code = -1; /* Encode timestamp request */ if (rfc3161) { bout = bio_encode_rfc3161_request(p7, ctx->options->md); } else { bout = bio_encode_authenticode_request(p7); } if (!bout) { return 1; /* FAILED */ } #ifdef ENABLE_CURL if (rfc3161) { bin = bio_get_http(&http_code, url, bout, ctx->options->proxy, ctx->options->noverifypeer, verbose, 1); } else { bin = bio_get_http(&http_code, url, bout, ctx->options->proxy, ctx->options->noverifypeer, verbose, 2); } BIO_free_all(bout); #else /* ENABLE_CURL */ /* TODO implement an HTTP session */ printf("Could NOT find CURL\n"); return 1; /* FAILED */ #endif /* ENABLE_CURL */ if (bin) { if (rfc3161) { /* decode a RFC 3161 response from BIO */ TS_RESP *response = d2i_TS_RESP_bio(bin, NULL); BIO_free_all(bin); res = attach_rfc3161_response(p7, response, verbose); TS_RESP_free(response); } else { /* decode an authenticode response from BIO */ PKCS7 *response; BIO *b64, *b64_bin; b64 = BIO_new(BIO_f_base64()); if (!blob_has_nl) BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); b64_bin = BIO_push(b64, bin); response = d2i_PKCS7_bio(b64_bin, NULL); BIO_free_all(b64_bin); res = attach_authenticode_response(p7, response, verbose); } if (res && verbose) { if (http_code != -1) { printf("Failed to convert timestamp reply from %s; " "HTTP status %ld\n", url, http_code); } else { printf("Failed to convert timestamp reply from %s; " "no HTTP status available", url); } ERR_print_errors_fp(stdout); } } return res; } /* * [in, out] p7: new PKCS#7 signature * [in] ctx: structure holds input and output data * [returns] 0 on error or 1 on success */ static int add_timestamp_authenticode(PKCS7 *p7, FILE_FORMAT_CTX *ctx) { int i; for (i=0; ioptions->nturl; i++) { if (!add_timestamp(p7, ctx, ctx->options->turl[i], 0)) return 1; /* OK */ } return 0; /* FAILED */ } /* * [in, out] p7: new PKCS#7 signature * [in] ctx: structure holds input and output data * [returns] 0 on error or 1 on success */ static int add_timestamp_rfc3161(PKCS7 *p7, FILE_FORMAT_CTX *ctx) { int i; for (i=0; ioptions->ntsurl; i++) { if (!add_timestamp(p7, ctx, ctx->options->tsurl[i], 1)) return 1; /* OK */ } return 0; /* FAILED */ } /* * [in] resp_ctx: a response context that can be used for generating responses * [in] data: unused * [returns] hexadecimal serial number */ static ASN1_INTEGER *serial_cb(TS_RESP_CTX *resp_ctx, void *data) { int ret = 0; uint64_t buf; ASN1_INTEGER *serial = NULL; /* squash unused parameter warning */ (void)data; if (RAND_bytes((unsigned char *)&buf, sizeof buf) <= 0) { printf("RAND_bytes failed\n"); goto out; } serial = ASN1_INTEGER_new(); if (!serial) goto out; ASN1_INTEGER_set_uint64(serial, buf); ret = 1; out: if (!ret) { TS_RESP_CTX_set_status_info(resp_ctx, TS_STATUS_REJECTION, "Error during serial number generation."); TS_RESP_CTX_add_failure_info(resp_ctx, TS_INFO_ADD_INFO_NOT_AVAILABLE); ASN1_INTEGER_free(serial); return NULL; /* FAILED */ } return serial; } /* * This must return the seconds and microseconds since Jan 1, 1970 in the sec * and usec variables allocated by the caller. * [in] resp_ctx: a response context that can be used for generating responses * [in] data: timestamping time * [out] sec: total of seconds since Jan 1, 1970 * [out] usec: microseconds (unused) * [returns] 0 on error or 1 on success */ static int time_cb(TS_RESP_CTX *resp_ctx, void *data, long *sec, long *usec) { time_t *time = (time_t *)data; if(!*time) { TS_RESP_CTX_set_status_info(resp_ctx, TS_STATUS_REJECTION, "Time is not available."); TS_RESP_CTX_add_failure_info(resp_ctx, TS_INFO_TIME_NOT_AVAILABLE); return 0; /* FAILED */ } *sec = (long int)*time; *usec = 0; return 1; /* OK */ } /* * [in] ctx: structure holds input and output data * [in] signer_cert: the signer certificate of the TSA in PEM format * [in] signer_key: the private key of the TSA in PEM format * [in] chain: the certificate chain that will all be included in the response * [in] bout: timestamp request * [returns] RFC3161 response */ static TS_RESP *get_rfc3161_response(FILE_FORMAT_CTX *ctx, X509 *signer_cert, EVP_PKEY *signer_key, STACK_OF(X509) *chain, BIO *bout) { TS_RESP_CTX *resp_ctx = NULL; TS_RESP *response = NULL; ASN1_OBJECT *policy_obj = NULL; resp_ctx = TS_RESP_CTX_new(); if (!resp_ctx) goto out; TS_RESP_CTX_set_serial_cb(resp_ctx, serial_cb, NULL); if (!TS_RESP_CTX_set_signer_cert(resp_ctx, signer_cert)) { goto out; } if (!TS_RESP_CTX_set_signer_key(resp_ctx, signer_key)) { goto out; } if (!TS_RESP_CTX_set_certs(resp_ctx, chain)) { goto out; } /* message digest algorithm that the TSA accepts */ if (!TS_RESP_CTX_add_md(resp_ctx, ctx->options->md)) { goto out; } /* signing digest to use */ if (!TS_RESP_CTX_set_signer_digest(resp_ctx, ctx->options->md)) { goto out; } /* default policy to use when the request does not mandate any policy * tsa_policy1 = 1.2.3.4.1 */ policy_obj = OBJ_txt2obj(TSA_POLICY1, 0); if (!policy_obj) { goto out; } if (!TS_RESP_CTX_set_def_policy(resp_ctx, policy_obj)) { goto out; } /* the accuracy of the time source of the TSA in seconds, milliseconds * and microseconds; e.g. secs:1, millisecs:500, microsecs:100; * 0 means not specified */ if (!TS_RESP_CTX_set_accuracy(resp_ctx, 1, 500, 100)) { goto out; } if (ctx->options->tsa_time) { TS_RESP_CTX_set_time_cb(resp_ctx, time_cb, &(ctx->options->tsa_time)); } /* generate RFC3161 response with embedded TS_TST_INFO structure */ response = TS_RESP_create_response(resp_ctx, bout); if (!response) { printf("Failed to create RFC3161 response\n"); } out: ASN1_OBJECT_free(policy_obj); TS_RESP_CTX_free(resp_ctx); return response; } /* * [in] bin: certfile BIO * [in] certpass: NULL * [returns] pointer to STACK_OF(X509) structure */ static STACK_OF(X509) *X509_chain_read_certs(BIO *bin, char *certpass) { STACK_OF(X509) *certs = sk_X509_new_null(); X509 *x509; (void)BIO_seek(bin, 0); x509 = PEM_read_bio_X509(bin, NULL, NULL, certpass); while (x509) { sk_X509_push(certs, x509); x509 = PEM_read_bio_X509(bin, NULL, NULL, certpass); } ERR_clear_error(); if (!sk_X509_num(certs)) { sk_X509_free(certs); return NULL; } return certs; } /* * [in, out] p7: new PKCS#7 signature * [in] ctx: structure holds input and output data * [returns] 1 on error or 0 on success */ static int add_timestamp_builtin(PKCS7 *p7, FILE_FORMAT_CTX *ctx) { BIO *btmp, *bout; STACK_OF(X509) *chain; X509 *signer_cert = NULL; EVP_PKEY *signer_key; TS_RESP *response = NULL; int i, res = 1; btmp = BIO_new_file(ctx->options->tsa_certfile, "rb"); if (!btmp) { printf("Failed to read Time-Stamp Authority certificate file: %s\n", ctx->options->tsa_certfile); return 0; /* FAILED */ } /* .pem certificate file */ chain = X509_chain_read_certs(btmp, NULL); BIO_free(btmp); btmp = BIO_new_file(ctx->options->tsa_keyfile, "rb"); if (!btmp) { printf("Failed to read private key file: %s\n", ctx->options->tsa_keyfile); return 0; /* FAILED */ } signer_key = PEM_read_bio_PrivateKey(btmp, NULL, NULL, NULL); BIO_free(btmp); if(!chain || !signer_key) { printf("Failed to load Time-Stamp Authority crypto parameters\n"); return 0; /* FAILED */ } /* find the signer's certificate located somewhere in the whole certificate chain */ for (i=0; ioptions->md); if (!bout) { printf("Failed to encode timestamp request\n"); goto out; } response = get_rfc3161_response(ctx, signer_cert, signer_key, chain, bout); BIO_free_all(bout); if (response) { res = attach_rfc3161_response(p7, response, ctx->options->verbose); if (res) { printf("Failed to convert timestamp reply\n"); ERR_print_errors_fp(stdout); } } else { printf("Failed to obtain RFC3161 response\n"); } out: sk_X509_pop_free(chain, X509_free); EVP_PKEY_free(signer_key); TS_RESP_free(response); return res; } /* * If successful the unauthenticated blob will be written into * the PKCS7 SignerInfo structure as an unauthenticated attribute - cont[1]: * p7->d.sign->signer_info->unauth_attr * [in, out] p7: new PKCS#7 signature * [returns] 0 on error or 1 on success */ static int add_unauthenticated_blob(PKCS7 *p7) { PKCS7_SIGNER_INFO *si; STACK_OF(PKCS7_SIGNER_INFO) *signer_info; u_char *p = NULL; int len = 1024+4; /* Length data for ASN1 attribute plus prefix */ const char prefix[] = "\x0c\x82\x04\x00---BEGIN_BLOB---"; const char postfix[] = "---END_BLOB---"; signer_info = PKCS7_get_signer_info(p7); if (!signer_info) { printf("Failed to obtain PKCS#7 signer info list\n"); return 0; /* FAILED */ } si = sk_PKCS7_SIGNER_INFO_value(p7->d.sign->signer_info, 0); if (!si) return 0; /* FAILED */ if ((p = OPENSSL_malloc((size_t)len)) == NULL) return 0; /* FAILED */ memset(p, 0, (size_t)len); memcpy(p, prefix, sizeof prefix); memcpy(p + len - sizeof postfix, postfix, sizeof postfix); if (!X509_attribute_chain_append_object(&(si->unauth_attr), p, len, SPC_UNAUTHENTICATED_DATA_BLOB_OBJID)) { OPENSSL_free(p); return 1; /* FAILED */ } OPENSSL_free(p); return 1; /* OK */ } /* * Add unauthenticated attributes (Countersignature, Unauthenticated Data Blob) * [in, out] p7: new PKCS#7 signature * [in, out] ctx: structure holds input and output data * [returns] 1 on error or 0 on success */ static int add_timestamp_and_blob(PKCS7 *p7, FILE_FORMAT_CTX *ctx) { /* add counter-signature/timestamp */ if (ctx->options->nturl && !add_timestamp_authenticode(p7, ctx)) { printf("%s\n%s\n", "Authenticode timestamping failed", "Use the \"-ts\" option to add the RFC3161 Time-Stamp Authority or choose another one Authenticode Time-Stamp Authority"); return 1; /* FAILED */ } if (ctx->options->ntsurl && !add_timestamp_rfc3161(p7, ctx)) { printf("%s\n%s\n", "RFC 3161 timestamping failed", "Use the \"-t\" option to add the Authenticode Time-Stamp Authority or choose another one RFC3161 Time-Stamp Authority"); return 1; /* FAILED */ } if (ctx->options->tsa_certfile && ctx->options->tsa_keyfile && add_timestamp_builtin(p7, ctx)) { printf("Built-in timestamping failed\n"); return 1; /* FAILED */ } if (ctx->options->addBlob && !add_unauthenticated_blob(p7)) { printf("Adding unauthenticated blob failed\n"); return 1; /* FAILED */ } return 0; /* OK */ } /* * Add unauthenticated attributes to the signature at a certain position * [in, out] p7: new PKCS#7 signature * [in, out] ctx: structure holds input and output data * [in] index: signature index * [returns] 1 on error or 0 on success */ static int add_nested_timestamp_and_blob(PKCS7 *p7, FILE_FORMAT_CTX *ctx, int index) { STACK_OF(PKCS7) *signatures; STACK_OF(PKCS7_SIGNER_INFO) *signer_info; STACK_OF(X509_ATTRIBUTE) *unauth_attr; PKCS7_SIGNER_INFO *si; PKCS7 *p7_tmp; int i; p7_tmp = PKCS7_dup(p7); if (!p7_tmp) { return 1; /* FAILED */ } signer_info = PKCS7_get_signer_info(p7); if (!signer_info) { printf("Failed to obtain PKCS#7 signer info list\n"); return 1; /* FAILED */ } si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) { printf("Failed to obtain PKCS#7 signer info value\n"); return 1; /* FAILED */ } unauth_attr = PKCS7_get_attributes(si); /* cont[1] */ if (unauth_attr) { /* try to find and remove SPC_NESTED_SIGNATURE_OBJID attribute */ for (i=0; iunauth_attr), p, len, SPC_NESTED_SIGNATURE_OBJID)) { OPENSSL_free(p); return 0; /* FAILED */ } OPENSSL_free(p); return 1; /* OK */ } /* * Return the number of objects in SPC_NESTED_SIGNATURE_OBJID attribute * [in] p7: existing PKCS#7 signature (Primary Signature) * [returns] -1 on error or the number of nested signatures */ static int nested_signatures_number_get(PKCS7 *p7) { int i; STACK_OF(X509_ATTRIBUTE) *unauth_attr; PKCS7_SIGNER_INFO *si; STACK_OF(PKCS7_SIGNER_INFO) *signer_info = PKCS7_get_signer_info(p7); if (!signer_info) return -1; /* FAILED */ si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) return -1; /* FAILED */ unauth_attr = PKCS7_get_attributes(si); /* cont[1] */ if (!unauth_attr) return 0; /* OK, no unauthenticated attributes */ for (i=0; id.sign->crl * [in] signer: signer's X509 certificate * [in] chain: list of additional certificates which will be untrusted but be used to build the chain * [returns] 0 on error or 1 on success */ static int verify_crl(char *cafile, char *crlfile, STACK_OF(X509_CRL) *crls, X509 *signer, STACK_OF(X509) *chain) { X509_STORE *store = NULL; X509_STORE_CTX *ctx = NULL; int verok = 0; ctx = X509_STORE_CTX_new(); if (!ctx) goto out; store = X509_STORE_new(); if (!store) goto out; if (!x509_store_load_crlfile(store, cafile, crlfile)) goto out; /* initialise an X509_STORE_CTX structure for subsequent use by X509_verify_cert()*/ if (!X509_STORE_CTX_init(ctx, store, signer, chain)) goto out; /* set an additional CRLs */ if (crls) X509_STORE_CTX_set0_crls(ctx, crls); printf("\nCertificate Revocation List verified using:\n"); if (X509_verify_cert(ctx) <= 0) { int error = X509_STORE_CTX_get_error(ctx); printf("\nX509_verify_cert: certificate verify error: %s\n", X509_verify_cert_error_string(error)); goto out; } verok = 1; /* OK */ out: if (!verok) ERR_print_errors_fp(stdout); /* NULL is a valid parameter value for X509_STORE_free() and X509_STORE_CTX_free() */ X509_STORE_free(store); X509_STORE_CTX_free(ctx); return verok; } /* * [in] cert: X509 certificate * [returns] CRL distribution point url */ static char *clrdp_url_get_x509(X509 *cert) { STACK_OF(DIST_POINT) *crldp; DIST_POINT *dp; GENERAL_NAMES *gens; GENERAL_NAME *gen; int i, j, gtype; ASN1_STRING *uri; char *url = NULL; crldp = X509_get_ext_d2i(cert, NID_crl_distribution_points, NULL, NULL); if (!crldp) return NULL; for (i = 0; i < sk_DIST_POINT_num(crldp); i++) { dp = sk_DIST_POINT_value(crldp, i); if (!dp->distpoint || dp->distpoint->type != 0) continue; gens = dp->distpoint->name.fullname; for (j = 0; j < sk_GENERAL_NAME_num(gens); j++) { gen = sk_GENERAL_NAME_value(gens, j); uri = GENERAL_NAME_get0_value(gen, >ype); if (gtype == GEN_URI && ASN1_STRING_length(uri) > 6) { url = OPENSSL_strdup((const char *)ASN1_STRING_get0_data(uri)); if (strncmp(url, "http://", 7) == 0) goto out; OPENSSL_free(url); url = NULL; } } } out: sk_DIST_POINT_pop_free(crldp, DIST_POINT_free); return url; } /* * Get Certificate Revocation List from a CRL distribution point * and write it into the X509_CRL structure. * [in] proxy: proxy to getting CRL through * [in] url: URL of the CRL distribution point server * [returns] X509 Certificate Revocation List */ static X509_CRL *x509_crl_get(char *proxy, char *url) { X509_CRL *crl; BIO *bio = NULL; #ifdef ENABLE_CURL long http_code = -1; bio = bio_get_http(&http_code, url, NULL, proxy, 0, 1, 0); #else /* ENABLE_CURL */ /* TODO implement an HTTP session */ (void)proxy; printf("Could NOT find CURL\n"); return NULL; /* FAILED */ #endif /* ENABLE_CURL */ if (!bio) { printf("Warning: Faild to get CRL from %s\n\n", url); return NULL; /* FAILED */ } crl = d2i_X509_CRL_bio(bio, NULL); BIO_free_all(bio); if (!crl) { printf("Warning: Faild to decode CRL from %s\n\n", url); return NULL; /* FAILED */ } return crl; /* OK */ } /* * Create CRLs from p7->d.sign->crl and x509_CRL (from CRL distribution point). * [in] p7: PKCS#7 signature * [in] crl: X509 Certificate Revocation List * [returns] X509 Certificate Revocation Lists (CRLs) */ static STACK_OF(X509_CRL) *x509_crl_list_get(PKCS7 *p7, X509_CRL *crl) { int i; STACK_OF(X509_CRL) *crls = sk_X509_CRL_new_null(); for (i = 0; i < sk_X509_CRL_num(p7->d.sign->crl); i++) { if (!sk_X509_CRL_push(crls, sk_X509_CRL_value(p7->d.sign->crl, i))) { sk_X509_CRL_pop_free(crls, X509_CRL_free); return NULL; } } if (crl && !sk_X509_CRL_push(crls, crl)) { sk_X509_CRL_pop_free(crls, X509_CRL_free); X509_CRL_free(crl); return NULL; } return crls; } static void print_timestamp_serial_number(TS_TST_INFO *token) { BIGNUM *serialbn; char *number; if (!token) return; serialbn = ASN1_INTEGER_to_BN(TS_TST_INFO_get_serial(token), NULL); number = BN_bn2hex(serialbn); printf("Timestamp serial number: %s\n", number); BN_free(serialbn); OPENSSL_free(number); } /* * Compare the hash provided from the TSTInfo object against the hash computed * from the signature created by the signing certificate's private key * [in] p7: PKCS#7 signature * [in] timestamp: CMS_ContentInfo struct for Authenticode Timestamp or RFC 3161 Timestamp * [returns] 0 on error or 1 on success */ static int verify_timestamp_token(PKCS7 *p7, CMS_ContentInfo *timestamp) { STACK_OF(PKCS7_SIGNER_INFO) *signer_info; PKCS7_SIGNER_INFO *si; ASN1_OCTET_STRING **pos; signer_info = PKCS7_get_signer_info(p7); if (!signer_info) return 0; /* FAILED */ si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) return 0; /* FAILED */ /* get the embedded content */ pos = CMS_get0_content(timestamp); if (pos != NULL && *pos != NULL) { const u_char *p = (*pos)->data; TS_TST_INFO *token = d2i_TS_TST_INFO(NULL, &p, (*pos)->length); if (token) { BIO *bhash; u_char mdbuf[EVP_MAX_MD_SIZE]; ASN1_OCTET_STRING *hash; const ASN1_OBJECT *aoid; int md_nid; const EVP_MD *md; TS_MSG_IMPRINT *msg_imprint = TS_TST_INFO_get_msg_imprint(token); const X509_ALGOR *alg = TS_MSG_IMPRINT_get_algo(msg_imprint); X509_ALGOR_get0(&aoid, NULL, NULL, alg); md_nid = OBJ_obj2nid(aoid); md = EVP_get_digestbynid(md_nid); /* compute a hash from the encrypted message digest value of the file */ bhash = BIO_new(BIO_f_md()); if (!BIO_set_md(bhash, md)) { printf("Unable to set the message digest of BIO\n"); BIO_free_all(bhash); TS_TST_INFO_free(token); return 0; /* FAILED */ } BIO_push(bhash, BIO_new(BIO_s_null())); BIO_write(bhash, si->enc_digest->data, si->enc_digest->length); BIO_gets(bhash, (char*)mdbuf, EVP_MD_size(md)); BIO_free_all(bhash); /* compare the provided hash against the computed hash */ hash =TS_MSG_IMPRINT_get_msg(msg_imprint); if (memcmp(mdbuf, hash->data, (size_t)hash->length)) { printf("Hash value mismatch:\n\tMessage digest algorithm: %s\n", (md_nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(md_nid)); print_hash("\tComputed message digest", "", mdbuf, EVP_MD_size(md)); print_hash("\tReceived message digest", "", hash->data, hash->length); printf("\nFile's message digest verification: failed\n"); TS_TST_INFO_free(token); return 0; /* FAILED */ } /* else Computed and received message digests matched */ print_timestamp_serial_number(token); TS_TST_INFO_free(token); } else /* our CMS_ContentInfo struct created for Authenticode Timestamp * does not contain any TS_TST_INFO struct as specified in RFC 3161 */ ERR_clear_error(); } return 1; /* OK */ } /* * [in] ctx: structure holds input and output data * [in] p7: PKCS#7 signature * [in] timestamp: CMS_ContentInfo struct for Authenticode Timestamp or RFC 3161 Timestamp * [in] time: timestamp verification time * [returns] 0 on error or 1 on success */ static int verify_timestamp(FILE_FORMAT_CTX *ctx, PKCS7 *p7, CMS_ContentInfo *timestamp, time_t time) { X509_STORE *store; STACK_OF(CMS_SignerInfo) *sinfos; CMS_SignerInfo *cmssi; X509 *signer; X509_CRL *crl = NULL; STACK_OF(X509_CRL) *crls = NULL; char *url; int verok = 0; store = X509_STORE_new(); if (!store) goto out; if (x509_store_load_file(store, ctx->options->tsa_cafile)) { /* * The TSA signing key MUST be of a sufficient length to allow for a sufficiently * long lifetime. Even if this is done, the key will have a finite lifetime. * Thus, any token signed by the TSA SHOULD be time-stamped again or notarized * at a later date to renew the trust that exists in the TSA's signature. * https://datatracker.ietf.org/doc/html/rfc3161#section-4 * Signtool does not respect this RFC and neither we do. * So verify timestamp against the time of its creation. */ if (!x509_store_set_time(store, time)) { printf("Failed to set store time\n"); X509_STORE_free(store); goto out; } } else { printf("Use the \"-TSA-CAfile\" option to add the Time-Stamp Authority certificates bundle to verify the Timestamp Server.\n"); X509_STORE_free(store); goto out; } /* verify a CMS SignedData structure */ printf("\nTimestamp verified using:\n"); if (!CMS_verify(timestamp, NULL, store, 0, NULL, 0)) { STACK_OF(X509) *cms_certs; printf("\nCMS_verify error\n"); X509_STORE_free(store); printf("\nFailed timestamp certificate chain retrieved from the signature:\n"); cms_certs = CMS_get1_certs(timestamp); print_certs_chain(cms_certs); sk_X509_pop_free(cms_certs, X509_free); goto out; } X509_STORE_free(store); sinfos = CMS_get0_SignerInfos(timestamp); cmssi = sk_CMS_SignerInfo_value(sinfos, 0); CMS_SignerInfo_get0_algs(cmssi, NULL, &signer, NULL, NULL); /* verify a Certificate Revocation List */ url = clrdp_url_get_x509(signer); if (url) { if (ctx->options->ignore_cdp) { printf("Ignored TSA's CRL distribution point: %s\n", url); } else { printf("TSA's CRL distribution point: %s\n", url); crl = x509_crl_get(ctx->options->proxy, url); } OPENSSL_free(url); if (!crl && !ctx->options->tsa_crlfile) { printf("Use the \"-TSA-CRLfile\" option to add one or more Time-Stamp Authority CRLs in PEM format.\n"); goto out; } } if (p7->d.sign->crl || crl) { crls = x509_crl_list_get(p7, crl); if (!crls) { printf("Failed to use CRL distribution point\n"); goto out; } } if (ctx->options->tsa_crlfile || crls) { STACK_OF(X509) *chain = CMS_get1_certs(timestamp); int crlok = verify_crl(ctx->options->tsa_cafile, ctx->options->tsa_crlfile, crls, signer, chain); sk_X509_pop_free(chain, X509_free); sk_X509_CRL_pop_free(crls, X509_CRL_free); printf("Timestamp Server Signature CRL verification: %s\n", crlok ? "ok" : "failed"); if (!crlok) goto out; } else { printf("\n"); } /* check extended key usage flag XKU_TIMESTAMP */ if (!(X509_get_extended_key_usage(signer) & XKU_TIMESTAMP)) { printf("Unsupported Signer's certificate purpose XKU_TIMESTAMP\n"); goto out; } /* verify the hash provided from the trusted timestamp */ if (!verify_timestamp_token(p7, timestamp)) { goto out; } verok = 1; /* OK */ out: if (!verok) ERR_print_errors_fp(stdout); return verok; } #if OPENSSL_VERSION_NUMBER<0x30000000L static int PKCS7_type_is_other(PKCS7 *p7) { int isOther = 1; int nid = OBJ_obj2nid(p7->type); switch (nid) { case NID_pkcs7_data: case NID_pkcs7_signed: case NID_pkcs7_enveloped: case NID_pkcs7_signedAndEnveloped: case NID_pkcs7_digest: case NID_pkcs7_encrypted: isOther = 0; break; default: isOther = 1; } return isOther; } #endif /* OPENSSL_VERSION_NUMBER<0x30000000L */ /* * [in] ctx: structure holds input and output data * [in] p7: PKCS#7 signature * [in] time: signature verification time * [in] signer: signer's X509 certificate * [returns] 1 on error or 0 on success */ static int verify_authenticode(FILE_FORMAT_CTX *ctx, PKCS7 *p7, time_t time, X509 *signer) { X509_STORE *store; X509_CRL *crl = NULL; STACK_OF(X509_CRL) *crls = NULL; BIO *bio = NULL; int verok = 0; char *url; PKCS7 *contents = p7->d.sign->contents; store = X509_STORE_new(); if (!store) goto out; if (!x509_store_load_file(store, ctx->options->cafile)) { printf("Failed to add store lookup file\n"); X509_STORE_free(store); goto out; } if (time != INVALID_TIME) { printf("Signature verification time: "); print_time_t(time); if (!x509_store_set_time(store, time)) { printf("Failed to set signature time\n"); X509_STORE_free(store); goto out; } } else if (ctx->options->time != INVALID_TIME) { printf("Signature verification time: "); print_time_t(ctx->options->time); if (!x509_store_set_time(store, ctx->options->time)) { printf("Failed to set verifying time\n"); X509_STORE_free(store); goto out; } } /* verify a PKCS#7 signedData structure */ if (PKCS7_type_is_other(contents) && (contents->d.other != NULL) && (contents->d.other->value.sequence != NULL) && (contents->d.other->value.sequence->length > 0)) { if (contents->d.other->type == V_ASN1_SEQUENCE) { /* only verify the content of the sequence */ const unsigned char *data = contents->d.other->value.sequence->data; long len; int inf, tag, class; inf = ASN1_get_object(&data, &len, &tag, &class, contents->d.other->value.sequence->length); if (inf != V_ASN1_CONSTRUCTED || tag != V_ASN1_SEQUENCE) { printf("Corrupted data content\n"); X509_STORE_free(store); goto out; } bio = BIO_new_mem_buf(data, (int)len); } else { /* verify the entire value */ bio = BIO_new_mem_buf(contents->d.other->value.sequence->data, contents->d.other->value.sequence->length); } } else { printf("Corrupted data content\n"); X509_STORE_free(store); goto out; } printf("Signing certificate chain verified using:\n"); /* * In the PKCS7_verify() function, the BIO *indata parameter refers to * the signed data if the content is detached from p7. * Otherwise, indata should be NULL, and then the signed data must be in p7. * The OpenSSL error workaround is to put the inner content into BIO *indata parameter * https://github.com/openssl/openssl/pull/22575 */ if (!PKCS7_verify(p7, NULL, store, bio, NULL, 0)) { printf("\nPKCS7_verify error\n"); X509_STORE_free(store); BIO_free(bio); printf("\nFailed signing certificate chain retrieved from the signature:\n"); print_certs_chain(p7->d.sign->cert); goto out; } X509_STORE_free(store); BIO_free(bio); /* verify a Certificate Revocation List */ url = clrdp_url_get_x509(signer); if (url) { if (ctx->options->ignore_cdp) { printf("Ignored CRL distribution point: %s\n", url); } else { printf("CRL distribution point: %s\n", url); crl = x509_crl_get(ctx->options->proxy, url); } OPENSSL_free(url); if (!crl && !ctx->options->crlfile) { printf("Use the \"-CRLfile\" option to add one or more CRLs in PEM format.\n"); goto out; } } if (p7->d.sign->crl || crl) { crls = x509_crl_list_get(p7, crl); if (!crls) { printf("Failed to use CRL distribution point\n"); goto out; } } if (ctx->options->crlfile || crls) { STACK_OF(X509) *chain = p7->d.sign->cert; int crlok = verify_crl(ctx->options->cafile, ctx->options->crlfile, crls, signer, chain); sk_X509_CRL_pop_free(crls, X509_CRL_free); printf("Signature CRL verification: %s\n", crlok ? "ok" : "failed"); if (!crlok) goto out; } /* check extended key usage flag XKU_CODE_SIGN */ if (!(X509_get_extended_key_usage(signer) & XKU_CODE_SIGN)) { printf("Unsupported Signer's certificate purpose XKU_CODE_SIGN\n"); goto out; } verok = 1; /* OK */ out: if (!verok) ERR_print_errors_fp(stdout); return verok; } /* * [in] leafhash: optional hash algorithm and the signer's certificate hash * [in] cert: signer's x509 certificate * [returns] 0 on error or 1 on success */ static int verify_leaf_hash(X509 *cert, const char *leafhash) { u_char *mdbuf = NULL, *certbuf, *tmp; u_char cmdbuf[EVP_MAX_MD_SIZE]; const EVP_MD *md; long mdlen = 0; size_t certlen, written; BIO *bhash; /* decode the provided hash */ char *mdid = OPENSSL_strdup(leafhash); char *hash = strchr(mdid, ':'); if (hash == NULL) { printf("\nUnable to parse -require-leaf-hash parameter: %s\n", leafhash); OPENSSL_free(mdid); return 0; /* FAILED */ } *hash++ = '\0'; md = EVP_get_digestbyname(mdid); if (md == NULL) { printf("\nUnable to lookup digest by name '%s'\n", mdid); OPENSSL_free(mdid); return 0; /* FAILED */ } mdbuf = OPENSSL_hexstr2buf(hash, &mdlen); if (mdlen != EVP_MD_size(md)) { printf("\nHash length mismatch: '%s' digest must be %d bytes long (got %ld bytes)\n", mdid, EVP_MD_size(md), mdlen); OPENSSL_free(mdid); OPENSSL_free(mdbuf); return 0; /* FAILED */ } OPENSSL_free(mdid); /* compute the leaf certificate hash */ bhash = BIO_new(BIO_f_md()); if (!BIO_set_md(bhash, md)) { printf("Unable to set the message digest of BIO\n"); BIO_free_all(bhash); OPENSSL_free(mdbuf); return 0; /* FAILED */ } BIO_push(bhash, BIO_new(BIO_s_null())); certlen = (size_t)i2d_X509(cert, NULL); certbuf = OPENSSL_malloc(certlen); tmp = certbuf; i2d_X509(cert, &tmp); if (!BIO_write_ex(bhash, certbuf, certlen, &written) || written != certlen) { BIO_free_all(bhash); OPENSSL_free(mdbuf); OPENSSL_free(certbuf); return 0; /* FAILED */ } BIO_gets(bhash, (char*)cmdbuf, EVP_MD_size(md)); BIO_free_all(bhash); OPENSSL_free(certbuf); /* compare the provided hash against the computed hash */ if (memcmp(mdbuf, cmdbuf, (size_t)EVP_MD_size(md))) { print_hash("\nLeaf hash value mismatch", "computed", cmdbuf, EVP_MD_size(md)); OPENSSL_free(mdbuf); return 0; /* FAILED */ } OPENSSL_free(mdbuf); return 1; /* OK */ } /* * [in] timestamp: CMS_ContentInfo struct for Authenticode Timestamp or RFC 3161 Timestamp * [in] time: timestamp verification time * [returns] 0 on error or 1 on success */ static int print_cms_timestamp(CMS_ContentInfo *timestamp, time_t time) { STACK_OF(CMS_SignerInfo) *sinfos; CMS_SignerInfo *si; X509_ATTRIBUTE *attr; int md_nid; ASN1_INTEGER *serialno; char *issuer_name, *serial; BIGNUM *serialbn; X509_ALGOR *pdig; X509_NAME *issuer = NULL; sinfos = CMS_get0_SignerInfos(timestamp); if (sinfos == NULL) return 0; /* FAILED */ si = sk_CMS_SignerInfo_value(sinfos, 0); if (si == NULL) return 0; /* FAILED */ printf("\nCountersignatures:\n\tTimestamp time: "); print_time_t(time); /* PKCS#9 signing time - Policy OID: 1.2.840.113549.1.9.5 */ attr = CMS_signed_get_attr(si, CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1)); if (attr == NULL) return 0; /* FAILED */ printf("\tSigning time: "); print_time_t(time_t_get_asn1_time(X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_UTCTIME, NULL))); CMS_SignerInfo_get0_algs(si, NULL, NULL, &pdig, NULL); if (pdig == NULL || pdig->algorithm == NULL) return 0; /* FAILED */ md_nid = OBJ_obj2nid(pdig->algorithm); printf("\tHash Algorithm: %s\n", (md_nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(md_nid)); if (!CMS_SignerInfo_get0_signer_id(si, NULL, &issuer, &serialno) || !issuer) return 0; /* FAILED */ issuer_name = X509_NAME_oneline(issuer, NULL, 0); serialbn = ASN1_INTEGER_to_BN(serialno, NULL); serial = BN_bn2hex(serialbn); printf("\tIssuer: %s\n\tSerial: %s\n", issuer_name, serial); OPENSSL_free(issuer_name); BN_free(serialbn); OPENSSL_free(serial); return 1; /* OK */ } /* * RFC3852: the message-digest authenticated attribute type MUST be * present when there are any authenticated attributes present * [in] timestamp: CMS_ContentInfo struct for Authenticode Timestamp or RFC 3161 Timestamp * [in] p7: PKCS#7 signature * [in] verbose: additional output mode * [returns] 0 on error or 1 on success */ static time_t time_t_timestamp_get_attributes(CMS_ContentInfo **timestamp, PKCS7 *p7, int verbose) { STACK_OF(PKCS7_SIGNER_INFO) *signer_info; PKCS7_SIGNER_INFO *si; int md_nid, i; STACK_OF(X509_ATTRIBUTE) *auth_attr, *unauth_attr; X509_ATTRIBUTE *attr; ASN1_OBJECT *object; ASN1_STRING *value; char object_txt[128]; time_t time = INVALID_TIME; signer_info = PKCS7_get_signer_info(p7); if (!signer_info) return INVALID_TIME; /* FAILED */ si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) return INVALID_TIME; /* FAILED */ md_nid = OBJ_obj2nid(si->digest_alg->algorithm); printf("Message digest algorithm: %s\n", (md_nid == NID_undef) ? "UNKNOWN" : OBJ_nid2sn(md_nid)); /* Unauthenticated attributes */ auth_attr = PKCS7_get_signed_attributes(si); /* cont[0] */ printf("\nAuthenticated attributes:\n"); for (i=0; imoreInfo && opus->moreInfo->type == 0) { char *url = OPENSSL_strdup((char *)opus->moreInfo->value.url->data); printf("\tURL description: %s\n", url); OPENSSL_free(url); } if (opus->programName) { char *desc = NULL; if (opus->programName->type == 0) { u_char *opusdata; int len = ASN1_STRING_to_UTF8(&opusdata, opus->programName->value.unicode); if (len >= 0) { desc = OPENSSL_strndup((char *)opusdata, (size_t)len); OPENSSL_free(opusdata); } } else { desc = OPENSSL_strdup((char *)opus->programName->value.ascii->data); } if (desc) { printf("\tText description: %s\n", desc); OPENSSL_free(desc); } } SpcSpOpusInfo_free(opus); } else if (!strcmp(object_txt, SPC_STATEMENT_TYPE_OBJID)) { /* Microsoft OID: 1.3.6.1.4.1.311.2.1.11 */ const u_char *purpose; value = X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_SEQUENCE, NULL); if (value == NULL) continue; purpose = ASN1_STRING_get0_data(value); if (!memcmp(purpose, purpose_comm, sizeof purpose_comm)) printf("\tMicrosoft Commercial Code Signing purpose\n"); else if (!memcmp(purpose, purpose_ind, sizeof purpose_ind)) printf("\tMicrosoft Individual Code Signing purpose\n"); else printf("\tUnrecognized Code Signing purpose\n"); } else if (!strcmp(object_txt, MS_JAVA_SOMETHING)) { /* Microsoft OID: 1.3.6.1.4.1.311.15.1 */ const u_char *level; value = X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_SEQUENCE, NULL); if (value == NULL) continue; level = ASN1_STRING_get0_data(value); if (!memcmp(level, java_attrs_low, sizeof java_attrs_low)) printf("\tLow level of permissions in Microsoft Internet Explorer 4.x for CAB files\n"); else printf("\tUnrecognized level of permissions in Microsoft Internet Explorer 4.x for CAB files\n"); } else if (!strcmp(object_txt, PKCS9_SEQUENCE_NUMBER)) { /* PKCS#9 sequence number - Policy OID: 1.2.840.113549.1.9.25.4 */ ASN1_INTEGER *number = X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_INTEGER, NULL); if (number == NULL) continue; printf("\tSequence number: %ld\n", ASN1_INTEGER_get(number)); } } /* Unauthenticated attributes */ unauth_attr = PKCS7_get_attributes(si); /* cont[1] */ for (i=0; id.sign, countersi); if (cms) { if (!print_cms_timestamp(cms, time)) { CMS_ContentInfo_free(cms); return INVALID_TIME; /* FAILED */ } *timestamp = cms; } else { printf("Error: Corrupt Authenticode Timestamp embedded content\n"); } } else { printf("Error: PKCS9_TIMESTAMP_SIGNING_TIME attribute not found\n"); PKCS7_SIGNER_INFO_free(countersi); } } else if (!strcmp(object_txt, SPC_RFC3161_OBJID)) { /* RFC3161 Timestamp - Policy OID: 1.3.6.1.4.1.311.3.3.1 */ const u_char *data; CMS_ContentInfo *cms; value = X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_SEQUENCE, NULL); if (value == NULL) continue; data = ASN1_STRING_get0_data(value); cms = d2i_CMS_ContentInfo(NULL, &data, ASN1_STRING_length(value)); if (cms == NULL) { printf("Error: RFC3161 Timestamp could not be decoded correctly\n"); ERR_print_errors_fp(stdout); continue; } time = time_t_get_cms_time(cms); if (time != INVALID_TIME) { if (!print_cms_timestamp(cms, time)) { CMS_ContentInfo_free(cms); return INVALID_TIME; /* FAILED */ } *timestamp = cms; } else { printf("Error: Corrupt RFC3161 Timestamp embedded content\n"); CMS_ContentInfo_free(cms); ERR_print_errors_fp(stdout); } } else if (!strcmp(object_txt, SPC_UNAUTHENTICATED_DATA_BLOB_OBJID)) { /* Unauthenticated Data Blob - Policy OID: 1.3.6.1.4.1.42921.1.2.1 */ ASN1_STRING *blob = X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_UTF8STRING, NULL); if (blob == NULL) { printf("Error: Unauthenticated Data Blob could not be decoded correctly\n"); continue; } if (verbose) { char *data_blob = OPENSSL_buf2hexstr(blob->data, blob->length); printf("\nUnauthenticated Data Blob:\n%s\n", data_blob); OPENSSL_free(data_blob); } else { printf("\nUnauthenticated Data Blob length: %d bytes\n", blob->length); } } } return time; } /* * Convert ASN1_TIME to time_t * [in] s: ASN1_TIME structure * [returns] INVALID_TIME on error or time_t on success */ static time_t time_t_get_asn1_time(const ASN1_TIME *s) { struct tm tm; if ((s == NULL) || (!ASN1_TIME_check(s))) { return INVALID_TIME; } if (ASN1_TIME_to_tm(s, &tm)) { #ifdef _WIN32 return _mkgmtime(&tm); #else /* _WIN32 */ return timegm(&tm); #endif /* _WIN32 */ } else { return INVALID_TIME; } } /* * Get signing time from authenticated attributes * [in] si: PKCS7_SIGNER_INFO structure * [returns] INVALID_TIME on error or time_t on success */ static time_t time_t_get_si_time(PKCS7_SIGNER_INFO *si) { ASN1_UTCTIME *time = asn1_time_get_si_time(si); if (time == NULL) return INVALID_TIME; /* FAILED */ return time_t_get_asn1_time(time); } /* * Get signing time from authenticated attributes cont[0] * [in] si: PKCS7_SIGNER_INFO structure * [returns] NULL on error or ASN1_UTCTIME on success */ static ASN1_UTCTIME *asn1_time_get_si_time(PKCS7_SIGNER_INFO *si) { STACK_OF(X509_ATTRIBUTE) *auth_attr = PKCS7_get_signed_attributes(si); if (auth_attr) { int i; for (i=0; idata; TS_TST_INFO *token = d2i_TS_TST_INFO(NULL, &p, (*pos)->length); if (token) { const ASN1_GENERALIZEDTIME *asn1_time = TS_TST_INFO_get_time(token); posix_time = time_t_get_asn1_time(asn1_time); TS_TST_INFO_free(token); } } return posix_time; } /* * Create new CMS_ContentInfo struct for Authenticode Timestamp. * This struct does not contain any TS_TST_INFO as specified in RFC 3161. * [in] p7_signed: PKCS#7 signedData structure * [in] countersignature: Authenticode Timestamp decoded to PKCS7_SIGNER_INFO * [returns] pointer to CMS_ContentInfo structure */ static CMS_ContentInfo *cms_get_timestamp(PKCS7_SIGNED *p7_signed, PKCS7_SIGNER_INFO *countersignature) { CMS_ContentInfo *cms = NULL; PKCS7_SIGNER_INFO *si; PKCS7 *p7 = NULL, *content = NULL; u_char *p = NULL; const u_char *q; int i, len = 0; p7 = PKCS7_new(); si = sk_PKCS7_SIGNER_INFO_value(p7_signed->signer_info, 0); if (si == NULL) goto out; /* Create new signed PKCS7 timestamp structure. */ if (!PKCS7_set_type(p7, NID_pkcs7_signed)) goto out; if (!PKCS7_add_signer(p7, countersignature)) goto out; for (i = 0; i < sk_X509_num(p7_signed->cert); i++) { if (!PKCS7_add_certificate(p7, sk_X509_value(p7_signed->cert, i))) goto out; } /* Create new encapsulated NID_id_smime_ct_TSTInfo content. */ content = PKCS7_new(); content->d.other = ASN1_TYPE_new(); content->type = OBJ_nid2obj(NID_id_smime_ct_TSTInfo); ASN1_TYPE_set1(content->d.other, V_ASN1_OCTET_STRING, si->enc_digest); /* Add encapsulated content to signed PKCS7 timestamp structure: p7->d.sign->contents = content */ if (!PKCS7_set_content(p7, content)) { PKCS7_free(content); goto out; } /* Convert PKCS7 into CMS_ContentInfo */ if (((len = i2d_PKCS7(p7, NULL)) <= 0) || (p = OPENSSL_malloc((size_t)len)) == NULL) { printf("Failed to convert pkcs7: %d\n", len); goto out; } len = i2d_PKCS7(p7, &p); p -= len; q = p; cms = d2i_CMS_ContentInfo(NULL, &q, len); OPENSSL_free(p); out: if (!cms) ERR_print_errors_fp(stdout); PKCS7_free(p7); return cms; } /* * The attribute type is SPC_INDIRECT_DATA_OBJID, so get a digest algorithm and a message digest * from the content and compare the message digest against the computed message digest of the file * [in] ctx: structure holds input and output data * [in] content: catalog file content * [returns] 1 on error or 0 on success */ static int verify_content_member_digest(FILE_FORMAT_CTX *ctx, ASN1_TYPE *content) { int mdlen, mdtype = -1; u_char mdbuf[EVP_MAX_MD_SIZE]; SpcIndirectDataContent *idc; const u_char *data; ASN1_STRING *value; const EVP_MD *md; u_char *cmdbuf = NULL; value = content->value.sequence; data = ASN1_STRING_get0_data(value); idc = d2i_SpcIndirectDataContent(NULL, &data, ASN1_STRING_length(value)); if (!idc) { printf("Failed to extract SpcIndirectDataContent data\n"); return 1; /* FAILED */ } if (idc->messageDigest && idc->messageDigest->digest && idc->messageDigest->digestAlgorithm) { /* get a digest algorithm a message digest of the file from the content */ mdtype = OBJ_obj2nid(idc->messageDigest->digestAlgorithm->algorithm); memcpy(mdbuf, idc->messageDigest->digest->data, (size_t)idc->messageDigest->digest->length); } if (mdtype == -1) { printf("Failed to extract current message digest\n\n"); SpcIndirectDataContent_free(idc); return 1; /* FAILED */ } if (!ctx->format->digest_calc) { printf("Unsupported method: digest_calc\n"); SpcIndirectDataContent_free(idc); return 1; /* FAILED */ } md = EVP_get_digestbynid(mdtype); cmdbuf = ctx->format->digest_calc(ctx, md); if (!cmdbuf) { printf("Failed to compute a message digest value\n\n"); SpcIndirectDataContent_free(idc); return 1; /* FAILED */ } mdlen = EVP_MD_size(EVP_get_digestbynid(mdtype)); if (memcmp(mdbuf, cmdbuf, (size_t)mdlen)) { OPENSSL_free(cmdbuf); SpcIndirectDataContent_free(idc); return 1; /* FAILED */ } else { printf("Message digest algorithm : %s\n", OBJ_nid2sn(mdtype)); print_hash("Current message digest ", "", mdbuf, mdlen); print_hash("Calculated message digest ", "\n", cmdbuf, mdlen); } OPENSSL_free(cmdbuf); if (idc->data && ctx->format->verify_indirect_data && !ctx->format->verify_indirect_data(ctx, idc->data)) { SpcIndirectDataContent_free(idc); return 1; /* FAILED */ } SpcIndirectDataContent_free(idc); return 0; /* OK */ } /* * Find the message digest of the file for all files added to the catalog file * CTL (MS_CTL_OBJID) is a list of hashes of certificates or a list of hashes files * [in] ctx: structure holds input and output data * [in] p7: PKCS#7 signature * [returns] 1 on error or 0 on success */ static int verify_content(FILE_FORMAT_CTX *ctx, PKCS7 *p7) { MsCtlContent *ctlc; int i; ctlc = ms_ctl_content_get(p7); if (!ctlc) { printf("Failed to extract MS_CTL_OBJID data\n"); return 1; /* FAILED */ } for (i = 0; i < sk_CatalogInfo_num(ctlc->header_attributes); i++) { int j; CatalogInfo *header_attr = sk_CatalogInfo_value(ctlc->header_attributes, i); if (header_attr == NULL) continue; for (j = 0; j < sk_CatalogAuthAttr_num(header_attr->attributes); j++) { char object_txt[128]; CatalogAuthAttr *attribute; ASN1_TYPE *content; attribute = sk_CatalogAuthAttr_value(header_attr->attributes, j); if (!attribute) continue; content = catalog_content_get(attribute); if (!content) continue; object_txt[0] = 0x00; OBJ_obj2txt(object_txt, sizeof object_txt, attribute->type, 1); if (!strcmp(object_txt, SPC_INDIRECT_DATA_OBJID)) { /* SPC_INDIRECT_DATA_OBJID OID: 1.3.6.1.4.1.311.2.1.4 */ if (!verify_content_member_digest(ctx, content)) { /* computed message digest of the file is found in the catalog file */ ASN1_TYPE_free(content); MsCtlContent_free(ctlc); return 0; /* OK */ } } ASN1_TYPE_free(content); } } MsCtlContent_free(ctlc); ERR_print_errors_fp(stdout); return 1; /* FAILED */ } /* * [in] ctx: structure holds input and output data * [in] p7: PKCS#7 signature * [returns] 1 on error or 0 on success */ static int verify_signature(FILE_FORMAT_CTX *ctx, PKCS7 *p7) { int leafok, verok; STACK_OF(X509) *signers; X509 *signer; CMS_ContentInfo *timestamp = NULL; time_t time; signers = PKCS7_get0_signers(p7, NULL, 0); if (!signers || sk_X509_num(signers) != 1) { printf("PKCS7_get0_signers error\n"); return 1; /* FAILED */ } signer = sk_X509_value(signers, 0); sk_X509_free(signers); printf("Signer's certificate:\n"); print_cert(signer, 0); time = time_t_timestamp_get_attributes(×tamp, p7, ctx->options->verbose); if (ctx->options->leafhash != NULL) { leafok = verify_leaf_hash(signer, ctx->options->leafhash); printf("\nLeaf hash match: %s\n", leafok ? "ok" : "failed"); if (!leafok) { printf("Signature verification: failed\n\n"); return 1; /* FAILED */ } } if (ctx->options->catalog) printf("\nFile is signed in catalog: %s\n", ctx->options->catalog); printf("\nCAfile: %s\n", ctx->options->cafile); if (ctx->options->crlfile) printf("CRLfile: %s\n", ctx->options->crlfile); if (ctx->options->tsa_cafile) printf("TSA's certificates file: %s\n", ctx->options->tsa_cafile); if (ctx->options->tsa_crlfile) printf("TSA's CRL file: %s\n", ctx->options->tsa_crlfile); if (timestamp) { if (ctx->options->ignore_timestamp) { printf("\nTimestamp Server Signature verification is disabled\n"); time = INVALID_TIME; } else { int timeok = verify_timestamp(ctx, p7, timestamp, time); printf("Timestamp Server Signature verification: %s\n", timeok ? "ok" : "failed"); if (!timeok) { time = INVALID_TIME; } } CMS_ContentInfo_free(timestamp); ERR_clear_error(); } else printf("\nTimestamp is not available\n\n"); verok = verify_authenticode(ctx, p7, time, signer); printf("Signature verification: %s\n\n", verok ? "ok" : "failed"); if (!verok) return 1; /* FAILED */ return 0; /* OK */ } /* * [in] ctx: structure holds input and output data * [returns] 1 on error or 0 on success */ static int verify_signed_file(FILE_FORMAT_CTX *ctx, GLOBAL_OPTIONS *options) { int i, ret = 1, verified = 0; PKCS7 *p7; STACK_OF(PKCS7) *signatures = NULL; int detached = options->catalog ? 1 : 0; if (detached) { GLOBAL_OPTIONS *cat_options; FILE_FORMAT_CTX *cat_ctx; if (!ctx->format->is_detaching_supported || !ctx->format->is_detaching_supported()) { printf("This format does not support detached PKCS#7 signature\n"); return 1; /* FAILED */ } printf("Checking the specified catalog file\n\n"); cat_options = OPENSSL_memdup(options, sizeof(GLOBAL_OPTIONS)); if (!cat_options) { printf("OPENSSL_memdup error.\n"); return 1; /* Failed */ } cat_options->infile = options->catalog; cat_options->cmd = CMD_EXTRACT; cat_ctx = file_format_cat.ctx_new(cat_options, NULL, NULL); if (!cat_ctx) { printf("CAT file initialization error\n"); return 1; /* Failed */ } if (!cat_ctx->format->pkcs7_extract) { printf("Unsupported command: extract-signature\n"); return 1; /* FAILED */ } p7 = cat_ctx->format->pkcs7_extract(cat_ctx); cat_ctx->format->ctx_cleanup(cat_ctx); OPENSSL_free(cat_options); } else { if (!ctx->format->pkcs7_extract) { printf("Unsupported command: extract-signature\n"); return 1; /* FAILED */ } p7 = ctx->format->pkcs7_extract(ctx); } if (!p7) { printf("Unable to extract existing signature\n"); return 1; /* FAILED */ } signatures = signature_list_create(p7); if (!signatures) { printf("Failed to create signature list\n\n"); sk_PKCS7_pop_free(signatures, PKCS7_free); return 1; /* FAILED */ } for (i = 0; i < sk_PKCS7_num(signatures); i++) { PKCS7 *sig; if (options->index >= 0 && options->index != i) { printf("Warning: signature verification at index %d was skipped\n", i); continue; } sig = sk_PKCS7_value(signatures, i); if (detached) { if (!verify_content(ctx, sig)) { ret &= verify_signature(ctx, sig); } else { printf("Catalog verification: failed\n\n"); } verified++; } else if (ctx->format->verify_digests) { printf("\nSignature Index: %d %s\n\n", i, i==0 ? " (Primary Signature)" : ""); if (ctx->format->verify_digests(ctx, sig)) { ret &= verify_signature(ctx, sig); } verified++; } else { printf("Unsupported method: verify_digests\n"); return 1; /* FAILED */ } } printf("Number of verified signatures: %d\n", verified); sk_PKCS7_pop_free(signatures, PKCS7_free); if (ret) ERR_print_errors_fp(stdout); return ret; } /* * Insert PKCS#7 signature and its nested signatures to the sorted signature list * [in] p7: PKCS#7 signature * [returns] sorted signature list */ static STACK_OF(PKCS7) *signature_list_create(PKCS7 *p7) { STACK_OF(PKCS7) *signatures = NULL; PKCS7_SIGNER_INFO *si; STACK_OF(X509_ATTRIBUTE) *unauth_attr; STACK_OF(PKCS7_SIGNER_INFO) *signer_info = PKCS7_get_signer_info(p7); if (!signer_info) { printf("Failed to obtain PKCS#7 signer info list\n"); return 0; /* FAILED */ } si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) { printf("Failed to obtain PKCS#7 signer info value\n"); return 0; /* FAILED */ } signatures = sk_PKCS7_new(PKCS7_compare); if (!signatures) { printf("Failed to create new signature list\n"); return 0; /* FAILED */ } /* Unauthenticated attributes */ unauth_attr = PKCS7_get_attributes(si); /* cont[1] */ if (unauth_attr) { /* find Nested Signature - Policy OID: 1.3.6.1.4.1.311.2.4.1 */ int i; for (i=0; ioptions->sigfile); if (!filesize) { return NULL; /* FAILED */ } indata = map_file(ctx->options->sigfile, filesize); if (!indata) { printf("Failed to open file: %s\n", ctx->options->sigfile); return NULL; /* FAILED */ } p7 = pkcs7_read_data(indata, filesize); unmap_file(indata, filesize); return p7; } /* * [in] options: structure holds the input data * [returns] 1 on error or 0 on success */ static int check_attached_data(GLOBAL_OPTIONS *options) { FILE_FORMAT_CTX *ctx; GLOBAL_OPTIONS *tmp_options = NULL; tmp_options = OPENSSL_memdup(options, sizeof(GLOBAL_OPTIONS)); if (!tmp_options) { printf("OPENSSL_memdup error.\n"); return 1; /* Failed */ } tmp_options->infile = options->outfile; tmp_options->cmd = CMD_VERIFY; ctx = file_format_script.ctx_new(tmp_options, NULL, NULL); if (!ctx) ctx = file_format_msi.ctx_new(tmp_options, NULL, NULL); if (!ctx) ctx = file_format_pe.ctx_new(tmp_options, NULL, NULL); if (!ctx) ctx = file_format_cab.ctx_new(tmp_options, NULL, NULL); if (!ctx) ctx = file_format_appx.ctx_new(tmp_options, NULL, NULL); if (!ctx) ctx = file_format_cat.ctx_new(tmp_options, NULL, NULL); if (!ctx) { printf("Corrupt attached signature\n"); OPENSSL_free(tmp_options); return 1; /* Failed */ } if (verify_signed_file(ctx, tmp_options)) { printf("Signature mismatch\n"); ctx->format->ctx_cleanup(ctx); OPENSSL_free(tmp_options); return 1; /* Failed */ } ctx->format->ctx_cleanup(ctx); OPENSSL_free(tmp_options); return 0; /* OK */ } /* * [in, out] options: structure holds the input data * [returns] none */ static void free_options(GLOBAL_OPTIONS *options) { /* If memory has not been allocated nothing is done */ OPENSSL_free(options->cafile); OPENSSL_free(options->tsa_cafile); OPENSSL_free(options->crlfile); OPENSSL_free(options->tsa_crlfile); /* If key is NULL nothing is done */ EVP_PKEY_free(options->pkey); options->pkey = NULL; /* If X509 structure is NULL nothing is done */ X509_free(options->cert); options->cert = NULL; /* Free up all elements of sk structure and sk itself */ sk_X509_pop_free(options->certs, X509_free); options->certs = NULL; sk_X509_pop_free(options->xcerts, X509_free); options->xcerts = NULL; sk_X509_CRL_pop_free(options->crls, X509_CRL_free); options->crls = NULL; } /* * [in] argv0, cmd * [returns] none */ static void usage(const char *argv0, const char *cmd) { const char *cmds_all[] = {"all", NULL}; const char *cmds_sign[] = {"all", "sign", NULL}; const char *cmds_extract_data[] = {"all", "extract-data", NULL}; const char *cmds_add[] = {"all", "add", NULL}; const char *cmds_attach[] = {"all", "attach-signature", NULL}; const char *cmds_extract[] = {"all", "extract-signature", NULL}; const char *cmds_remove[] = {"all", "remove-signature", NULL}; const char *cmds_verify[] = {"all", "verify", NULL}; printf("\nUsage: %s", argv0); if (on_list(cmd, cmds_all)) { printf("\n\n%1s[ --version | -v ]\n", ""); printf("%1s[ --help ]\n\n", ""); } if (on_list(cmd, cmds_sign)) { printf("%1s[ sign ] ( -certs | -spc -key | -pkcs12 |\n", ""); printf("%12s [ -pkcs11engine ] -pkcs11module -pkcs11cert |\n", ""); printf("%12s -certs -key )\n", ""); #if OPENSSL_VERSION_NUMBER>=0x30000000L printf("%12s[ -nolegacy ]\n", ""); #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ printf("%12s[ -pass ", ""); #ifdef PROVIDE_ASKPASS printf("%1s [ -askpass ]", ""); #endif /* PROVIDE_ASKPASS */ printf("%1s[ -readpass ]\n", ""); printf("%12s[ -ac ]\n", ""); printf("%12s[ -h {md5,sha1,sha2(56),sha384,sha512} ]\n", ""); printf("%12s[ -n ] [ -i ] [ -jp ] [ -comm ]\n", ""); printf("%12s[ -ph ]\n", ""); printf("%12s[ -t [ -t ... ] [ -p ] [ -noverifypeer ]\n", ""); printf("%12s[ -ts [ -ts ... ] [ -p ] [ -noverifypeer ] ]\n", ""); printf("%12s[ -TSA-certs ] [ -TSA-key ]\n", ""); printf("%12s[ -TSA-time ]\n", ""); printf("%12s[ -time ]\n", ""); printf("%12s[ -addUnauthenticatedBlob ]\n", ""); printf("%12s[ -nest ]\n", ""); printf("%12s[ -verbose ]\n", ""); printf("%12s[ -add-msi-dse ]\n", ""); printf("%12s[ -pem ]\n", ""); printf("%12s[ -in ] [-out ] \n\n", ""); } if (on_list(cmd, cmds_extract_data)) { printf("%1sextract-data [ -pem ]\n", ""); printf("%12s[ -h {md5,sha1,sha2(56),sha384,sha512} ]\n", ""); printf("%12s[ -ph ]\n", ""); printf("%12s[ -add-msi-dse ]\n", ""); printf("%12s[ -in ] [ -out ] \n\n", ""); } if (on_list(cmd, cmds_add)) { printf("%1sadd [-addUnauthenticatedBlob]\n", ""); printf("%12s[ -t [ -t ... ] [ -p ] [ -noverifypeer ]\n", ""); printf("%12s[ -ts [ -ts ... ] [ -p ] [ -noverifypeer ] ]\n", ""); printf("%12s[ -TSA-certs ] [ -TSA-key ]\n", ""); printf("%12s[ -TSA-time ]\n", ""); printf("%12s[ -h {md5,sha1,sha2(56),sha384,sha512} ]\n", ""); printf("%12s[ -index ]\n", ""); printf("%12s[ -verbose ]\n", ""); printf("%12s[ -add-msi-dse ]\n", ""); printf("%12s[ -in ] [ -out ] \n\n", ""); } if (on_list(cmd, cmds_attach)) { printf("%1sattach-signature [ -sigin ] \n", ""); printf("%12s[ -CAfile ]\n", ""); printf("%12s[ -CRLfile ]\n", ""); printf("%12s[ -TSA-CAfile ]\n", ""); printf("%12s[ -TSA-CRLfile ]\n", ""); printf("%12s[ -time ]\n", ""); printf("%12s[ -h {md5,sha1,sha2(56),sha384,sha512} ]\n", ""); printf("%12s[ -require-leaf-hash {md5,sha1,sha2(56),sha384,sha512}:XXXXXXXXXXXX... ]\n", ""); printf("%12s[ -nest ]\n", ""); printf("%12s[ -add-msi-dse ]\n", ""); printf("%12s[ -in ] [ -out ] \n\n", ""); } if (on_list(cmd, cmds_extract)) { printf("%1sextract-signature [ -pem ]\n", ""); printf("%12s[ -in ] [ -out ] \n\n", ""); } if (on_list(cmd, cmds_remove)) printf("%1sremove-signature [ -in ] [ -out ] \n\n", ""); if (on_list(cmd, cmds_verify)) { printf("%1sverify [ -in ] \n", ""); printf("%12s[ -c | -catalog ]\n", ""); printf("%12s[ -CAfile ]\n", ""); printf("%12s[ -CRLfile ]\n", ""); printf("%12s[ -TSA-CAfile ]\n", ""); printf("%12s[ -TSA-CRLfile ]\n", ""); printf("%12s[ -p ]\n", ""); printf("%12s[ -index ]\n", ""); printf("%12s[ -ignore-timestamp ]\n", ""); printf("%12s[ -ignore-cdp ]\n", ""); printf("%12s[ -time ]\n", ""); printf("%12s[ -require-leaf-hash {md5,sha1,sha2(56),sha384,sha512}:XXXXXXXXXXXX... ]\n", ""); printf("%12s[ -verbose ]\n\n", ""); } } /* * [in] argv0, cmd * [returns] none */ static void help_for(const char *argv0, const char *cmd) { const char *cmds_all[] = {"all", NULL}; const char *cmds_add[] = {"add", NULL}; const char *cmds_attach[] = {"attach-signature", NULL}; const char *cmds_extract[] = {"extract-signature", NULL}; const char *cmds_remove[] = {"remove-signature", NULL}; const char *cmds_sign[] = {"sign", NULL}; const char *cmds_extract_data[] = {"extract-data", NULL}; const char *cmds_verify[] = {"verify", NULL}; const char *cmds_ac[] = {"sign", NULL}; const char *cmds_add_msi_dse[] = {"add", "attach-signature", "sign", "extract-data", NULL}; const char *cmds_addUnauthenticatedBlob[] = {"sign", "add", NULL}; #ifdef PROVIDE_ASKPASS const char *cmds_askpass[] = {"sign", NULL}; #endif /* PROVIDE_ASKPASS */ const char *cmds_CAfile[] = {"attach-signature", "verify", NULL}; const char *cmds_catalog[] = {"verify", NULL}; const char *cmds_certs[] = {"sign", NULL}; const char *cmds_comm[] = {"sign", NULL}; const char *cmds_CRLfile[] = {"attach-signature", "verify", NULL}; const char *cmds_CRLfileTSA[] = {"attach-signature", "verify", NULL}; const char *cmds_h[] = {"add", "attach-signature", "sign", "extract-data", NULL}; const char *cmds_i[] = {"sign", NULL}; const char *cmds_in[] = {"add", "attach-signature", "extract-signature", "remove-signature", "sign", "extract-data", "verify", NULL}; const char *cmds_index[] = {"add", "verify", NULL}; const char *cmds_jp[] = {"sign", NULL}; const char *cmds_key[] = {"sign", NULL}; #if OPENSSL_VERSION_NUMBER>=0x30000000L const char *cmds_nolegacy[] = {"sign", NULL}; #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ const char *cmds_n[] = {"sign", NULL}; const char *cmds_nest[] = {"attach-signature", "sign", NULL}; const char *cmds_noverifypeer[] = {"add", "sign", NULL}; const char *cmds_out[] = {"add", "attach-signature", "extract-signature", "remove-signature", "sign", "extract-data", NULL}; const char *cmds_p[] = {"add", "sign", "verify", NULL}; const char *cmds_pass[] = {"sign", NULL}; const char *cmds_pem[] = {"sign", "extract-data", "extract-signature", NULL}; const char *cmds_ph[] = {"sign", "extract-data", NULL}; const char *cmds_pkcs11cert[] = {"sign", NULL}; const char *cmds_pkcs11engine[] = {"sign", NULL}; const char *cmds_pkcs11module[] = {"sign", NULL}; const char *cmds_pkcs12[] = {"sign", NULL}; const char *cmds_readpass[] = {"sign", NULL}; const char *cmds_require_leaf_hash[] = {"attach-signature", "verify", NULL}; const char *cmds_sigin[] = {"attach-signature", NULL}; const char *cmds_time[] = {"attach-signature", "sign", "verify", NULL}; const char *cmds_ignore_timestamp[] = {"verify", NULL}; const char *cmds_ignore_cdp[] = {"verify", NULL}; const char *cmds_t[] = {"add", "sign", NULL}; const char *cmds_ts[] = {"add", "sign", NULL}; const char *cmds_CAfileTSA[] = {"attach-signature", "verify", NULL}; const char *cmds_certsTSA[] = {"add", "sign", NULL}; const char *cmds_keyTSA[] = {"add", "sign", NULL}; const char *cmds_timeTSA[] = {"add", "sign", NULL}; const char *cmds_verbose[] = {"add", "sign", "verify", NULL}; if (on_list(cmd, cmds_all)) { printf("osslsigncode is a small tool that implements part of the functionality of the Microsoft\n"); printf("tool signtool.exe - more exactly the Authenticode signing and timestamping.\n"); printf("It can sign and timestamp PE (EXE/SYS/DLL/etc), CAB and MSI files,\n"); printf("supports getting the timestamp through a proxy as well.\n"); printf("osslsigncode also supports signature verification, removal and extraction.\n\n"); printf("%-22s = print osslsigncode version and usage\n", "--version | -v"); printf("%-22s = print osslsigncode help menu\n\n", "--help"); printf("Commands:\n"); printf("%-22s = add an unauthenticated blob or a timestamp to a previously-signed file\n", "add"); printf("%-22s = sign file using a given signature\n", "attach-signature"); printf("%-22s = extract signature from a previously-signed file\n", "extract-signature"); printf("%-22s = remove sections of the embedded signature on a file\n", "remove-signature"); printf("%-22s = digitally sign a file\n", "sign"); printf("%-22s = verifies the digital signature of a file\n\n", "verify"); printf("For help on a specific command, enter %s --help\n", argv0); } if (on_list(cmd, cmds_add)) { printf("\nUse the \"add\" command to add an unauthenticated blob or a timestamp to a previously-signed file.\n\n"); printf("Options:\n"); } if (on_list(cmd, cmds_attach)) { printf("\nUse the \"attach-signature\" command to attach the signature stored in the \"sigin\" file.\n"); printf("In order to verify this signature you should specify how to find needed CA or TSA\n"); printf("certificates, if appropriate.\n\n"); printf("Options:\n"); } if (on_list(cmd, cmds_extract)) { printf("\nUse the \"extract-signature\" command to extract the embedded signature from a previously-signed file.\n"); printf("DER is the default format of the output file, but can be changed to PEM.\n\n"); printf("Options:\n"); } if (on_list(cmd, cmds_remove)) { printf("\nUse the \"remove-signature\" command to remove sections of the embedded signature on a file.\n\n"); printf("Options:\n"); } if (on_list(cmd, cmds_sign)) { printf("\nUse the \"sign\" command to sign files using embedded signatures.\n"); printf("Signing protects a file from tampering, and allows users to verify the signer\n"); printf("based on a signing certificate. The options below allow you to specify signing\n"); printf("parameters and to select the signing certificate you wish to use.\n\n"); printf("Options:\n"); } if (on_list(cmd, cmds_extract_data)) { printf("\nUse the \"extract-data\" command to extract a data content to be signed.\n\n"); printf("Options:\n"); } if (on_list(cmd, cmds_verify)) { printf("\nUse the \"verify\" command to verify embedded signatures.\n"); printf("Verification determines if the signing certificate was issued by a trusted party,\n"); printf("whether that certificate has been revoked, and whether the certificate is valid\n"); printf("under a specific policy. Options allow you to specify requirements that must be met\n"); printf("and to specify how to find needed CA or TSA certificates, if appropriate.\n\n"); printf("Options:\n"); } if (on_list(cmd, cmds_ac)) printf("%-24s= additional certificates to be added to the signature block\n", "-ac"); if (on_list(cmd, cmds_add_msi_dse)) printf("%-24s= sign a MSI file with the add-msi-dse option\n", "-add-msi-dse"); if (on_list(cmd, cmds_addUnauthenticatedBlob)) printf("%-24s= add an unauthenticated blob to the PE/MSI file\n", "-addUnauthenticatedBlob"); #ifdef PROVIDE_ASKPASS if (on_list(cmd, cmds_askpass)) printf("%-24s= ask for the private key password\n", "-askpass"); #endif /* PROVIDE_ASKPASS */ if (on_list(cmd, cmds_catalog)) printf("%-24s= specifies the catalog file by name\n", "-c, -catalog"); if (on_list(cmd, cmds_CAfile)) printf("%-24s= the file containing one or more trusted certificates in PEM format\n", "-CAfile"); if (on_list(cmd, cmds_certs)) printf("%-24s= the signing certificate to use\n", "-certs, -spc"); if (on_list(cmd, cmds_comm)) printf("%-24s= set commercial purpose (default: individual purpose)\n", "-comm"); if (on_list(cmd, cmds_CRLfile)) printf("%-24s= the file containing one or more CRLs in PEM format\n", "-CRLfile"); if (on_list(cmd, cmds_h)) { printf("%-24s= {md5|sha1|sha2(56)|sha384|sha512}\n", "-h"); printf("%26sset of cryptographic hash functions\n", ""); } if (on_list(cmd, cmds_i)) printf("%-24s= specifies a URL for expanded description of the signed content\n", "-i"); if (on_list(cmd, cmds_in)) printf("%-24s= input file\n", "-in"); if (on_list(cmd, cmds_index)) printf("%-24s= use the signature at a certain position\n", "-index"); if (on_list(cmd, cmds_jp)) { printf("%-24s= low | medium | high\n", "-jp"); printf("%26slevels of permissions in Microsoft Internet Explorer 4.x for CAB files\n", ""); printf("%26sonly \"low\" level is now supported\n", ""); } #if OPENSSL_VERSION_NUMBER>=0x30000000L if (on_list(cmd, cmds_nolegacy)) printf("%-24s= disable legacy mode and don't automatically load the legacy provider\n", "-nolegacy"); #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ if (on_list(cmd, cmds_key)) printf("%-24s= the private key to use or PKCS#11 URI identifies a key in the token\n", "-key"); if (on_list(cmd, cmds_n)) printf("%-24s= specifies a description of the signed content\n", "-n"); if (on_list(cmd, cmds_nest)) printf("%-24s= add the new nested signature instead of replacing the first one\n", "-nest"); if (on_list(cmd, cmds_noverifypeer)) printf("%-24s= do not verify the Time-Stamp Authority's SSL certificate\n", "-noverifypeer"); if (on_list(cmd, cmds_out)) printf("%-24s= output file\n", "-out"); if (on_list(cmd, cmds_p)) printf("%-24s= proxy to connect to the desired Time-Stamp Authority server or CRL distribution point\n", "-p"); if (on_list(cmd, cmds_pass)) printf("%-24s= the private key password\n", "-pass"); if (on_list(cmd, cmds_pem)) printf("%-24s= PKCS#7 output data format PEM to use (default: DER)\n", "-pem"); if (on_list(cmd, cmds_ph)) printf("%-24s= generate page hashes for executable files\n", "-ph"); if (on_list(cmd, cmds_pkcs11cert)) printf("%-24s= PKCS#11 URI identifies a certificate in the token\n", "-pkcs11cert"); if (on_list(cmd, cmds_pkcs11engine)) printf("%-24s= PKCS#11 engine\n", "-pkcs11engine"); if (on_list(cmd, cmds_pkcs11module)) printf("%-24s= PKCS#11 module\n", "-pkcs11module"); if (on_list(cmd, cmds_pkcs12)) printf("%-24s= PKCS#12 container with the certificate and the private key\n", "-pkcs12"); if (on_list(cmd, cmds_readpass)) printf("%-24s= the private key password source\n", "-readpass"); if (on_list(cmd, cmds_require_leaf_hash)) { printf("%-24s= {md5|sha1|sha2(56)|sha384|sha512}:XXXXXXXXXXXX...\n", "-require-leaf-hash"); printf("%26sspecifies an optional hash algorithm to use when computing\n", ""); printf("%26sthe leaf certificate (in DER form) hash and compares\n", ""); printf("%26sthe provided hash against the computed hash\n", ""); } if (on_list(cmd, cmds_sigin)) printf("%-24s= a file containing the signature to be attached\n", "-sigin"); if (on_list(cmd, cmds_ignore_timestamp)) printf("%-24s= disable verification of the Timestamp Server signature\n", "-ignore-timestamp"); if (on_list(cmd, cmds_ignore_cdp)) printf("%-24s= disable CRL Distribution Points online verification\n", "-ignore-cdp"); if (on_list(cmd, cmds_t)) { printf("%-24s= specifies that the digital signature will be timestamped\n", "-t"); printf("%26sby the Time-Stamp Authority (TSA) indicated by the URL\n", ""); printf("%26sthis option cannot be used with the -ts option\n", ""); } if (on_list(cmd, cmds_ts)) { printf("%-24s= specifies the URL of the RFC 3161 Time-Stamp Authority server\n", "-ts"); printf("%26sthis option cannot be used with the -t option\n", ""); } if (on_list(cmd, cmds_time)) printf("%-24s= the unix-time to set the signing and/or verifying time\n", "-time"); if (on_list(cmd, cmds_CAfileTSA)) printf("%-24s= the file containing one or more Time-Stamp Authority certificates in PEM format\n", "-TSA-CAfile"); if (on_list(cmd, cmds_CRLfileTSA)) printf("%-24s= the file containing one or more Time-Stamp Authority CRLs in PEM format\n", "-TSA-CRLfile"); if (on_list(cmd, cmds_certsTSA)) printf("%-24s= built-in Time-Stamp Authority signing certificate\n", "-TSA-certs"); if (on_list(cmd, cmds_keyTSA)) printf("%-24s= built-in Time-Stamp Authority private key or PKCS#11 URI identifies a key in the token\n", "-TSA-key"); if (on_list(cmd, cmds_timeTSA)) printf("%-24s= the unix-time to set the built-in Time-Stamp Authority signing\n", "-TSA-time"); if (on_list(cmd, cmds_verbose)) printf("%-24s= include additional output in the log\n", "-verbose"); usage(argv0, cmd); } #ifdef PROVIDE_ASKPASS /* * [in] prompt: "Password: " * [returns] password */ static char *getpassword(const char *prompt) { #ifdef HAVE_TERMIOS_H struct termios ofl, nfl; char *p, passbuf[1024], *pass; fputs(prompt, stdout); tcgetattr(fileno(stdin), &ofl); nfl = ofl; nfl.c_lflag &= ~(unsigned int)ECHO; nfl.c_lflag |= ECHONL; if (tcsetattr(fileno(stdin), TCSANOW, &nfl) != 0) { printf("Failed to set terminal attributes\n"); return NULL; } p = fgets(passbuf, sizeof passbuf, stdin); if (tcsetattr(fileno(stdin), TCSANOW, &ofl) != 0) printf("Failed to restore terminal attributes\n"); if (!p) { printf("Failed to read password\n"); return NULL; } passbuf[strlen(passbuf)-1] = 0x00; pass = OPENSSL_strdup(passbuf); memset(passbuf, 0, sizeof passbuf); return pass; #else /* HAVE_TERMIOS_H */ return getpass(prompt); #endif /* HAVE_TERMIOS_H */ } #endif /* PROVIDE_ASKPASS */ /* * [in, out] options: structure holds the input data * [returns] 0 on error or 1 on success */ static int read_password(GLOBAL_OPTIONS *options) { char passbuf[4096]; int passlen; const u_char utf8_bom[] = {0xef, 0xbb, 0xbf}; if (options->readpass) { #ifdef WIN32 HANDLE fhandle, fmap; LPVOID faddress; fhandle = CreateFile(options->readpass, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL); if (fhandle == INVALID_HANDLE_VALUE) { return 0; /* FAILED */ } fmap = CreateFileMapping(fhandle, NULL, PAGE_READONLY, 0, 0, NULL); if (fmap == NULL) { return 0; /* FAILED */ } faddress = MapViewOfFile(fmap, FILE_MAP_READ, 0, 0, 0); CloseHandle(fmap); if (faddress == NULL) { return 0; /* FAILED */ } passlen = (int)GetFileSize(fhandle, NULL); memcpy(passbuf, faddress, passlen); UnmapViewOfFile(faddress); CloseHandle(fhandle); #else /* WIN32 */ int passfd = open(options->readpass, O_RDONLY); if (passfd < 0) { return 0; /* FAILED */ } passlen = (int)read(passfd, passbuf, sizeof passbuf - 1); close(passfd); #endif /* WIN32 */ if (passlen <= 0) { return 0; /* FAILED */ } while (passlen > 0 && (passbuf[passlen-1] == 0x0a || passbuf[passlen-1] == 0x0d)) { passlen--; } passbuf[passlen] = 0x00; if (!memcmp(passbuf, utf8_bom, sizeof utf8_bom)) { options->pass = OPENSSL_strdup(passbuf + sizeof utf8_bom); } else { options->pass = OPENSSL_strdup(passbuf); } memset(passbuf, 0, sizeof passbuf); #ifdef PROVIDE_ASKPASS } else if (options->askpass) { options->pass = getpassword("Password: "); #endif /* PROVIDE_ASKPASS */ } return 1; /* OK */ } /* * Parse a PKCS#12 container with certificates and a private key. * If successful the private key will be written to options->pkey, * the corresponding certificate to options->cert * and any additional certificates to options->certs. * [in, out] options: structure holds the input data * [returns] 0 on error or 1 on success */ static int read_pkcs12file(GLOBAL_OPTIONS *options) { BIO *btmp; PKCS12 *p12; int ret = 0; btmp = BIO_new_file(options->pkcs12file, "rb"); if (!btmp) { printf("Failed to read PKCS#12 file: %s\n", options->pkcs12file); return 0; /* FAILED */ } p12 = d2i_PKCS12_bio(btmp, NULL); if (!p12) { printf("Failed to extract PKCS#12 data: %s\n", options->pkcs12file); goto out; /* FAILED */ } if (!PKCS12_parse(p12, options->pass ? options->pass : "", &options->pkey, &options->cert, &options->certs)) { printf("Failed to parse PKCS#12 file: %s (Wrong password?)\n", options->pkcs12file); PKCS12_free(p12); goto out; /* FAILED */ } PKCS12_free(p12); ret = 1; /* OK */ out: BIO_free(btmp); return ret; } /* * Obtain a copy of the whole X509_CRL chain * [in] chain: STACK_OF(X509_CRL) structure * [returns] pointer to STACK_OF(X509_CRL) structure */ static STACK_OF(X509_CRL) *X509_CRL_chain_up_ref(STACK_OF(X509_CRL) *chain) { STACK_OF(X509_CRL) *ret; int i; ret = sk_X509_CRL_dup(chain); if (ret == NULL) return NULL; for (i = 0; i < sk_X509_CRL_num(ret); i++) { X509_CRL *x = sk_X509_CRL_value(ret, i); if (!X509_CRL_up_ref(x)) goto err; } return ret; err: while (i-- > 0) X509_CRL_free(sk_X509_CRL_value(ret, i)); sk_X509_CRL_free(ret); return NULL; } /* * Load certificates from a file. * If successful all certificates will be written to options->certs * and optional CRLs will be written to options->crls. * [in, out] options: structure holds the input data * [returns] 0 on error or 1 on success */ static int read_certfile(GLOBAL_OPTIONS *options) { BIO *btmp; int ret = 0; btmp = BIO_new_file(options->certfile, "rb"); if (!btmp) { printf("Failed to read certificate file: %s\n", options->certfile); return 0; /* FAILED */ } /* .pem certificate file */ options->certs = X509_chain_read_certs(btmp, NULL); /* .der certificate file */ if (!options->certs) { X509 *x = NULL; (void)BIO_seek(btmp, 0); if (d2i_X509_bio(btmp, &x)) { options->certs = sk_X509_new_null(); if (!sk_X509_push(options->certs, x)) { X509_free(x); goto out; /* FAILED */ } printf("Warning: The certificate file contains a single x509 certificate\n"); } } /* .spc or .p7b certificate file (PKCS#7 structure) */ if (!options->certs) { PKCS7 *p7; (void)BIO_seek(btmp, 0); p7 = d2i_PKCS7_bio(btmp, NULL); if (!p7) goto out; /* FAILED */ options->certs = X509_chain_up_ref(p7->d.sign->cert); /* additional CRLs may be supplied as part of a PKCS#7 signed data structure */ if (p7->d.sign->crl) options->crls = X509_CRL_chain_up_ref(p7->d.sign->crl); PKCS7_free(p7); } ret = 1; /* OK */ out: if (ret == 0) printf("No certificate found\n"); BIO_free(btmp); return ret; } /* * Load additional (cross) certificates from a .pem file * [in, out] options: structure holds the input data * [returns] 0 on error or 1 on success */ static int read_xcertfile(GLOBAL_OPTIONS *options) { BIO *btmp; int ret = 0; btmp = BIO_new_file(options->xcertfile, "rb"); if (!btmp) { printf("Failed to read cross certificates file: %s\n", options->xcertfile); return 0; /* FAILED */ } options->xcerts = X509_chain_read_certs(btmp, NULL); if (!options->xcerts) { printf("Failed to read cross certificates file: %s\n", options->xcertfile); goto out; /* FAILED */ } ret = 1; /* OK */ out: BIO_free(btmp); return ret; } /* * Load the private key from a file * [in, out] options: structure holds the input data * [returns] 0 on error or 1 on success */ static int read_keyfile(GLOBAL_OPTIONS *options) { BIO *btmp; int ret = 0; btmp = BIO_new_file(options->keyfile, "rb"); if (!btmp) { printf("Failed to read private key file: %s\n", options->keyfile); return 0; /* FAILED */ } if (((options->pkey = d2i_PrivateKey_bio(btmp, NULL)) == NULL && (BIO_seek(btmp, 0) == 0) && (options->pkey = PEM_read_bio_PrivateKey(btmp, NULL, NULL, options->pass ? options->pass : NULL)) == NULL && (BIO_seek(btmp, 0) == 0) && (options->pkey = PEM_read_bio_PrivateKey(btmp, NULL, NULL, NULL)) == NULL)) { printf("Failed to decode private key file: %s (Wrong password?)\n", options->keyfile); goto out; /* FAILED */ } ret = 1; /* OK */ out: BIO_free(btmp); return ret; } /* * Decode Microsoft Private Key (PVK) file. * PVK is a proprietary Microsoft format that stores a cryptographic private key. * PVK files are often password-protected. * A PVK file may have an associated .spc (PKCS7) certificate file. * [in, out] options: structure holds the input data * [returns] PVK file */ static char *find_pvk_key(GLOBAL_OPTIONS *options) { u_char magic[4]; /* Microsoft Private Key format Header Hexdump */ const u_char pvkhdr[4] = {0x1e, 0xf1, 0xb5, 0xb0}; char *pvkfile = NULL; BIO *btmp; if (!options->keyfile #ifndef OPENSSL_NO_ENGINE || options->p11module #endif /* OPENSSL_NO_ENGINE */ ) return NULL; /* FAILED */ btmp = BIO_new_file(options->keyfile, "rb"); if (!btmp) return NULL; /* FAILED */ magic[0] = 0x00; BIO_read(btmp, magic, 4); if (!memcmp(magic, pvkhdr, 4)) { pvkfile = options->keyfile; options->keyfile = NULL; } BIO_free(btmp); return pvkfile; } /* * [in, out] options: structure holds the input data * [returns] 0 on error or 1 on success */ static int read_pvk_key(GLOBAL_OPTIONS *options) { BIO *btmp; btmp = BIO_new_file(options->pvkfile, "rb"); if (!btmp) { printf("Failed to read private key file: %s\n", options->pvkfile); return 0; /* FAILED */ } options->pkey = b2i_PVK_bio(btmp, NULL, options->pass ? options->pass : NULL); if (!options->pkey && options->askpass) { (void)BIO_seek(btmp, 0); options->pkey = b2i_PVK_bio(btmp, NULL, NULL); } BIO_free(btmp); if (!options->pkey) { printf("Failed to decode private key file: %s\n", options->pvkfile); return 0; /* FAILED */ } return 1; /* OK */ } #ifndef OPENSSL_NO_ENGINE /* * Load an engine in a shareable library * [in] options: structure holds the input data * [returns] pointer to ENGINE */ static ENGINE *engine_dynamic(GLOBAL_OPTIONS *options) { ENGINE *engine; char *id; engine = ENGINE_by_id("dynamic"); if (!engine) { printf("Failed to load 'dynamic' engine\n"); return NULL; /* FAILED */ } if (options->p11engine) { /* strip directory and extension */ char *ptr; ptr = strrchr(options->p11engine, '/'); if (!ptr) /* no slash -> try backslash */ ptr = strrchr(options->p11engine, '\\'); if (ptr) /* directory separator found */ ptr++; /* skip it */ else /* directory separator not found */ ptr = options->p11engine; id = OPENSSL_strdup(ptr); ptr = strchr(id, '.'); if (ptr) /* file extensions found */ *ptr = '\0'; /* remove them */ } else { id = OPENSSL_strdup("pkcs11"); } if (!ENGINE_ctrl_cmd_string(engine, "SO_PATH", options->p11engine, 0) || !ENGINE_ctrl_cmd_string(engine, "ID", id, 0) || !ENGINE_ctrl_cmd_string(engine, "LIST_ADD", "1", 0) || !ENGINE_ctrl_cmd_string(engine, "LOAD", NULL, 0)) { printf("Failed to set 'dynamic' engine\n"); ENGINE_free(engine); engine = NULL; /* FAILED */ } OPENSSL_free(id); return engine; } /* * Load a pkcs11 engine * [in] none * [returns] pointer to ENGINE */ static ENGINE *engine_pkcs11(void) { ENGINE *engine = ENGINE_by_id("pkcs11"); if (!engine) { printf("Failed to find and load 'pkcs11' engine\n"); return NULL; /* FAILED */ } return engine; /* OK */ } /* * Load the private key and the signer certificate from a security token * [in, out] options: structure holds the input data * [in] engine: ENGINE structure * [returns] 0 on error or 1 on success */ static int read_token(GLOBAL_OPTIONS *options, ENGINE *engine) { if (options->p11module && !ENGINE_ctrl_cmd_string(engine, "MODULE_PATH", options->p11module, 0)) { printf("Failed to set pkcs11 engine MODULE_PATH to '%s'\n", options->p11module); ENGINE_free(engine); return 0; /* FAILED */ } if (options->pass != NULL && !ENGINE_ctrl_cmd_string(engine, "PIN", options->pass, 0)) { printf("Failed to set pkcs11 PIN\n"); ENGINE_free(engine); return 0; /* FAILED */ } if (!ENGINE_init(engine)) { printf("Failed to initialize pkcs11 engine\n"); ENGINE_free(engine); return 0; /* FAILED */ } /* * ENGINE_init() returned a functional reference, so free the structural * reference from ENGINE_by_id(). */ ENGINE_free(engine); if (options->p11cert) { struct { const char *id; X509 *cert; } parms; parms.id = options->p11cert; parms.cert = NULL; ENGINE_ctrl_cmd(engine, "LOAD_CERT_CTRL", 0, &parms, NULL, 1); if (!parms.cert) { printf("Failed to load certificate %s\n", options->p11cert); ENGINE_finish(engine); return 0; /* FAILED */ } else options->cert = parms.cert; } options->pkey = ENGINE_load_private_key(engine, options->keyfile, NULL, NULL); /* Free the functional reference from ENGINE_init */ ENGINE_finish(engine); if (!options->pkey) { printf("Failed to load private key %s\n", options->keyfile); return 0; /* FAILED */ } return 1; /* OK */ } #endif /* OPENSSL_NO_ENGINE */ /* * [in, out] options: structure holds the input data * [returns] 0 on error or 1 on success */ static int read_crypto_params(GLOBAL_OPTIONS *options) { int ret = 0; /* Microsoft Private Key format support */ options->pvkfile = find_pvk_key(options); if (options->pvkfile) { if (!read_certfile(options) || !read_pvk_key(options)) goto out; /* FAILED */ /* PKCS#12 container with certificates and the private key ("-pkcs12" option) */ } else if (options->pkcs12file) { if (!read_pkcs12file(options)) goto out; /* FAILED */ #ifndef OPENSSL_NO_ENGINE /* PKCS11 engine and module support */ } else if ((options->p11engine) || (options->p11module)) { ENGINE *engine; if (options->p11engine) engine = engine_dynamic(options); else engine = engine_pkcs11(); if (!engine) goto out; /* FAILED */ printf("Engine \"%s\" set.\n", ENGINE_get_id(engine)); /* Load the private key and the signer certificate from the security token */ if (!read_token(options, engine)) goto out; /* FAILED */ /* Load the signer certificate and the whole certificate chain from a file */ if (options->certfile && !read_certfile(options)) goto out; /* FAILED */ /* PEM / DER / SPC file format support */ } else if (!read_certfile(options) || !read_keyfile(options)) goto out; /* FAILED */ #endif /* OPENSSL_NO_ENGINE */ /* Load additional (cross) certificates ("-ac" option) */ if (options->xcertfile && !read_xcertfile(options)) goto out; /* FAILED */ ret = 1; /* OK */ out: /* reset password */ if (options->pass) { memset(options->pass, 0, strlen(options->pass)); OPENSSL_free(options->pass); } return ret; } /* * [in] none * [returns] default CAfile */ static char *get_cafile(void) { #ifndef WIN32 const char *files[] = { "/etc/ssl/certs/ca-certificates.crt", "/etc/pki/tls/certs/ca-bundle.crt", "/usr/share/ssl/certs/ca-bundle.crt", "/usr/local/share/certs/ca-root-nss.crt", "/etc/ssl/cert.pem", NULL }; int i; for (i=0; files[i]; i++) { if (!access(files[i], R_OK)) { return OPENSSL_strdup(files[i]); } } #endif /* WIN32 */ return NULL; } static void print_version(void) { char *cafile = get_cafile(); #ifdef PACKAGE_STRING printf("%s, using:\n", PACKAGE_STRING); #else /* PACKAGE_STRING */ printf("%s, using:\n", "osslsigncode custom build"); #endif /* PACKAGE_STRING */ printf("\t%s (Library: %s)\n", OPENSSL_VERSION_TEXT, OpenSSL_version(OPENSSL_VERSION)); #ifdef ENABLE_CURL printf("\t%s\n", curl_version()); #else /* ENABLE_CURL */ printf("\t%s\n", "no libcurl available"); #endif /* ENABLE_CURL */ if (cafile) { printf("Default -CAfile location: %s\n", cafile); OPENSSL_free(cafile); } else { printf("No default -CAfile location detected\n"); } #ifdef PACKAGE_BUGREPORT printf("\nPlease send bug-reports to " PACKAGE_BUGREPORT "\n"); #endif /* PACKAGE_BUGREPORT */ printf("\n"); } /* * [in] argv * [returns] cmd_type_t: command */ static cmd_type_t get_command(char **argv) { if (!strcmp(argv[1], "--help")) { print_version(); help_for(argv[0], "all"); return CMD_HELP; } else if (!strcmp(argv[1], "-v") || !strcmp(argv[1], "--version")) { print_version(); return CMD_HELP; } else if (!strcmp(argv[1], "sign")) return CMD_SIGN; else if (!strcmp(argv[1], "extract-data")) return CMD_EXTRACT_DATA; else if (!strcmp(argv[1], "extract-signature")) return CMD_EXTRACT; else if (!strcmp(argv[1], "attach-signature")) return CMD_ATTACH; else if (!strcmp(argv[1], "remove-signature")) return CMD_REMOVE; else if (!strcmp(argv[1], "verify")) return CMD_VERIFY; else if (!strcmp(argv[1], "add")) return CMD_ADD; return CMD_DEFAULT; } #if OPENSSL_VERSION_NUMBER>=0x30000000L DEFINE_STACK_OF(OSSL_PROVIDER) static STACK_OF(OSSL_PROVIDER) *providers = NULL; static void provider_free(OSSL_PROVIDER *prov) { OSSL_PROVIDER_unload(prov); } static void providers_cleanup(void) { sk_OSSL_PROVIDER_pop_free(providers, provider_free); providers = NULL; } static int provider_load(OSSL_LIB_CTX *libctx, const char *pname) { OSSL_PROVIDER *prov= OSSL_PROVIDER_load(libctx, pname); if (prov == NULL) { printf("Unable to load provider: %s\n", pname); return 0; /* FAILED */ } if (providers == NULL) { providers = sk_OSSL_PROVIDER_new_null(); } if (providers == NULL || !sk_OSSL_PROVIDER_push(providers, prov)) { providers_cleanup(); return 0; /* FAILED */ } return 1; /* OK */ } static int use_legacy(void) { /* load the legacy provider if not loaded already */ if (!OSSL_PROVIDER_available(NULL, "legacy")) { if (!provider_load(NULL, "legacy")) return 0; /* FAILED */ /* load the default provider explicitly */ if (!provider_load(NULL, "default")) return 0; /* FAILED */ } return 1; /* OK */ } #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ static int file_exists(const char *filename) { if (filename) { FILE *file = fopen(filename, "rb"); if (file) { fclose(file); return 1; /* File exists */ } } return 0; /* File does not exist */ } /* * [in] argc, argv * [in, out] options: structure holds the input data * [returns] 0 on error or 1 on success */ static int main_configure(int argc, char **argv, GLOBAL_OPTIONS *options) { int i; char *failarg = NULL; const char *argv0; cmd_type_t cmd = CMD_SIGN; argv0 = argv[0]; if (argc > 1) { cmd = get_command(argv); if (cmd == CMD_DEFAULT) { cmd = CMD_SIGN; } else { argv++; argc--; } } options->cmd = cmd; options->md = EVP_sha256(); options->time = INVALID_TIME; options->jp = -1; options->index = -1; options->nested_number = -1; #if OPENSSL_VERSION_NUMBER>=0x30000000L /* Use legacy PKCS#12 container with RC2-40-CBC private key and certificate encryption algorithm */ options->legacy = 1; #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ if (cmd == CMD_HELP) { return 0; /* FAILED */ } if (cmd == CMD_VERIFY || cmd == CMD_ATTACH) { options->cafile = get_cafile(); options->tsa_cafile = get_cafile(); } for (argc--,argv++; argc >= 1; argc--,argv++) { if (!strcmp(*argv, "-in")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->infile = *(++argv); } else if (!strcmp(*argv, "-out")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->outfile = *(++argv); } else if (!strcmp(*argv, "-sigin")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->sigfile = *(++argv); } else if ((cmd == CMD_SIGN) && (!strcmp(*argv, "-spc") || !strcmp(*argv, "-certs"))) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->certfile = *(++argv); } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-ac")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->xcertfile = *(++argv); } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-key")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->keyfile = *(++argv); } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-pkcs12")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->pkcs12file = *(++argv); } else if ((cmd == CMD_SIGN || cmd == CMD_EXTRACT || cmd == CMD_EXTRACT_DATA) && !strcmp(*argv, "-pem")) { options->output_pkcs7 = 1; #ifndef OPENSSL_NO_ENGINE } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-pkcs11cert")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->p11cert = *(++argv); } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-pkcs11engine")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->p11engine = *(++argv); } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-pkcs11module")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->p11module = *(++argv); #endif /* OPENSSL_NO_ENGINE */ #if OPENSSL_VERSION_NUMBER>=0x30000000L } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-nolegacy")) { options->legacy = 0; #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-pass")) { if (options->askpass || options->readpass) { usage(argv0, "all"); return 0; /* FAILED */ } if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->pass = OPENSSL_strdup(*(++argv)); memset(*argv, 0, strlen(*argv)); #ifdef PROVIDE_ASKPASS } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-askpass")) { if (options->pass || options->readpass) { usage(argv0, "all"); return 0; /* FAILED */ } options->askpass = 1; #endif /* PROVIDE_ASKPASS */ } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-readpass")) { if (options->askpass || options->pass) { usage(argv0, "all"); return 0; /* FAILED */ } if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->readpass = *(++argv); } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-comm")) { options->comm = 1; } else if ((cmd == CMD_SIGN || cmd == CMD_EXTRACT_DATA) && !strcmp(*argv, "-ph")) { options->pagehash = 1; } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-n")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->desc = *(++argv); } else if ((cmd == CMD_SIGN || cmd == CMD_ADD || cmd == CMD_ATTACH || cmd == CMD_EXTRACT_DATA) && !strcmp(*argv, "-h")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } ++argv; if (!strcmp(*argv, "md5")) { options->md = EVP_md5(); } else if (!strcmp(*argv, "sha1")) { options->md = EVP_sha1(); } else if (!strcmp(*argv, "sha2") || !strcmp(*argv, "sha256")) { options->md = EVP_sha256(); } else if (!strcmp(*argv, "sha384")) { options->md = EVP_sha384(); } else if (!strcmp(*argv, "sha512")) { options->md = EVP_sha512(); } else { usage(argv0, "all"); return 0; /* FAILED */ } } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-i")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->url = *(++argv); } else if ((cmd == CMD_ATTACH || cmd == CMD_SIGN || cmd == CMD_VERIFY) && (!strcmp(*argv, "-time") || !strcmp(*argv, "-st"))) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->time = (time_t)strtoull(*(++argv), NULL, 10); } else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-t")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->turl[options->nturl++] = *(++argv); } else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-ts")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->tsurl[options->ntsurl++] = *(++argv); } else if ((cmd == CMD_SIGN || cmd == CMD_ADD || cmd == CMD_VERIFY) && !strcmp(*argv, "-p")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->proxy = *(++argv); } else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-noverifypeer")) { options->noverifypeer = 1; } else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-addUnauthenticatedBlob")) { options->addBlob = 1; } else if ((cmd == CMD_SIGN || cmd == CMD_ATTACH) && !strcmp(*argv, "-nest")) { options->nest = 1; } else if ((cmd == CMD_ADD || cmd == CMD_VERIFY) && !strcmp(*argv, "-index")) { char *tmp_str; if (--argc < 1 ) { usage(argv0, "all"); return 0; /* FAILED */ } options->index = (int)strtol(*(++argv), &tmp_str, 10); if (tmp_str == *argv || *tmp_str != '\0' || errno == ERANGE) { /* not a number */ usage(argv0, "all"); return 0; /* FAILED */ } } else if ((cmd == CMD_VERIFY) && !strcmp(*argv, "-ignore-timestamp")) { options->ignore_timestamp = 1; } else if ((cmd == CMD_VERIFY) && !strcmp(*argv, "-ignore-cdp")) { options->ignore_cdp = 1; } else if ((cmd == CMD_SIGN || cmd == CMD_ADD || cmd == CMD_VERIFY) && !strcmp(*argv, "-verbose")) { options->verbose = 1; } else if ((cmd == CMD_SIGN || cmd == CMD_EXTRACT_DATA || cmd == CMD_ADD || cmd == CMD_ATTACH) && !strcmp(*argv, "-add-msi-dse")) { options->add_msi_dse = 1; } else if ((cmd == CMD_VERIFY) && (!strcmp(*argv, "-c") || !strcmp(*argv, "-catalog"))) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->catalog = *(++argv); } else if ((cmd == CMD_VERIFY || cmd == CMD_ATTACH) && !strcmp(*argv, "-CAfile")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } OPENSSL_free(options->cafile); options->cafile = OPENSSL_strdup(*++argv); } else if ((cmd == CMD_VERIFY || cmd == CMD_ATTACH) && !strcmp(*argv, "-CRLfile")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->crlfile = OPENSSL_strdup(*++argv); } else if ((cmd == CMD_VERIFY || cmd == CMD_ATTACH) && (!strcmp(*argv, "-untrusted") || !strcmp(*argv, "-TSA-CAfile"))) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } OPENSSL_free(options->tsa_cafile); options->tsa_cafile = OPENSSL_strdup(*++argv); } else if ((cmd == CMD_VERIFY || cmd == CMD_ATTACH) && (!strcmp(*argv, "-CRLuntrusted") || !strcmp(*argv, "-TSA-CRLfile"))) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->tsa_crlfile = OPENSSL_strdup(*++argv); } else if ((cmd == CMD_VERIFY || cmd == CMD_ATTACH) && !strcmp(*argv, "-require-leaf-hash")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->leafhash = (*++argv); } else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-TSA-certs")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->tsa_certfile = *(++argv); } else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-TSA-key")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->tsa_keyfile = *(++argv); } else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-TSA-time")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->tsa_time = (time_t)strtoull(*(++argv), NULL, 10); } else if ((cmd == CMD_ADD) && !strcmp(*argv, "--help")) { help_for(argv0, "add"); cmd = CMD_HELP; return 0; /* FAILED */ } else if ((cmd == CMD_ATTACH) && !strcmp(*argv, "--help")) { help_for(argv0, "attach-signature"); cmd = CMD_HELP; return 0; /* FAILED */ } else if ((cmd == CMD_EXTRACT) && !strcmp(*argv, "--help")) { help_for(argv0, "extract-signature"); cmd = CMD_HELP; return 0; /* FAILED */ } else if ((cmd == CMD_REMOVE) && !strcmp(*argv, "--help")) { help_for(argv0, "remove-signature"); cmd = CMD_HELP; return 0; /* FAILED */ } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "--help")) { help_for(argv0, "sign"); cmd = CMD_HELP; return 0; /* FAILED */ } else if ((cmd == CMD_EXTRACT_DATA) && !strcmp(*argv, "--help")) { help_for(argv0, "extract-data"); cmd = CMD_HELP; return 0; /* FAILED */ } else if ((cmd == CMD_VERIFY) && !strcmp(*argv, "--help")) { help_for(argv0, "verify"); cmd = CMD_HELP; return 0; /* FAILED */ } else if (!strcmp(*argv, "-jp")) { char *ap; if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } ap = *(++argv); for (i=0; ap[i]; i++) ap[i] = (char)tolower((int)ap[i]); if (!strcmp(ap, "low")) { options->jp = 0; } else if (!strcmp(ap, "medium")) { options->jp = 1; } else if (!strcmp(ap, "high")) { options->jp = 2; } if (options->jp != 0) { /* XXX */ usage(argv0, "all"); return 0; /* FAILED */ } } else { failarg = *argv; break; } } if (!options->infile && argc > 0) { options->infile = *(argv++); argc--; } if (cmd != CMD_VERIFY && (!options->outfile && argc > 0)) { if (!strcmp(*argv, "-out")) { argv++; argc--; } if (argc > 0) { options->outfile = *(argv++); argc--; } } if (cmd != CMD_VERIFY && file_exists(options->outfile)) { printf("Overwriting an existing file is not supported.\n"); return 0; /* FAILED */ } if (argc > 0 || (options->nturl && options->ntsurl) || (options->nturl && options->tsa_certfile && options->tsa_keyfile) || (options->ntsurl && options->tsa_certfile && options->tsa_keyfile) || !options->infile || (cmd != CMD_VERIFY && !options->outfile) || (cmd == CMD_SIGN && !((options->certfile && options->keyfile) || #ifndef OPENSSL_NO_ENGINE options->p11engine || options->p11module || #endif /* OPENSSL_NO_ENGINE */ options->pkcs12file))) { if (failarg) printf("Unknown option: %s\n", failarg); usage(argv0, "all"); return 0; /* FAILED */ } #ifndef WIN32 if ((cmd == CMD_VERIFY || cmd == CMD_ATTACH) && access(options->cafile, R_OK)) { printf("Use the \"-CAfile\" option to add one or more trusted CA certificates to verify the signature.\n"); return 0; /* FAILED */ } #endif /* WIN32 */ #if OPENSSL_VERSION_NUMBER>=0x30000000L if (cmd == CMD_SIGN && options->legacy && !use_legacy()) { printf("Warning: Legacy mode disabled\n"); } #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ return 1; /* OK */ } int main(int argc, char **argv) { FILE_FORMAT_CTX *ctx = NULL; GLOBAL_OPTIONS options; PKCS7 *p7 = NULL, *cursig = NULL; BIO *outdata = NULL; BIO *hash = NULL; int ret = -1; /* reset options */ memset(&options, 0, sizeof(GLOBAL_OPTIONS)); /* Set up OpenSSL */ if (!OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG, NULL)) DO_EXIT_0("Failed to init crypto\n"); /* create some MS Authenticode OIDS we need later on */ if (!OBJ_create(SPC_STATEMENT_TYPE_OBJID, NULL, NULL) /* PKCS9_COUNTER_SIGNATURE exists as OpenSSL OBJ_pkcs9_countersignature */ || !OBJ_create(MS_JAVA_SOMETHING, NULL, NULL) || !OBJ_create(SPC_SP_OPUS_INFO_OBJID, NULL, NULL) || !OBJ_create(SPC_NESTED_SIGNATURE_OBJID, NULL, NULL) || !OBJ_create(SPC_UNAUTHENTICATED_DATA_BLOB_OBJID, NULL, NULL) || !OBJ_create(SPC_RFC3161_OBJID, NULL, NULL) || !OBJ_create(PKCS9_SEQUENCE_NUMBER, NULL, NULL)) DO_EXIT_0("Failed to create objects\n"); /* commands and options initialization */ if (!main_configure(argc, argv, &options)) goto err_cleanup; if (!read_password(&options)) { DO_EXIT_1("Failed to read password from file: %s\n", options.readpass); } /* read key and certificates */ if (options.cmd == CMD_SIGN && !read_crypto_params(&options)) DO_EXIT_0("Failed to read key or certificates\n"); if (options.cmd != CMD_VERIFY) { /* Create message digest BIO */ hash = BIO_new(BIO_f_md()); if (!BIO_set_md(hash, options.md)) { DO_EXIT_0("Unable to set the message digest of BIO\n"); } /* Create outdata file */ outdata = BIO_new_file(options.outfile, "w+bx"); if (!outdata && errno != EEXIST) outdata = BIO_new_file(options.outfile, "w+b"); if (!outdata) { BIO_free_all(hash); DO_EXIT_1("Failed to create file: %s\n", options.outfile); } } ctx = file_format_script.ctx_new(&options, hash, outdata); if (!ctx) ctx = file_format_msi.ctx_new(&options, hash, outdata); if (!ctx) ctx = file_format_pe.ctx_new(&options, hash, outdata); if (!ctx) ctx = file_format_cab.ctx_new(&options, hash, outdata); if (!ctx) ctx = file_format_appx.ctx_new(&options, hash, outdata); if (!ctx) ctx = file_format_cat.ctx_new(&options, hash, outdata); if (!ctx) { if (outdata && options.outfile) { /* unlink outfile */ remove_file(options.outfile); } BIO_free_all(hash); BIO_free_all(outdata); outdata = NULL; ret = 1; /* FAILED */ DO_EXIT_0("Initialization error or unsupported input file type.\n"); } if (options.cmd == CMD_VERIFY) { ret = verify_signed_file(ctx, &options); goto skip_signing; } else if (options.cmd == CMD_EXTRACT_DATA) { if (!ctx->format->pkcs7_contents_get) { DO_EXIT_0("Unsupported command: extract-data\n"); } p7 = ctx->format->pkcs7_contents_get(ctx, hash, options.md); if (!p7) { DO_EXIT_0("Unable to extract pkcs7 contents\n"); } ret = data_write_pkcs7(ctx, outdata, p7); PKCS7_free(p7); goto skip_signing; } else if (options.cmd == CMD_EXTRACT) { if (!ctx->format->pkcs7_extract) { DO_EXIT_0("Unsupported command: extract-signature\n"); } p7 = ctx->format->pkcs7_extract(ctx); if (!p7) { DO_EXIT_0("Unable to extract existing signature\n"); } ret = data_write_pkcs7(ctx, outdata, p7); PKCS7_free(p7); goto skip_signing; } else if (options.cmd == CMD_REMOVE) { if (!ctx->format->remove_pkcs7) { DO_EXIT_0("Unsupported command: remove-signature\n"); } ret = ctx->format->remove_pkcs7(ctx, hash, outdata); if (ret) { DO_EXIT_0("Unable to remove existing signature\n"); } if (ctx->format->update_data_size) { ctx->format->update_data_size(ctx, outdata, NULL); } goto skip_signing; } else if (options.cmd == CMD_ADD) { if (!ctx->format->pkcs7_extract) { DO_EXIT_0("Unsupported command: add\n"); } /* Obtain a current signature from previously-signed file */ p7 = ctx->format->pkcs7_extract(ctx); if (!p7) { DO_EXIT_0("Unable to extract existing signature\n"); } if (ctx->format->process_data) { ctx->format->process_data(ctx, hash, outdata); } } else if (options.cmd == CMD_ATTACH) { if (options.nest) { if (!ctx->format->pkcs7_extract_to_nest) { printf("Warning: Unsupported nesting (multiple signature)\n"); } else { /* Obtain a current signature from previously-signed file */ cursig = ctx->format->pkcs7_extract_to_nest(ctx); if (!cursig) { DO_EXIT_0("Unable to extract existing signature\n"); } options.nested_number = nested_signatures_number_get(cursig); if (options.nested_number < 0) { PKCS7_free(cursig); DO_EXIT_0("Unable to get number of nested signatures\n"); } } } /* Obtain an existing PKCS#7 signature from a "sigin" file */ p7 = pkcs7_get_sigfile(ctx); if (!p7) { PKCS7_free(cursig); DO_EXIT_0("Unable to extract valid signature\n"); } if (ctx->format->process_data) { ctx->format->process_data(ctx, hash, outdata); } } else if (options.cmd == CMD_SIGN) { if (options.nest) { if (!ctx->format->pkcs7_extract_to_nest) { printf("Warning: Unsupported nesting (multiple signature)\n"); } else { /* Obtain a current signature from previously-signed file */ cursig = ctx->format->pkcs7_extract_to_nest(ctx); if (!cursig) { DO_EXIT_0("Unable to extract existing signature\n"); } options.nested_number = nested_signatures_number_get(cursig); if (options.nested_number < 0) { PKCS7_free(cursig); DO_EXIT_0("Unable to get number of nested signatures\n"); } } } if (ctx->format->process_data) { ctx->format->process_data(ctx, hash, outdata); } if (ctx->format->pkcs7_signature_new) { /* Create a new PKCS#7 signature */ p7 = ctx->format->pkcs7_signature_new(ctx, hash); if (!p7) { DO_EXIT_0("Unable to prepare new signature\n"); } } } else { DO_EXIT_0("Unsupported command\n"); } if (options.index > 0) { /* CMD_ADD or CMD_VERIFY */ ret = add_nested_timestamp_and_blob(p7, ctx, options.index); } else { ret = add_timestamp_and_blob(p7, ctx); } if (ret) { PKCS7_free(p7); DO_EXIT_0("Unable to set unauthenticated attributes\n"); } if (cursig) { /* CMD_SIGN or CMD_ATTACH */ if (!cursig_set_nested(cursig, p7)) DO_EXIT_0("Unable to append the nested signature to the current signature\n"); PKCS7_free(p7); p7 = cursig; cursig = NULL; } if (ctx->format->append_pkcs7) { ret = ctx->format->append_pkcs7(ctx, outdata, p7); if (ret) { PKCS7_free(p7); DO_EXIT_0("Append signature to outfile failed\n"); } } if (ctx->format->update_data_size) { ctx->format->update_data_size(ctx, outdata, p7); } PKCS7_free(p7); skip_signing: if (ctx->format->bio_free) { ctx->format->bio_free(hash, outdata); outdata = NULL; } if (!ret && options.cmd == CMD_ATTACH) { ret = check_attached_data(&options); if (!ret) printf("Signature successfully attached\n"); /* else * the new PKCS#7 signature has been successfully appended to the outfile * but only its verification failed (incorrect verification parameters?) * so the output file is not deleted */ } err_cleanup: if (outdata) { if (options.outfile) { /* unlink outfile */ remove_file(options.outfile); } if (hash) BIO_free_all(hash); BIO_free(outdata); } if (ctx && ctx->format->ctx_cleanup) { ctx->format->ctx_cleanup(ctx); } #if OPENSSL_VERSION_NUMBER>=0x30000000L providers_cleanup(); #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ if (ret) ERR_print_errors_fp(stdout); if (options.cmd == CMD_HELP) ret = 0; /* OK */ else printf(ret ? "Failed\n" : "Succeeded\n"); free_options(&options); return ret; } /* Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: */ osslsigncode-2.8/osslsigncode.h000066400000000000000000000341671457117515700167540ustar00rootroot00000000000000/* * Copyright (C) 2021-2023 Micha┼В Trojnara * Author: Ma┼Вgorzata Olsz├│wka */ #define OPENSSL_API_COMPAT 0x10100000L #define OPENSSL_NO_DEPRECATED #if defined(_MSC_VER) || defined(__MINGW32__) #define HAVE_WINDOWS_H #endif /* _MSC_VER || __MINGW32__ */ #ifdef HAVE_WINDOWS_H #define NOCRYPT #define WIN32_LEAN_AND_MEAN #include #endif /* HAVE_WINDOWS_H */ #ifdef HAVE_CONFIG_H #include "config.h" #endif /* HAVE_CONFIG_H */ #include #include #include #include #include #include #include #include #include #ifndef _WIN32 #include #ifdef HAVE_SYS_MMAN_H #include #endif /* HAVE_SYS_MMAN_H */ #ifdef HAVE_TERMIOS_H #include #endif /* HAVE_TERMIOS_H */ #endif /* _WIN32 */ #include #include #include #include #include #include #include #include #ifndef OPENSSL_NO_ENGINE #include #endif /* OPENSSL_NO_ENGINE */ #include #include #include #include #include #include #if OPENSSL_VERSION_NUMBER>=0x30000000L #include #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ #include #include #include #include #include /* X509_PURPOSE */ #ifdef ENABLE_CURL #ifdef __CYGWIN__ #ifndef SOCKET #define SOCKET UINT_PTR #endif /* SOCKET */ #endif /* __CYGWIN__ */ #include #endif /* ENABLE_CURL */ #define MAX_TS_SERVERS 256 #if defined (HAVE_TERMIOS_H) || defined (HAVE_GETPASS) #define PROVIDE_ASKPASS 1 #endif #ifdef _MSC_VER /* not WIN32, because strcasecmp exists in MinGW */ #define strcasecmp _stricmp #endif #ifdef WIN32 #define remove_file(filename) _unlink(filename) #else #define remove_file(filename) unlink(filename) #endif /* WIN32 */ #define GET_UINT8_LE(p) ((const u_char *)(p))[0] #define GET_UINT16_LE(p) (uint16_t)(((const u_char *)(p))[0] | \ (((const u_char *)(p))[1] << 8)) #define GET_UINT32_LE(p) (uint32_t)(((const u_char *)(p))[0] | \ (((const u_char *)(p))[1] << 8) | \ (((const u_char *)(p))[2] << 16) | \ (((const u_char *)(p))[3] << 24)) #define PUT_UINT8_LE(i, p) ((u_char *)(p))[0] = (u_char)((i) & 0xff); #define PUT_UINT16_LE(i,p) ((u_char *)(p))[0] = (u_char)((i) & 0xff); \ ((u_char *)(p))[1] = (u_char)(((i) >> 8) & 0xff) #define PUT_UINT32_LE(i,p) ((u_char *)(p))[0] = (u_char)((i) & 0xff); \ ((u_char *)(p))[1] = (u_char)(((i) >> 8) & 0xff); \ ((u_char *)(p))[2] = (u_char)(((i) >> 16) & 0xff); \ ((u_char *)(p))[3] = (u_char)(((i) >> 24) & 0xff) #ifndef FALSE #define FALSE 0 #endif #ifndef TRUE #define TRUE 1 #endif #define SIZE_64K 65536 /* 2^16 */ #define SIZE_16M 16777216 /* 2^24 */ /* * Macro names: * linux: __BYTE_ORDER == __LITTLE_ENDIAN | __BIG_ENDIAN * BYTE_ORDER == LITTLE_ENDIAN | BIG_ENDIAN * bsd: _BYTE_ORDER == _LITTLE_ENDIAN | _BIG_ENDIAN * BYTE_ORDER == LITTLE_ENDIAN | BIG_ENDIAN * solaris: _LITTLE_ENDIAN | _BIG_ENDIAN */ #ifndef BYTE_ORDER #define LITTLE_ENDIAN 1234 #define BIG_ENDIAN 4321 #define BYTE_ORDER LITTLE_ENDIAN #endif /* BYTE_ORDER */ #if !defined(BYTE_ORDER) || !defined(LITTLE_ENDIAN) || !defined(BIG_ENDIAN) #error "Cannot determine the endian-ness of this platform" #endif #ifndef LOWORD #define LOWORD(x) ((x) & 0xFFFF) #endif /* LOWORD */ #ifndef HIWORD #define HIWORD(x) (((x) >> 16) & 0xFFFF) #endif /* HIWORD */ #if BYTE_ORDER == BIG_ENDIAN #define LE_UINT16(x) ((((x) >> 8) & 0x00FF) | \ (((x) << 8) & 0xFF00)) #define LE_UINT32(x) (((x) >> 24) | \ (((x) & 0x00FF0000) >> 8) | \ (((x) & 0x0000FF00) << 8) | \ ((x) << 24)) #else #define LE_UINT16(x) (x) #define LE_UINT32(x) (x) #endif /* BYTE_ORDER == BIG_ENDIAN */ #define MIN(a,b) ((a) < (b) ? a : b) #define INVALID_TIME ((time_t)-1) /* Microsoft OID Authenticode */ #define SPC_INDIRECT_DATA_OBJID "1.3.6.1.4.1.311.2.1.4" #define SPC_STATEMENT_TYPE_OBJID "1.3.6.1.4.1.311.2.1.11" #define SPC_SP_OPUS_INFO_OBJID "1.3.6.1.4.1.311.2.1.12" #define SPC_PE_IMAGE_DATA_OBJID "1.3.6.1.4.1.311.2.1.15" #define SPC_CAB_DATA_OBJID "1.3.6.1.4.1.311.2.1.25" #define SPC_SIPINFO_OBJID "1.3.6.1.4.1.311.2.1.30" #define SPC_PE_IMAGE_PAGE_HASHES_V1 "1.3.6.1.4.1.311.2.3.1" /* SHA1 */ #define SPC_PE_IMAGE_PAGE_HASHES_V2 "1.3.6.1.4.1.311.2.3.2" /* SHA256 */ #define SPC_NESTED_SIGNATURE_OBJID "1.3.6.1.4.1.311.2.4.1" /* Microsoft OID Time Stamping */ #define SPC_TIME_STAMP_REQUEST_OBJID "1.3.6.1.4.1.311.3.2.1" #define SPC_RFC3161_OBJID "1.3.6.1.4.1.311.3.3.1" /* Microsoft OID Crypto 2.0 */ #define MS_CTL_OBJID "1.3.6.1.4.1.311.10.1" /* Microsoft OID Catalog */ #define CAT_NAMEVALUE_OBJID "1.3.6.1.4.1.311.12.2.1" /* Microsoft OID Microsoft_Java */ #define MS_JAVA_SOMETHING "1.3.6.1.4.1.311.15.1" #define SPC_UNAUTHENTICATED_DATA_BLOB_OBJID "1.3.6.1.4.1.42921.1.2.1" /* Public Key Cryptography Standards PKCS#9 */ #define PKCS9_MESSAGE_DIGEST "1.2.840.113549.1.9.4" #define PKCS9_SIGNING_TIME "1.2.840.113549.1.9.5" #define PKCS9_COUNTER_SIGNATURE "1.2.840.113549.1.9.6" #define PKCS9_SEQUENCE_NUMBER "1.2.840.113549.1.9.25.4" /* WIN_CERTIFICATE structure declared in Wintrust.h */ #define WIN_CERT_REVISION_2_0 0x0200 #define WIN_CERT_TYPE_PKCS_SIGNED_DATA 0x0002 /* * FLAG_PREV_CABINET is set if the cabinet file is not the first in a set * of cabinet files. When this bit is set, the szCabinetPrev and szDiskPrev * fields are present in this CFHEADER. */ #define FLAG_PREV_CABINET 0x0001 /* * FLAG_NEXT_CABINET is set if the cabinet file is not the last in a set of * cabinet files. When this bit is set, the szCabinetNext and szDiskNext * fields are present in this CFHEADER. */ #define FLAG_NEXT_CABINET 0x0002 /* * FLAG_RESERVE_PRESENT is set if the cabinet file contains any reserved * fields. When this bit is set, the cbCFHeader, cbCFFolder, and cbCFData * fields are present in this CFHEADER. */ #define FLAG_RESERVE_PRESENT 0x0004 #define DO_EXIT_0(x) { printf(x); goto err_cleanup; } #define DO_EXIT_1(x, y) { printf(x, y); goto err_cleanup; } #define DO_EXIT_2(x, y, z) { printf(x, y, z); goto err_cleanup; } /* Default policy if request did not specify it. */ #define TSA_POLICY1 "1.2.3.4.1" typedef enum { CMD_SIGN, CMD_EXTRACT, CMD_EXTRACT_DATA, CMD_REMOVE, CMD_VERIFY, CMD_ADD, CMD_ATTACH, CMD_HELP, CMD_DEFAULT } cmd_type_t; typedef unsigned char u_char; typedef struct { char *infile; char *outfile; char *sigfile; char *certfile; char *xcertfile; char *keyfile; char *pvkfile; char *pkcs12file; int output_pkcs7; #ifndef OPENSSL_NO_ENGINE char *p11engine; char *p11module; char *p11cert; #endif /* OPENSSL_NO_ENGINE */ int askpass; char *readpass; char *pass; int comm; int pagehash; char *desc; const EVP_MD *md; char *url; time_t time; char *turl[MAX_TS_SERVERS]; int nturl; char *tsurl[MAX_TS_SERVERS]; int ntsurl; char *proxy; int noverifypeer; int addBlob; int nest; int index; int ignore_timestamp; int ignore_cdp; int verbose; int add_msi_dse; char *catalog; char *cafile; char *crlfile; char *tsa_cafile; char *tsa_crlfile; char *leafhash; int jp; #if OPENSSL_VERSION_NUMBER>=0x30000000L int legacy; #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ EVP_PKEY *pkey; X509 *cert; STACK_OF(X509) *certs; STACK_OF(X509) *xcerts; STACK_OF(X509_CRL) *crls; cmd_type_t cmd; char *indata; char *tsa_certfile; char *tsa_keyfile; time_t tsa_time; int nested_number; } GLOBAL_OPTIONS; /* * ASN.1 definitions (more or less from official MS Authenticode docs) */ typedef struct { int type; union { ASN1_BMPSTRING *unicode; ASN1_IA5STRING *ascii; } value; } SpcString; DECLARE_ASN1_FUNCTIONS(SpcString) typedef struct { ASN1_OCTET_STRING *classId; ASN1_OCTET_STRING *serializedData; } SpcSerializedObject; DECLARE_ASN1_FUNCTIONS(SpcSerializedObject) typedef struct { int type; union { ASN1_IA5STRING *url; SpcSerializedObject *moniker; SpcString *file; } value; } SpcLink; DECLARE_ASN1_FUNCTIONS(SpcLink) typedef struct { SpcString *programName; SpcLink *moreInfo; } SpcSpOpusInfo; DECLARE_ASN1_FUNCTIONS(SpcSpOpusInfo) typedef struct { ASN1_INTEGER *a; ASN1_OCTET_STRING *string; ASN1_INTEGER *b; ASN1_INTEGER *c; ASN1_INTEGER *d; ASN1_INTEGER *e; ASN1_INTEGER *f; } SpcSipInfo; DECLARE_ASN1_FUNCTIONS(SpcSipInfo) typedef struct { ASN1_OBJECT *type; ASN1_TYPE *value; } SpcAttributeTypeAndOptionalValue; DECLARE_ASN1_FUNCTIONS(SpcAttributeTypeAndOptionalValue) typedef struct { ASN1_OBJECT *algorithm; ASN1_TYPE *parameters; } AlgorithmIdentifier; DECLARE_ASN1_FUNCTIONS(AlgorithmIdentifier) typedef struct { AlgorithmIdentifier *digestAlgorithm; ASN1_OCTET_STRING *digest; } DigestInfo; DECLARE_ASN1_FUNCTIONS(DigestInfo) typedef struct { SpcAttributeTypeAndOptionalValue *data; DigestInfo *messageDigest; } SpcIndirectDataContent; DECLARE_ASN1_FUNCTIONS(SpcIndirectDataContent) typedef struct CatalogAuthAttr_st { ASN1_OBJECT *type; ASN1_TYPE *contents; } CatalogAuthAttr; DEFINE_STACK_OF(CatalogAuthAttr) DECLARE_ASN1_FUNCTIONS(CatalogAuthAttr) typedef struct { AlgorithmIdentifier *digestAlgorithm; ASN1_OCTET_STRING *digest; } MessageImprint; DECLARE_ASN1_FUNCTIONS(MessageImprint) typedef struct { ASN1_OBJECT *type; ASN1_OCTET_STRING *signature; } TimeStampRequestBlob; DECLARE_ASN1_FUNCTIONS(TimeStampRequestBlob) typedef struct { ASN1_OBJECT *type; TimeStampRequestBlob *blob; } TimeStampRequest; DECLARE_ASN1_FUNCTIONS(TimeStampRequest) /* RFC3161 Time stamping */ typedef struct { ASN1_INTEGER *status; STACK_OF(ASN1_UTF8STRING) *statusString; ASN1_BIT_STRING *failInfo; } PKIStatusInfo; DECLARE_ASN1_FUNCTIONS(PKIStatusInfo) typedef struct { PKIStatusInfo *status; PKCS7 *token; } TimeStampResp; DECLARE_ASN1_FUNCTIONS(TimeStampResp) typedef struct { ASN1_INTEGER *version; MessageImprint *messageImprint; ASN1_OBJECT *reqPolicy; ASN1_INTEGER *nonce; ASN1_BOOLEAN certReq; STACK_OF(X509_EXTENSION) *extensions; } TimeStampReq; DECLARE_ASN1_FUNCTIONS(TimeStampReq) typedef struct { ASN1_INTEGER *seconds; ASN1_INTEGER *millis; ASN1_INTEGER *micros; } TimeStampAccuracy; DECLARE_ASN1_FUNCTIONS(TimeStampAccuracy) typedef struct { ASN1_INTEGER *version; ASN1_OBJECT *policy_id; MessageImprint *messageImprint; ASN1_INTEGER *serial; ASN1_GENERALIZEDTIME *time; TimeStampAccuracy *accuracy; ASN1_BOOLEAN ordering; ASN1_INTEGER *nonce; GENERAL_NAME *tsa; STACK_OF(X509_EXTENSION) *extensions; } TimeStampToken; DECLARE_ASN1_FUNCTIONS(TimeStampToken) typedef struct { ASN1_OCTET_STRING *digest; STACK_OF(CatalogAuthAttr) *attributes; } CatalogInfo; DEFINE_STACK_OF(CatalogInfo) DECLARE_ASN1_FUNCTIONS(CatalogInfo) typedef struct { /* 1.3.6.1.4.1.311.12.1.1 MS_CATALOG_LIST */ SpcAttributeTypeAndOptionalValue *type; ASN1_OCTET_STRING *identifier; ASN1_UTCTIME *time; /* 1.3.6.1.4.1.311.12.1.2 CatalogVersion = 1 * 1.3.6.1.4.1.311.12.1.3 CatalogVersion = 2 */ SpcAttributeTypeAndOptionalValue *version; STACK_OF(CatalogInfo) *header_attributes; /* 1.3.6.1.4.1.311.12.2.1 CAT_NAMEVALUE_OBJID */ ASN1_TYPE *filename; } MsCtlContent; DECLARE_ASN1_FUNCTIONS(MsCtlContent) typedef struct file_format_st FILE_FORMAT; typedef struct script_ctx_st SCRIPT_CTX; typedef struct msi_ctx_st MSI_CTX; typedef struct pe_ctx_st PE_CTX; typedef struct cab_ctx_st CAB_CTX; typedef struct cat_ctx_st CAT_CTX; typedef struct appx_ctx_st APPX_CTX; typedef struct { FILE_FORMAT *format; GLOBAL_OPTIONS *options; union { SCRIPT_CTX *script_ctx; MSI_CTX *msi_ctx; PE_CTX *pe_ctx; CAB_CTX *cab_ctx; CAT_CTX *cat_ctx; APPX_CTX *appx_ctx; }; } FILE_FORMAT_CTX; extern FILE_FORMAT file_format_script; extern FILE_FORMAT file_format_msi; extern FILE_FORMAT file_format_pe; extern FILE_FORMAT file_format_cab; extern FILE_FORMAT file_format_cat; extern FILE_FORMAT file_format_appx; struct file_format_st { FILE_FORMAT_CTX *(*ctx_new) (GLOBAL_OPTIONS *option, BIO *hash, BIO *outdata); const EVP_MD *(*md_get) (FILE_FORMAT_CTX *ctx); ASN1_OBJECT *(*data_blob_get) (u_char **p, int *plen, FILE_FORMAT_CTX *ctx); PKCS7 *(*pkcs7_contents_get) (FILE_FORMAT_CTX *ctx, BIO *hash, const EVP_MD *md); int (*hash_length_get) (FILE_FORMAT_CTX *ctx); u_char *(*digest_calc) (FILE_FORMAT_CTX *ctx, const EVP_MD *md); int (*verify_digests) (FILE_FORMAT_CTX *ctx, PKCS7 *p7); int (*verify_indirect_data) (FILE_FORMAT_CTX *ctx, SpcAttributeTypeAndOptionalValue *obj); PKCS7 *(*pkcs7_extract) (FILE_FORMAT_CTX *ctx); PKCS7 *(*pkcs7_extract_to_nest) (FILE_FORMAT_CTX *ctx); int (*remove_pkcs7) (FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); int (*process_data) (FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); PKCS7 *(*pkcs7_signature_new) (FILE_FORMAT_CTX *ctx, BIO *hash); int (*append_pkcs7) (FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7); void (*update_data_size) (FILE_FORMAT_CTX *data, BIO *outdata, PKCS7 *p7); void (*bio_free) (BIO *hash, BIO *outdata); void (*ctx_cleanup) (FILE_FORMAT_CTX *ctx); int (*is_detaching_supported) (void); }; /* Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: */ osslsigncode-2.8/pe.c000066400000000000000000001217501457117515700146520ustar00rootroot00000000000000/* * PE file support library * * Copyright (C) 2021-2023 Micha┼В Trojnara * Author: Ma┼Вgorzata Olsz├│wka * * MS PE/COFF documentation * https://docs.microsoft.com/en-us/windows/win32/debug/pe-format */ #include "osslsigncode.h" #include "helpers.h" const u_char classid_page_hash[] = { 0xa6, 0xb5, 0x86, 0xd5, 0xb4, 0xa1, 0x24, 0x66, 0xae, 0x05, 0xa2, 0x17, 0xda, 0x8e, 0x60, 0xd6 }; typedef struct { ASN1_BIT_STRING *flags; SpcLink *file; } SpcPeImageData; DECLARE_ASN1_FUNCTIONS(SpcPeImageData) ASN1_SEQUENCE(SpcPeImageData) = { ASN1_SIMPLE(SpcPeImageData, flags, ASN1_BIT_STRING), ASN1_EXP_OPT(SpcPeImageData, file, SpcLink, 0) } ASN1_SEQUENCE_END(SpcPeImageData) IMPLEMENT_ASN1_FUNCTIONS(SpcPeImageData) struct pe_ctx_st { uint32_t header_size; uint32_t pe32plus; uint16_t magic; uint32_t pe_checksum; uint32_t nrvas; uint32_t sigpos; uint32_t siglen; uint32_t fileend; }; /* FILE_FORMAT method prototypes */ static FILE_FORMAT_CTX *pe_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata); static ASN1_OBJECT *pe_spc_image_data_get(u_char **p, int *plen, FILE_FORMAT_CTX *ctx); static PKCS7 *pe_pkcs7_contents_get(FILE_FORMAT_CTX *ctx, BIO *hash, const EVP_MD *md); static int pe_hash_length_get(FILE_FORMAT_CTX *ctx); static u_char *pe_digest_calc(FILE_FORMAT_CTX *ctx, const EVP_MD *md); static int pe_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7); static int pe_verify_indirect_data(FILE_FORMAT_CTX *ctx, SpcAttributeTypeAndOptionalValue *obj); static PKCS7 *pe_pkcs7_extract(FILE_FORMAT_CTX *ctx); static PKCS7 *pe_pkcs7_extract_to_nest(FILE_FORMAT_CTX *ctx); static int pe_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); static int pe_process_data(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); static PKCS7 *pe_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash); static int pe_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7); static void pe_update_data_size(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7); static void pe_bio_free(BIO *hash, BIO *outdata); static void pe_ctx_cleanup(FILE_FORMAT_CTX *ctx); static int pe_is_detaching_supported(void); FILE_FORMAT file_format_pe = { .ctx_new = pe_ctx_new, .data_blob_get = pe_spc_image_data_get, .pkcs7_contents_get = pe_pkcs7_contents_get, .hash_length_get = pe_hash_length_get, .digest_calc = pe_digest_calc, .verify_digests = pe_verify_digests, .verify_indirect_data = pe_verify_indirect_data, .pkcs7_extract = pe_pkcs7_extract, .pkcs7_extract_to_nest = pe_pkcs7_extract_to_nest, .remove_pkcs7 = pe_remove_pkcs7, .process_data = pe_process_data, .pkcs7_signature_new = pe_pkcs7_signature_new, .append_pkcs7 = pe_append_pkcs7, .update_data_size = pe_update_data_size, .bio_free = pe_bio_free, .ctx_cleanup = pe_ctx_cleanup, .is_detaching_supported = pe_is_detaching_supported }; /* Prototypes */ static PE_CTX *pe_ctx_get(char *indata, uint32_t filesize); static PKCS7 *pe_pkcs7_get_file(char *indata, PE_CTX *pe_ctx); static uint32_t pe_calc_checksum(BIO *bio, uint32_t header_size); static uint32_t pe_calc_realchecksum(FILE_FORMAT_CTX *ctx); static int pe_modify_header(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); static BIO *pe_digest_calc_bio(FILE_FORMAT_CTX *ctx, const EVP_MD *md); static int pe_page_hash_get(u_char **ph, int *phlen, int *phtype, SpcAttributeTypeAndOptionalValue *obj); static u_char *pe_page_hash_calc(int *rphlen, FILE_FORMAT_CTX *ctx, int phtype); static int pe_verify_page_hash(FILE_FORMAT_CTX *ctx, u_char *ph, int phlen, int phtype); static SpcLink *pe_page_hash_link_get(FILE_FORMAT_CTX *ctx, int phtype); static int pe_check_file(FILE_FORMAT_CTX *ctx); /* * FILE_FORMAT method definitions */ /* * Allocate and return a PE file format context. * [in, out] options: structure holds the input data * [out] hash: message digest BIO * [in] outdata: outdata file BIO * [returns] pointer to PE file format context */ static FILE_FORMAT_CTX *pe_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata) { FILE_FORMAT_CTX *ctx; PE_CTX *pe_ctx; uint32_t filesize; filesize = get_file_size(options->infile); if (filesize == 0) return NULL; /* FAILED */ options->indata = map_file(options->infile, filesize); if (!options->indata) { return NULL; /* FAILED */ } if (memcmp(options->indata, "MZ", 2)) { unmap_file(options->indata, filesize); return NULL; /* FAILED */ } pe_ctx = pe_ctx_get(options->indata, filesize); if (!pe_ctx) { unmap_file(options->indata, filesize); return NULL; /* FAILED */ } ctx = OPENSSL_malloc(sizeof(FILE_FORMAT_CTX)); ctx->format = &file_format_pe; ctx->options = options; ctx->pe_ctx = pe_ctx; /* Push hash on outdata, if hash is NULL the function does nothing */ BIO_push(hash, outdata); if (options->jp >= 0) printf("Warning: -jp option is only valid for CAB files\n"); if (options->add_msi_dse == 1) printf("Warning: -add-msi-dse option is only valid for MSI files\n"); return ctx; } /* * Allocate and return SpcPeImageData object. * [out] p: SpcPeImageData data * [out] plen: SpcPeImageData data length * [in] ctx: structure holds input and output data * [returns] pointer to ASN1_OBJECT structure corresponding to SPC_PE_IMAGE_DATA_OBJID */ static ASN1_OBJECT *pe_spc_image_data_get(u_char **p, int *plen, FILE_FORMAT_CTX *ctx) { int phtype; ASN1_OBJECT *dtype; SpcPeImageData *pid = SpcPeImageData_new(); ASN1_BIT_STRING_set_bit(pid->flags, 0, 1); if (ctx->options->pagehash) { SpcLink *link; phtype = NID_sha1; if (EVP_MD_size(ctx->options->md) > EVP_MD_size(EVP_sha1())) phtype = NID_sha256; link = pe_page_hash_link_get(ctx, phtype); if (!link) return NULL; /* FAILED */ pid->file = link; } else { pid->file = spc_link_obsolete_get(); } *plen = i2d_SpcPeImageData(pid, NULL); *p = OPENSSL_malloc((size_t)*plen); i2d_SpcPeImageData(pid, p); *p -= *plen; dtype = OBJ_txt2obj(SPC_PE_IMAGE_DATA_OBJID, 1); SpcPeImageData_free(pid); return dtype; /* OK */ } /* * Allocate and return a data content to be signed. * [in] ctx: structure holds input and output data * [in] hash: message digest BIO * [in] md: message digest algorithm * [returns] data content */ static PKCS7 *pe_pkcs7_contents_get(FILE_FORMAT_CTX *ctx, BIO *hash, const EVP_MD *md) { ASN1_OCTET_STRING *content; BIO *bhash; /* squash the unused parameter warning */ (void)hash; bhash = pe_digest_calc_bio(ctx, md); if (!bhash) { return NULL; /* FAILED */ } content = spc_indirect_data_content_get(bhash, ctx); BIO_free_all(bhash); return pkcs7_set_content(content); } /* * [in] ctx: structure holds input and output data * [returns] the size of the message digest when passed an EVP_MD structure (the size of the hash) */ static int pe_hash_length_get(FILE_FORMAT_CTX *ctx) { return EVP_MD_size(ctx->options->md); } /* * Returns a message digest value of a signed or unsigned PE file. * [in] ctx: structure holds input and output data * [in] md: message digest algorithm * [returns] pointer to calculated message digest */ static u_char *pe_digest_calc(FILE_FORMAT_CTX *ctx, const EVP_MD *md) { u_char *mdbuf; BIO *bhash = pe_digest_calc_bio(ctx, md); if (!bhash) { return 0; /* FAILED */ } mdbuf = OPENSSL_malloc((size_t)EVP_MD_size(md)); BIO_gets(bhash, (char*)mdbuf, EVP_MD_size(md)); BIO_free_all(bhash); return mdbuf; /* OK */ } /* * Calculate message digest and page_hash and compare to values retrieved * from PKCS#7 signedData. * [in] ctx: structure holds input and output data * [in] p7: PKCS#7 signature * [returns] 0 on error or 1 on success */ static int pe_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7) { int mdtype = -1, phtype = -1, phlen = 0; const EVP_MD *md; u_char mdbuf[EVP_MAX_MD_SIZE]; u_char *cmdbuf = NULL; u_char *ph = NULL; if (is_content_type(p7, SPC_INDIRECT_DATA_OBJID)) { ASN1_STRING *content_val = p7->d.sign->contents->d.other->value.sequence; const u_char *p = content_val->data; SpcIndirectDataContent *idc = d2i_SpcIndirectDataContent(NULL, &p, content_val->length); if (idc) { if (!pe_page_hash_get(&ph, &phlen, &phtype, idc->data)) { printf("Failed to extract a page hash\n\n"); SpcIndirectDataContent_free(idc); return 0; /* FAILED */ } if (idc->messageDigest && idc->messageDigest->digest && idc->messageDigest->digestAlgorithm) { mdtype = OBJ_obj2nid(idc->messageDigest->digestAlgorithm->algorithm); memcpy(mdbuf, idc->messageDigest->digest->data, (size_t)idc->messageDigest->digest->length); } SpcIndirectDataContent_free(idc); } } if (mdtype == -1) { printf("Failed to extract current message digest\n\n"); OPENSSL_free(ph); return 0; /* FAILED */ } md = EVP_get_digestbynid(mdtype); cmdbuf = pe_digest_calc(ctx, md); if (!cmdbuf) { printf("Failed to calculate message digest\n\n"); OPENSSL_free(ph); return 0; /* FAILED */ } if (!compare_digests(mdbuf, cmdbuf, mdtype)) { printf("Signature verification: failed\n\n"); OPENSSL_free(ph); OPENSSL_free(cmdbuf); return 0; /* FAILED */ } if (!pe_verify_page_hash(ctx, ph, phlen, phtype)) { printf("Signature verification: failed\n\n"); OPENSSL_free(ph); OPENSSL_free(cmdbuf); return 0; /* FAILED */ } OPENSSL_free(ph); OPENSSL_free(cmdbuf); return 1; /* OK */ } /* * Verify page hash. * [in] ctx: structure holds input and output data * [in] obj: SPC_INDIRECT_DATA OID: 1.3.6.1.4.1.311.2.1.4 containing page hash * [returns] 0 on error or 1 on success */ static int pe_verify_indirect_data(FILE_FORMAT_CTX *ctx, SpcAttributeTypeAndOptionalValue *obj) { int phtype = -1, phlen = 0; u_char *ph = NULL; if (!pe_page_hash_get(&ph, &phlen, &phtype, obj)) { printf("Failed to extract a page hash\n\n"); return 0; /* FAILED */ } if (!pe_verify_page_hash(ctx, ph, phlen, phtype)) { printf("Page hash verification: failed\n\n"); OPENSSL_free(ph); return 0; /* FAILED */ } OPENSSL_free(ph); return 1; /* OK */ } /* * Extract existing signature in DER format. * [in] ctx: structure holds input and output data * [returns] pointer to PKCS#7 structure */ static PKCS7 *pe_pkcs7_extract(FILE_FORMAT_CTX *ctx) { if (!pe_check_file(ctx)) { return NULL; /* FAILED */ } return pe_pkcs7_get_file(ctx->options->indata, ctx->pe_ctx); } /* * Extract existing signature in DER format. * [in] ctx: structure holds input and output data * [returns] pointer to PKCS#7 structure */ static PKCS7 *pe_pkcs7_extract_to_nest(FILE_FORMAT_CTX *ctx) { return pe_pkcs7_extract(ctx); } /* * Remove existing signature. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [out] outdata: outdata file BIO * [returns] 1 on error or 0 on success */ static int pe_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) { if (!pe_check_file(ctx)) { return 1; /* FAILED, no signature */ } /* Strip current signature */ ctx->pe_ctx->fileend = ctx->pe_ctx->sigpos; if (!pe_modify_header(ctx, hash, outdata)) { printf("Unable to modify file header\n"); return 1; /* FAILED */ } return 0; /* OK */ } /* * Modify specific type data and calculate a hash (message digest) of data. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [out] outdata: outdata file BIO * [returns] 1 on error or 0 on success */ static int pe_process_data(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) { if (ctx->pe_ctx->sigpos > 0) { /* Strip current signature */ ctx->pe_ctx->fileend = ctx->pe_ctx->sigpos; } if (!pe_modify_header(ctx, hash, outdata)) { printf("Unable to modify file header\n"); return 1; /* FAILED */ } return 0; /* OK */ } /* * Create a new PKCS#7 signature. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [returns] pointer to PKCS#7 structure */ static PKCS7 *pe_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash) { ASN1_OCTET_STRING *content; PKCS7 *p7 = pkcs7_create(ctx); if (!p7) { printf("Creating a new signature failed\n"); return NULL; /* FAILED */ } if (!add_indirect_data_object(p7)) { printf("Adding SPC_INDIRECT_DATA_OBJID failed\n"); PKCS7_free(p7); return NULL; /* FAILED */ } content = spc_indirect_data_content_get(hash, ctx); if (!content) { printf("Failed to get spcIndirectDataContent\n"); return NULL; /* FAILED */ } if (!sign_spc_indirect_data_content(p7, content)) { printf("Failed to set signed content\n"); PKCS7_free(p7); ASN1_OCTET_STRING_free(content); return NULL; /* FAILED */ } ASN1_OCTET_STRING_free(content); return p7; } /* * Append signature to the outfile. * [in, out] ctx: structure holds input and output data (unused) * [out] outdata: outdata file BIO * [in] p7: PKCS#7 signature * [returns] 1 on error or 0 on success */ static int pe_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) { u_char *p = NULL; int len; /* signature length */ int padlen; /* signature padding length */ u_char buf[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; /* squash the unused parameter warning */ (void)ctx; if (((len = i2d_PKCS7(p7, NULL)) <= 0) || (p = OPENSSL_malloc((size_t)len)) == NULL) { printf("i2d_PKCS memory allocation failed: %d\n", len); return 1; /* FAILED */ } i2d_PKCS7(p7, &p); p -= len; padlen = len % 8 ? 8 - len % 8 : 0; PUT_UINT32_LE(len + 8 + padlen, buf); PUT_UINT16_LE(WIN_CERT_REVISION_2_0, buf + 4); PUT_UINT16_LE(WIN_CERT_TYPE_PKCS_SIGNED_DATA, buf + 6); BIO_write(outdata, buf, 8); BIO_write(outdata, p, len); /* pad (with 0's) asn1 blob to 8 byte boundary */ if (padlen > 0) { memset(p, 0, (size_t)padlen); BIO_write(outdata, p, padlen); } OPENSSL_free(p); return 0; /* OK */ } /* * Update signature position and size, write back new checksum. * [in, out] ctx: structure holds input and output data * [out] outdata: outdata file BIO * [in] p7: PKCS#7 signature * [returns] none */ static void pe_update_data_size(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) { uint32_t checksum; u_char buf[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; if (p7) { int len = i2d_PKCS7(p7, NULL); int padlen = len % 8 ? 8 - len % 8 : 0; /* Update signature position and size */ (void)BIO_seek(outdata, ctx->pe_ctx->header_size + 152 + ctx->pe_ctx->pe32plus * 16); /* Previous file end = signature table start */ PUT_UINT32_LE(ctx->pe_ctx->fileend, buf); BIO_write(outdata, buf, 4); PUT_UINT32_LE(len + 8 + padlen, buf); BIO_write(outdata, buf, 4); } /* else CMD_REMOVE */ /* write back checksum */ checksum = pe_calc_checksum(outdata, ctx->pe_ctx->header_size); (void)BIO_seek(outdata, ctx->pe_ctx->header_size + 88); PUT_UINT32_LE(checksum, buf); BIO_write(outdata, buf, 4); } /* * Free up an entire message digest BIO chain. * [out] hash: message digest BIO * [out] outdata: outdata file BIO (unused) * [returns] none */ static void pe_bio_free(BIO *hash, BIO *outdata) { /* squash the unused parameter warning */ (void)outdata; BIO_free_all(hash); } /* * Deallocate a FILE_FORMAT_CTX structure and PE format specific structure, * unmap indata file. * [out] ctx: structure holds input and output data * [out] hash: message digest BIO * [in] outdata: outdata file BIO * [returns] none */ static void pe_ctx_cleanup(FILE_FORMAT_CTX *ctx) { unmap_file(ctx->options->indata, ctx->pe_ctx->fileend); OPENSSL_free(ctx->pe_ctx); OPENSSL_free(ctx); } static int pe_is_detaching_supported(void) { return 1; /* OK */ } /* * PE helper functions */ /* * Verify mapped PE file and create PE format specific structure. * [in] indata: mapped PE file * [in] filesize: size of PE file * [returns] pointer to PE format specific structure */ static PE_CTX *pe_ctx_get(char *indata, uint32_t filesize) { PE_CTX *pe_ctx; uint32_t header_size, pe32plus, pe_checksum, nrvas, sigpos, siglen; uint16_t magic; if (filesize < 64) { printf("Corrupt DOS file - too short\n"); return NULL; /* FAILED */ } /* SizeOfHeaders field specifies the combined size of an MS-DOS stub, PE header, * and section headers rounded up to a multiple of FileAlignment. * SizeOfHeaders must be < filesize and cannot be < 0x0000002C (44) in Windows 7 * because of a bug when checking section names for compatibility purposes */ header_size = GET_UINT32_LE(indata + 60); if (header_size < 44 || header_size > filesize) { printf("Unexpected SizeOfHeaders field: 0x%08X\n", header_size); return NULL; /* FAILED */ } if (filesize < header_size + 176) { printf("Corrupt PE file - too short\n"); return NULL; /* FAILED */ } if (memcmp(indata + header_size, "PE\0\0", 4)) { printf("Unrecognized DOS file type\n"); return NULL; /* FAILED */ } /* Magic field identifies the state of the image file. The most common number is * 0x10B, which identifies it as a normal executable file, * 0x20B identifies it as a PE32+ executable, * 0x107 identifies it as a ROM image (not supported) */ magic = GET_UINT16_LE(indata + header_size + 24); if (magic == 0x20b) { pe32plus = 1; } else if (magic == 0x10b) { pe32plus = 0; } else { printf("Corrupt PE file - found unknown magic %04X\n", magic); return NULL; /* FAILED */ } /* The image file checksum */ pe_checksum = GET_UINT32_LE(indata + header_size + 88); /* NumberOfRvaAndSizes field specifies the number of data-directory entries * in the remainder of the optional header. Each describes a location and size. */ nrvas = GET_UINT32_LE(indata + header_size + 116 + pe32plus * 16); if (nrvas < 5) { printf("Can not handle PE files without certificate table resource\n"); return NULL; /* FAILED */ } /* Certificate Table field specifies the attribute certificate table address (4 bytes) and size (4 bytes) */ sigpos = GET_UINT32_LE(indata + header_size + 152 + pe32plus * 16); siglen = GET_UINT32_LE(indata + header_size + 152 + pe32plus * 16 + 4); /* Since fix for MS Bulletin MS12-024 we can really assume that signature should be last part of file */ if ((sigpos != 0 || siglen != 0) && (sigpos == 0 || siglen == 0 || sigpos >= filesize || sigpos + siglen != filesize)) { printf("Ignoring PE signature not at the end of the file\n"); sigpos = 0; siglen = 0; } pe_ctx = OPENSSL_zalloc(sizeof(PE_CTX)); pe_ctx->header_size = header_size; pe_ctx->pe32plus = pe32plus; pe_ctx->magic = magic; pe_ctx->pe_checksum = pe_checksum; pe_ctx->nrvas = nrvas; pe_ctx->sigpos = sigpos; pe_ctx->siglen = siglen; pe_ctx->fileend = filesize; return pe_ctx; /* OK */ } /* * Retrieve and verify a decoded PKCS#7 structure corresponding * to the existing signature of the PE file. * [in] indata: mapped PE file * [in] pe_ctx: PE format specific structures * [returns] pointer to PKCS#7 structure */ static PKCS7 *pe_pkcs7_get_file(char *indata, PE_CTX *pe_ctx) { uint32_t pos = 0; if (pe_ctx->siglen == 0 || pe_ctx->siglen > pe_ctx->fileend) { printf("Corrupted signature length: 0x%08X\n", pe_ctx->siglen); return NULL; /* FAILED */ } while (pos < pe_ctx->siglen) { uint32_t len = GET_UINT32_LE(indata + pe_ctx->sigpos + pos); uint16_t certrev = GET_UINT16_LE(indata + pe_ctx->sigpos + pos + 4); uint16_t certtype = GET_UINT16_LE(indata + pe_ctx->sigpos + pos + 6); if (certrev == WIN_CERT_REVISION_2_0 && certtype == WIN_CERT_TYPE_PKCS_SIGNED_DATA) { /* skip 8 bytes from the attribute certificate table */ const u_char *blob = (u_char *)indata + pe_ctx->sigpos + pos + 8; return d2i_PKCS7(NULL, &blob, len - 8); } /* quadword align data */ len += len % 8 ? 8 - len % 8 : 0; pos += len; } return NULL; /* FAILED */ } /* * Calculate checksum. * A signed PE file is padded (with 0's) to 8 byte boundary, * ignore any last odd byte in an unsigned file. * [in] outdata: outdata file BIO * [in] header_size: PE header size * [returns] checksum */ static uint32_t pe_calc_checksum(BIO *outdata, uint32_t header_size) { uint32_t checkSum = 0, offset = 0; int nread; unsigned short *buf = OPENSSL_malloc(SIZE_64K); /* recalculate the checksum */ (void)BIO_seek(outdata, 0); while ((nread = BIO_read(outdata, buf, SIZE_64K)) > 0) { unsigned short val; int i; for (i = 0; i < nread / 2; i++) { val = LE_UINT16(buf[i]); if (offset == header_size + 88 || offset == header_size + 90) val = 0; checkSum += val; checkSum = LOWORD(LOWORD(checkSum) + HIWORD(checkSum)); offset += 2; } } OPENSSL_free(buf); checkSum = LOWORD(LOWORD(checkSum) + HIWORD(checkSum)); checkSum += offset; return checkSum; } /* * Compute a checkSum value of the signed or unsigned PE file. * [in] ctx: structure holds input and output data * [returns] checksum */ static uint32_t pe_calc_realchecksum(FILE_FORMAT_CTX *ctx) { uint32_t n = 0, checkSum = 0, offset = 0; BIO *bio = BIO_new(BIO_s_mem()); unsigned short *buf = OPENSSL_malloc(SIZE_64K); /* calculate the checkSum */ while (n < ctx->pe_ctx->fileend) { size_t i, written, nread; size_t left = ctx->pe_ctx->fileend - n; unsigned short val; if (left > SIZE_64K) left = SIZE_64K; if (!BIO_write_ex(bio, ctx->options->indata + n, left, &written)) goto err; /* FAILED */ (void)BIO_seek(bio, 0); n += (uint32_t)written; if (!BIO_read_ex(bio, buf, written, &nread)) goto err; /* FAILED */ for (i = 0; i < nread / 2; i++) { val = LE_UINT16(buf[i]); if (offset == ctx->pe_ctx->header_size + 88 || offset == ctx->pe_ctx->header_size + 90) { val = 0; } checkSum += val; checkSum = LOWORD(LOWORD(checkSum) + HIWORD(checkSum)); offset += 2; } } checkSum = LOWORD(LOWORD(checkSum) + HIWORD(checkSum)); checkSum += offset; err: OPENSSL_free(buf); BIO_free(bio); return checkSum; } /* * Modify PE header. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [out] outdata: outdata file BIO * [returns] 1 on error or 0 on success */ static int pe_modify_header(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) { size_t i, len, written; char *buf; i = len = ctx->pe_ctx->header_size + 88; if (!BIO_write_ex(hash, ctx->options->indata, len, &written) || written != len) { return 0; /* FAILED */ } buf = OPENSSL_malloc(SIZE_64K); memset(buf, 0, 4); BIO_write(outdata, buf, 4); /* zero out checksum */ i += 4; len = 60 + ctx->pe_ctx->pe32plus * 16; if (!BIO_write_ex(hash, ctx->options->indata + i, len, &written) || written != len) { OPENSSL_free(buf); return 0; /* FAILED */ } i += 60 + ctx->pe_ctx->pe32plus * 16; memset(buf, 0, 8); BIO_write(outdata, buf, 8); /* zero out sigtable offset + pos */ i += 8; len = ctx->pe_ctx->fileend - i; while (len > 0) { if (!BIO_write_ex(hash, ctx->options->indata + i, len, &written)) { OPENSSL_free(buf); return 0; /* FAILED */ } len -= written; i += written; } /* pad (with 0's) pe file to 8 byte boundary */ len = 8 - ctx->pe_ctx->fileend % 8; if (len != 8) { memset(buf, 0, len); if (!BIO_write_ex(hash, buf, len, &written) || written != len) { OPENSSL_free(buf); return 0; /* FAILED */ } ctx->pe_ctx->fileend += (uint32_t)len; } OPENSSL_free(buf); return 1; /* OK */ } /* * Compute a message digest value of a signed or unsigned PE file. * [in] ctx: structure holds input and output data * [in] md: message digest algorithm * [returns] calculated message digest BIO */ static BIO *pe_digest_calc_bio(FILE_FORMAT_CTX *ctx, const EVP_MD *md) { size_t written; uint32_t idx = 0, fileend; BIO *bhash = BIO_new(BIO_f_md()); if (!BIO_set_md(bhash, md)) { printf("Unable to set the message digest of BIO\n"); BIO_free_all(bhash); return 0; /* FAILED */ } BIO_push(bhash, BIO_new(BIO_s_null())); if (ctx->pe_ctx->sigpos) fileend = ctx->pe_ctx->sigpos; else fileend = ctx->pe_ctx->fileend; /* ctx->pe_ctx->header_size + 88 + 4 + 60 + ctx->pe_ctx->pe32plus * 16 + 8 */ if (!BIO_write_ex(bhash, ctx->options->indata, ctx->pe_ctx->header_size + 88, &written) || written != ctx->pe_ctx->header_size + 88) { BIO_free_all(bhash); return 0; /* FAILED */ } idx += (uint32_t)written + 4; if (!BIO_write_ex(bhash, ctx->options->indata + idx, 60 + ctx->pe_ctx->pe32plus * 16, &written) || written != 60 + ctx->pe_ctx->pe32plus * 16) { BIO_free_all(bhash); return 0; /* FAILED */ } idx += (uint32_t)written + 8; if (!bio_hash_data(bhash, ctx->options->indata, idx, fileend)) { printf("Unable to calculate digest\n"); BIO_free_all(bhash); return 0; /* FAILED */ } if (!ctx->pe_ctx->sigpos) { /* pad (with 0's) unsigned PE file to 8 byte boundary */ int len = 8 - ctx->pe_ctx->fileend % 8; if (len > 0 && len != 8) { char *buf = OPENSSL_malloc(8); memset(buf, 0, (size_t)len); BIO_write(bhash, buf, len); OPENSSL_free(buf); } } return bhash; } /* * Page hash support */ /* * Retrieve a page hash from SPC_INDIRECT_DATA structure. * [out] ph: page hash * [out] phlen: page hash length * [out] phtype: NID_sha1 or NID_sha256 * [in] obj: SPC_INDIRECT_DATA OID: 1.3.6.1.4.1.311.2.1.4 containing page hash * [returns] 0 on error or 1 on success */ static int pe_page_hash_get(u_char **ph, int *phlen, int *phtype, SpcAttributeTypeAndOptionalValue *obj) { const u_char *blob; SpcPeImageData *id; SpcSerializedObject *so; int l, l2; char buf[128]; if (!obj || !obj->value) return 0; /* FAILED */ blob = obj->value->value.sequence->data; id = d2i_SpcPeImageData(NULL, &blob, obj->value->value.sequence->length); if (!id) { return 0; /* FAILED */ } if (!id->file) { SpcPeImageData_free(id); return 0; /* FAILED */ } if (id->file->type != 1) { SpcPeImageData_free(id); return 1; /* OK - This is not SpcSerializedObject structure that contains page hashes */ } so = id->file->value.moniker; if (so->classId->length != sizeof classid_page_hash || memcmp(so->classId->data, classid_page_hash, sizeof classid_page_hash)) { SpcPeImageData_free(id); return 0; /* FAILED */ } /* skip ASN.1 SET hdr */ l = asn1_simple_hdr_len(so->serializedData->data, so->serializedData->length); blob = so->serializedData->data + l; obj = d2i_SpcAttributeTypeAndOptionalValue(NULL, &blob, so->serializedData->length - l); SpcPeImageData_free(id); if (!obj) return 0; /* FAILED */ *phtype = 0; buf[0] = 0x00; OBJ_obj2txt(buf, sizeof buf, obj->type, 1); if (!strcmp(buf, SPC_PE_IMAGE_PAGE_HASHES_V1)) { *phtype = NID_sha1; } else if (!strcmp(buf, SPC_PE_IMAGE_PAGE_HASHES_V2)) { *phtype = NID_sha256; } else { SpcAttributeTypeAndOptionalValue_free(obj); return 0; /* FAILED */ } /* Skip ASN.1 SET hdr */ l2 = asn1_simple_hdr_len(obj->value->value.sequence->data, obj->value->value.sequence->length); /* Skip ASN.1 OCTET STRING hdr */ l = asn1_simple_hdr_len(obj->value->value.sequence->data + l2, obj->value->value.sequence->length - l2); l += l2; *phlen = obj->value->value.sequence->length - l; *ph = OPENSSL_malloc((size_t)*phlen); memcpy(*ph, obj->value->value.sequence->data + l, (size_t)*phlen); SpcAttributeTypeAndOptionalValue_free(obj); return 1; /* OK */ } /* * Calculate page hash for the PE file. * [out] rphlen: page hash length * [in] ctx: structure holds input and output data * [in] phtype: NID_sha1 or NID_sha256 * [returns] pointer to calculated page hash */ static u_char *pe_page_hash_calc(int *rphlen, FILE_FORMAT_CTX *ctx, int phtype) { uint16_t nsections, opthdr_size; uint32_t alignment, pagesize, hdrsize; uint32_t rs, ro, l, lastpos = 0; int pphlen, phlen, i, pi = 1; size_t written; u_char *res, *zeroes; char *sections; const EVP_MD *md = EVP_get_digestbynid(phtype); BIO *bhash; /* NumberOfSections indicates the size of the section table, * which immediately follows the headers, can be up to 65535 under Vista and later */ nsections = GET_UINT16_LE(ctx->options->indata + ctx->pe_ctx->header_size + 6); if (nsections == 0) { printf("Corrupted number of sections: 0x%08X\n", nsections); return NULL; /* FAILED */ } /* FileAlignment is the alignment factor (in bytes) that is used to align * the raw data of sections in the image file. The value should be a power * of 2 between 512 and 64 K, inclusive. The default is 512. */ alignment = GET_UINT32_LE(ctx->options->indata + ctx->pe_ctx->header_size + 60); if (alignment < 512 || alignment > UINT16_MAX) { printf("Corrupted file alignment factor: 0x%08X\n", alignment); return NULL; /* FAILED */ } /* SectionAlignment is the alignment (in bytes) of sections when they are * loaded into memory. It must be greater than or equal to FileAlignment. * The default is the page size for the architecture. * The large page size is at most 4 MB. * https://devblogs.microsoft.com/oldnewthing/20210510-00/?p=105200 */ pagesize = GET_UINT32_LE(ctx->options->indata + ctx->pe_ctx->header_size + 56); if (pagesize == 0 || pagesize < alignment || pagesize > 4194304) { printf("Corrupted page size: 0x%08X\n", pagesize); return NULL; /* FAILED */ } /* SizeOfHeaders is the combined size of an MS-DOS stub, PE header, * and section headers rounded up to a multiple of FileAlignment. */ hdrsize = GET_UINT32_LE(ctx->options->indata + ctx->pe_ctx->header_size + 84); if (hdrsize < ctx->pe_ctx->header_size || hdrsize > UINT32_MAX) { printf("Corrupted headers size: 0x%08X\n", hdrsize); return NULL; /* FAILED */ } /* SizeOfOptionalHeader is the size of the optional header, which is * required for executable files, but for object files should be zero, * and can't be bigger than the file */ opthdr_size = GET_UINT16_LE(ctx->options->indata + ctx->pe_ctx->header_size + 20); if (opthdr_size == 0 || opthdr_size > ctx->pe_ctx->fileend) { printf("Corrupted optional header size: 0x%08X\n", opthdr_size); return NULL; /* FAILED */ } pphlen = 4 + EVP_MD_size(md); phlen = pphlen * (3 + (int)nsections + (int)(ctx->pe_ctx->fileend / pagesize)); bhash = BIO_new(BIO_f_md()); if (!BIO_set_md(bhash, md)) { printf("Unable to set the message digest of BIO\n"); BIO_free_all(bhash); return NULL; /* FAILED */ } BIO_push(bhash, BIO_new(BIO_s_null())); if (!BIO_write_ex(bhash, ctx->options->indata, ctx->pe_ctx->header_size + 88, &written) || written != ctx->pe_ctx->header_size + 88) { BIO_free_all(bhash); return NULL; /* FAILED */ } if (!BIO_write_ex(bhash, ctx->options->indata + ctx->pe_ctx->header_size + 92, 60 + ctx->pe_ctx->pe32plus*16, &written) || written != 60 + ctx->pe_ctx->pe32plus*16) { BIO_free_all(bhash); return NULL; /* FAILED */ } if (!BIO_write_ex(bhash, ctx->options->indata + ctx->pe_ctx->header_size + 160 + ctx->pe_ctx->pe32plus*16, hdrsize - (ctx->pe_ctx->header_size + 160 + ctx->pe_ctx->pe32plus*16), &written) || written != hdrsize - (ctx->pe_ctx->header_size + 160 + ctx->pe_ctx->pe32plus*16)) { BIO_free_all(bhash); return NULL; /* FAILED */ } zeroes = OPENSSL_zalloc((size_t)pagesize); if (!BIO_write_ex(bhash, zeroes, pagesize - hdrsize, &written) || written != pagesize - hdrsize) { BIO_free_all(bhash); OPENSSL_free(zeroes); return NULL; /* FAILED */ } res = OPENSSL_malloc((size_t)phlen); memset(res, 0, 4); BIO_gets(bhash, (char*)res + 4, EVP_MD_size(md)); BIO_free_all(bhash); sections = ctx->options->indata + ctx->pe_ctx->header_size + 24 + opthdr_size; for (i=0; i= UINT32_MAX) { sections += 40; continue; } for (l=0; loptions->indata + ro + l, rs - l, &written) || written != rs - l) { BIO_free_all(bhash); OPENSSL_free(zeroes); OPENSSL_free(res); return NULL; /* FAILED */ } if (!BIO_write_ex(bhash, zeroes, pagesize - (rs - l), &written) || written != pagesize - (rs - l)) { BIO_free_all(bhash); OPENSSL_free(zeroes); OPENSSL_free(res); return NULL; /* FAILED */ } } else { if (!BIO_write_ex(bhash, ctx->options->indata + ro + l, pagesize, &written) || written != pagesize) { BIO_free_all(bhash); OPENSSL_free(zeroes); OPENSSL_free(res); return NULL; /* FAILED */ } } BIO_gets(bhash, (char*)res + pi*pphlen + 4, EVP_MD_size(md)); BIO_free_all(bhash); } lastpos = ro + rs; sections += 40; } PUT_UINT32_LE(lastpos, res + pi*pphlen); memset(res + pi*pphlen + 4, 0, (size_t)EVP_MD_size(md)); pi++; OPENSSL_free(zeroes); *rphlen = pi*pphlen; return res; } /* * Calculate page hash for the PE file, compare with the given value and print values. * [in] ctx: structure holds input and output data * [in] ph: page hash * [in] phlen: page hash length * [in] phtype: NID_sha1 or NID_sha256 * [returns] 0 on error or 1 on success */ static int pe_verify_page_hash(FILE_FORMAT_CTX *ctx, u_char *ph, int phlen, int phtype) { int mdok, cphlen = 0; u_char *cph; if (!ph) return 1; /* OK */ cph = pe_page_hash_calc(&cphlen, ctx, phtype); mdok = (phlen == cphlen) && !memcmp(ph, cph, (size_t)phlen); printf("Page hash algorithm : %s\n", OBJ_nid2sn(phtype)); if (ctx->options->verbose) { print_hash("Page hash ", "", ph, phlen); print_hash("Calculated page hash ", mdok ? "\n" : "... MISMATCH!!!\n", cph, cphlen); } else { print_hash("Page hash ", "...", ph, (phlen < 32) ? phlen : 32); print_hash("Calculated page hash ", mdok ? "...\n" : "... MISMATCH!!!\n", cph, (cphlen < 32) ? cphlen : 32); } OPENSSL_free(cph); return mdok; } /* * Create a new SpcLink structure. * [in] ctx: structure holds input and output data * [in] phtype: NID_sha1 or NID_sha256 * [returns] pointer to SpcLink structure */ static SpcLink *pe_page_hash_link_get(FILE_FORMAT_CTX *ctx, int phtype) { u_char *ph, *p, *tmp; int l, phlen; ASN1_TYPE *tostr; SpcAttributeTypeAndOptionalValue *aval; ASN1_TYPE *taval; SpcSerializedObject *so; SpcLink *link; STACK_OF(ASN1_TYPE) *oset, *aset; ph = pe_page_hash_calc(&phlen, ctx, phtype); if (!ph) { printf("Failed to calculate page hash\n"); return NULL; /* FAILED */ } if (ctx->options->verbose) print_hash("Calculated page hash ", "", ph, phlen); else print_hash("Calculated page hash ", "...", ph, (phlen < 32) ? phlen : 32); tostr = ASN1_TYPE_new(); tostr->type = V_ASN1_OCTET_STRING; tostr->value.octet_string = ASN1_OCTET_STRING_new(); ASN1_OCTET_STRING_set(tostr->value.octet_string, ph, phlen); OPENSSL_free(ph); oset = sk_ASN1_TYPE_new_null(); sk_ASN1_TYPE_push(oset, tostr); l = i2d_ASN1_SET_ANY(oset, NULL); tmp = p = OPENSSL_malloc((size_t)l); i2d_ASN1_SET_ANY(oset, &tmp); ASN1_TYPE_free(tostr); sk_ASN1_TYPE_free(oset); aval = SpcAttributeTypeAndOptionalValue_new(); aval->type = OBJ_txt2obj((phtype == NID_sha1) ? SPC_PE_IMAGE_PAGE_HASHES_V1 : SPC_PE_IMAGE_PAGE_HASHES_V2, 1); aval->value = ASN1_TYPE_new(); aval->value->type = V_ASN1_SET; aval->value->value.set = ASN1_STRING_new(); ASN1_STRING_set(aval->value->value.set, p, l); OPENSSL_free(p); l = i2d_SpcAttributeTypeAndOptionalValue(aval, NULL); tmp = p = OPENSSL_malloc((size_t)l); i2d_SpcAttributeTypeAndOptionalValue(aval, &tmp); SpcAttributeTypeAndOptionalValue_free(aval); taval = ASN1_TYPE_new(); taval->type = V_ASN1_SEQUENCE; taval->value.sequence = ASN1_STRING_new(); ASN1_STRING_set(taval->value.sequence, p, l); OPENSSL_free(p); aset = sk_ASN1_TYPE_new_null(); sk_ASN1_TYPE_push(aset, taval); l = i2d_ASN1_SET_ANY(aset, NULL); tmp = p = OPENSSL_malloc((size_t)l); l = i2d_ASN1_SET_ANY(aset, &tmp); ASN1_TYPE_free(taval); sk_ASN1_TYPE_free(aset); so = SpcSerializedObject_new(); ASN1_OCTET_STRING_set(so->classId, classid_page_hash, sizeof classid_page_hash); ASN1_OCTET_STRING_set(so->serializedData, p, l); OPENSSL_free(p); link = SpcLink_new(); link->type = 1; link->value.moniker = so; return link; } /* * Print current and calculated PE checksum, * check if the signature exists. * [in, out] ctx: structure holds input and output data * [returns] 0 on error or 1 on success */ static int pe_check_file(FILE_FORMAT_CTX *ctx) { uint32_t real_pe_checksum, sum = 0; if (!ctx) { printf("Init error\n\n"); return 0; /* FAILED */ } real_pe_checksum = pe_calc_realchecksum(ctx); if (ctx->pe_ctx->pe_checksum == real_pe_checksum) { printf("PE checksum : %08X\n\n", real_pe_checksum); } else { printf("Current PE checksum : %08X\n", ctx->pe_ctx->pe_checksum); printf("Calculated PE checksum: %08X\n", real_pe_checksum); printf("Warning: invalid PE checksum\n\n"); } if (ctx->pe_ctx->sigpos == 0 || ctx->pe_ctx->siglen == 0 || ctx->pe_ctx->sigpos > ctx->pe_ctx->fileend) { printf("No signature found\n\n"); return 0; /* FAILED */ } /* * If the sum of the rounded dwLength values does not equal the Size value, * then either the attribute certificate table or the Size field is corrupted. */ while (sum < ctx->pe_ctx->siglen) { uint32_t len = GET_UINT32_LE(ctx->options->indata + ctx->pe_ctx->sigpos + sum); if (ctx->pe_ctx->siglen - len > 8) { printf("Corrupted attribute certificate table\n"); printf("Attribute certificate table size : %08X\n", ctx->pe_ctx->siglen); printf("Attribute certificate entry length: %08X\n\n", len); return 0; /* FAILED */ } /* quadword align data */ len += len % 8 ? 8 - len % 8 : 0; sum += len; } if (sum != ctx->pe_ctx->siglen) { printf("Corrupted attribute certificate table\n"); printf("Attribute certificate table size : %08X\n", ctx->pe_ctx->siglen); printf("Sum of the rounded dwLength values: %08X\n\n", sum); return 0; /* FAILED */ } return 1; /* OK */ } /* Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: */ osslsigncode-2.8/script.c000066400000000000000000000701041457117515700155460ustar00rootroot00000000000000/* * Script file support library * * Copyright (C) 2021-2024 Micha┼В Trojnara */ #include "osslsigncode.h" #include "helpers.h" #include "utf.h" typedef enum {comment_hash, comment_xml, comment_c, comment_not_found} comment_style; typedef struct { const char *extension; comment_style comment; } SCRIPT_FORMAT; const SCRIPT_FORMAT supported_formats[] = { {".ps1", comment_hash}, {".ps1xml", comment_xml}, {".psc1", comment_xml}, {".psd1", comment_hash}, {".psm1", comment_hash}, {".cdxml", comment_xml}, {".mof", comment_c}, {NULL, comment_not_found}, }; const char *signature_header = "SIG # Begin signature block"; const char *signature_footer = "SIG # End signature block"; typedef struct { const char *open; const char *close; } SCRIPT_COMMENT; const SCRIPT_COMMENT comment_text[] = { [comment_hash] = {"# ", ""}, [comment_xml] = {""}, [comment_c] = {"/* ", " */"} }; struct script_ctx_st { const SCRIPT_COMMENT *comment_text; int utf; uint32_t sigpos; uint32_t fileend; }; #define LINE_MAX_LEN 100 /* FILE_FORMAT method prototypes */ static FILE_FORMAT_CTX *script_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata); static ASN1_OBJECT *script_spc_sip_info_get(u_char **p, int *plen, FILE_FORMAT_CTX *ctx); static PKCS7 *script_pkcs7_contents_get(FILE_FORMAT_CTX *ctx, BIO *hash, const EVP_MD *md); static int script_hash_length_get(FILE_FORMAT_CTX *ctx); static u_char *script_digest_calc(FILE_FORMAT_CTX *ctx, const EVP_MD *md); static int script_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7); static PKCS7 *script_pkcs7_extract(FILE_FORMAT_CTX *ctx); static PKCS7 *script_pkcs7_extract_to_nest(FILE_FORMAT_CTX *ctx); static int script_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); static int script_process_data(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); static PKCS7 *script_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash); static int script_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7); static void script_bio_free(BIO *hash, BIO *outdata); static void script_ctx_cleanup(FILE_FORMAT_CTX *ctx); static int script_is_detaching_supported(void); FILE_FORMAT file_format_script = { .ctx_new = script_ctx_new, .data_blob_get = script_spc_sip_info_get, .pkcs7_contents_get = script_pkcs7_contents_get, .hash_length_get = script_hash_length_get, .digest_calc = script_digest_calc, .verify_digests = script_verify_digests, .pkcs7_extract = script_pkcs7_extract, .pkcs7_extract_to_nest = script_pkcs7_extract_to_nest, .remove_pkcs7 = script_remove_pkcs7, .process_data = script_process_data, .pkcs7_signature_new = script_pkcs7_signature_new, .append_pkcs7 = script_append_pkcs7, .bio_free = script_bio_free, .ctx_cleanup = script_ctx_cleanup, .is_detaching_supported = script_is_detaching_supported }; /* helper functions */ static SCRIPT_CTX *script_ctx_get(char *indata, uint32_t filesize, const SCRIPT_COMMENT *comment, int utf); static int write_commented(FILE_FORMAT_CTX *ctx, BIO *outdata, const char *data, size_t length); static int write_in_encoding(FILE_FORMAT_CTX *ctx, BIO *outdata, const char *line, size_t length); static size_t utf8_to_utf16(const char *data, size_t len, uint16_t **out_utf16); static size_t utf16_to_utf8(const uint16_t *data, size_t len, char **out_utf8); static BIO *script_digest_calc_bio(FILE_FORMAT_CTX *ctx, const EVP_MD *md); static int script_digest_convert(BIO *hash, FILE_FORMAT_CTX *ctx, size_t len); static int script_write_bio(BIO *data, char *indata, size_t len); static int script_check_file(FILE_FORMAT_CTX *ctx); /* * Allocate and return a script file format context. * [in, out] options: structure holds the input data * [out] hash: message digest BIO * [in] outdata: outdata file BIO (unused) * [returns] pointer to script file format context */ static FILE_FORMAT_CTX *script_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata) { FILE_FORMAT_CTX *ctx; SCRIPT_CTX *script_ctx; const SCRIPT_FORMAT *fmt; uint32_t filesize; const uint8_t utf16_bom[] = {0xff, 0xfe}; size_t name_len; int utf; /* squash the unused parameter warning */ (void)outdata; /* find out whether our format is supported */ name_len = strlen(options->infile); for (fmt = supported_formats; fmt->comment != comment_not_found; fmt++) { size_t ext_len = strlen(fmt->extension); if(name_len > ext_len && !strcasecmp(options->infile + name_len - ext_len, fmt->extension)) break; } if (fmt->comment == comment_not_found) return NULL; printf("Script file format: %s\n", fmt->extension); filesize = get_file_size(options->infile); if (filesize == 0) return NULL; /* FAILED */ options->indata = map_file(options->infile, filesize); if (!options->indata) { return NULL; /* FAILED */ } utf = memcmp(options->indata, utf16_bom, sizeof utf16_bom) ? 8 : 16; /* initialize script context */ script_ctx = script_ctx_get(options->indata, filesize, comment_text + fmt->comment, utf); if (!script_ctx) { unmap_file(options->indata, filesize); return NULL; /* FAILED */ } /* initialize file format context */ ctx = OPENSSL_malloc(sizeof(FILE_FORMAT_CTX)); memset(ctx, 0, sizeof(FILE_FORMAT_CTX)); ctx->format = &file_format_script; ctx->options = options; ctx->script_ctx = script_ctx; if (hash) BIO_push(hash, BIO_new(BIO_s_null())); /* FIXME: user interface logic belongs to osslsigncode.c */ if (options->pagehash == 1) printf("Warning: -ph option is only valid for PE files\n"); if (options->jp >= 0) printf("Warning: -jp option is only valid for CAB files\n"); return ctx; } /* * Allocate and return SpcSipInfo object. * Subject Interface Package (SIP) is an internal Microsoft API for * transforming arbitrary files into a digestible stream. * These ClassIDs are found in the indirect data section and identify * the type of processor needed to validate the signature. * https://github.com/sassoftware/relic/blob/620d0b75ec67c0158a8a9120950abe04327d922f/lib/authenticode/structs.go#L154 * [out] p: SpcSipInfo data * [out] plen: SpcSipInfo data length * [in] ctx: structure holds input and output data * [returns] pointer to ASN1_OBJECT structure corresponding to SPC_SIPINFO_OBJID */ static ASN1_OBJECT *script_spc_sip_info_get(u_char **p, int *plen, FILE_FORMAT_CTX *ctx) { const u_char SpcUUIDSipInfoPs[] = { 0x1f, 0xcc, 0x3b, 0x60, 0x59, 0x4b, 0x08, 0x4e, 0xb7, 0x24, 0xd2, 0xc6, 0x29, 0x7e, 0xf3, 0x51 }; ASN1_OBJECT *dtype; SpcSipInfo *si = SpcSipInfo_new(); /* squash the unused parameter warning */ (void)ctx; ASN1_INTEGER_set(si->a, 65536); ASN1_INTEGER_set(si->b, 0); ASN1_INTEGER_set(si->c, 0); ASN1_INTEGER_set(si->d, 0); ASN1_INTEGER_set(si->e, 0); ASN1_INTEGER_set(si->f, 0); ASN1_OCTET_STRING_set(si->string, SpcUUIDSipInfoPs, sizeof SpcUUIDSipInfoPs); *plen = i2d_SpcSipInfo(si, NULL); *p = OPENSSL_malloc((size_t)*plen); i2d_SpcSipInfo(si, p); *p -= *plen; dtype = OBJ_txt2obj(SPC_SIPINFO_OBJID, 1); SpcSipInfo_free(si); return dtype; /* OK */ } /* * Allocate and return a data content to be signed. * [in] ctx: structure holds input and output data * [in] hash: message digest BIO * [in] md: message digest algorithm * [returns] data content */ static PKCS7 *script_pkcs7_contents_get(FILE_FORMAT_CTX *ctx, BIO *hash, const EVP_MD *md) { ASN1_OCTET_STRING *content; BIO *bhash; /* squash the unused parameter warning */ (void)hash; bhash = script_digest_calc_bio(ctx, md); if (!bhash) { return NULL; /* FAILED */ } content = spc_indirect_data_content_get(bhash, ctx); BIO_free_all(bhash); return pkcs7_set_content(content); } static int script_hash_length_get(FILE_FORMAT_CTX *ctx) { return EVP_MD_size(ctx->options->md); } /* * Compute a simple sha1/sha256 message digest of the MSI file * for use with a catalog file. * [in] ctx: structure holds input and output data * [in] md: message digest algorithm * [returns] pointer to calculated message digest */ static u_char *script_digest_calc(FILE_FORMAT_CTX *ctx, const EVP_MD *md) { u_char *mdbuf; BIO *hash = BIO_new(BIO_f_md()); if (!BIO_set_md(hash, md)) { printf("Unable to set the message digest of BIO\n"); BIO_free_all(hash); return NULL; /* FAILED */ } BIO_push(hash, BIO_new(BIO_s_null())); if (!script_write_bio(hash, ctx->options->indata, ctx->script_ctx->fileend)) { BIO_free_all(hash); return NULL; /* FAILED */ } mdbuf = OPENSSL_malloc((size_t)EVP_MD_size(md)); BIO_gets(hash, (char*)mdbuf, EVP_MD_size(md)); BIO_free_all(hash); return mdbuf; /* OK */ } /* * Calculate the hash and compare to PKCS#7 signedData. * [in] ctx: structure holds input and output data * [in] p7: PKCS#7 signature * [returns] 0 on error or 1 on success */ static int script_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7) { int mdtype = -1; u_char mdbuf[EVP_MAX_MD_SIZE]; u_char *cmdbuf = NULL; const EVP_MD *md; BIO *bhash; /* FIXME: this shared code most likely belongs in osslsigncode.c */ if (is_content_type(p7, SPC_INDIRECT_DATA_OBJID)) { ASN1_STRING *content_val = p7->d.sign->contents->d.other->value.sequence; const u_char *p = content_val->data; SpcIndirectDataContent *idc = d2i_SpcIndirectDataContent(NULL, &p, content_val->length); if (idc) { if (idc->messageDigest && idc->messageDigest->digest && idc->messageDigest->digestAlgorithm) { mdtype = OBJ_obj2nid(idc->messageDigest->digestAlgorithm->algorithm); memcpy(mdbuf, idc->messageDigest->digest->data, (size_t)idc->messageDigest->digest->length); } SpcIndirectDataContent_free(idc); } } if (mdtype == -1) { printf("Failed to extract current message digest\n\n"); return 0; /* FAILED */ } md = EVP_get_digestbynid(mdtype); bhash = script_digest_calc_bio(ctx, md); if (!bhash) return 0; /* FAILED */ cmdbuf = OPENSSL_malloc((size_t)EVP_MD_size(md)); BIO_gets(bhash, (char*)cmdbuf, EVP_MD_size(md)); BIO_free_all(bhash); if (!compare_digests(mdbuf, cmdbuf, mdtype)) { printf("Signature verification: failed\n\n"); OPENSSL_free(cmdbuf); return 0; /* FAILED */ } OPENSSL_free(cmdbuf); return 1; /* OK */ } /* * Extract existing signature in DER format. * [in] ctx: structure holds input and output data * [returns] pointer to PKCS#7 structure */ static PKCS7 *script_pkcs7_extract(FILE_FORMAT_CTX *ctx) { const char *signature_data = ctx->options->indata + ctx->script_ctx->sigpos; size_t signature_len = ctx->script_ctx->fileend - ctx->script_ctx->sigpos; size_t base64_len, der_max_length, der_length; char *ptr; BIO *bio_mem, *bio_b64 = NULL; char *base64_data = NULL; char *der_data = NULL; const char *der_tmp; char *clean_base64 = NULL; int clean_base64_len = 0; const char *open_tag = ctx->script_ctx->comment_text->open; const char *close_tag = ctx->script_ctx->comment_text->close; size_t open_tag_len = strlen(open_tag); size_t close_tag_len = strlen(close_tag); size_t signature_header_len = strlen(signature_header); size_t signature_footer_len = strlen(signature_footer); PKCS7 *retval = NULL; if (!script_check_file(ctx)) { return NULL; /* FAILED, no signature */ } /* extract Base64 signature */ if (ctx->script_ctx->utf == 8) { base64_len = signature_len; base64_data = OPENSSL_malloc(base64_len); memcpy(base64_data, signature_data, base64_len); } else { base64_len = utf16_to_utf8((const void *)signature_data, signature_len, &base64_data); } /* allocate memory for cleaned Base64 */ clean_base64 = OPENSSL_malloc(base64_len); if (!clean_base64) { printf("Malloc failed\n"); goto cleanup; } /* copy clean Base64 data */ for (ptr = base64_data;;) { /* find the opening tag */ for(;;) { if (ptr + open_tag_len >= base64_data + base64_len) { printf("Signature line too long\n"); goto cleanup; } if (!memcmp(ptr, open_tag, (size_t)open_tag_len)) { ptr += open_tag_len; break; } ptr++; } /* process signature_header and signature_footer */ if (ptr + signature_header_len < base64_data + base64_len && !memcmp(ptr, signature_header, signature_header_len)) ptr += signature_header_len; if (ptr + signature_footer_len <= base64_data + base64_len && !memcmp(ptr, signature_footer, signature_footer_len)) break; /* success */ /* copy until the closing tag */ for(;;) { if (ptr + close_tag_len >= base64_data + base64_len) { printf("Signature line too long\n"); goto cleanup; } if (close_tag_len) { if (!memcmp(ptr, close_tag, (size_t)close_tag_len)) { ptr += close_tag_len; break; } } if (*ptr == '\r') { ptr++; } else if (*ptr == '\n') { ptr++; break; } else { clean_base64[clean_base64_len++] = *ptr++; } } } /* prepare for Base64 decoding */ bio_mem = BIO_new_mem_buf(clean_base64, clean_base64_len); bio_b64 = BIO_new(BIO_f_base64()); BIO_push(bio_b64, bio_mem); BIO_set_flags(bio_b64, BIO_FLAGS_BASE64_NO_NL); /* allocate memory for DER output */ der_max_length = BIO_ctrl_pending(bio_b64); der_data = OPENSSL_malloc(der_max_length); if (!der_data) goto cleanup; /* decode Base64 to DER */ if (!BIO_read_ex(bio_b64, der_data, der_max_length, &der_length)) goto cleanup; if (der_length <= 0) goto cleanup; /* decode DER */ der_tmp = der_data; retval = d2i_PKCS7(NULL, (const unsigned char **)&der_tmp, (int)der_length); cleanup: OPENSSL_free(base64_data); OPENSSL_free(clean_base64); OPENSSL_free(der_data); BIO_free_all(bio_b64); return retval; } /* * Extract existing signature in DER format. * [in] ctx: structure holds input and output data * [returns] pointer to PKCS#7 structure */ static PKCS7 *script_pkcs7_extract_to_nest(FILE_FORMAT_CTX *ctx) { return script_pkcs7_extract(ctx); } /* * Remove existing signature. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [out] outdata: outdata file BIO * [returns] 1 on error or 0 on success */ static int script_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) { /* squash the unused parameter warning */ (void)hash; if (!script_check_file(ctx)) { return 1; /* FAILED, no signature */ } if (!script_write_bio(outdata, ctx->options->indata, ctx->script_ctx->sigpos)) { return 1; /* FAILED */ } return 0; /* OK */ } /* * Initialize outdata file and calculate a hash (message digest) of data. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [out] outdata: outdata file BIO * [returns] 1 on error or 0 on success */ static int script_process_data(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) { if (ctx->script_ctx->sigpos > 0) { /* Strip current signature */ ctx->script_ctx->fileend = ctx->script_ctx->sigpos; } if (!script_write_bio(outdata, ctx->options->indata, ctx->script_ctx->fileend)) return 1; /* FAILED */ if (!script_digest_convert(hash, ctx, ctx->script_ctx->fileend)) return 1; /* FAILED */ return 0; /* OK */ } /* * Create a new PKCS#7 signature. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [returns] pointer to PKCS#7 structure */ static PKCS7 *script_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash) { ASN1_OCTET_STRING *content; PKCS7 *p7 = pkcs7_create(ctx); if (!p7) { printf("Creating a new signature failed\n"); return NULL; /* FAILED */ } if (!add_indirect_data_object(p7)) { printf("Adding SPC_INDIRECT_DATA_OBJID failed\n"); PKCS7_free(p7); return NULL; /* FAILED */ } content = spc_indirect_data_content_get(hash, ctx); if (!content) { printf("Failed to get spcIndirectDataContent\n"); return NULL; /* FAILED */ } if (!sign_spc_indirect_data_content(p7, content)) { printf("Failed to set signed content\n"); PKCS7_free(p7); ASN1_OCTET_STRING_free(content); return NULL; /* FAILED */ } ASN1_OCTET_STRING_free(content); return p7; } /* * Append signature to the outfile. * [in, out] ctx: structure holds input and output data * [out] outdata: outdata file BIO * [in] p7: PKCS#7 signature * [returns] 1 on error or 0 on success */ static int script_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) { BIO *bio, *b64; BUF_MEM *buffer; size_t i; static const char crlf[] = {0x0d, 0x0a}; int ret = 1; /* convert to BASE64 */ b64 = BIO_new(BIO_f_base64()); /* BIO for base64 encoding */ if (!b64) return 1; /* FAILED */ BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); bio = BIO_new(BIO_s_mem()); /* BIO to hold the base64 data */ if (!bio) { BIO_free(b64); return 1; /* FAILED */ } bio = BIO_push(b64, bio); /* chain base64 BIO onto memory BIO */ if (!i2d_PKCS7_bio(bio, p7)) { BIO_free_all(bio); return 1; /* FAILED */ } (void)BIO_flush(bio); BIO_get_mem_ptr(bio, &buffer); (void)BIO_set_close(bio, BIO_NOCLOSE); /* split to individual lines and write to outdata */ if (!write_commented(ctx, outdata, signature_header, strlen(signature_header))) goto cleanup; for (i = 0; i < buffer->length; i += 64) { if (!write_commented(ctx, outdata, buffer->data + i, buffer->length - i < 64 ? buffer->length - i : 64)) { goto cleanup; } } if (!write_commented(ctx, outdata, signature_footer, strlen(signature_footer))) goto cleanup; /* signtool expects CRLF terminator at the end of the text file */ if (!write_in_encoding(ctx, outdata, crlf, sizeof crlf)) goto cleanup; ret = 0; /* OK */ cleanup: BUF_MEM_free(buffer); BIO_free_all(bio); return ret; } /* * Free up an entire outdata BIO chain. * [out] hash: message digest BIO * [out] outdata: outdata file BIO * [returns] none */ static void script_bio_free(BIO *hash, BIO *outdata) { BIO_free_all(hash); BIO_free_all(outdata); } /* * Deallocate a FILE_FORMAT_CTX structure and script format specific structures. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [out] outdata: outdata file BIO * [returns] none */ static void script_ctx_cleanup(FILE_FORMAT_CTX *ctx) { unmap_file(ctx->options->indata, ctx->script_ctx->fileend); OPENSSL_free(ctx->script_ctx); OPENSSL_free(ctx); } static int script_is_detaching_supported(void) { return 1; /* OK */ } /* * Script helper functions */ static SCRIPT_CTX *script_ctx_get(char *indata, uint32_t filesize, const SCRIPT_COMMENT *comment, int utf) { SCRIPT_CTX *script_ctx; const char *input_pos, *signature_pos, *ptr; uint32_t line[LINE_MAX_LEN], commented_header[40], cr, lf; size_t sig_pos = 0, line_pos = 0, commented_header_len = 0; size_t commented_header_size = sizeof commented_header / sizeof(uint32_t); utf8DecodeRune("\r", 1, &cr); utf8DecodeRune("\n", 1, &lf); /* compute runes for the commented signature header */ for (ptr = comment->open; *ptr && commented_header_len < commented_header_size; commented_header_len++) ptr = utf8DecodeRune(ptr, 1, commented_header + commented_header_len); for (ptr = signature_header; *ptr && commented_header_len < commented_header_size; commented_header_len++) ptr = utf8DecodeRune(ptr, 1, commented_header + commented_header_len); for (ptr = comment->close; *ptr && commented_header_len < commented_header_size; commented_header_len++) ptr = utf8DecodeRune(ptr, 1, commented_header + commented_header_len); /* find the signature header */ for (signature_pos = input_pos = indata; input_pos < indata + filesize; ) { const char *input_prev = input_pos; input_pos = utf == 8 ? utf8DecodeRune(input_pos, (size_t)(indata + filesize - input_pos), line + line_pos) : (const char *)utf16DecodeRune((const void *)input_pos, (size_t)(indata + filesize - input_pos)/2, line + line_pos); if (!memcmp(line + line_pos, &lf, sizeof lf)) { if (line_pos >= commented_header_len && !memcmp(line, commented_header, commented_header_len * sizeof(uint32_t))) { sig_pos = (size_t)(signature_pos - indata); if (!memcmp(line + line_pos - 1, &cr, sizeof cr)) sig_pos -= (size_t)utf / 8; break; /* SUCCEEDED */ } line_pos = 0; signature_pos = input_prev; /* previous line */ } else if (line_pos < LINE_MAX_LEN - 1) { line_pos++; /* we can ignore lines longer than our buffer */ } } printf("Signature position: %zu\n", sig_pos); script_ctx = OPENSSL_malloc(sizeof(SCRIPT_CTX)); script_ctx->comment_text = comment; script_ctx->utf = utf; script_ctx->fileend = filesize; script_ctx->sigpos = (uint32_t)sig_pos; return script_ctx; /* OK */ } /* write a commented line to the bio: * - prepend with CRLF ("\r\n") * - add opening/closing comment tags * - adjust encoding if needed * [returns] 0 on error or 1 on success */ static int write_commented(FILE_FORMAT_CTX *ctx, BIO *outdata, const char *data, size_t length) { const char *open_tag = ctx->script_ctx->comment_text->open; const char *close_tag = ctx->script_ctx->comment_text->close; size_t open_tag_len = strlen(open_tag); size_t close_tag_len = strlen(close_tag); char *line; /* the buffer needs to be long enough for: * - CRLF ("\r\n") * - opening tag * - up to 64 bytes of data * - closing tag * - trailing NUL ("\0") */ line = OPENSSL_malloc(2 + open_tag_len + length + close_tag_len + 1); strcpy(line, "\r\n"); strcat(line, open_tag); memcpy(line + 2 + open_tag_len, data, length); line[2 + open_tag_len + length] = '\0'; strcat(line, close_tag); /* adjust encoding */ if (!write_in_encoding(ctx, outdata, line, strlen(line))) { OPENSSL_free(line); return 0; /* FAILED */ } OPENSSL_free(line); return 1; /* OK */ } /* adjust encoding if needed * [returns] 0 on error or 1 on success */ static int write_in_encoding(FILE_FORMAT_CTX *ctx, BIO *outdata, const char *line, size_t length) { size_t written; if (ctx->script_ctx->utf == 8) { if (!BIO_write_ex(outdata, line, length, &written) || written != length) { return 0; /* FAILED */ } } else { uint16_t *utf16_data = NULL; size_t utf16_len = utf8_to_utf16(line, length, &utf16_data); if (!BIO_write_ex(outdata, utf16_data, utf16_len, &written) || written != utf16_len) { OPENSSL_free(utf16_data); return 0; /* FAILED */ } OPENSSL_free(utf16_data); } return 1; /* OK */ } /* convert len bytes of UTF-8 to UTF-16 * return the number of output bytes */ static size_t utf8_to_utf16(const char *data, size_t len, uint16_t **out_utf16) { size_t utf16_len = utf8UTF16Count(data, len); *out_utf16 = OPENSSL_malloc(utf16_len * sizeof(uint16_t)); if (!*out_utf16) return 0; /* memory allocation failed */ const char *s = data; uint16_t *d = *out_utf16; uint32_t rune; size_t remaining_len = len; while (remaining_len > 0) { s = utf8DecodeRune(s, remaining_len, &rune); if (!s || s < data) break; /* invalid UTF-8 sequence */ size_t consumed = (size_t)(s - data); remaining_len -= consumed; data = s; d += utf16EncodeRune(rune, d); } return (size_t)(2 * (d - *out_utf16)); } /* convert len bytes of UTF-16 to UTF-8 * return the number of output bytes */ static size_t utf16_to_utf8(const uint16_t *data, size_t len, char **out_utf8) { size_t utf8_len = utf16UTF8Count(data, len/2); *out_utf8 = OPENSSL_malloc(utf8_len); if (!*out_utf8) return 0; /* memory allocation failed */ const uint16_t *s = data; char *d = *out_utf8; uint32_t rune; size_t remaining_len = len/2; while (remaining_len > 0) { s = utf16DecodeRune(s, remaining_len, &rune); if (!s || s < data) break; /* invalid UTF-16 sequence */ size_t consumed = (size_t)(s - data); remaining_len -= consumed; data = s; d += utf8EncodeRune(rune, d); } return (size_t)(d - *out_utf8); } /* * Compute a message digest value of a signed or unsigned script file. * [in] ctx: structure holds input and output data * [in] md: message digest algorithm * [returns] calculated message digest BIO */ static BIO *script_digest_calc_bio(FILE_FORMAT_CTX *ctx, const EVP_MD *md) { size_t fileend; BIO *hash = BIO_new(BIO_f_md()); if (ctx->script_ctx->sigpos) fileend = ctx->script_ctx->sigpos; else fileend = ctx->script_ctx->fileend; if (!BIO_set_md(hash, md)) { printf("Unable to set the message digest of BIO\n"); BIO_free_all(hash); return NULL; /* FAILED */ } BIO_push(hash, BIO_new(BIO_s_null())); if (!script_digest_convert(hash, ctx, fileend)) { printf("Unable calc a message digest value\n"); BIO_free_all(hash); return NULL; /* FAILED */ } return hash; } /* * Compute a message digest value * [in, out] hash: message digest BIO * [in] ctx: structure holds input and output data * [in] len: mapped file length * [returns] 0 on error or 1 on success */ static int script_digest_convert(BIO *hash, FILE_FORMAT_CTX *ctx, size_t len) { if (ctx->script_ctx->utf == 8) { /* need to convert to UTF-16 */ uint16_t *utf16_data = NULL; size_t utf16_len = utf8_to_utf16(ctx->options->indata, len, &utf16_data); if (!script_write_bio(hash, (char *)utf16_data, utf16_len)) { OPENSSL_free(utf16_data); return 0; /* FAILED */ } OPENSSL_free(utf16_data); } else { /* already UTF-16 -> no need to convert */ if (!script_write_bio(hash, ctx->options->indata, len)) { return 0; /* FAILED */ } } return 1; /* OK */ } /* * Write len bytes from data to BIO * [in, out] bio: message digest or outdata BIO * [in] indata: mapped file * [in] len: indata length * [returns] 0 on error or 1 on success */ static int script_write_bio(BIO *bio, char *indata, size_t len) { size_t i = 0, written; while (len > 0) { if (!BIO_write_ex(bio, indata + i, len, &written)) return 0; /* FAILED */ len -= written; i += written; } return 1; /* OK */ } /* * Check if the signature exists. * [in, out] ctx: structure holds input and output data * [returns] 0 on error or 1 on success */ static int script_check_file(FILE_FORMAT_CTX *ctx) { if (!ctx) { printf("Init error\n\n"); return 0; /* FAILED */ } if (ctx->script_ctx->sigpos == 0 || ctx->script_ctx->sigpos > ctx->script_ctx->fileend) { printf("No signature found\n\n"); return 0; /* FAILED */ } return 1; /* OK */ } /* Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: */ osslsigncode-2.8/tests/000077500000000000000000000000001457117515700152365ustar00rootroot00000000000000osslsigncode-2.8/tests/certs/000077500000000000000000000000001457117515700163565ustar00rootroot00000000000000osslsigncode-2.8/tests/certs/CACert.pem000066400000000000000000000024461457117515700201700ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDoTCCAomgAwIBAgIUVD6Q+gnrOmJWbEnmfydpUg2JNmswDQYJKoZIhvcNAQEL BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN MTcwMTAxMDAwMDAwWhcNMzYxMjI3MDAwMDAwWjBYMQswCQYDVQQGEwJQTDEVMBMG A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv cml0eTEQMA4GA1UEAwwHUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAMUvCAWI9LrgtVw9RARZLFb/qB1868H86eyr8oITzXl6u9FSQwvGH1MG szRhuD9TJAjy1uIiVPJ7ez2VjKXm2G9lUZMPJQRt50XTGbsGGDi4ITU1W3P+HI5u 45I0IL14Qv/R8X26lndBzlY4ImoCTAN4KzdfvoGLaMpNvbC1P7a4mlukrumi3WKT RAq46Mj5DAqr63NOolWimtTB+h0ZWv+xxngR7cfo+EimvhPB7y3xhY9OJ/27l6mJ uQJohz5PmzhZByluMhicTsd2cJEKQb7jnih492okCj6vH/FJmKg+DzXKTyue5Ki4 2jhzM9v1npyIkd7s/gnZVEsHH6oQIt8CAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB /zAdBgNVHQ4EFgQUGjxG/vql0oJgItr7HsLaW+koiMgwHwYDVR0jBBgwFoAUGjxG /vql0oJgItr7HsLaW+koiMgwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUA A4IBAQAy7AKbO8B8Njseqjy2LAj2sKHCLc1jsQa7izOAtr852NYFAfpBvkqQfxne 8k5iPKmcJE+Sm4wv3V/lzx2AHEXAPa7BgiAo7yeo9UbrDgRRGw4MirQ/djp44ekv KCc54bSE/paUZyEWKr8NbdBy7SZfZ/Dd+XUY2lbm3Mue3AzWl4xp4StoT6oaw6VI H6bIhZupond/RWp4jmHHEfvl4T6YLzl5FC+Ec2xBbpk5vAVZgyfrlv+W6V/il/X9 KTZl5ax4FJAm7vPn6fsgdAM5y24zJUAkeakKFsBYtoVoGg1iiFuMEGwFRn7EZYl1 8D16qEH+YPLCzujH1PhzjmmAfKl2 -----END CERTIFICATE----- osslsigncode-2.8/tests/certs/CACertCRL.der000066400000000000000000000010671457117515700205200ustar00rootroot000000000000000В30В0  *ЖHЖў  0g1 0 UPL10U osslsigncode1 0U Certification Authority10U Intermediate CA CRL DP 190101000000Z 430101000000Z0N0%fЎ{fї╖А)·"■сдHbB╢ 240227153014Z0%k6ыV╪oт єM╘ШТZ╨3╟B└ 240227153014Zа00.0U#0АГХ╔─ужqL╢эZз=V▄{йєR 0вwOo∙_Zosslsigncode-2.8/tests/certs/CACertCRL.pem000066400000000000000000000013631457117515700205260ustar00rootroot00000000000000-----BEGIN X509 CRL----- MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADBgMQswCQYDVQQGEwJQTDEVMBMGA1UE CgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 eTEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBFw0xOTAxMDEwMDAwMDBaFw00MzAx MDEwMDAwMDBaMCcwJQIUazbrVgbYb+IN803UmJJa0DPHQsAXDTI0MDIyNzE1MzAx NFqgMDAuMB8GA1UdIwQYMBaAFGQQ8as5N9zB/bsdyD9BWHdiJ+8pMAsGA1UdFAQE AgIQATANBgkqhkiG9w0BAQsFAAOCAQEAV+Ce8WaNN/PXbVT9rOy/TS2EDrM/oFPG vwZr2IQDcBtgFV5DpNZRKJo2m4mjPPt1eCjE404U2r6081bvq3PtwSPwezV+uCzF dDUafeR0eZhmzxD8M2Jmi5hGp3fQevDrA4+RR33DneYSNfzGx35VN8v/L7/TuA5X 0PG8b5hL9f3vsVXvFRj6hMkRy5m+gxFfWW/Uw3fXIt9sDLJ+eAKURdqn1c3CEwD6 bzh0s6dSXT4wp5/l96x8fKAv5hMqDC7KufvwjhhSXdYXDOHDQcv0g5aLo8Ug8dHg NJHqbTAAViyGfvsS9/pYb8kHpAWvaADK84tzaMzj7uCDXlCZEjIr7w== -----END X509 CRL----- osslsigncode-2.8/tests/certs/CACertCRL_crldp.pem000066400000000000000000000014601457117515700217100ustar00rootroot00000000000000-----BEGIN X509 CRL----- MIICMzCCARsCAQEwDQYJKoZIhvcNAQELBQAwZzELMAkGA1UEBhMCUEwxFTATBgNV BAoMDG9zc2xzaWduY29kZTEgMB4GA1UECwwXQ2VydGlmaWNhdGlvbiBBdXRob3Jp dHkxHzAdBgNVBAMMFkludGVybWVkaWF0ZSBDQSBDUkwgRFAXDTE5MDEwMTAwMDAw MFoXDTQzMDEwMTAwMDAwMFowTjAlAhQcZvYIe2b1FreAKfoi/uGkSGJCthcNMjQw MjI3MTUzMDE0WjAlAhRrNutWBthv4g3zTdSYklrQM8dCwBcNMjQwMjI3MTUzMDE0 WqAwMC4wHwYDVR0jBBgwFoAUFDxiqeJxiJbmZ4erKH0pBIhq7SMwCwYDVR0UBAQC AhACMA0GCSqGSIb3DQEBCwUAA4IBAQBZzGXEP4XdKuJ8ANIBGPu1Z+7T+4ln+nu3 MEPC9BexVAA02YPZx6i4c3cHC87aOL7zsr/K9OeF5MAYzi2QJwsenF4b9QL2rzQV sCAb3sY5ImAxN38GTJ+oI+uTeOefNE0wS7pP4phRmYNZwyDhxA2iT76+luoygyth NesiGalMFDrJvUM1DADTZGQrz9cQVgFq9WTcta9rdTYqSNctxkbpQaY0hgssH1Sh hWlSiFttciA2XVD7Ju/Qv9zN4nCQC0LskgKhqsefsOukpo6jqJ92OmNrrNaERfqs Yavzuj6DlcnE46ZxA0y2Du1apz0WDlbcAnsEqfNSDDCid09v+V9a -----END X509 CRL----- osslsigncode-2.8/tests/certs/CAcross.pem000066400000000000000000000024621457117515700204220ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDqTCCApGgAwIBAgIUKFKqG3FwQAmy4HgYyO4mGEiQ8QAwDQYJKoZIhvcNAQEL BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGDAWBgNVBAMMD1RydXN0ZWQgUm9v dCBDQTAeFw0xODAxMDEwMDAwMDBaFw0zNzEyMjcwMDAwMDBaMFgxCzAJBgNVBAYT AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxIDAeBgNVBAsMF0NlcnRpZmljYXRp b24gQXV0aG9yaXR5MRAwDgYDVQQDDAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEAxS8IBYj0uuC1XD1EBFksVv+oHXzrwfzp7KvyghPNeXq7 0VJDC8YfUwazNGG4P1MkCPLW4iJU8nt7PZWMpebYb2VRkw8lBG3nRdMZuwYYOLgh NTVbc/4cjm7jkjQgvXhC/9HxfbqWd0HOVjgiagJMA3grN1++gYtoyk29sLU/tria W6Su6aLdYpNECrjoyPkMCqvrc06iVaKa1MH6HRla/7HGeBHtx+j4SKa+E8HvLfGF j04n/buXqYm5AmiHPk+bOFkHKW4yGJxOx3ZwkQpBvuOeKHj3aiQKPq8f8UmYqD4P NcpPK57kqLjaOHMz2/WenIiR3uz+CdlUSwcfqhAi3wIDAQABo2MwYTAPBgNVHRMB Af8EBTADAQH/MB0GA1UdDgQWBBQaPEb++qXSgmAi2vsewtpb6SiIyDAfBgNVHSME GDAWgBSzLyt07qrH3+rgkQCvS/YZ3jR+fzAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZI hvcNAQELBQADggEBADCY4hadNyzoz0CpdpBcFjyglxOkgcitIAgvoc2N5zwHrkg7 BgJM1BJmCyki0AhXRKwl7sYbzNHgAhP1pBNjZqO13+cRcqPKvrxpYnsv11HaPS2E Ee/8EwHB3JlWlmWd6PHaJV0usRjDOuJnV/I/9mdFfIUcY0aoA36o2CCRJRKcvvVp Ztomnvw8IqFTn3GCNK3TRmVf2RYMhsDNQoEEidJENwCCRlcojmk1Ld95T89QsGOR cWJAHzyfbMQxRD7kQPZ4B2M8MvU3uD6nsamzvVM7H0UkSNuYLVkpU/wTUR8eQ2LI wFyi9JhKP4hF/RBuSzIHpXWO46GvzAO5dXZPLm0= -----END CERTIFICATE----- osslsigncode-2.8/tests/certs/CAroot.pem000066400000000000000000000024761457117515700202610ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDsTCCApmgAwIBAgIUQQOniemvgowXmc2hZSZoIWEF8DUwDQYJKoZIhvcNAQEL BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGDAWBgNVBAMMD1RydXN0ZWQgUm9v dCBDQTAeFw0xNzAxMDEwMDAwMDBaFw0zNjEyMjcwMDAwMDBaMGAxCzAJBgNVBAYT AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxIDAeBgNVBAsMF0NlcnRpZmljYXRp b24gQXV0aG9yaXR5MRgwFgYDVQQDDA9UcnVzdGVkIFJvb3QgQ0EwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCL2tfObRQcJ4fo/jarNfQVmeqjulYkLLNG UtYmFSAxkcYbmpfHpsSxnW9sbDZV8Cp6tFa97V7XATCNL/r671lpZjkYEj0NkjBE 84OI0pkAEwWC5m3+dl3wehu977OcV7cMxNTmAHJwEadXR3jmZV625/lja1QqgkqK MqOty2pJNmsRUEogjFoh00eulnapW5u72ovq9IDgjjhdvAClwkTY5jsLTeDwgvfS MRjAmef2qExI/l760Bl0xe4XDdROgN90npS/zuKcCkThtvmffiUZsyeel1kto1pF zkYGJroWSJl0Jt+dpJHcpSXOXP5M+LnuLV4nl5vqwksdPzswQvuZAgMBAAGjYzBh MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLMvK3Tuqsff6uCRAK9L9hneNH5/ MB8GA1UdIwQYMBaAFLMvK3Tuqsff6uCRAK9L9hneNH5/MA4GA1UdDwEB/wQEAwIB hjANBgkqhkiG9w0BAQsFAAOCAQEAesmiOEl8OA+T4DDOgjfhY6+pUZDDKpsx//mj /1bxr+akfwL3dN5IBq8g8tJJHOLqrl7Lard7onDRnz8GZmpkPvFa87QD2PU2addo DAQWdYsDrNMWkAE37Wk7FZ0RyFHiBopRUMspKmx/XwvJf+rhkidjJYxCo317i/Z8 fWi//wGsI6ogezOsMCxNEcIn2PltGfDiVFklmwsXhyfvGYfctqepu661a/7hFUaP uN0iEboTDcQuiWwwEEwMe55L1rjDlpRkGUBah5FteGmVwk0AoT4b+1FVrj9Q6sEa Ge6gsrhu2syUF9CErTW/CiV+jONe2ygw4welOBo598QW71w7Vw== -----END CERTIFICATE----- osslsigncode-2.8/tests/certs/TSA.key000066400000000000000000000032501457117515700175170ustar00rootroot00000000000000-----BEGIN PRIVATE KEY----- MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCplbeNvGrZmTDz p48TyvpOX36bGPMfyTVc8ZfAoh0SG86EFc1LHBV2K52dshHYqniQ6lE14jhsRPps YRBUFXO7I84Jd5CVcrvBWGuL8wXxjMwIW5buzY4x5oKowlyQGIasNiC8Mgx8TncJ kVWE6ekgoP4i1f4PVsFyG8zVNpI5VzHArAemYhvDjuA5jgTisfP8ph2pxUKTzYAI SaKm2YkBFvyhhTxtqnXHt8S0NnfDSCedKSzl1caN1TAKSbWoeChb+Tq8rycjPXh/ /7TkYgxmlSHiQhRcyEaZs54Ud8Q0nsnfRMhEtewr2IACmuKrFnoS+GtY5glPilR5 ScZ+7A9TAgMBAAECggEABOI/XIzFYMzeg2Rg8DAquQlyc92NE5zPtW0/WxhhizdT bPF3EISXh9DdMimCBeH8XxIzWFfSeFaoNFHp1GCf9ckYRuptk8ppz3OKVhOIbxqr YNY9UVVCrEFmjJ0Vxj7Be5M9TTEU4mxLVX4FtmDVClubeOxyX/oqcr4uwme0Az6A tjBVzl+YEYvZrbhao5d09LVQ3zj1T1EQ+XU5iTTV5Two86FQ6NQ9txe7jxcB8x8S BbD/PakmZj+oIdVBp4xnrhCJ3mYdzXy3qHWxq/BtHgS5fY3/tq3xtVSNxw7QJG7j CT2Cps3/99Lq2CPi8OkQKgjJwWqCZ0jOwHahEMlWIQKBgQDneq4LH0zfPJIW2zsi C7U813hV4NuQXd5EW2bmNe4KKnlrcbt3ZtJv8v3Ff5lMm1i8jDCeaeGhZOi/Ag/z aTtM1STFFEQg3QktcSAvS7hXufvAeufSrPOZdpBO51wqZl5wLMp2lsq885R3wnRl FtIErdmsLigVMC8RZ++gFNIjMQKBgQC7jJE93wV3j36QA7NAgxNH0AW5p5foWuA8 gR8MA9cpFI7X7q6hW9HYXw30kD3IzN6UW4U5LT4Pandxx484G1KENcyW2TzeGtpC MWBWHF4Mbxb/2pEkQoPk1dZmUxF5hvaGGHQYJn/pnJFavGUoNBlNjaIfgStzd1IO 68ceo5URwwKBgGjHJjrQmzo9L5968sRRamM04Tp2QsyRQMfOW8B+ztX5LebNn17H wx97bRVV0a1UcBFAn81E/iXRCG1VYKT8kCQSIse2ibQaeUoBd+EQtEu5WtRgjcjW Epn3ihC9NwHWPo8mJysQzIpE84JWGducPcpyayI97lTQ761AT741Tn0xAoGARtG2 ioFrhBEoPmNXTZXxMt3HO6qgPvoJ0G8FdTkCBx4fLkSPppiQbb6++0l4Oxm5NpY0 gTmnRJT0U3+CgjI2/3t9LL0NMeU742DXusxtaw6LxcMXqXSAb2mb0vmtEJG5Bzu2 ouPuyxz2+idHn13E7Db+MB1Ldgdpcf7wKo6knJcCgYBwbcjW0MwCah3w4N4VLXBX Q5wPSw7cRcytHqrrWkT/nTI3fxwd7UW6ZdM0IwGIAwYgBYD5B78KH0aP6BlUmYWu 8vut6S/MsNyCzHQVbcR9BUK3drByzhysVE3TUQKjCA33v6M/tTixhpyPf+ZZtjlK b1+6D1aGpwt+11f9ubd+Nw== -----END PRIVATE KEY----- osslsigncode-2.8/tests/certs/TSA.pem000066400000000000000000000027551457117515700175210ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIEMzCCAxugAwIBAgIUAQ9lOMiuXUZuKaxzEpwQmCzU7aowDQYJKoZIhvcNAQEL BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEkMCIGA1UE CwwbVGltZXN0YW1wIEF1dGhvcml0eSBSb290IENBMRQwEgYDVQQDDAtUU0EgUm9v dCBDQTAeFw0xODAxMDEwMDAwMDBaFw0zODAxMDEwMDAwMDBaMFUxCzAJBgNVBAYT AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxHDAaBgNVBAsME1RpbWVzdGFtcCBB dXRob3JpdHkxETAPBgNVBAMMCFRlc3QgVFNBMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEAqZW3jbxq2Zkw86ePE8r6Tl9+mxjzH8k1XPGXwKIdEhvOhBXN SxwVdiudnbIR2Kp4kOpRNeI4bET6bGEQVBVzuyPOCXeQlXK7wVhri/MF8YzMCFuW 7s2OMeaCqMJckBiGrDYgvDIMfE53CZFVhOnpIKD+ItX+D1bBchvM1TaSOVcxwKwH pmIbw47gOY4E4rHz/KYdqcVCk82ACEmiptmJARb8oYU8bap1x7fEtDZ3w0gnnSks 5dXGjdUwCkm1qHgoW/k6vK8nIz14f/+05GIMZpUh4kIUXMhGmbOeFHfENJ7J30TI RLXsK9iAApriqxZ6EvhrWOYJT4pUeUnGfuwPUwIDAQABo4HvMIHsMAwGA1UdEwEB /wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwHQYDVR0OBBYEFKryJiH4Y0KO x2nCc4cOvih1VzjmMB8GA1UdIwQYMBaAFD8ujz0I9Y7079ZMe9X7cO3/rSj5MC0G A1UdHwQmMCQwIqAgoB6GHGh0dHA6Ly8xMjcuMC4wLjE6MTkyNTQvVFNBQ0EwVQYD VR0eBE4wTKAYMAqCCHRlc3QuY29tMAqCCHRlc3Qub3JnoTAwCocIAAAAAAAAAAAw IocgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDQYJKoZIhvcNAQEL BQADggEBAAhzijhC1kvBV75rxRqj27gtYRG8dNkHc5umzwXyNNMn2tI/kO2Rf+ES 9RamQE9sfvOgg3UqfXIfRPsC4cBHnjT+ELdqbt4byk3LPtstJGFuLy0iNRNY9f1j lBJrldLZNNsIpNMQa0u5h/z4m0CAA8j6ayUvcoR11y2zYHkHlSScTq/s7gSQzXlK z4DRiiYif2OEdKVeRCqlDV8AOlhm1+9am74dkfO71aT0G2hko2u19NWZvjc/DqI1 V+e2g5TDE7V65d9vvf9tA26i0At/VazvnhsgdpgUkwS6mjUvx+gW3i5YJhtXjdAX hpE0ajpKT0x/dNa/qCwl/9zc8XxGnPk= -----END CERTIFICATE----- osslsigncode-2.8/tests/certs/TSACA.pem000066400000000000000000000024221457117515700177140ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDkDCCAnigAwIBAgIULFuB5HWsyba6VHu2Ygv2vt4R4/swDQYJKoZIhvcNAQEL BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEkMCIGA1UE CwwbVGltZXN0YW1wIEF1dGhvcml0eSBSb290IENBMRQwEgYDVQQDDAtUU0EgUm9v dCBDQTAeFw0xNzAxMDEwMDAwMDBaFw0zNjEyMjcwMDAwMDBaMGAxCzAJBgNVBAYT AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxJDAiBgNVBAsMG1RpbWVzdGFtcCBB dXRob3JpdHkgUm9vdCBDQTEUMBIGA1UEAwwLVFNBIFJvb3QgQ0EwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBo8JJDwVm6UTZvA2g/tOZ3xIbKYXI92Rn T/FCCUycsB5tmoSWcmy1AB6UDv7bFMGy4mdbxnErtdytGj+hEIO3O2EBbpBLAmlJ CEVNRrz/YbxGoJmeAii9s3jignUpTr/qLMSKkLowuqABZl2XtCp7Q83YlZPkVhFL kCAny89cG/QGAUxViN7HB4jWzhcBTTfD4PFvSU1HZNhPM0Y6BCpv2qrof3/tPnQr xM2zVZoIonQpf6paga61O9fM4wc1GqxGGwARz6Bxq6w2OxRDsV/biqP9gVUj0XmF 6o/draf3MkDswOUZyKpujOUIf12ezXJFPWaCRN1Rl0vwV2CyVxkvAgMBAAGjQjBA MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFD8ujz0I9Y7079ZMe9X7cO3/rSj5 MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAtHmPfVgu6Y7uWcpq AdawOTZ/2ICOvAMmQ0LcXKmSpgsneHiyAL1Wwe2/XxTwmrpHylOapIIuV3irHCXU CxaTMUyZGfXoUWsxnR8bcb5ac/aFKkC3ynE2/IfFyJOQ724cK5FRK1+piVleP4Rx C04KQiuxuVLedyvGh5OPU/94ZW2JuuBjImVAO/lUbYhAUSpwueX2lYKSSPLkPfDx AsIp55x70iQ+EsgARvseVY2JRzvRnuh66V4P15wn3dIzjtWQ1/t007wMk5Lji5dQ iSvdyqULBytBqDtLPLzRuma1KJEPRIamF1j6Or6HaHSVUorRhqI3XuxEUGdO4LxZ QepMyA== -----END CERTIFICATE----- osslsigncode-2.8/tests/certs/TSACertCRL.der000066400000000000000000000011271457117515700206610ustar00rootroot000000000000000ВS0В;0  *ЖHЖў  0`1 0 UPL10U osslsigncode1$0"U Timestamp Authority Root CA10U TSA Root CA 190101000000Z 430101000000Z0u0%e l╛г]ў╚┼~лVЪHа/S 240227153015Z0%fЎ{fї╖А)·"■сдHbB╢ 240227153014Z0%k6ыV╪oт єM╘ШТZ╨3╟B└ 240227153014Zа00.0U#0А?.П=їОЇя╓L{╒√pэ н(∙0 U0  *ЖHЖў  ВЭG+b▐еRr9·Ы81qбЙгШы╘q'бжuЗ°ЙMЦr З╤╟|cїF"Ў┤╥Ў)\╝┤щN╨Z╘GTъУНИНгхwIWийxЖIВQbщ. ЪЧТ\@ёс I╙Ж"╜▓9PqВYу~║u┼Fф¤ √@3э┼:Лї░g_e;OX┐0ЭДЇМ╟═╥П(хЯ7╖Д^ОнL┐┼y/Ёn▓╡yРЭBвЎF▌ЦЁФ╠┴чк┐╙ф6м╪x0/)═,P) ПцН┼ M?/У├єРТ╡4Ov╒┐ ┬хt╗0k: пнСЮs╞kжy`░+s5иiЩKV┬nB│▒╟%▐■Lа яeк6Яр"osslsigncode-2.8/tests/certs/TSACertCRL.pem000066400000000000000000000015351457117515700206730ustar00rootroot00000000000000-----BEGIN X509 CRL----- MIICUzCCATsCAQEwDQYJKoZIhvcNAQELBQAwYDELMAkGA1UEBhMCUEwxFTATBgNV BAoMDG9zc2xzaWduY29kZTEkMCIGA1UECwwbVGltZXN0YW1wIEF1dGhvcml0eSBS b290IENBMRQwEgYDVQQDDAtUU0EgUm9vdCBDQRcNMTkwMTAxMDAwMDAwWhcNNDMw MTAxMDAwMDAwWjB1MCUCFA5lCWy+o133yMUTfqtWmkigL1MeFw0yNDAyMjcxNTMw MTVaMCUCFBxm9gh7ZvUWt4Ap+iL+4aRIYkK2Fw0yNDAyMjcxNTMwMTRaMCUCFGs2 61YG2G/iDfNN1JiSWtAzx0LAFw0yNDAyMjcxNTMwMTRaoDAwLjAfBgNVHSMEGDAW gBQ/Lo89CPWO9O/WTHvV+3Dt/60o+TALBgNVHRQEBAICEAMwDQYJKoZIhvcNAQEL BQADggEBAJ1HK2LepVJyOfqbODFxD6GJo5jr1HEnoaZ1h/iJTZZyDYfRf8d8Y/VG Iva00gj2KVy8tOlO0FrUR1Tqk42IjaPld0lXqKl4hkmCUWLpLgual5JcQPHhDUnT hiIDvbI5UHGCWeN+unXFRuT9CvtAM+3FOhuL9bBnXwdlOxZPWL8wnYT0jB/HzdKP KOWfN7eEXo6tTL8XxRJ5LxjwbrK1eZCdQqL2Rt2W8JTMweeqv9PkNqzYeDAvKc0s UCkKj+aNxQlNPy+Tw/MckJK1NE921b8LwuV0uzBrOg0Gr62RnnPGa6Z5YLArczWo aZlLVsJuQrOxxyXe/kygCu9lqjaf4CI= -----END X509 CRL----- osslsigncode-2.8/tests/certs/TSA_revoked.key000066400000000000000000000032501457117515700212360ustar00rootroot00000000000000-----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDxU8lwCceWEesm HIQu9M8mIznHFWmxFF55E16DseWr1K2FbOKnNv1ddNhUHFhBQChcGPn/CvwfOMR7 DbCETrty9HUtoK3fCVZQuYIjZwRLZZB2ryLgO4PK+j07Z61yABi7NKBKv8oHISLU QcNg7rBAZhmAurKpNu2Gpz/jFpFXwd6O+8xnsYFLT0zyjrq0rEvLmWQd5FBQaVt7 P+U9GH3GCg0kmdhIXAfdfSnqzj0OMnnzVdnEYrd1mYx+ZA7m0CmVJw330QXWiyax wimNHUvlpIiZA8ol17tAybinhPL5nSM/LRZ2PN90EgyX1bv3x/cKCEiOYPSZ7xXV mrRGjCtjAgMBAAECggEAHj01fIh9LdzI7lmcZpXebxTy5HNWbw3yWJGIwk/ES6e2 poViUTmevdsqUD/M/0AezouCp+akePUQCatJdwq2ikz/cdw0bUIqQqs8F1uNOjVb yMNhR1+tv/1jNtJi9Wn1r1+ExlkJ46LPTnF/HeJKy4b/oxXB1VpAoSLL6pSlWa1+ +iEWM+s6xlxyFkeWPq3L3u1QGkuW58KqQae86mR8Mgc0kOVuTCqWpHgNjfxt7tnt L/oBE9zEJmS3iZcGh1X5VR4CUQmtrCp7ldNdhSNk5WcNCNSsuIX+B13s658a0sRB AnPIX08moB5VHZ/danblny5Zo6SrobWBBcTabwjnYQKBgQD/BHktS70tQj3yBqVL xXmaO5ozqMLqF9A2o4EiJ/pF07ecHXmbiGaP9Nf/FJemuU5OHjw8akuxKn2M+DTu gHYOHwByA9/SOeAiD8bp/dJNE+2BO2zygoG/adhEV5tLK8IYdz241t8oVZbQLwql ZCs1uFab6E/cZEJgSQ0QuC8vtwKBgQDyQc+MX56UFFCP1QpWLIwFVdoPbOj/3cVZ FIjQO9rNYNIscS36nISIBh0voubI2xFvO7/s+WS1pD1bOmn6qwsndewFGdmMtjnN YguakmHAUmcF33f+gXVzwR91QvGPTjI2Fzd59OwOrZofO1+hajQiBKIP2B9VHJNP khspe44JtQKBgFqTTyrMZNOnXHMS8zC3Ydpq4vkILrqQXK6bYiksg9K7QNKdEW0x hCQLNZBu0vIvjOVoDcLzihDR46fnHH29eLDJSBI22A9F6RqP+flv4nrn4gptfeOg gM7onByh9RE86IJiD7UP9FDSHW+x1Zkqu8Inx/M2Du9bWMv0BkTy9id/AoGBAOEy oDcDZCyPPdyW1AcLXhZPmmegfG/tvlhyqEO6gElO6dF6XJ2NBf5UgKkZq6OnUWuv hVhK9X2M8aRuhroIalQCYKbVQtB1TQJJVDQaQ1g+wZpKBAfIXGCAdDfTRS5MKIzz xBRQw2dZpd3Gmb05NsEwwV4tL+M0rxPW4/0J6B3JAoGAB1vlzPsfKVvV9jwVpfdO W2MWAqPF4iI716zLt2F30WNe/42MudQGvMYUEPTYQMu3hhpQk/6UFY2Mfux6+OKk zG1khRdlq9BkCczfSVjkUvf4wTUUY5b66i4EpeJ//8OArZEx67LhmW715h/LExzG jkdwUMLiaSrpf8KSTL3NxM0= -----END PRIVATE KEY----- osslsigncode-2.8/tests/certs/TSA_revoked.pem000066400000000000000000000027251457117515700212350ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIEIjCCAwqgAwIBAgIUDmUJbL6jXffIxRN+q1aaSKAvUx4wDQYJKoZIhvcNAQEL BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEkMCIGA1UE CwwbVGltZXN0YW1wIEF1dGhvcml0eSBSb290IENBMRQwEgYDVQQDDAtUU0EgUm9v dCBDQTAeFw0xODAxMDEwMDAwMDBaFw0zODAxMDEwMDAwMDBaMEQxCzAJBgNVBAYT AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxDDAKBgNVBAsMA1RTQTEQMA4GA1UE AwwHUmV2b2tlZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPFTyXAJ x5YR6yYchC70zyYjOccVabEUXnkTXoOx5avUrYVs4qc2/V102FQcWEFAKFwY+f8K /B84xHsNsIROu3L0dS2grd8JVlC5giNnBEtlkHavIuA7g8r6PTtnrXIAGLs0oEq/ ygchItRBw2DusEBmGYC6sqk27YanP+MWkVfB3o77zGexgUtPTPKOurSsS8uZZB3k UFBpW3s/5T0YfcYKDSSZ2EhcB919KerOPQ4yefNV2cRit3WZjH5kDubQKZUnDffR BdaLJrHCKY0dS+WkiJkDyiXXu0DJuKeE8vmdIz8tFnY833QSDJfVu/fH9woISI5g 9JnvFdWatEaMK2MCAwEAAaOB7zCB7DAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQM MAoGCCsGAQUFBwMIMB0GA1UdDgQWBBTTuQ7LmtwtVydASwFBXd4xUIEh3jAfBgNV HSMEGDAWgBQ/Lo89CPWO9O/WTHvV+3Dt/60o+TAtBgNVHR8EJjAkMCKgIKAehhxo dHRwOi8vMTI3LjAuMC4xOjE5MjU0L1RTQUNBMFUGA1UdHgROMEygGDAKggh0ZXN0 LmNvbTAKggh0ZXN0Lm9yZ6EwMAqHCAAAAAAAAAAAMCKHIAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAMA0GCSqGSIb3DQEBCwUAA4IBAQBMiBltqGRRLmK9 0RymCJ4oxmX2jwZ4SM7fem39Ozei7NIQIw5nlkPJ7ZWyfQQNFMIujfwJJGzDguax mMJHWngzbKjkbdSHnQswxT79RRwenlIKkExck6p2OUT82nGu/6TBIYutMJlITwKF 5OEmu+WneCvTkvEs0wussIug7E7dV6jJO9/TbwWyrtqU/t9GNRbu/4FIdQ9p9pK9 BcqaPmjn7IqnLs94THFfMFH0HVkqpLOfa9Wa8uc/C7WyIMTkchXb4U7/8B/hsDj7 BfKwN/F+IMNw4Rfqytk2JSWuV4pr7MiBweLKBwGgt4DhvfZj32Y/WFNANxtYkE9e 55mIPqG5 -----END CERTIFICATE----- osslsigncode-2.8/tests/certs/ca-bundle.crt000066400000000000000000000053131457117515700207240ustar00rootroot00000000000000# Certum Trusted Network CA -----BEGIN CERTIFICATE----- MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU cnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkxMjMxMTIwNzM3 WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg Uy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIw IAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rH UV+rpDKmYYe2bg+G0jACl/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LM TXPb865Px1bVWqeWifrzq2jUI4ZZJ88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVU BBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4fOQtf/WsX+sWn7Et0brM kUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0cvW0QM8x AcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNV HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNV HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15y sHhE49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfL I9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8 J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI 03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw= -----END CERTIFICATE----- # DigiCert Assured ID Root CA -----BEGIN CERTIFICATE----- MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+ wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4 VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/ AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe +o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== -----END CERTIFICATE----- osslsigncode-2.8/tests/certs/cert.der000066400000000000000000000017621457117515700200150ustar00rootroot000000000000000Вю0В╓а*!mйB9[!▌ш╟щ╨┐э'Е0  *ЖHЖў  0`1 0 UPL10U osslsigncode1 0U Certification Authority10U Intermediate CA0 180101000000Z 341231000000Z0БЭ1 0 UPL10U Mazovia Province10 U Warsaw10U osslsigncode1 0 U CSP10U Certificate1'0% *ЖHЖў  osslsigncode@example.com0В"0  *ЖHЖў В0В В╟A мн╖▄lнLt╪Wдлт+▒Ь ZKЇ╨ 7t█ *▌Hyє!ё8└╓у┌9Жo╧z6Ъ_j(iЙ·ьGУ2шМжрў╞▄ЫkСgж- &F¤adГ╝Мbat;BЩЛ:я┴l%4є]u░ю,■0є╓СxЎЭ>Lдфт▌/9╒,sў=IАЪ╠#№м┴И┤б╦;╕ВМньC#╫ЪM▌Н:ДзH╩a╤Л7У9ж/▀БhССБєУЗхOпЫш4╞y["+╒ыSПс░e╒╫М."╤╦!иaT╔pъ,Fй╜╫Jl"ЭOBМЄ\╛7эk> Р╘ЛкL╞RчJг╣Х╖рйрCгb0`0 U00Uщоk{tP$╞╙Ж┬X└и┤├╦╔e0U#0Аdёл97▄┴¤╗╚?AXwb'я)0U% 0 +0  *ЖHЖў  В▌Тi▐+-КZfСE@з│$NуЬ╗╧;┬D GU*Iн з№цwмФт┼∙nк!Еж┌^═ЁЖз╖'ъб8╒^П╓м╥3{-h░дxЩ╙єЛ[шrКOёе╫┘ь Д╩#ЄuoО{·∙.╣┘═И╝|o.8ЮЙ╘ЬЦў╧,f ,\IM?\%┼И█nоaЯ▐╖o╪ф+zК╦eAлw╗ГaЦnгM■-нЬЬЖМ3ы5N╕рюrW╚v>7kНЗВ_RЪЕюI╨ю┤┬oM{├Ъьхwd°еu┬▌▀ЄУД╖/ЮТvЖ>?. Ац┼╚уЛW╜╓алмW╞c аNDosslsigncode-2.8/tests/certs/cert.p12000066400000000000000000000072431457117515700176450ustar00rootroot000000000000000ВЯ0ВU *ЖHЖў аВFВB0В>0В▓ *ЖHЖў аВг0ВЯ0ВШ *ЖHЖў 0W *ЖHЖў  0J0) *ЖHЖў  0┬ВIфG┬K0 *ЖHЖў  0 `ЖHe*╧╘Щ╪ 1ЦaЄТпш▀qyАВ0<√YЇ╞┌Н53b, ю<.г<а;ъ°▄Ч░ ╪g■кl2uЯ ╕Yт &{hц └иnenйм~i¤▐┘gobщкKr7o№=~т)se#т╦╕Є╨╓А╓ДЯ№╡-`AВ]n°7Xъ}╧Ъ┘ |)ЫГм┴╞∙к╖D ╙А▄GпНe╕│X"и╒╧СcQ{╠║▄┌╨Й╖M╡O|nл*DяЬXй▓[юЮ5▄l`їр{░Е█'Й╘0jo[зс▐l>╕ДoJjФ√''є╗█йU0#K!t;ъ▀ШДЙП<оЭШ3╣'=p┐'/T╟.gHЮЖцє_2ъD╝Н■TяВ┌╧ ┴~в^│UQ┬┤▒]pN@ЁГЎ"╧шfпe}пЧвlG8"╙│╜C{▒ ┼■aTИ╟яААAфї∙¤ГМo)й▄R; хЯЁjdЧGф█╜жbьБWГ▓си∙їW1Kл■╟@;FФFLщ=у'WЯ# bОўЖъЭє∙2Т▒сpХЗБ@ГKуv┬O╞┴·k а5ЮЛ8╙8 3ё5*FТЫХ╝жй╥Я∙[yr──U2-ЯшЇ├ ХуG@а╘└+l{m╫А=шaЪюЁ¤Сцй╥Гqo╛[С р ¤?fХ╝I)Зч#▐]▀с▒Ъ╣┤ЩЮT║Д╩d1ёФg▌Ъ╕t┐+?╚rЙQ >W╩└g╝ ■PўТz Ъ╠Jg W╡ЁцЦсо|─)Юч┤тАjЎP.>є ░GУяЭт]А╔xэ{J4ўС+2ПecH&Є,нQик№ь┤DRzя$+р$с<4BДж° PM└RU=ahдТШт )¤у З<ЬlЩ╡╝=10Ф`ч¤ырwЖHукгЇРН░#AЦ╣{e╢НлS─j'▄$aДAюt▓7ч├mшьС ┤,5-?`╪5·^▄рИ=t5╫mЛ!aCЄ╬╖У─Б╓╒Чо`Ёъ=7?№Єm ╘д: *Фqї\жЎ2┤хU╟/#ф╙НA(>И╛└xШ/Фw6}╘_~X?icЪF%eзJкSVьC>Ия$№J╨ЎF1Бф╕0ы1╒╛┴█·╔бoz?─e┴·j t ╫\Zк▀ГЯ┘╙▌Б"▒9П╥Ь,с дУB╤▀NЇєФ=ЇЪEE ▒aФБ─?ёь~/▒─░Ї┐KР_кCт╛■╩~│┼ЩГY─4Ц├╢зФ▒B▓4РeУЖТе°·╬юИ+6Gь▀█ ┼ё@тkы┌═Хп╛°hq╥╬_H▄╛╓Cy&╛O[BА │h╦П+╛╤фюGББЎW╡W╛*╪н║┴ЖБd  qл║А(sчХyS@-|х╧"С!eа ┘):╧ъH▌╫Юь╗]RFr┤ххбI Юz ┴∙╝=i╛%▄╖ЦЯыs<а@┐ж_┘є╘Ш¤ы┌├OШ├¤√!╜a█/0╙т|¤Ш|c╙╨ХЕЄ:╢кG┬тЎ╥Qx█P;эШB?pяf╛3NЩх╓∙ОЇw╪*в╖~єzНП╥Ч│ ╜R6C%Їю▀8aю>╕▐╖█Rь·tъ╬feM@Rо▀╬╙F.╥R▀YЬ#}=л·▀^ЪvvWжэPM}пbУ]│▌╕┤Ё@3ЦВЛF╠#р╘C№дШ░{зЦZЖГИ@8П\╥v Y╠0з·Iби▐LФш╢u╣¤Е&Я╩╔>М,24RЙQ}I+v ╪u┴Ъ╜3)сГiпa┬o░ЇП ╦├з%є╒Й┘ЖeS╚Ф╟uMD╤S√PёloпfЩ@П■я П╨"╠ф┘L&^ тА:pрWp}Д Бi'AyсpH╕<■:Щ╡иЄ°ГД&Л╢AЛ╡вЄh╚■0sa╒¤▒К╛Рп┐iЩє╬9сcЫTв█с a-+╗L▓Ы1Ю).Ё4g~GWН├r4▒Ё▒*╫=Rq)┼ГjO&┤▄!е4jд╤╣f^ы└■1\ъвРoГ)я?■O#|N#└ЗEгAj╕В╫╢eуE)Кх&╓0 ┤(▌Л8ъ\ЎEдhЦЗ┘сO?YЮч]_Л╪)√s#Ы o~│=ы(R .№╟9═ш.Г]ЖLю╛Я╘·h√єПfдЕ╨К╗∙@hJєЩD-UлС!2fдО]Ч{си╤шjь╦т╩╚╩╙8y╨бЪ╜фдЩ9}.I?№XGok│eNИм2;╙b╥ц qэё╧ gо┌?╫gаЦ└░Y┬╠А╖'лЮl■╨ЁiнЮ╬I #Mg╕є╛Т~",°Fj╬░uqд*╙Щ ;жX ш:╘╕]єf╢лщx?ЧШн<╠кЮ╘bеВ.}МO:JьШЇ╬я╨в╣■а#Х╓:8▒КЖ*▐ЗJМ[й∙Ю"ў%Н╝о(ХБЙМ]БИЧ┼╫9s8zpaUЖM0ВД *ЖHЖў аВuВq0Вm0Вi *ЖHЖў  аВ10В-0W *ЖHЖў  0J0) *ЖHЖў  0¤ОZГ \╒╘0 *ЖHЖў  0 `ЖHe*u4ц^▐х╚╦MyТXк4$В╨kyt а№4╦└╦Bxэ~ИC─кгхtьХ╜ J╙╣\ruцPw│HикнЧл╢╘ЎKТщ╓╛>В╗6m√s@╓ж;╬RЮ█│x┴╧Ъх]З}юєЯ╧fТЫcзJ┌┴и╣И╕е─ЭзШ50н▓╟Ж║╦$J╤@v▌─└Z╘╥│U/╢Xh:1G╔п:╪Ц║╝Ц6гЧ%U╔ё╓у@┴Я▓╥╔■%iБU╚Л╟ФяuФГQX.ЩcbзhФв╟МЁЁvJ╥ ¤╤▌Шz╓+ўImБ╩|─(e╧▌██-<ЩлКS■ХЛ╖Снf╬дЭ8M>и╒╓П/ж╨╝ТЇу@WMwГe5Y╙hФ╪п░jEt9ДХП░ ГЫP╗∙4p╪▄╖▄╕iQе╤ь╟ ╤шфмE═Е"╠Ю#N╙Ю@▓ЗИ&8ЇpZьvHСсТао╦4Lчё╒╛Ша;j ШOm╡89:ЗФС╟Ъ▀ыпь╩┬eЕ└g3ЦЕ ржЇЗ╓·э{a5Т▓╤qRмZ▌д╗╩0ЧXo}╙Н/КeндO╠t┼m|;Tru}cзтIк√8m┼&\ ╬0vхWgНЧ▌ █Б?Ж╜8zРi0╞eX eЄцdvЭ]ШИ3п ё╡┴╜vЛxwD@2┼┌^╦.прy╓щ%Э9r,ШR>Шcn╫йfЇшЪyqв├QФнWо9цC ^NШW0╦C·Ї╧ 4За└ЄЯ╩ўT╦BА╒mй;dжGFўЫўhH▐╚мЛ╤╛▀Ёьv╝╣Хч9╥f ╤|iшГvЎV┌тБл!Шt'╕╜U╡╦()C#^(Emyї╛Ja#Gор░ Фўpxй_mйьzЇ┘&Єл2\'P┤}JeОсh&{:VЪrdS|B┌TQё▐Y╙┤СМЩ.t.h! Шщy+Е0[ ПА▄щq4Е∙G▄шFlпI╦▓╨Н/иЄЇ╢╪_Dmь'╩5╚°б%I3▌Ю? Ь╦0┤Lдфт▌/9╒,sў=IАЪ╠#№м┴И┤б╦;╕ВМньC#╫ЪM▌Н:ДзH╩a╤Л7У9ж/▀БhССБєУЗхOпЫш4╞y["+╒ыSПс░e╒╫М."╤╦!иaT╔pъ,Fй╜╫Jl"ЭOBМЄ\╛7эk> Р╘ЛкL╞RчJг╣Х╖рйрCгb0`0 U00Uщоk{tP$╞╙Ж┬X└и┤├╦╔e0U#0Аdёл97▄┴¤╗╚?AXwb'я)0U% 0 +0  *ЖHЖў  В▌Тi▐+-КZfСE@з│$NуЬ╗╧;┬D GU*Iн з№цwмФт┼∙nк!Еж┌^═ЁЖз╖'ъб8╒^П╓м╥3{-h░дxЩ╙єЛ[шrКOёе╫┘ь Д╩#ЄuoО{·∙.╣┘═И╝|o.8ЮЙ╘ЬЦў╧,f ,\IM?\%┼И█nоaЯ▐╖o╪ф+zК╦eAлw╗ГaЦnгM■-нЬЬЖМ3ы5N╕рюrW╚v>7kНЗВ_RЪЕюI╨ю┤┬oM{├Ъьхwd°еu┬▌▀ЄУД╖/ЮТvЖ>?. Ац┼╚уЛW╜╓алмW╞c аND0Вм0ВФаqЕb~)P─h╤YЕMD8▌Йl0  *ЖHЖў  0X1 0 UPL10U osslsigncode1 0U Certification Authority10U Root CA0 180101000000Z 360101000000Z0`1 0 UPL10U osslsigncode1 0U Certification Authority10U Intermediate CA0В"0  *ЖHЖў В0В Вч*Ё▐/Я┐R8;┬б■Ў&╓FМцжAзЮэ* Yнд9Lr╛>@ЭМ╪Й╗gЁ]P.╚╔гвjо╡ю}Йgя▒+DЮ╗ЛХшНУG7╚ЬvЇ?=╨oFн5╩Я╗№╧}Раа╖Щ╫╗Цa1fDЦUЧq`╬6┼r├u┌pеЭ╥√╩МА8│Ч Г┴цFЦ^В6#╢6 wЫ╓╗дQюzpzrк|╠▒z7&>Ц╜\-:с√й,KЦ(Аыw╓∙ №·бжЫ хQaЁv/Д═┘╥дщ╫╬hФ]╖▒Ф4╩{╛jeИ>+\з╞t:)щў┴S═мЇeБЫБ"лr ┐вY!хгf0d0U 0 0Udёл97▄┴¤╗╚?AXwb'я)0U#0А_б$N*AaшкD╦ne╪АnA╛ўД2VC8Ў╡ц=Н|,eжGP>51Q_NРb,Ж\dP °-!╙┬оoД═ИРsR√KТСГгN|╧о°)w─░Ь4у-╘▒wvП.В2ыОУДAАч<`,▓№ЇйАEЪL9─ Ъч Ж╧Ъ p┼·~їГцах▌ЭУ,▓F0N>░} ├█й Р▄Э░V!ышЮ╦ы1pД╡╙1osslsigncode-2.8/tests/certs/cert_crldp.pem000066400000000000000000000054671457117515700212160ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIEPTCCAyWgAwIBAgIUe8Im9GuMCHMi3/FDfLgzoE8vTKgwDQYJKoZIhvcNAQEL BQAwZzELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHzAdBgNVBAMMFkludGVybWVkaWF0 ZSBDQSBDUkwgRFAwHhcNMTgwMTAxMDAwMDAwWhcNMzQxMjMxMDAwMDAwWjCBqzEL MAkGA1UEBhMCUEwxGTAXBgNVBAgMEE1hem92aWEgUHJvdmluY2UxDzANBgNVBAcM BldhcnNhdzEVMBMGA1UECgwMb3NzbHNpZ25jb2RlMQwwCgYDVQQLDANDU1AxIjAg BgNVBAMMGUNlcnRpZmljYXRlIFg1MDl2MyBDUkwgRFAxJzAlBgkqhkiG9w0BCQEW GG9zc2xzaWduY29kZUBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAMdBCaytt9xsrUx02Fekq+IrsR2cC1pL9NANN3TbBv8RKt1IefMh 8TjA1uPaOYZvz3o2ml9qKGmJ+uxHkzLojKbg98bcmxBrkWemLQwmRv1hZIO8D4xi YRd0O0KZizrvwWwlNADzXXWw7iz+MPPWkXj2nT5MpOTi3S851SwOc/c9SYCazCP8 rMGItKHLO7iCjK3sFwBDI9eaTd2NEjqEHadIymHRizeTOaYv34FokQiRgR/zk4fl T6+b6DQHxnlbIivV61OP4bBlFtXXjC4iGdHLIahhVMlw6ixGqR6910psIp0ST0KM 8ly+N+1rPhoNkNSLqkzGUudKo7mVt+Cp4EMCAwEAAaOBmzCBmDAJBgNVHRMEAjAA MB0GA1UdDgQWBBTprhNre3RQJMbThsJYwKi0w8vJZTAfBgNVHSMEGDAWgBQUPGKp 4nGIluZnh6sofSkEiGrtIzATBgNVHSUEDDAKBggrBgEFBQcDAzA2BgNVHR8ELzAt MCugKaAnhiVodHRwOi8vMTI3LjAuMC4xOjE5MjU0L2ludGVybWVkaWF0ZUNBMA0G CSqGSIb3DQEBCwUAA4IBAQBlJrcOaJQQ3TuYaVtmH8VbCdF3GQE+255g0Kq4sWoO ZgZm6LmRkchuoOXqeZ7aAV6HnGGpZf64ShPSZ3KPt4/UVYkRyS0UihN2ACsGrS4o ZjOaaoM2xDxttngKV3lAF4xbx18RvAsx9QIzQhzowaSUBQNuu5W4tne/6h7htuwA KNc0go4fqpCqQjNRVeB1IN50BzUrlHu3zQzfH0LDyUTt2gnObLHMl566Ft0azAG9 emHRM+BOUjKY3ZTjM+JEzpwWgse6e4r+J2fYVYIEtkSfm4ZZnAs5WFWI5o8tqr4b ruBN7l6oP6R3ugOtPk7tW4x7OO0QoDnfa418MkBlXeqL -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDszCCApugAwIBAgIUN3RBnJCUJ8HmbeNjJZ/6jsXJLGEwDQYJKoZIhvcNAQEL BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN MTgwMTAxMDAwMDAwWhcNMzYwMTAxMDAwMDAwWjBnMQswCQYDVQQGEwJQTDEVMBMG A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv cml0eTEfMB0GA1UEAwwWSW50ZXJtZWRpYXRlIENBIENSTCBEUDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAME32IBpxW4FhVuZe1PTarEskVHP233QjZtx poC67/lUK44gtFmsxYsMrDYmmny5pfoM/Byxl5/rorEddLqtDe1kd1SpXUvEYxox s5rizRd5sZPgkwNoJkSVyNZFwj7gKZHeg6IQHSxNgmTybZ+eZqiNvEveksj3lGpM Xrbiew7cXUyIP636GPtYxLyIbwDVP0jScqcA/dmSAqofFVUi0SW3OS1hpyXAmmx8 hQHJRKPjPgitZVgjwf5X8/eMTa+ca9dRlRFLk7AcbkF6NcbLm+cRo816nO0EBFV4 Sn2dW9uYqJIfZcpRQ7wbv4fUCghwrk9h3gXrb7AweyK8nyYlmosCAwEAAaNmMGQw EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUFDxiqeJxiJbmZ4erKH0pBIhq 7SMwHwYDVR0jBBgwFoAUGjxG/vql0oJgItr7HsLaW+koiMgwDgYDVR0PAQH/BAQD AgGGMA0GCSqGSIb3DQEBCwUAA4IBAQAlI/1XnGc9WzL53rRascZc1EgWAnej9YFS Dax5+nozYTihC8BRxGfSh1FGRVsmFWhZ0z0XogJJC2bZrQ/36+vwoILItcsWHrQr rFoZa6s1Uo7ZCd9SfmXjbhMLQgydocCh9YIF66CAkQLwRXc1QIpF7nuZ+rxk0ru1 uGjjBrFRfdSdzlFnyK6wfFzi6LtYDVgVEHC7zzL9E/cyuGo7qQ++SoOg99HjTVY1 PS3ea522bRO2bJpYwZJvvbg020DAfm686VXwAadODdBkI2h6U5SwTxp4SkSmq9SI mjtERFtnAKD0R2YrX4RzuIckezvwsqLDkQjMnI9XQmv5HWUZimcC -----END CERTIFICATE----- osslsigncode-2.8/tests/certs/expired.pem000066400000000000000000000053011457117515700205200ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIID6jCCAtKgAwIBAgIUcgUgRT1Lx8XLdgp7xcWxVl9YBjYwDQYJKoZIhvcNAQEL BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGDAWBgNVBAMMD0ludGVybWVkaWF0 ZSBDQTAeFw0xODAxMDEwMDAwMDBaFw0xOTAxMDEwMDAwMDBaMIGZMQswCQYDVQQG EwJQTDEZMBcGA1UECAwQTWF6b3ZpYSBQcm92aW5jZTEPMA0GA1UEBwwGV2Fyc2F3 MRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxDDAKBgNVBAsMA0NTUDEQMA4GA1UEAwwH RXhwaXJlZDEnMCUGCSqGSIb3DQEJARYYb3NzbHNpZ25jb2RlQGV4YW1wbGUuY29t MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0EJrK233GytTHTYV6Sr 4iuxHZwLWkv00A03dNsG/xEq3Uh58yHxOMDW49o5hm/PejaaX2ooaYn67EeTMuiM puD3xtybEGuRZ6YtDCZG/WFkg7wPjGJhF3Q7QpmLOu/BbCU0APNddbDuLP4w89aR ePadPkyk5OLdLznVLA5z9z1JgJrMI/yswYi0ocs7uIKMrewXAEMj15pN3Y0SOoQd p0jKYdGLN5M5pi/fgWiRCJGBH/OTh+VPr5voNAfGeVsiK9XrU4/hsGUW1deMLiIZ 0cshqGFUyXDqLEapHr3XSmwinRJPQozyXL437Ws+Gg2Q1IuqTMZS50qjuZW34Kng QwIDAQABo2IwYDAJBgNVHRMEAjAAMB0GA1UdDgQWBBTprhNre3RQJMbThsJYwKi0 w8vJZTAfBgNVHSMEGDAWgBRkEPGrOTfcwf27Hcg/QVh3YifvKTATBgNVHSUEDDAK BggrBgEFBQcDAzANBgkqhkiG9w0BAQsFAAOCAQEA0AxgPkboWfIOMYFOP6kQ4nxY jQ+kAH842ALjm/5z20fYPS0k3LiCNS0FfBPzygeWQLwDGcH2QX6Lfec62CeIe9R9 IAdsX+nNxn9FeIZssfMK3EPgksGUybUNub78mXPrnhCNjYf/GmDY/Cf7jhBtNphK 6zCPOC0WDrupnLW7r4FyrB1j2CEgaHhiSmlQ+19rqbvcNfaCOMfe7IfiwkvVIzE6 tQhnudB/HnW3+pWT83n/KQk0F8lu00fahkak/0bPidTe4zOvepabiWYQXKJ9ZXhm UW7FHHSM5Vbn2A6zyEht7rcK/gkpHbkckoIi6bDMFMp+K9o3qV7PzZPkaau7fg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDrDCCApSgAwIBAgIUcRGFYn4pUMRoDtFZhU1EOAPdiWwwDQYJKoZIhvcNAQEL BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN MTgwMTAxMDAwMDAwWhcNMzYwMTAxMDAwMDAwWjBgMQswCQYDVQQGEwJQTDEVMBMG A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv cml0eTEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBMIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEA5yrw3i+fvxBSODvCoQb+9ibWRozmphJBp57tKv9ZraQ5 THK+PkCdjNiJuxZn8F1QLsjJo6JqrrXufYln7wixK0Seu4uV6I2TRzcRyJx29D89 0G9GrTXKn7v8z32QAqCgtwSZ17uWYTFmRAYPllWXcWDONsVyw3UF2nClndL7GMqM gDizlwsfg8HmRpZegn82I7Y2DXccm9a7pFHuBHpwenKqfBnMsXo3Jj4Xlr1cLTrh +6ksS5YogOsOd9b5Dfz6FaGmmwrlUWHwdi+EzdnSpOnXzmgflF23sZQ0ynsVvmpl iD4rXBWnxnQ6Ken3wVPNrA/0ZYGbgSKrcv+/olkh5QIDAQABo2YwZDASBgNVHRMB Af8ECDAGAQH/AgEAMB0GA1UdDgQWBBRkEPGrOTfcwf27Hcg/QVh3YifvKTAfBgNV HSMEGDAWgBQaPEb++qXSgmAi2vsewtpb6SiIyDAOBgNVHQ8BAf8EBAMCAYYwDQYJ KoZIhvcNAQELBQADggEBAL22kK3SDGnr3lhRE7ipptlKalrQKfpght0XEKm5hxCL tougN2wtaTEWMwr2YfGJohcKBaGKQ+Bv6WY+EV+hJE4qEUFh6BGqRMtuZdiAbkG+ EveEMhZWQzgf9rUID+Y9Eg+NfCxlpkdQPjUxUV9OkGIshlxkUP8Y+C0h0xIcwq5v hAfNiJAdcw4fUvtLkpEOFoOjThB8zxOu+Cl3xLCcNOMPLdSxd3YXjy6CMuuOk4RB gOc8YCyyEvwb9KmARZpMOcQJmucMhs+aC3DF+n71g+agFhDl3Z0QkyyyRjAcD04+ sAR9C8PbqSCQAdydHbAFViEX6x3oGJ7L6zEDcIS10wg= -----END CERTIFICATE----- osslsigncode-2.8/tests/certs/intermediateCA.pem000066400000000000000000000024661457117515700217470ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDrDCCApSgAwIBAgIUcRGFYn4pUMRoDtFZhU1EOAPdiWwwDQYJKoZIhvcNAQEL BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN MTgwMTAxMDAwMDAwWhcNMzYwMTAxMDAwMDAwWjBgMQswCQYDVQQGEwJQTDEVMBMG A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv cml0eTEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBMIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEA5yrw3i+fvxBSODvCoQb+9ibWRozmphJBp57tKv9ZraQ5 THK+PkCdjNiJuxZn8F1QLsjJo6JqrrXufYln7wixK0Seu4uV6I2TRzcRyJx29D89 0G9GrTXKn7v8z32QAqCgtwSZ17uWYTFmRAYPllWXcWDONsVyw3UF2nClndL7GMqM gDizlwsfg8HmRpZegn82I7Y2DXccm9a7pFHuBHpwenKqfBnMsXo3Jj4Xlr1cLTrh +6ksS5YogOsOd9b5Dfz6FaGmmwrlUWHwdi+EzdnSpOnXzmgflF23sZQ0ynsVvmpl iD4rXBWnxnQ6Ken3wVPNrA/0ZYGbgSKrcv+/olkh5QIDAQABo2YwZDASBgNVHRMB Af8ECDAGAQH/AgEAMB0GA1UdDgQWBBRkEPGrOTfcwf27Hcg/QVh3YifvKTAfBgNV HSMEGDAWgBQaPEb++qXSgmAi2vsewtpb6SiIyDAOBgNVHQ8BAf8EBAMCAYYwDQYJ KoZIhvcNAQELBQADggEBAL22kK3SDGnr3lhRE7ipptlKalrQKfpght0XEKm5hxCL tougN2wtaTEWMwr2YfGJohcKBaGKQ+Bv6WY+EV+hJE4qEUFh6BGqRMtuZdiAbkG+ EveEMhZWQzgf9rUID+Y9Eg+NfCxlpkdQPjUxUV9OkGIshlxkUP8Y+C0h0xIcwq5v hAfNiJAdcw4fUvtLkpEOFoOjThB8zxOu+Cl3xLCcNOMPLdSxd3YXjy6CMuuOk4RB gOc8YCyyEvwb9KmARZpMOcQJmucMhs+aC3DF+n71g+agFhDl3Z0QkyyyRjAcD04+ sAR9C8PbqSCQAdydHbAFViEX6x3oGJ7L6zEDcIS10wg= -----END CERTIFICATE----- osslsigncode-2.8/tests/certs/intermediateCA_crldp.pem000066400000000000000000000024761457117515700231340ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDszCCApugAwIBAgIUN3RBnJCUJ8HmbeNjJZ/6jsXJLGEwDQYJKoZIhvcNAQEL BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN MTgwMTAxMDAwMDAwWhcNMzYwMTAxMDAwMDAwWjBnMQswCQYDVQQGEwJQTDEVMBMG A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv cml0eTEfMB0GA1UEAwwWSW50ZXJtZWRpYXRlIENBIENSTCBEUDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAME32IBpxW4FhVuZe1PTarEskVHP233QjZtx poC67/lUK44gtFmsxYsMrDYmmny5pfoM/Byxl5/rorEddLqtDe1kd1SpXUvEYxox s5rizRd5sZPgkwNoJkSVyNZFwj7gKZHeg6IQHSxNgmTybZ+eZqiNvEveksj3lGpM Xrbiew7cXUyIP636GPtYxLyIbwDVP0jScqcA/dmSAqofFVUi0SW3OS1hpyXAmmx8 hQHJRKPjPgitZVgjwf5X8/eMTa+ca9dRlRFLk7AcbkF6NcbLm+cRo816nO0EBFV4 Sn2dW9uYqJIfZcpRQ7wbv4fUCghwrk9h3gXrb7AweyK8nyYlmosCAwEAAaNmMGQw EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUFDxiqeJxiJbmZ4erKH0pBIhq 7SMwHwYDVR0jBBgwFoAUGjxG/vql0oJgItr7HsLaW+koiMgwDgYDVR0PAQH/BAQD AgGGMA0GCSqGSIb3DQEBCwUAA4IBAQAlI/1XnGc9WzL53rRascZc1EgWAnej9YFS Dax5+nozYTihC8BRxGfSh1FGRVsmFWhZ0z0XogJJC2bZrQ/36+vwoILItcsWHrQr rFoZa6s1Uo7ZCd9SfmXjbhMLQgydocCh9YIF66CAkQLwRXc1QIpF7nuZ+rxk0ru1 uGjjBrFRfdSdzlFnyK6wfFzi6LtYDVgVEHC7zzL9E/cyuGo7qQ++SoOg99HjTVY1 PS3ea522bRO2bJpYwZJvvbg020DAfm686VXwAadODdBkI2h6U5SwTxp4SkSmq9SI mjtERFtnAKD0R2YrX4RzuIckezvwsqLDkQjMnI9XQmv5HWUZimcC -----END CERTIFICATE----- osslsigncode-2.8/tests/certs/key.der000066400000000000000000000023021457117515700176370ustar00rootroot000000000000000В╛0  *ЖHЖў Ви0ВдВ╟A мн╖▄lнLt╪Wдлт+▒Ь ZKЇ╨ 7t█ *▌Hyє!ё8└╓у┌9Жo╧z6Ъ_j(iЙ·ьGУ2шМжрў╞▄ЫkСgж- &F¤adГ╝Мbat;BЩЛ:я┴l%4є]u░ю,■0є╓СxЎЭ>Lдфт▌/9╒,sў=IАЪ╠#№м┴И┤б╦;╕ВМньC#╫ЪM▌Н:ДзH╩a╤Л7У9ж/▀БhССБєУЗхOпЫш4╞y["+╒ыSПс░e╒╫М."╤╦!иaT╔pъ,Fй╜╫Jl"ЭOBМЄ\╛7эk> Р╘ЛкL╞RчJг╣Х╖рйрCВ╤╚√Ё62.▒Ф╓Rўлн%)I/RсРыSя║] w─М╕╡л╬Х╠8Ф═p6├Хж№X#╝Р4Ї*┤р╙yQбб╜@уЭЧaНЫ#╪<%╨-▐ ▐0#╚М╢╓Б░═4Хw!╒С~║_r╫a_┼Илsыd╪T4└:ў╣╧№ё▒ }p╠AРИ~уHОФ!║}Їз}╤'ЬMж,М▌▌,╥─jя═╧ў"Fд╧ZяU─№нй ╟ ж5п#Ты═s ]БIЦ`5>їq╫╠Ь ци5О╨Lа╨ЦqBИ─√HЯК═zШ╚k╚▒4Qтх]ЙО"(0z. й0g#QББєXНОё╕~bЎД3╘ ╣@╡,Ои8√√ d"╫Д%·єAxЩ: Н~юUаЮ░Ч╞и═иcи9н╧├╦╥╪L"|м╧^ Jрq╨ЕС4 q╙S :дуИ╞╩В┴KЕК3Y╞т[я({╙нu Ы█╜С1фJ2│КЗ√├Ч╗z@ЩББ╤ЭЗ~║┤Ж╤╗е╟*ONй&Ф НВ"ш*Р-Б$.Q ─ф■ўДV]БЙ╧8 аюK№Ъt!╬д(D/·О%· `&ЮХч єYяР)rubf║Y·boDЛ─vм>?▌}ъ╙Ы╬Ф?lрў╠─n№J;ББДA╒╢"─ьЬПЪй╓╠ЯkW!pв8∙КЖ аIЧf█№│▀Ж╧ъоЇЦO,─r┤ВшеМ*фBш▀r3├Оюсjc~╛ъ!NH#╟Ў│╤TH╔!█,дф<Уd╠>'нU'ЎЮ═дK9!tгч╩с ▒~GBйГ╓(ФЫ1п$Йж\╔ББВ($╪F*ОДp╒╣N└0┌С!╔P:В┬█╞Nз рЇoц-+7"3СЩxjLT=cеИjР u╫"я ╬А:RO▀ы¤И~▐╢{Cєx(└]Ч*^ПеKА[p"pХ└[жГNваУвж~щЙnGЭ╩t├yчМPuI░/nPТ`LЭ╤╜БАSтЄhу7ааaл*╢╟uPэb|┴░М°╪O═ЫБсЬю={?РH√щBМ▓Б:}Фc]Г№т╡\3mQЇwЦ╣╥3й╔¤' ь-/йlъ  бД╔█╥ОCь╚Ж┬├╩Дtъ╝Й╨,BгR)╧9╛1МыkМБсZQ├Сosslsigncode-2.8/tests/certs/key.pem000066400000000000000000000032501457117515700176510ustar00rootroot00000000000000-----BEGIN PRIVATE KEY----- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDHQQmsrbfcbK1M dNhXpKviK7EdnAtaS/TQDTd02wb/ESrdSHnzIfE4wNbj2jmGb896Nppfaihpifrs R5My6Iym4PfG3JsQa5Fnpi0MJkb9YWSDvA+MYmEXdDtCmYs678FsJTQA8111sO4s /jDz1pF49p0+TKTk4t0vOdUsDnP3PUmAmswj/KzBiLShyzu4goyt7BcAQyPXmk3d jRI6hB2nSMph0Ys3kzmmL9+BaJEIkYEf85OH5U+vm+g0B8Z5WyIr1etTj+GwZRbV 14wuIhnRyyGoYVTJcOosRqkevddKbCKdEk9CjPJcvjftaz4aDZDUi6pMxlLnSqO5 lbfgqeBDAgMBAAECggEABtHIBfvwFgA2Mi6xlNZS96utJSlJDi8ZUuGQ61Pvul0Z DXfEjLi1q86VzDiUzXAYNsOVpvxYI7yQNPQCKrTg03lRoaG9QOOdl2GNmyPYPCXQ Ld4K3jAjyIy21oGwzTSVdyES1ZF+ul9y12FfxYirc+tk2FQBNMA697nP/PEFsQl9 cMxBB5CIGH7jSI6UIbp99Kd90ScbnE2mLACM3d0s0sRq783P9yJGpM9a71XE/K2p CxoRxwqmNRGvI5LrGs1zIF2BSZZgNT71cdfMnAIJBeaoNY7QTKDQlg9xQojE+0if is16mMhrHQbIFBSxHDRR4uVdiY4iKDB6Lg2pMGcjUQKBgQDzWI2O8bh+YvaEM9QN uUC1LI6oGzj7+wxkIhjXhCX680EFeJk6AQqNfu5VoBN/nrCXxqjNGKhjqDmtzxjD y9LYTCJ8rM9eCkrgcdCFkTQNcdNT/zqkHeOIxsoXgsFLhYozWcbiW+8oe9MTrXX/ m9u9kTHkSjKziof7wxGXu3pAmQKBgQDRnYd+urSG0bulBccqT06pJpQMjYIi6CqQ LYEkLlELxOT+EPeEH1ZdgYkDzzgKoO5L/Jp0Ic6kKEQv+o4l+g1gJp6V5wwX81nv FJApcg51Yma6WQb6PEJ8HiZ531JQpGZZPmJvRIvEdqw+Dz/dferTApvOlD9s4PfM xG4R/EoFOwKBgQCEQdW2IhQWxOycj5qp1syfa1chcKI4+YoThiCgSZdm2/yz34bP 6q70lk8sxHK0gugRpYwq5ELo3w5yM8OO7uFqY36+6iFOSCPH9rPRVEjJIdsspOQX PJNkzD4cJxmtVSf2ns2kSzkhdKMU58rhILF+R0Kpg9YolJsxrySJpgBcyQKBgQCC KCTYRiqOhHDVuU7AMNqRIclQOhYSgsLbH8ZOpwvgGPRv5i0rNyIzkZl4ahVMVD1j pYhqkAt11yLv/86AOlJP3+sc/Yh+3rZ7Q/N4KMBdlypej6VLgFtwInCVwFumg06i H6CToqZ+6YluR53KdMN5HueMUHVJsC9uUJJgTJ3RvQKBgFPi8mgG4zcdoKBhqyq2 x3VQEe0VYnzBsIz42E/NFpuB4ZwC7j0Uez+QFUj76UKMsoE6fX9/lGNdg/zitRBc M21R9HeWuQHSM6nJ/ScK7C0vqQVsGOr/DKGEydvSjkPsyIbCw8qEdOq8idAULEKj GlIpzzm+MYzra4yB4VpRw5ES -----END PRIVATE KEY----- osslsigncode-2.8/tests/certs/key.pvk000066400000000000000000000022541457117515700176730ustar00rootroot00000000000000ё╡░ФдRSA2Cрйр╖Х╣гJчR╞LкЛ╘Р >kэ7╛\ЄМBOЭ"lJ╫╜йF,ъp╔Taи!╦╤".М╫╒e░сПSы╒+"[y╞4шЫпOхЗУєБССhБ▀/ж9У7Л╤a╩HзД:Н▌MЪ╫#CьнМВ╕;╦б┤И┴м№#╠ЪАI=ўs,╒9/▌тфдL>ЭЎxС╓є0■,ю░u]є4%l┴я:ЛЩB;tabМ╝Гda¤F& -жgСkЫ▄╞ўржМш2УGь·Йi(j_Ъ6z╧oЖ9┌у╓└8ё!єyH▌* █t7 ╨ЇKZ Ь▒+тлдW╪tLнl▄╖нм A╟Щ@z╗Ч├√ЗК│2Jф1С╜█Ы uн╙{(я[т╞Y3КЕK┴В╩╞Иуд: S╙q 4СЕ╨qрJ ^╧м|"L╪╥╦├╧н9иcи═и╞Ч░ЮаUю~Н :ЩxAє·%Д╫"d √√8иО,╡@╣ ╘3ДЎb~╕ёОНXє;J№n─╠ўрl?Ф╬Ы╙ъ}▌?>мv─ЛDob>YfдPR▀y&|B<·Y║fbur)РяYє чХЮ&` ·%О·/D(д╬!tЪ№Kюа 8╧ЙБ]VДў■ф─ Q.$Б-Р*ш"ВН Ф&йNO*╟е╗╤Ж┤║~ЗЭ╤╔\жЙ$п1ЫФ(╓ГйBG~▒ с╩чгt!9Kд═ЮЎ'Uн'>╠dУ<фд,█!╔HT╤│Ў╟#HN!ъ╛~cjсюО├3r▀шBф*МешВ┤r─,OЦЇоъ╧Ж▀│№█fЧIа ЖК∙8вp!WkЯ╠╓йЪПЬь─"╢╒AД╜╤ЭL`ТPn/░IuPМчy├t╩ЭGnЙщ~жвУавNГж[└Хp"p[АKеП^*Ч]└(xєC{╢▐~И¤ы▀OR:А╬ я"╫u РjИеc=TLjxЩС3"7+-цoЇр зN╞█┬В:P╔!С┌0└N╣╒pДО*F╪$(ВС├QZсБМkыМ1╛9╧)RгB,╨Й╝ъtД╩├┬Ж╚ьCО╥█╔Дб  ъlй/-ь '¤╔й3╥╣ЦwЇQm3\╡т№Г]cФ}:Б▓МBщ√HР?{=юЬсБЫ═O╪°М░┴|bэPu╟╢*лaаа7уhЄтSQ#g0й .z0("ОЙ]хтQ4▒╚k╚Шz═КЯH√─ИBqЦ╨аL╨О5иц Ь╠╫qї>5`ЦIБ] s═ыТ#п5ж ╟ йн№─UяZ╧дF"ў╧═яj─╥,▌▌М,жMЬ'╤}зЇ}║!ФОHу~ИРA╠p} ▒ё№╧╣ў:└4T╪dыsлИ┼_a╫r_║~С╒!wХ4═░Б╓╢М╚#0▐ ▐-╨%<╪#ЫНaЧЭу@╜ббQy╙р┤*Ї4Р╝#X№жХ├6p═Ф8╠Х╬л╡╕М─w ]║яSыРсR/I)%нлўR╓Ф▒.26Ё√╚╤osslsigncode-2.8/tests/certs/keyp.pem000066400000000000000000000034761457117515700200430ustar00rootroot00000000000000-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIY7PpABd5xsYCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECC8FH8kZE5H/BIIEyK9LnEmc3VYK kqwBBX15exPIRrsmeGkoSSrnHUeLzV0E2CN9bEL1XwJtX6d4YGYHnH7MopV9LPgl Fdu2CvWXt5XLOMb3FJ38zZGtNnbYWZLbVlgQANZaTRCZaoWHS57KulgbtbJnn3PQ DdYHaCiRh95pgPrdklEs0PhvBe98kR4xGJPoiGn+gJ75Ik4kwW/vJTcQeKbcU4oQ MGIVXV66NU+Pc1d3CTYm9hwIys70+J9QtT1aSoENeYr1e+sHgzN7ykDalfAir/dZ /E91Zg4RFV4clvvVmoAyXmZFpMxj5pLYGvdjBxTURh+8mdulfJMpKHjJldx7N9+I cusGwKVXQcIXI76lxvKo08oENq0C6112+++s6bYtwzuk/Auk+dQ2mn2/gLgs6fsy pi1ZKUoO8pdm8N4QzqPsFc2/ny5oSy6A6EKDC/tKoP59r6qJtoYselfypFsWemIo F/W0HmZzC5OJMEqUxbKIuH7Xhx0ufs4TytzYMEnUVH0ChLan67VvFIcq4sLoMaW0 d2jyDdIe4WcmVckJtjudbIhcRsXtoSVB8PYjdHOmI9YZVksPreeKk7stf06V3PBU /hsBpzlWu8xO6+cMGrlvoqOov3WAmD1/LW/ITggjLb28r7LnUrYTbj95xZ8Zd8s9 hx60MZpTJKni/Kfd5yVZw7xZWLHxNWdBbZxlCkvvFN5Ik0FjULLblfIfYa38zwp1 P6Dbw0wBSNhpsdsGcnkB+YWlzyIJzC99EZqgC3cGmb+9UGuj2bmvzx0hlIY4APCf lfiFNXUHxxRZCV/Cp3TXqh3h7t99KvVoIzEIV8iUDMLG7dsnf2Y1z7AQ3cfL8tmC qTlKH8QdMn87ntjcU1fynE3X/bL4+Fy8ZWeCWHHPLU2TP6Z7xBkXVB77gm0rK2cU lJVZKB3kVemSvu9OennBAiE7yjusqCLyTJo9GlI3H7xM+jHf0CZM149n2yV7w98Z Nag2b4iYnbVa1CRcL+4Y5zfA6AwCXvkqKcqyUqK4ZEvd1VnN9L+pTWrxaAxukC5f KyKXKd+HdiS2b8fFVYKmpq+lK02zxuIJpLh7JlcztNinm67irwg+7VZczpX46Za1 waPuAnJ6zA6pVdRKxpXx5AnAh9vlCtlyakREx6NajG7f2nCe6IrznyVQ45jlkmwp od0kAjsd/xp0NyvWI5A9ICU+pJ5xqhUGkXPvIxj1IqTFa7k4lYKiKgqeKoyLnzYA +R1iQikwewxEahamhjiBH2xPYmZ77EjIF3EtLbpI02fxHR8LjyIBJ/HNnarKqJp0 HYhLJQ8z7uyAESfXY997UnTtgLQHEX5/6DKYqlNWdzRiIEGfleujHmaAb9kf9Xrr r2EVc0E4q2/wvgMHn8GRSv6K7pQC//vNmBuNGCAMBl8t6y1QxDrX+UBn97HGk96Z LqRoVM2mz1cS/tiP4+MSB0zqzGbHsk9xoEY0QeRPvjJfGc1skRWwdo8LA8Hf1pi1 /exyJzHNdxVdxM4CKMnXbTNCxKlhhZhUaWzELNjI5bQ5oQfechEypsFYAQETU5NS 182MgLMhkxqqcxLHcHIGE1ApZKXhY5siO0k4TTb2Kqxgn2fBUyLQLMVaVrHhZwxg XwiQ2Rt3JBHrzPy9wXL8hw== -----END ENCRYPTED PRIVATE KEY----- osslsigncode-2.8/tests/certs/legacy.p12000066400000000000000000000072031457117515700201500ustar00rootroot000000000000000В0ВE *ЖHЖў аВ6В20В.0Вк *ЖHЖў аВЫ0ВЧ0ВР *ЖHЖў 0W *ЖHЖў  0J0, *ЖHЖў  0 2 Rvr╘п0 *ЖHЖў  0*ЖHЖў 0аОМщЫE ▓АВ(РЙE.■'▐С є═ш─* Їф▒╩VФ░ %C$ЩЫ√/%▄gB?ZС!яфе▐~6о╢тD▄эєt┤сYJЄU┤╨НBт▀S!)u%e7k▀ю@ЮК ?)sа ыC▓Бж¤д }3оOЁsДЫWП├5Т└Zf░ Ї^gAm ї[$м6╜D┬]EкЛ j\~}╜}n╜>`@p l:┤ QЎюШ╠L╕кa╞╔й$хўырЪю║Ы"f%HПЛБh]∙L╤шB;ёЁ╫Э╒{у╞ кNШЎє*D`я+|Є жб(C┼ эЧ{D )B│Ю?у╟OPшвАъ`2G&'io]╖·їK5яўГ°'иGTI№-Ь│Wh╬3мёIS╠Мг╪g^g ╫╞▓йб4:їЎНwЇ*u╟ol▀нДш!К6;Є5O╡╫▓¤Pi~Q_╛цо!єЪИ;TX╕rЎyж №=ь:├Рь7ьq╕f╨&%ЛБFгm |9П|╪╞7╔pgўH ■аKЕ└wн1Ц┴▄`┬Ш=xORжGщ@┤┬т├оФ~uяЗQ'▐╘Gtsвp░п┴У оЎНу╙╙y╧0vС╞К┬є├Ю√}╙0БмЬKК╚=▐2[|Wш╛╞L_л ЮI╔пмЖ0Л^ТL<юPЭЧ|#ЮtI,q8s"BвR╝Ь!иє┴═В ъщШt(vчфк0|]√з-fPэў3╢EJPK╩UM P╝╞М[Eh│ ╝gи"/ ╕Щ▐∙ЛH╔▀ J·R^M)кPC╠фыe╒o@▄QВ`)P╝╝A╩ lМ║^Fm\░R║O6EyГ?ФЩя╪-Еэ╟Е AАШ├{їb ф8@Эc9┘БzЕу┬а═╤QиЩw╔?!╞╛∙6У ┌КС,Р┌╖аFАё▄єЇ╝╞Б╠▄ТА(ф▐wkхb╓г*┼ЕyNxЪ▓nс╚Йy{О│о└гд|[╗╗е■Э\3h_/С╤T.^ФC<Nш№∙EGЦьЭO°уHЄЫ╦P║TФYu¤h ╩^.iч┬є z┐!╒З5/59М#T┌└s^▄С╧{╜jC╓Ї╖ЛЄ╘░[к#jb╣;A Нi¤/·йоH o│▒X▄▓└р}Й6wЭ╨дЯ7УЄА╗С^#Z(с╟g╬шj ┼тk>°▄дTо║4╡8Ч╤kцў дпя ЭЬScмм2рпы░жd└p@Ш─2BPл°Гb∙Г1Х█xтLз\o)▌}╡7IСЗ├1g√ўц?WЫ─mZ4╕RЯ▒вр╘ыЕ/S·<э6 ╝2Цp│ъpъф%└Kо(eO·ВЎ?█бЩТ╦╚uзX┐ЫюYлl6ї│ Е,Ча:o1зУдgl─ЬР:#g%╣&\M▒Айd∙,MїsEеgFчВ╖<■▐юMцФ─ж╩qЁSB╗▄\mY┬o'═╦■#╢└ї╦с─л╣Уpїяи ~фl▌ХI╚ЕЯ<╩ц═в├█│O║GFkи├Nо"╠V╕Ю╩уъ╬╚_╥EF"?ъО Й0E╦ }3cё├8╞·Ч╩oл┴k╫qЪжw▌Мp═YН╚ё─ж6я╢оUXY▄│¤C ЩХ╕∙n│AМмЭф ╪о╠wCО{▀░n╘╨m dў2*ТG▐│шбЛ!▀eмtn7z╢╓╡гЭ%qP╠┌йuY$ЇAЦс╗bq}Jк+бЫlаГD╘╫nЭfК╜uМ"Y┬э Їмн{с╧Ї5яu╝▐· ю,dwo√╒+V^p1БЕз№G 7JПД=▀И┼юбRщ ╬Ж╝!S_╞Тr8√P4ї%с]зЕU]г&┴сЇ№lyцьУЁ▄КЬ}kТ√>╡к╥є▀fbаХ └-J╖Є▀Жщу7ФХбn╣k╪ ╬╝чН@Ah>Яў_фdс№s_╬h№гчЦдЯ Gv ў&HOдNяКш√Ф ╜│RШAР}1#CП<Drа~╥м)"ш]╞}╗и╒яaР─├4╗№┴j═╛ЩWkММШ@йФыР·╢┐Wьс╓Wd║QЕ╖Бя├шoй╢кwLbьжzоN}└o^d.;9а▐5┌ ўMll=eТ▀П╫ =y╖ ЇyЄ═Д╨# B╚¤qЮ╢·PIfя>Bz~5wФ╠К╓еИ,С╡·─FYпо╙ li g8╜~;▐nМ,└6йaTo█Ью\$Ьqд^Ь╦с'rШTФм╨╚╖Zг══SZ2Ц*e8KC8Kїn╛"м(Н┌▐╩╫зТ}l їN┘∙ЙЪ4sпM■┘.╟-щ~н┐ Ц6є$вjW х*f Жb╧: |х!щ^%YЫ Л╤q╠║(╩w+j╧,k█┬|*┘√╤+тX]6aш▓/НXЪ╕C,э>ЮD,:є▄К*Ў├ra╨Ю:D├и0В| *ЖHЖў аВmВi0Вe0Вa *ЖHЖў  аВ)0В%0W *ЖHЖў  0J0, *ЖHЖў  0тA>¤9│кв0 *ЖHЖў  0*ЖHЖў 0а.kЬЁf▄зВ╚─ZuЁЬё╥"▄д~Ўы ZP▓├!kSл[ьУбpтc─ў/70┴°"ж;у#y_]Ну wАьАї"}!║CыC>7+╧╝лnЛр[╡t╬Io2FДЫаА╝LвR╕XЁv╪ьGыУ0|wСк ╪оЗ|p !с┐э╢─4Нir тg> 4}S╥;─5ю'Чэчс│ЗГлi╕%$NЧ╞╕:йУ█[╞PAЁКzМяcХ.[ыжтrcр┬eжRuL]rdЮ╙l ?>┐Eф▓┼▄C!╟а"╠'иН°Лжюm?┴ф▐Єї0РlvI)$н·8аq┴zDЦL∙C"цD3Кр? yР<Q$╢а┘║ жФбСДщю╤Uжz*3╢▀mSу?Фп╝лн■┘╚H\<юаД│Щ╖Kzшi>┐ ЬТЭ╗{|*' ┘ўh╨ЦджК7Qz╬Weе▓Xj█pq╒Ы-tОЙў▓ЯZщaх\н/ю$┼кИОШ┬g]╦R╖¤onx╪К└иаF>z√^╘╜+ЮЎ&йы┼ з▄▒VЦEб█ЦvM№8_Ц│лё▒╛╡╛q"А╪┌╗┤╥cнQYQ╞УЯ\ ° Ц8ккЕ"z╛еxаМX┘╤╙║┤╘4рЛаў┐ 6ЄlУЮЖ-1рК╬кэСL┼%;u+ЮА#пh√╫╢рЯлШa╠у!│╣Ю7'FвZOмR√¤▒Р▐5╙мUTf!h)┤▌аwФГo*бТа e[╠¤ д╗к$ВR╨┐Яд*w┌╚sx¤╞:ЙrOc[&╨югм`Iv╪5k░2w$'ЕP═└JБ Ї┴ ╒▒щL33кw▄AУ▒pX dТ╙╜eВЕю┼╞Ть=CГн├├╡Р%П╟ЎpBш╓∙^9шм║пRRюЪp∙└БЙ^╕░ЬиЖуС╢▐b═щ┐ ╘╙╤*ХA│╛Qъэ╨¤kbn╢Єь°├╪>█C┘ЩкttЫ13▀╜КОR╕[єI5)┐]J┬$2╩╤╓╘>ў|ГэЭнрЧ ГiЎ!ЧB "<╛3$Э`n$▐п█╨╓а╞╘(╠╔уЄ¤j}ё▓С┴щ▌│к`▒W&Рpa■А Й1uW╫н1++О╤л╞┌╟▓Й╧rb╕╬kУ_┼Р╝AЫ╪тЭП■Ж|Sё~ВдCoўЮwБ>┐╓вoЁD:╠┬╞│╖kQ╫ ╖[9LVИУ)G7▄A∙@▀~*ё[Й|jЕнч├Б▓b╘{R; Инo░+╤3яkc╓ :■XЗтfТmЗГ┤ЩЕ╒Єя@0Кm}╤° ■ПU╚z└g┴@╛╜|:ж╦:b╟└╦╤ig╪a+mP,°┼ь,¤>╠hаrёЫuўь▓УЯ^1rS{ё┘┘╠Z╗╗ыLl<ёфк╗)TжВZ[М4~ко╧ХЫU°Ў╝Я√ыФєпр@UОw*%█ ═-╟█ХхЮ6!їёM ┤,Шч=Моy%└G┌Ё■L,гС;uU▌dЩ#Ъ|к┘ИЖЇ╔╕┴Ъ┴ЄУК@┐бч!$╗;]Ї▀&j_OШШ┘E√ї║^к; ┴n=ЁК╒ZЧb&:v1%0# *ЖHЖў  1╣inЇЦщТ!P┘┤m%Ъvtj010!0 +╚}-lLЖ7Q╠B╩√ G╙ЭЄу4C`&▒iosslsigncode-2.8/tests/certs/password.txt000066400000000000000000000000061457117515700207550ustar00rootroot00000000000000passmeosslsigncode-2.8/tests/certs/revoked.pem000066400000000000000000000052051457117515700205220ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDvTCCAqWgAwIBAgIUazbrVgbYb+IN803UmJJa0DPHQsAwDQYJKoZIhvcNAQEL BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGDAWBgNVBAMMD0ludGVybWVkaWF0 ZSBDQTAeFw0xODAxMDEwMDAwMDBaFw0zNDEyMzEwMDAwMDBaMG0xCzAJBgNVBAYT AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxDDAKBgNVBAsMA0NTUDEQMA4GA1UE AwwHUmV2b2tlZDEnMCUGCSqGSIb3DQEJARYYb3NzbHNpZ25jb2RlQGV4YW1wbGUu Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0EJrK233GytTHTY V6Sr4iuxHZwLWkv00A03dNsG/xEq3Uh58yHxOMDW49o5hm/PejaaX2ooaYn67EeT MuiMpuD3xtybEGuRZ6YtDCZG/WFkg7wPjGJhF3Q7QpmLOu/BbCU0APNddbDuLP4w 89aRePadPkyk5OLdLznVLA5z9z1JgJrMI/yswYi0ocs7uIKMrewXAEMj15pN3Y0S OoQdp0jKYdGLN5M5pi/fgWiRCJGBH/OTh+VPr5voNAfGeVsiK9XrU4/hsGUW1deM LiIZ0cshqGFUyXDqLEapHr3XSmwinRJPQozyXL437Ws+Gg2Q1IuqTMZS50qjuZW3 4KngQwIDAQABo2IwYDAJBgNVHRMEAjAAMB0GA1UdDgQWBBTprhNre3RQJMbThsJY wKi0w8vJZTAfBgNVHSMEGDAWgBRkEPGrOTfcwf27Hcg/QVh3YifvKTATBgNVHSUE DDAKBggrBgEFBQcDAzANBgkqhkiG9w0BAQsFAAOCAQEAFJjwxpYA2jzrmF1mdKx/ up8gl6iISsHDc7oLAv63oUYXpFwzpNfvi1TGqYVhntAH2t/1XdA1HKdBp2LDsEnt Av66c6HxyNPka26ZGD70+w5q8uHrIOO6MZw0eaLwu9bJI4cLbRXlKwxkGSzXHGYs 1hGR2YwAiMrqtVMPetlpd62y6qUZc0lEOhjJ6DsIfqSgO8AsdyI7Ao+cDqEZ1I/Q Oi1Agn8kz8TtfWKxkX06EoL4DrZCDb1/w0CGQJATq77pKst+zw+B+2EKqlpuG3s/ FE7RkCjG7bEFIDEK2909BXQNyQJzp7ih9X8QeEx5fnPr9lDfe/75YjRqoHkfmcTC Hw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDrDCCApSgAwIBAgIUcRGFYn4pUMRoDtFZhU1EOAPdiWwwDQYJKoZIhvcNAQEL BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN MTgwMTAxMDAwMDAwWhcNMzYwMTAxMDAwMDAwWjBgMQswCQYDVQQGEwJQTDEVMBMG A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv cml0eTEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBMIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEA5yrw3i+fvxBSODvCoQb+9ibWRozmphJBp57tKv9ZraQ5 THK+PkCdjNiJuxZn8F1QLsjJo6JqrrXufYln7wixK0Seu4uV6I2TRzcRyJx29D89 0G9GrTXKn7v8z32QAqCgtwSZ17uWYTFmRAYPllWXcWDONsVyw3UF2nClndL7GMqM gDizlwsfg8HmRpZegn82I7Y2DXccm9a7pFHuBHpwenKqfBnMsXo3Jj4Xlr1cLTrh +6ksS5YogOsOd9b5Dfz6FaGmmwrlUWHwdi+EzdnSpOnXzmgflF23sZQ0ynsVvmpl iD4rXBWnxnQ6Ken3wVPNrA/0ZYGbgSKrcv+/olkh5QIDAQABo2YwZDASBgNVHRMB Af8ECDAGAQH/AgEAMB0GA1UdDgQWBBRkEPGrOTfcwf27Hcg/QVh3YifvKTAfBgNV HSMEGDAWgBQaPEb++qXSgmAi2vsewtpb6SiIyDAOBgNVHQ8BAf8EBAMCAYYwDQYJ KoZIhvcNAQELBQADggEBAL22kK3SDGnr3lhRE7ipptlKalrQKfpght0XEKm5hxCL tougN2wtaTEWMwr2YfGJohcKBaGKQ+Bv6WY+EV+hJE4qEUFh6BGqRMtuZdiAbkG+ EveEMhZWQzgf9rUID+Y9Eg+NfCxlpkdQPjUxUV9OkGIshlxkUP8Y+C0h0xIcwq5v hAfNiJAdcw4fUvtLkpEOFoOjThB8zxOu+Cl3xLCcNOMPLdSxd3YXjy6CMuuOk4RB gOc8YCyyEvwb9KmARZpMOcQJmucMhs+aC3DF+n71g+agFhDl3Z0QkyyyRjAcD04+ sAR9C8PbqSCQAdydHbAFViEX6x3oGJ7L6zEDcIS10wg= -----END CERTIFICATE----- osslsigncode-2.8/tests/certs/revoked_crldp.pem000066400000000000000000000053661457117515700217160ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIEDDCCAvSgAwIBAgIUHGb2CHtm9Ra3gCn6Iv7hpEhiQrYwDQYJKoZIhvcNAQEL BQAwZzELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHzAdBgNVBAMMFkludGVybWVkaWF0 ZSBDQSBDUkwgRFAwHhcNMTgwMTAxMDAwMDAwWhcNMzQxMjMxMDAwMDAwWjB7MQsw CQYDVQQGEwJQTDEVMBMGA1UECgwMb3NzbHNpZ25jb2RlMQwwCgYDVQQLDANDU1Ax HjAcBgNVBAMMFVJldm9rZWQgWDUwOXYzIENSTCBEUDEnMCUGCSqGSIb3DQEJARYY b3NzbHNpZ25jb2RlQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAx0EJrK233GytTHTYV6Sr4iuxHZwLWkv00A03dNsG/xEq3Uh58yHx OMDW49o5hm/PejaaX2ooaYn67EeTMuiMpuD3xtybEGuRZ6YtDCZG/WFkg7wPjGJh F3Q7QpmLOu/BbCU0APNddbDuLP4w89aRePadPkyk5OLdLznVLA5z9z1JgJrMI/ys wYi0ocs7uIKMrewXAEMj15pN3Y0SOoQdp0jKYdGLN5M5pi/fgWiRCJGBH/OTh+VP r5voNAfGeVsiK9XrU4/hsGUW1deMLiIZ0cshqGFUyXDqLEapHr3XSmwinRJPQozy XL437Ws+Gg2Q1IuqTMZS50qjuZW34KngQwIDAQABo4GbMIGYMAkGA1UdEwQCMAAw HQYDVR0OBBYEFOmuE2t7dFAkxtOGwljAqLTDy8llMB8GA1UdIwQYMBaAFBQ8Yqni cYiW5meHqyh9KQSIau0jMBMGA1UdJQQMMAoGCCsGAQUFBwMDMDYGA1UdHwQvMC0w K6ApoCeGJWh0dHA6Ly8xMjcuMC4wLjE6MTkyNTQvaW50ZXJtZWRpYXRlQ0EwDQYJ KoZIhvcNAQELBQADggEBAJ5WxnDiAiRPr7EvTRD7iaxixAY/2wgASXWekQLpvJ8Y /ehaVdZWE8ft76y73F4NC62JfjWgAZHE+we3LSO+eB5kznM+Ctzrf/brR1MorSOu iq78uz2pjwmQBpby6uDMii9r1txR62GYiLrZJizE+13AOVKBo5EW0PuwX3wKjk+s Z5Mp9y7+GVzCSXwJC4wNMw/ZJZgr+o5D8msMh3UPgxUfT1rZ7THW3IwXao3ZtTXw EA6uJoLVNb8FLfAVA1CFL0MlPgyiM2iNs+jIuhF7hPmMc8Je2qAr97ADdLCHWnRv Majsbns7OCCFROF2qSQiyzVO5Hn1kiPSP7qmLMak610= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDszCCApugAwIBAgIUN3RBnJCUJ8HmbeNjJZ/6jsXJLGEwDQYJKoZIhvcNAQEL BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN MTgwMTAxMDAwMDAwWhcNMzYwMTAxMDAwMDAwWjBnMQswCQYDVQQGEwJQTDEVMBMG A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv cml0eTEfMB0GA1UEAwwWSW50ZXJtZWRpYXRlIENBIENSTCBEUDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAME32IBpxW4FhVuZe1PTarEskVHP233QjZtx poC67/lUK44gtFmsxYsMrDYmmny5pfoM/Byxl5/rorEddLqtDe1kd1SpXUvEYxox s5rizRd5sZPgkwNoJkSVyNZFwj7gKZHeg6IQHSxNgmTybZ+eZqiNvEveksj3lGpM Xrbiew7cXUyIP636GPtYxLyIbwDVP0jScqcA/dmSAqofFVUi0SW3OS1hpyXAmmx8 hQHJRKPjPgitZVgjwf5X8/eMTa+ca9dRlRFLk7AcbkF6NcbLm+cRo816nO0EBFV4 Sn2dW9uYqJIfZcpRQ7wbv4fUCghwrk9h3gXrb7AweyK8nyYlmosCAwEAAaNmMGQw EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUFDxiqeJxiJbmZ4erKH0pBIhq 7SMwHwYDVR0jBBgwFoAUGjxG/vql0oJgItr7HsLaW+koiMgwDgYDVR0PAQH/BAQD AgGGMA0GCSqGSIb3DQEBCwUAA4IBAQAlI/1XnGc9WzL53rRascZc1EgWAnej9YFS Dax5+nozYTihC8BRxGfSh1FGRVsmFWhZ0z0XogJJC2bZrQ/36+vwoILItcsWHrQr rFoZa6s1Uo7ZCd9SfmXjbhMLQgydocCh9YIF66CAkQLwRXc1QIpF7nuZ+rxk0ru1 uGjjBrFRfdSdzlFnyK6wfFzi6LtYDVgVEHC7zzL9E/cyuGo7qQ++SoOg99HjTVY1 PS3ea522bRO2bJpYwZJvvbg020DAfm686VXwAadODdBkI2h6U5SwTxp4SkSmq9SI mjtERFtnAKD0R2YrX4RzuIckezvwsqLDkQjMnI9XQmv5HWUZimcC -----END CERTIFICATE----- osslsigncode-2.8/tests/certs/tsa-chain.pem000066400000000000000000000053771457117515700207440ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIEMzCCAxugAwIBAgIUAQ9lOMiuXUZuKaxzEpwQmCzU7aowDQYJKoZIhvcNAQEL BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEkMCIGA1UE CwwbVGltZXN0YW1wIEF1dGhvcml0eSBSb290IENBMRQwEgYDVQQDDAtUU0EgUm9v dCBDQTAeFw0xODAxMDEwMDAwMDBaFw0zODAxMDEwMDAwMDBaMFUxCzAJBgNVBAYT AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxHDAaBgNVBAsME1RpbWVzdGFtcCBB dXRob3JpdHkxETAPBgNVBAMMCFRlc3QgVFNBMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEAqZW3jbxq2Zkw86ePE8r6Tl9+mxjzH8k1XPGXwKIdEhvOhBXN SxwVdiudnbIR2Kp4kOpRNeI4bET6bGEQVBVzuyPOCXeQlXK7wVhri/MF8YzMCFuW 7s2OMeaCqMJckBiGrDYgvDIMfE53CZFVhOnpIKD+ItX+D1bBchvM1TaSOVcxwKwH pmIbw47gOY4E4rHz/KYdqcVCk82ACEmiptmJARb8oYU8bap1x7fEtDZ3w0gnnSks 5dXGjdUwCkm1qHgoW/k6vK8nIz14f/+05GIMZpUh4kIUXMhGmbOeFHfENJ7J30TI RLXsK9iAApriqxZ6EvhrWOYJT4pUeUnGfuwPUwIDAQABo4HvMIHsMAwGA1UdEwEB /wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwHQYDVR0OBBYEFKryJiH4Y0KO x2nCc4cOvih1VzjmMB8GA1UdIwQYMBaAFD8ujz0I9Y7079ZMe9X7cO3/rSj5MC0G A1UdHwQmMCQwIqAgoB6GHGh0dHA6Ly8xMjcuMC4wLjE6MTkyNTQvVFNBQ0EwVQYD VR0eBE4wTKAYMAqCCHRlc3QuY29tMAqCCHRlc3Qub3JnoTAwCocIAAAAAAAAAAAw IocgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDQYJKoZIhvcNAQEL BQADggEBAAhzijhC1kvBV75rxRqj27gtYRG8dNkHc5umzwXyNNMn2tI/kO2Rf+ES 9RamQE9sfvOgg3UqfXIfRPsC4cBHnjT+ELdqbt4byk3LPtstJGFuLy0iNRNY9f1j lBJrldLZNNsIpNMQa0u5h/z4m0CAA8j6ayUvcoR11y2zYHkHlSScTq/s7gSQzXlK z4DRiiYif2OEdKVeRCqlDV8AOlhm1+9am74dkfO71aT0G2hko2u19NWZvjc/DqI1 V+e2g5TDE7V65d9vvf9tA26i0At/VazvnhsgdpgUkwS6mjUvx+gW3i5YJhtXjdAX hpE0ajpKT0x/dNa/qCwl/9zc8XxGnPk= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDkDCCAnigAwIBAgIULFuB5HWsyba6VHu2Ygv2vt4R4/swDQYJKoZIhvcNAQEL BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEkMCIGA1UE CwwbVGltZXN0YW1wIEF1dGhvcml0eSBSb290IENBMRQwEgYDVQQDDAtUU0EgUm9v dCBDQTAeFw0xNzAxMDEwMDAwMDBaFw0zNjEyMjcwMDAwMDBaMGAxCzAJBgNVBAYT AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxJDAiBgNVBAsMG1RpbWVzdGFtcCBB dXRob3JpdHkgUm9vdCBDQTEUMBIGA1UEAwwLVFNBIFJvb3QgQ0EwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBo8JJDwVm6UTZvA2g/tOZ3xIbKYXI92Rn T/FCCUycsB5tmoSWcmy1AB6UDv7bFMGy4mdbxnErtdytGj+hEIO3O2EBbpBLAmlJ CEVNRrz/YbxGoJmeAii9s3jignUpTr/qLMSKkLowuqABZl2XtCp7Q83YlZPkVhFL kCAny89cG/QGAUxViN7HB4jWzhcBTTfD4PFvSU1HZNhPM0Y6BCpv2qrof3/tPnQr xM2zVZoIonQpf6paga61O9fM4wc1GqxGGwARz6Bxq6w2OxRDsV/biqP9gVUj0XmF 6o/draf3MkDswOUZyKpujOUIf12ezXJFPWaCRN1Rl0vwV2CyVxkvAgMBAAGjQjBA MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFD8ujz0I9Y7079ZMe9X7cO3/rSj5 MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAtHmPfVgu6Y7uWcpq AdawOTZ/2ICOvAMmQ0LcXKmSpgsneHiyAL1Wwe2/XxTwmrpHylOapIIuV3irHCXU CxaTMUyZGfXoUWsxnR8bcb5ac/aFKkC3ynE2/IfFyJOQ724cK5FRK1+piVleP4Rx C04KQiuxuVLedyvGh5OPU/94ZW2JuuBjImVAO/lUbYhAUSpwueX2lYKSSPLkPfDx AsIp55x70iQ+EsgARvseVY2JRzvRnuh66V4P15wn3dIzjtWQ1/t007wMk5Lji5dQ iSvdyqULBytBqDtLPLzRuma1KJEPRIamF1j6Or6HaHSVUorRhqI3XuxEUGdO4LxZ QepMyA== -----END CERTIFICATE----- osslsigncode-2.8/tests/certs/tsa-serial000066400000000000000000000000411457117515700203400ustar00rootroot00000000000000bb7fd13ddf056e0a3e621d3537b25478 osslsigncode-2.8/tests/client_http.py000066400000000000000000000023071457117515700201270ustar00rootroot00000000000000"""Implementation of a HTTP client""" import os import sys import http.client RESULT_PATH = os.getcwd() LOGS_PATH = os.path.join(RESULT_PATH, "./Testing/logs/") PORT_LOG = os.path.join(LOGS_PATH, "./port.log") def main() -> None: """Creating a POST Request""" ret = 0 try: with open(PORT_LOG, 'r') as file: port = file.readline() conn = http.client.HTTPConnection('127.0.0.1', port) conn.request('POST', '/kill_server') response = conn.getresponse() print("HTTP status code:", response.getcode(), end=', ') try: text = response.read() print(text.decode("UTF-8"), end='', flush=True) except OSError as err: print(f"Warning: {err}") conn.close() except OSError as err: print(f"OSError: {err}") ret = err.errno except Exception as err: # pylint: disable=broad-except print(f"HTTP client error: {err}") ret = err finally: sys.exit(ret) if __name__ == '__main__': main() # pylint: disable=pointless-string-statement """ Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: """ osslsigncode-2.8/tests/conf/000077500000000000000000000000001457117515700161635ustar00rootroot00000000000000osslsigncode-2.8/tests/conf/.gitignore000066400000000000000000000000061457117515700201470ustar00rootroot00000000000000*.log osslsigncode-2.8/tests/conf/makecerts.sh000077500000000000000000000442351457117515700205100ustar00rootroot00000000000000#!/bin/bash result=0 test_result() { if test "$1" -eq 0 then printf "Succeeded\n" >> "makecerts.log" else printf "Failed\n" >> "makecerts.log" fi } make_certs() { password=passme result_path=$(pwd) cd $(dirname "$0") script_path=$(pwd) cd "${result_path}" mkdir "tmp/" ################################################################################ # OpenSSL settings ################################################################################ if test -n "$1" then OPENSSL="$1/bin/openssl" export LD_LIBRARY_PATH="$1/lib:$1/lib64" else OPENSSL=openssl fi mkdir "CA/" 2>> "makecerts.log" 1>&2 touch "CA/index.txt" echo -n "unique_subject = no" > "CA/index.txt.attr" $OPENSSL rand -hex 16 > "CA/serial" $OPENSSL rand -hex 16 > "tmp/tsa-serial" echo 1001 > "CA/crlnumber" date > "makecerts.log" "$OPENSSL" version 2>> "makecerts.log" 1>&2 echo -n "$password" > tmp/password.txt ################################################################################ # Root CA certificates ################################################################################ printf "\nGenerate trusted root CA certificate\n" >> "makecerts.log" "$OPENSSL" genrsa -out CA/CAroot.key \ 2>> "makecerts.log" 1>&2 test_result $? TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c ' script_path=$(pwd) OPENSSL="$0" export LD_LIBRARY_PATH="$1" CONF="${script_path}/openssl_root.cnf" "$OPENSSL" req -config "$CONF" -new -x509 -days 7300 -key CA/CAroot.key -out tmp/CAroot.pem \ -subj "/C=PL/O=osslsigncode/OU=Certification Authority/CN=Trusted Root CA" \ 2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH" test_result $? printf "\nPrepare the Certificate Signing Request (CSR)\n" >> "makecerts.log" "$OPENSSL" genrsa -out CA/CA.key \ 2>> "makecerts.log" 1>&2 TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c ' script_path=$(pwd) OPENSSL="$0" export LD_LIBRARY_PATH="$1" CONF="${script_path}/openssl_root.cnf" "$OPENSSL" req -config "$CONF" -new -key CA/CA.key -out CA/CACert.csr \ -subj "/C=PL/O=osslsigncode/OU=Certification Authority/CN=Root CA" \ 2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH" test_result $? printf "\nGenerate Self-signed root CA certificate\n" >> "makecerts.log" TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c ' script_path=$(pwd) OPENSSL="$0" export LD_LIBRARY_PATH="$1" CONF="${script_path}/openssl_root.cnf" "$OPENSSL" x509 -req -days 7300 -extfile "$CONF" -extensions ca_extensions \ -signkey CA/CA.key \ -in CA/CACert.csr -out tmp/CACert.pem \ 2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH" test_result $? printf "\nGenerate Cross-signed root CA certificate\n" >> "makecerts.log" TZ=GMT faketime -f '@2018-01-01 00:00:00' /bin/bash -c ' script_path=$(pwd) OPENSSL="$0" export LD_LIBRARY_PATH="$1" CONF="${script_path}/openssl_root.cnf" "$OPENSSL" x509 -req -days 7300 -extfile "$CONF" -extensions ca_extensions \ -CA tmp/CAroot.pem -CAkey CA/CAroot.key -CAserial CA/CAroot.srl \ -CAcreateserial -in CA/CACert.csr -out tmp/CAcross.pem \ 2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH" test_result $? ################################################################################ # Private RSA keys ################################################################################ printf "\nGenerate private RSA encrypted key\n" >> "makecerts.log" "$OPENSSL" genrsa -des3 -out CA/private.key -passout pass:"$password" \ 2>> "makecerts.log" 1>&2 test_result $? cat CA/private.key >> tmp/keyp.pem 2>> "makecerts.log" test_result $? printf "\nGenerate private RSA decrypted key\n" >> "makecerts.log" "$OPENSSL" rsa -in CA/private.key -passin pass:"$password" -out tmp/key.pem \ 2>> "makecerts.log" 1>&2 test_result $? printf "\nConvert the key to DER format\n" >> "makecerts.log" "$OPENSSL" rsa -in tmp/key.pem -outform DER -out tmp/key.der -passout pass:"$password" \ 2>> "makecerts.log" 1>&2 test_result $? printf "\nConvert the key to PVK format\n" >> "makecerts.log" "$OPENSSL" rsa -in tmp/key.pem -outform PVK -out tmp/key.pvk -pvk-none \ 2>> "makecerts.log" 1>&2 test_result $? ################################################################################ # Intermediate CA certificates ################################################################################ CONF="${script_path}/openssl_intermediate.cnf" printf "\nGenerate intermediate CA certificate\n" >> "makecerts.log" "$OPENSSL" genrsa -out CA/intermediateCA.key \ 2>> "makecerts.log" 1>&2 TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c ' script_path=$(pwd) OPENSSL="$0" export LD_LIBRARY_PATH="$1" CONF="${script_path}/openssl_intermediate.cnf" "$OPENSSL" req -config "$CONF" -new -key CA/intermediateCA.key -out CA/intermediateCA.csr \ -subj "/C=PL/O=osslsigncode/OU=Certification Authority/CN=Intermediate CA" \ 2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH" test_result $? TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c ' script_path=$(pwd) OPENSSL="$0" export LD_LIBRARY_PATH="$1" CONF="${script_path}/openssl_root.cnf" "$OPENSSL" ca -config "$CONF" -batch -in CA/intermediateCA.csr -out CA/intermediateCA.cer \ 2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH" test_result $? "$OPENSSL" x509 -in CA/intermediateCA.cer -out tmp/intermediateCA.pem \ 2>> "makecerts.log" 1>&2 test_result $? printf "\nGenerate a certificate to revoke\n" >> "makecerts.log" "$OPENSSL" req -config "$CONF" -new -key CA/private.key -passin pass:"$password" -out CA/revoked.csr \ -subj "/C=PL/O=osslsigncode/OU=CSP/CN=Revoked/emailAddress=osslsigncode@example.com" \ 2>> "makecerts.log" 1>&2 test_result $? "$OPENSSL" ca -config "$CONF" -batch -in CA/revoked.csr -out CA/revoked.cer \ 2>> "makecerts.log" 1>&2 test_result $? "$OPENSSL" x509 -in CA/revoked.cer -out tmp/revoked.pem \ 2>> "makecerts.log" 1>&2 test_result $? printf "\nRevoke above certificate\n" >> "makecerts.log" "$OPENSSL" ca -config "$CONF" -revoke CA/revoked.cer \ 2>> "makecerts.log" 1>&2 test_result $? printf "\nAttach intermediate certificate to revoked certificate\n" >> "makecerts.log" cat tmp/intermediateCA.pem >> tmp/revoked.pem 2>> "makecerts.log" test_result $? printf "\nGenerate CRL file\n" >> "makecerts.log" TZ=GMT faketime -f '@2019-01-01 00:00:00' /bin/bash -c ' script_path=$(pwd) OPENSSL="$0" export LD_LIBRARY_PATH="$1" CONF="${script_path}/openssl_intermediate.cnf" "$OPENSSL" ca -config "$CONF" -gencrl -crldays 8766 -out tmp/CACertCRL.pem \ 2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH" test_result $? printf "\nGenerate code signing certificate\n" >> "makecerts.log" "$OPENSSL" req -config "$CONF" -new -key CA/private.key -passin pass:"$password" -out CA/cert.csr \ -subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=osslsigncode/OU=CSP/CN=Certificate/emailAddress=osslsigncode@example.com" \ 2>> "makecerts.log" 1>&2 test_result $? "$OPENSSL" ca -config "$CONF" -batch -in CA/cert.csr -out CA/cert.cer \ 2>> "makecerts.log" 1>&2 test_result $? "$OPENSSL" x509 -in CA/cert.cer -out tmp/cert.pem \ 2>> "makecerts.log" 1>&2 test_result $? printf "\nConvert the certificate to DER format\n" >> "makecerts.log" "$OPENSSL" x509 -in tmp/cert.pem -outform DER -out tmp/cert.der \ 2>> "makecerts.log" 1>&2 test_result $? printf "\nAttach intermediate certificate to code signing certificate\n" >> "makecerts.log" cat tmp/intermediateCA.pem >> tmp/cert.pem 2>> "makecerts.log" test_result $? printf "\nConvert the certificate to SPC format\n" >> "makecerts.log" "$OPENSSL" crl2pkcs7 -nocrl -certfile tmp/cert.pem -outform DER -out tmp/cert.spc \ 2>> "makecerts.log" 1>&2 test_result $? ssl_version=$("$OPENSSL" version) if test "${ssl_version:8:1}" -eq 3 then printf "\nConvert the certificate and the key into legacy PKCS#12 container with\ RC2-40-CBC private key and certificate encryption algorithm\n" >> "makecerts.log" "$OPENSSL" pkcs12 -export -in tmp/cert.pem -inkey tmp/key.pem -out tmp/legacy.p12 -passout pass:"$password" \ -keypbe rc2-40-cbc -certpbe rc2-40-cbc -legacy \ 2>> "makecerts.log" 1>&2 else printf "\nConvert the certificate and the key into legacy PKCS#12 container with\ RC2-40-CBC private key and certificate encryption algorithm\n" >> "makecerts.log" "$OPENSSL" pkcs12 -export -in tmp/cert.pem -inkey tmp/key.pem -out tmp/legacy.p12 -passout pass:"$password" \ -keypbe rc2-40-cbc -certpbe rc2-40-cbc \ 2>> "makecerts.log" 1>&2 fi test_result $? printf "\nConvert the certificate and the key into a PKCS#12 container with\ AES-256-CBC private key and certificate encryption algorithm\n" >> "makecerts.log" "$OPENSSL" pkcs12 -export -in tmp/cert.pem -inkey tmp/key.pem -out tmp/cert.p12 -passout pass:"$password" \ -keypbe aes-256-cbc -certpbe aes-256-cbc \ 2>> "makecerts.log" 1>&2 test_result $? printf "\nGenerate expired certificate\n" >> "makecerts.log" "$OPENSSL" req -config "$CONF" -new -key CA/private.key -passin pass:"$password" -out CA/expired.csr \ -subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=osslsigncode/OU=CSP/CN=Expired/emailAddress=osslsigncode@example.com" \ 2>> "makecerts.log" 1>&2 test_result $? "$OPENSSL" ca -config "$CONF" -enddate "190101000000Z" -batch -in CA/expired.csr -out CA/expired.cer \ 2>> "makecerts.log" 1>&2 test_result $? "$OPENSSL" x509 -in CA/expired.cer -out tmp/expired.pem \ 2>> "makecerts.log" 1>&2 test_result $? printf "\nAttach intermediate certificate to expired certificate\n" >> "makecerts.log" cat tmp/intermediateCA.pem >> tmp/expired.pem 2>> "makecerts.log" test_result $? ################################################################################ # Intermediate CA certificates with CRL distribution point ################################################################################ CONF="${script_path}/openssl_intermediate_crldp.cnf" printf "\nGenerate intermediate CA certificate with CRL distribution point\n" >> "makecerts.log" "$OPENSSL" genrsa -out CA/intermediateCA_crldp.key \ 2>> "makecerts.log" 1>&2 TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c ' script_path=$(pwd) OPENSSL="$0" export LD_LIBRARY_PATH="$1" CONF="${script_path}/openssl_intermediate_crldp.cnf" "$OPENSSL" req -config "$CONF" -new -key CA/intermediateCA_crldp.key -out CA/intermediateCA_crldp.csr \ -subj "/C=PL/O=osslsigncode/OU=Certification Authority/CN=Intermediate CA CRL DP" \ 2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH" test_result $? TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c ' script_path=$(pwd) OPENSSL="$0" export LD_LIBRARY_PATH="$1" CONF="${script_path}/openssl_root.cnf" "$OPENSSL" ca -config "$CONF" -batch -in CA/intermediateCA_crldp.csr -out CA/intermediateCA_crldp.cer \ 2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH" test_result $? "$OPENSSL" x509 -in CA/intermediateCA_crldp.cer -out tmp/intermediateCA_crldp.pem \ 2>> "makecerts.log" 1>&2 test_result $? printf "\nGenerate a certificate with X509v3 CRL Distribution Points extension to revoke\n" >> "makecerts.log" "$OPENSSL" req -config "$CONF" -new -key CA/private.key -passin pass:"$password" -out CA/revoked_crldp.csr \ -subj "/C=PL/O=osslsigncode/OU=CSP/CN=Revoked X509v3 CRL DP/emailAddress=osslsigncode@example.com" \ 2>> "makecerts.log" 1>&2 test_result $? "$OPENSSL" ca -config "$CONF" -batch -in CA/revoked_crldp.csr -out CA/revoked_crldp.cer \ 2>> "makecerts.log" 1>&2 test_result $? "$OPENSSL" x509 -in CA/revoked_crldp.cer -out tmp/revoked_crldp.pem \ 2>> "makecerts.log" 1>&2 test_result $? printf "\nRevoke above certificate\n" >> "makecerts.log" "$OPENSSL" ca -config "$CONF" -revoke CA/revoked_crldp.cer \ 2>> "makecerts.log" 1>&2 test_result $? printf "\nAttach intermediate certificate to revoked certificate\n" >> "makecerts.log" cat tmp/intermediateCA_crldp.pem >> tmp/revoked_crldp.pem 2>> "makecerts.log" test_result $? printf "\nGenerate CRL file\n" >> "makecerts.log" TZ=GMT faketime -f '@2019-01-01 00:00:00' /bin/bash -c ' script_path=$(pwd) OPENSSL="$0" export LD_LIBRARY_PATH="$1" CONF="${script_path}/openssl_intermediate_crldp.cnf" "$OPENSSL" ca -config "$CONF" -gencrl -crldays 8766 -out tmp/CACertCRL_crldp.pem \ 2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH" test_result $? printf "\nConvert CRL file from PEM to DER (for CRL Distribution Points server to use) \n" >> "makecerts.log" "$OPENSSL" crl -in tmp/CACertCRL_crldp.pem -inform PEM -out tmp/CACertCRL.der -outform DER \ 2>> "makecerts.log" 1>&2 test_result $? printf "\nGenerate code signing certificate with X509v3 CRL Distribution Points extension\n" >> "makecerts.log" "$OPENSSL" req -config "$CONF" -new -key CA/private.key -passin pass:"$password" -out CA/cert_crldp.csr \ -subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=osslsigncode/OU=CSP/CN=Certificate X509v3 CRL DP/emailAddress=osslsigncode@example.com" \ 2>> "makecerts.log" 1>&2 test_result $? "$OPENSSL" ca -config "$CONF" -batch -in CA/cert_crldp.csr -out CA/cert_crldp.cer \ 2>> "makecerts.log" 1>&2 test_result $? "$OPENSSL" x509 -in CA/cert_crldp.cer -out tmp/cert_crldp.pem \ 2>> "makecerts.log" 1>&2 test_result $? printf "\nAttach intermediate certificate to code signing certificate\n" >> "makecerts.log" cat tmp/intermediateCA_crldp.pem >> tmp/cert_crldp.pem 2>> "makecerts.log" test_result $? ################################################################################ # Time Stamp Authority certificates ################################################################################ printf "\nGenerate Root CA TSA certificate\n" >> "makecerts.log" "$OPENSSL" genrsa -out CA/TSACA.key \ 2>> "makecerts.log" 1>&2 TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c ' script_path=$(pwd) OPENSSL="$0" export LD_LIBRARY_PATH="$1" CONF="${script_path}/openssl_tsa_root.cnf" "$OPENSSL" req -config "$CONF" -new -x509 -days 7300 -key CA/TSACA.key -out tmp/TSACA.pem \ 2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH" test_result $? printf "\nGenerate TSA certificate to revoke\n" >> "makecerts.log" CONF="${script_path}/openssl_tsa_root.cnf" "$OPENSSL" req -config "$CONF" -new -nodes -keyout tmp/TSA_revoked.key -out CA/TSA_revoked.csr \ -subj "/C=PL/O=osslsigncode/OU=TSA/CN=Revoked/emailAddress=osslsigncode@example.com" \ 2>> "makecerts.log" 1>&2 test_result $? CONF="${script_path}/openssl_tsa_root.cnf" "$OPENSSL" ca -config "$CONF" -batch -in CA/TSA_revoked.csr -out CA/TSA_revoked.cer \ 2>> "makecerts.log" 1>&2 test_result $? "$OPENSSL" x509 -in CA/TSA_revoked.cer -out tmp/TSA_revoked.pem \ 2>> "makecerts.log" 1>&2 test_result $? printf "\nRevoke above certificate\n" >> "makecerts.log" "$OPENSSL" ca -config "$CONF" -revoke CA/TSA_revoked.cer \ 2>> "makecerts.log" 1>&2 test_result $? printf "\nGenerate TSA CRL file\n" >> "makecerts.log" TZ=GMT faketime -f '@2019-01-01 00:00:00' /bin/bash -c ' script_path=$(pwd) OPENSSL="$0" export LD_LIBRARY_PATH="$1" CONF="${script_path}/openssl_tsa_root.cnf" "$OPENSSL" ca -config "$CONF" -gencrl -crldays 8766 -out tmp/TSACertCRL.pem \ 2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH" test_result $? printf "\nConvert TSA CRL file from PEM to DER (for CRL Distribution Points server to use)\n" >> "makecerts.log" "$OPENSSL" crl -in tmp/TSACertCRL.pem -inform PEM -out tmp/TSACertCRL.der -outform DER \ 2>> "makecerts.log" 1>&2 test_result $? printf "\nGenerate TSA certificate\n" >> "makecerts.log" CONF="${script_path}/openssl_tsa.cnf" "$OPENSSL" req -config "$CONF" -new -nodes -keyout tmp/TSA.key -out CA/TSA.csr \ 2>> "makecerts.log" 1>&2 test_result $? CONF="${script_path}/openssl_tsa_root.cnf" "$OPENSSL" ca -config "$CONF" -batch -in CA/TSA.csr -out CA/TSA.cer \ 2>> "makecerts.log" 1>&2 test_result $? "$OPENSSL" x509 -in CA/TSA.cer -out tmp/TSA.pem \ 2>> "makecerts.log" 1>&2 test_result $? printf "\nSave the chain to be included in the TSA response\n" >> "makecerts.log" cat tmp/TSA.pem tmp/TSACA.pem > tmp/tsa-chain.pem 2>> "makecerts.log" ################################################################################ # Copy new files ################################################################################ if test -s tmp/CACert.pem -a -s tmp/CAcross.pem -a -s tmp/CAroot.pem \ -a -s tmp/intermediateCA.pem -a -s tmp/intermediateCA_crldp.pem \ -a -s tmp/CACertCRL.pem -a -s tmp/CACertCRL.der \ -a -s tmp/TSACertCRL.pem -a -s tmp/TSACertCRL.der \ -a -s tmp/key.pem -a -s tmp/keyp.pem -a -s tmp/key.der -a -s tmp/key.pvk \ -a -s tmp/cert.pem -a -s tmp/cert.der -a -s tmp/cert.spc \ -a -s tmp/cert.p12 -a -s tmp/legacy.p12 -a -s tmp/cert_crldp.pem\ -a -s tmp/expired.pem \ -a -s tmp/revoked.pem -a -s tmp/revoked_crldp.pem \ -a -s tmp/TSA_revoked.pem \ -a -s tmp/TSA.pem -a -s tmp/TSA.key -a -s tmp/tsa-chain.pem then mkdir -p "../certs" cp tmp/* ../certs printf "%s" "Keys & certificates successfully generated" else printf "%s" "Error logs ${result_path}/makecerts.log" result=1 fi ################################################################################ # Remove the working directory ################################################################################ rm -rf "CA/" rm -rf "tmp/" exit "$result" } ################################################################################ # Tests requirement and make certs ################################################################################ if test -n "$(command -v faketime)" then make_certs "$1" result=$? else printf "%s" "faketime not found in \$PATH, please install faketime package" result=1 fi exit "$result" osslsigncode-2.8/tests/conf/openssl_intermediate.cnf000066400000000000000000000052241457117515700230730ustar00rootroot00000000000000# OpenSSL intermediate CA configuration file [ default ] name = intermediateCA default_ca = CA_default [ CA_default ] # Directory and file locations dir = . certs = $dir/CA crl_dir = $dir/CA new_certs_dir = $dir/CA database = $dir/CA/index.txt serial = $dir/CA/serial rand_serial = yes private_key = $dir/CA/$name.key certificate = $dir/tmp/$name.pem crlnumber = $dir/CA/crlnumber crl_extensions = crl_ext default_md = sha256 preserve = no policy = policy_loose default_startdate = 20180101000000Z default_enddate = 20341231000000Z x509_extensions = v3_req email_in_dn = yes default_days = 2200 [ req ] # Options for the `req` tool encrypt_key = no default_bits = 2048 default_md = sha256 string_mask = utf8only distinguished_name = req_distinguished_name x509_extensions = usr_extensions [ crl_ext ] # Extension for CRLs authorityKeyIdentifier = keyid:always [ usr_extensions ] # Extension to add when the -x509 option is used basicConstraints = CA:FALSE subjectKeyIdentifier = hash authorityKeyIdentifier = keyid, issuer extendedKeyUsage = codeSigning [ v3_req ] basicConstraints = CA:FALSE subjectKeyIdentifier = hash authorityKeyIdentifier = keyid, issuer extendedKeyUsage = codeSigning [ policy_loose ] # Allow the intermediate CA to sign a more diverse range of certificates. # See the POLICY FORMAT section of the `ca` man page. countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional [ req_distinguished_name ] countryName = Country Name (2 letter code) stateOrProvinceName = State or Province Name localityName = Locality Name 0.organizationName = Organization Name organizationalUnitName = Organizational Unit Name commonName = Common Name emailAddress = Email Address osslsigncode-2.8/tests/conf/openssl_intermediate_crldp.cnf000066400000000000000000000055611457117515700242630ustar00rootroot00000000000000# OpenSSL intermediate CA configuration file [ default ] name = intermediateCA default_ca = CA_default crl_url = http://127.0.0.1:19254/$name [ CA_default ] # Directory and file locations dir = . certs = $dir/CA crl_dir = $dir/CA new_certs_dir = $dir/CA database = $dir/CA/index.txt serial = $dir/CA/serial rand_serial = yes private_key = $dir/CA/$name\_crldp.key certificate = $dir/tmp/$name\_crldp.pem crlnumber = $dir/CA/crlnumber crl_extensions = crl_ext default_md = sha256 preserve = no policy = policy_loose default_startdate = 20180101000000Z default_enddate = 20341231000000Z x509_extensions = v3_req email_in_dn = yes default_days = 2200 [ req ] # Options for the `req` tool encrypt_key = no default_bits = 2048 default_md = sha256 string_mask = utf8only distinguished_name = req_distinguished_name x509_extensions = usr_extensions [ crl_ext ] # Extension for CRLs authorityKeyIdentifier = keyid:always [ usr_extensions ] # Extension to add when the -x509 option is used basicConstraints = CA:FALSE subjectKeyIdentifier = hash authorityKeyIdentifier = keyid, issuer extendedKeyUsage = codeSigning [ v3_req ] basicConstraints = CA:FALSE subjectKeyIdentifier = hash authorityKeyIdentifier = keyid, issuer extendedKeyUsage = codeSigning crlDistributionPoints = @crl_info [ crl_info ] # X509v3 CRL Distribution Points extension URI.0 = $crl_url [ policy_loose ] # Allow the intermediate CA to sign a more diverse range of certificates. # See the POLICY FORMAT section of the `ca` man page. countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional [ req_distinguished_name ] countryName = Country Name (2 letter code) stateOrProvinceName = State or Province Name localityName = Locality Name 0.organizationName = Organization Name organizationalUnitName = Organizational Unit Name commonName = Common Name emailAddress = Email Address osslsigncode-2.8/tests/conf/openssl_root.cnf000066400000000000000000000047431457117515700214110ustar00rootroot00000000000000# OpenSSL root CA configuration file [ ca ] default_ca = CA_default [ CA_default ] # Directory and file locations. dir = . certs = $dir/CA crl_dir = $dir/CA new_certs_dir = $dir/CA database = $dir/CA/index.txt serial = $dir/CA/serial rand_serial = yes private_key = $dir/CA/CA.key certificate = $dir/tmp/CACert.pem crl_extensions = crl_ext default_md = sha256 preserve = no policy = policy_match default_startdate = 20180101000000Z default_enddate = 20360101000000Z x509_extensions = v3_intermediate_ca email_in_dn = yes default_days = 3000 unique_subject = no [ req ] # Options for the `req` tool encrypt_key = no default_bits = 2048 default_md = sha256 string_mask = utf8only x509_extensions = ca_extensions distinguished_name = req_distinguished_name [ ca_extensions ] # Extension to add when the -x509 option is used basicConstraints = critical, CA:true subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer keyUsage = critical, digitalSignature, cRLSign, keyCertSign [ v3_intermediate_ca ] # Extensions for a typical intermediate CA (`man x509v3_config`) basicConstraints = critical, CA:true, pathlen:0 subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer keyUsage = critical, digitalSignature, cRLSign, keyCertSign [ policy_match ] countryName = match organizationName = match organizationalUnitName = optional commonName = supplied emailAddress = optional [ req_distinguished_name ] countryName = Country Name (2 letter code) stateOrProvinceName = State or Province Name localityName = Locality Name 0.organizationName = Organization Name organizationalUnitName = Organizational Unit Name commonName = Common Name emailAddress = Email Address osslsigncode-2.8/tests/conf/openssl_tsa.cnf000066400000000000000000000030601457117515700212040ustar00rootroot00000000000000# OpenSSL Timestamp Authority configuration file oid_section = new_oids [ new_oids ] tsa_policy1 = 1.2.3.4.1 tsa_policy2 = 1.2.3.4.5.6 tsa_policy3 = 1.2.3.4.5.7 [ req ] # Options for the `req` tool default_bits = 2048 encrypt_key = yes default_md = sha256 utf8 = yes string_mask = utf8only prompt = no distinguished_name = ca_distinguished_name [ ca_distinguished_name ] countryName = "PL" organizationName = "osslsigncode" organizationalUnitName = "Timestamp Authority" commonName = "Test TSA" # Time Stamping Authority command "openssl-ts" [ tsa ] default_tsa = tsa_config [ tsa_config ] dir = ./Testing/certs signer_cert = $dir/TSA.pem signer_key = $dir/TSA.key certs = $dir/tsa-chain.pem serial = $dir/tsa-serial default_policy = tsa_policy1 other_policies = tsa_policy2, tsa_policy3 signer_digest = sha256 digests = sha256, sha384, sha512 accuracy = secs:1, millisecs:500, microsecs:100 ordering = yes tsa_name = yes ess_cert_id_chain = yes ess_cert_id_alg = sha256 osslsigncode-2.8/tests/conf/openssl_tsa_root.cnf000066400000000000000000000056521457117515700222600ustar00rootroot00000000000000# OpenSSL Root Timestamp Authority configuration file [ default ] name = TSACA domain_suffix = timestampauthority crl_url = http://127.0.0.1:19254/$name name_opt = utf8, esc_ctrl, multiline, lname, align default_ca = CA_default [ CA_default ] dir = . certs = $dir/CA crl_dir = $dir/CA new_certs_dir = $dir/CA database = $dir/CA/index.txt serial = $dir/CA/serial crlnumber = $dir/CA/crlnumber crl_extensions = crl_ext rand_serial = yes private_key = $dir/CA/$name.key certificate = $dir/tmp/$name.pem default_md = sha256 default_days = 3650 default_crl_days = 365 policy = policy_match default_startdate = 20180101000000Z default_enddate = 20380101000000Z unique_subject = no email_in_dn = no x509_extensions = tsa_extensions [ policy_match ] countryName = match stateOrProvinceName = optional organizationName = match organizationalUnitName = optional commonName = supplied emailAddress = optional [ tsa_extensions ] basicConstraints = critical, CA:false extendedKeyUsage = critical, timeStamping subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always crlDistributionPoints = @crl_info nameConstraints = @name_constraints [ crl_info ] # X509v3 CRL Distribution Points extension URI.0 = $crl_url [ crl_ext ] # Extension for CRLs authorityKeyIdentifier = keyid:always [ name_constraints ] permitted;DNS.0=test.com permitted;DNS.1=test.org excluded;IP.0=0.0.0.0/0.0.0.0 excluded;IP.1=0:0:0:0:0:0:0:0/0:0:0:0:0:0:0:0 [ req ] # Options for the `req` tool default_bits = 2048 encrypt_key = yes default_md = sha256 utf8 = yes string_mask = utf8only prompt = no distinguished_name = ca_distinguished_name x509_extensions = ca_extensions [ ca_distinguished_name ] countryName = "PL" organizationName = "osslsigncode" organizationalUnitName = "Timestamp Authority Root CA" commonName = "TSA Root CA" [ ca_extensions ] # Extension to add when the -x509 option is used basicConstraints = critical, CA:true subjectKeyIdentifier = hash keyUsage = critical, keyCertSign, cRLSign osslsigncode-2.8/tests/files/000077500000000000000000000000001457117515700163405ustar00rootroot00000000000000osslsigncode-2.8/tests/files/unsigned.256appx000066400000000000000000005504051457117515700213140ustar00rootroot00000000000000PK-ў`▐V unsigned.exeь╜ xE╓0▄=ЧdBzАв┬2шd═(─Q$Э╠@ПN Т ╕вBYCУФЕ─ЩС┤уHv╫]▌]vu]uu╫ ▐╕й8У@. E/zИ`ЁB╕╠NU╧%w▀ў√Яяy▐я}Ю╬йко╦йSчЬ:зк║╚¤e#гfFO0╚0[·╦b■єпЮсу╖ g▐И█3a k▀3б`yi╡б▓кbYUс CQayyЕhXRlиrФJ╦ Ц9∙ЖKЛ╙ЗХ:Єм │Їб╠№йч ЩЖqiжЧ╣ЪЙWйоd╩ ├ЯрI`Шю$А·(╠0мвxуOЛ№∙XЖЙaШ мКЇЛa С№╤Бp|PbШ)▒QёН╨O є_■e52L┌%╥?=─0O▒?^.],оЎ▀л Д}ПЬg1У╖8}iбX╚ Н:╪эк!80y╛Ї*Ъ▒{$$N ╥OЪoqVz%═G·╕Qi│ah╛МмЇZЪo"цє)∙╜D╛%╒╒~*■t\║пu╠b_z)нП╨║<П]TЯ/=gnЖЧ3Jз▒┐Жц╦ЄеЛeд]:Ц,═ў╫Лє]7%ДfVЄ=54_^ЎuЩf▐t№1@╛йЯЪOЯ}▌їЩ$ЬОЇX╠╥~|rЙ|Sn с╜ШпR╔w°∙n╕ЙДЯG^йSЁ;~Q?▓п╗)ГД]╚фН,Дп/Q▀TК▀rlў)е▌▐Kф3O&с№Жp└aJц1╓╔╣╝Xg¤dе╗юYt7┐Р┐ЫЄ5╖┘b\Н╚=:Ъ%╥·П═dr·R┬у+xЇvєсЪ$;ИФ;█d3╚=╕y╩ПSLЪ∙АуN╖╟!ъ-иX\╟и°▀▒1√g┴ еZ`ў RеA╤J0 xf'▐гБ▀B&s╓%МXB▓здУ╜mTK╣╓"cXМoЮ╧y°]Qч═;ч<|╓Сф╘Ю┌▓CЧw╫=№Bb9√UВ╟О6GБq*┐╜Д-YЁ╟┬Y}Вz▄╬MX¤m:Ыt@РЄї┴dCJзуН`Є√нДкгАкRУ╝Ї╧╠ГеG√0ї▄бГ,[jpЦ▓дд╚╖@.д5╠яР&_╤╞A└╠учєwаС3 Es╛hDFЄLЯ ї╣Гтh┴[╝цЬ°{°EwЗЇ─ЁMTO╚л╨кxBЁjър┘╔QыюХЯЖXд|А╪AG└2Я┐Iн\┴┤┘ 4о╢ыMdЗn┴j╛?v═o<а╨·у╣ї╫▓d╞t ч╘ ╨┘НnХ'_ZВsяDОp6'╪═_r╬;Б`<m╪╢c¤ЎdR;c4L·6й├V▀Ж╔оN'tж&√▒╝ж0K├-J=╒E╡зZ├m╩.ТэьI╗gкs└└╣╨=у╓5-е_rш9╖Щ┼9;кnи╝─M+ЗъФ╥qО╡H╖@эUO+·Ўє7pD╣GЯ!3ў 3ZАз┌╜┼/*zMыЩm┐┼├а%Ф(xЄ@Н║\щPpЯ│╪й9э╙ЯАLл;ЛXРT╚$∙уo╙qюў!┘УЯАШ6C82ф╬Б,╬╜Ъp?"пр∙╨9фУ[▀^┘°vп=ю[w╗└┘ЎFr.ДЬ╨б@Ы┬Д■╬#¤o0└╘┤xоEЭlg√,ъt┤╕╥HЩt$Bwр,v█Ы°в8ч╔│$╝├┐;KФЁра┴╬╫ЙlЙAЛ║CJ(4^№┌' ФeБ1■.4N¤ХjV░'ф∙ORт*и+Р4ЯNb|NцВgДG║EЄ╫ж0╘Я╔╔Щ#Н╠3¤ уу╓с:╫tWZ┤аLg8√уjо╡}н#J∙Ч4e╖Эx┘t№y{А╥eKРN┼Eюзk▒V╫gРqх/жC~Я°щЇqS2;╖вРєРе╤Ю Тб╜┐М╝vР╩z^%їАн $jzНf║Н6$╗√▓5 S!`кuт;Q$╚№НdWЗ╗Еz^$/Ф╞╝2_ДЄ█Х№Огz|$╥ь#Г B~\iТ╟*∙┼Lв"эЁЮ╝╒╪А╓D·~вX│-╪N&╡ьSТ╤Ш ═Gє┬Ы╪√*ёcЪИВi~╔qPЬ ┘Ч$щЖ <ё┴Пm╥Ор>Pв├s▌G─8┴УгТбAvЧJ8>ЕкЮ}5d ,B:ж╓7!√@hkПЎ^╚!} HX╤0д)d√d[ "Kї`ъюfдх4 ibV*UъВ╔├B┌ёп>ХдПA@(∙QMКУK*Еў№5─├Jы'6Bы╗бiN╔╫ёУС  Ё+¤эНHЖvёЪ╠╬ЮсhOK╗б+`║ї░f0sy╜гGcэчВФнЧЯ═'U#║Гў╦у1),?v╧8┴з° фА▄вЬi╣ь■ ╖KmQ°З° └{ъpШЄsdЕ$Ы╖@Яb┼╤Aлgrър╘┘▐В&дл┼skBо╘├_gQgГд°к└RlD;ЗбylЄ┘┘¤=├R┌'┌и╧ы╔KАоьn_√Хd.Ч=Аo╧жу&Ъ)UЧ їs╞1┬$"okО1q┴ЭC~4ЭQ@3ьR36щ#∙N2,4rеPьян °─mЯд╜waп▀╞ *х╪х№Жuм╝╝yA)?Ъ[╥ ~лн4йв▐н= Д╚ н¤ёў4Ы·еЬД╛Ь8НуZ@┬╩║dи|їрЄОгБ┌чї#╥"=┐R\@█їщ}{Кўdщщ}щcа+!aSДД■A$t=Й│dО:#░з{о ═ @зЖХ'▀шlbе|г`>-Z !╙$S╛╤ЬO╚4\ЁМъ█a▀У▀╜Hc╧{Q·ъi╤и сКвщХFWЎЩR╙.JВJе║еЧ!╟СРOj"h&ovт─Sшw¤∙бЇу╨°А╗ П2 =їT╗А╡л=╝Ь,З└╘ь/═╒├ф╨ №фюм╜\N╡с╨4┘д¤╘H╡hдd'╝!Лясї┘йVЁ&∙╓,=R╪&u┬\ek▒'NB8╔ю]hЬ╚;2;ynУfд│√ K\[Гf([Pй`╞╔Вўv╡]:`7}"O║@B#√%з¤h Йc░╞k#5Ў╝имяЇ∙│─╦ёе!ъх·И|b*'▐╦┐YЯреўБuЬg*8ЧЇИ╒Sл'G%xOн╬ъЄЬн╒щy║╡7чna╤в╕7┴bЦy╬╛SxцОмRЬ;О ъ'~ Y╣0э@q7АP ╕^ ┤JзР╩:кфCЫ╨aёцe8}7mмR_7p3╧e7 ]╟fВ7╒щ°╪n>╩╣6aq╘d╣Bъ╡J¤vS7oЄсЮ╒г╕нk+ъy.0┘д~Б╜ ЯT└┬/╤2P╨цA╖H ▐y·=Ї$ ╞AL┴щ┐шжч|%цЭ╒ыЎМ"/qtхT╚$8O▓@е,░CЪхє·cxHГ О╪"K│)Цг5mVўЙ╡Wї▄╥WD~Bxя╠а╒▌╖f:/╡@¤Cъ>Hы╞КwR9╕6║vеЁ┌цK,:ЕьgнБ:НЬы:дАфу╖■ыЯ №'Оo.ўК▀цЧ'XX▀┼C=вDT_JAwe╝▌·╨zJ¤▒ 8&╥╚L▄z>╝.B ■Меcф^/0З+-1╚С1є┌#хL;Бщ▐Z├ў╨(╨FЗ▌HA4Ь'T@╓5qX[CЄk├НPЫкef0^pПN@ЕKG jРн√╔ьв°CК^9╪ПЛ-╜<М+huЩ▀ОЪЙ▓ b╝Nё└_┬x]ZpRBВєCЗ7яф╣▄hj6ўБригDЖ▀ВGGMчИ▄ЦtэПP%Ё╢┘H║╖эБH?\3B╚ХГR ┤ЯП▓'H■cCЄгжDNЁ╠ ╟ш№Ф?8WД zБГчг╫┐.н·~ RБучI?вF!Ё$tMъO┼г6╙q╙Вs▀ИX╜╣┴Р[╜лXЛФ√bnQ0Dдy,ёer_┤ЪVi{TЪ dьqT#.Дў╜гыЯQ8─▌Л¤╕АЫ▐aЇи{Зш╟┤Р~▄B;[еў▄├┌├┌╙Ж╙7ЖОм_т╝шфЮЖ;╦╒ ц.╖%К _}СХм╛╓:Qє╫0rg╒[ rБq╫hT9o╤s]L/ фJ▌╢н{▐г?0G !ЯхzЧ│╣цтuV0├п)q>``─л└╡I▒O└е_╡\А,▀┬L;╔&э ┘m╢╙Зрпр?о╢{з¤6Ч ┌M¤N_▀У┘Щ╕ХЙВ┤JЇ№ЕЄ│╗П{t3Кз$[Й Rm╗ftnQ┐] РaВ▒╔e╧╦u┘4 &о5ўн╣╩@SЛTЭQущV<╝╞╣Я`i╜ eЙ╨<╚Тїs$ч┌З╘be&┘╝8│╩╨Упр?Dявп¤_╘╗#▓г4#Фs┤Б╜╨syд^┼nБTj║HM╘ьrwо╔Ё▄жы█▒\>З*ы╛2ИmTIlтЙхВїэPъє??Dс~а[С@▐єfp╫р╢▀╠їhМш[lG▀тб╠E8▐дящk┬5a~Ao7щУ -ZЖQп√3М№▌¤ЄШ╚э│I°-xRPЁшх╦yтеГ╟╘W┬K╞l1)╨MцПp¤▀!AдяЙў у┼sЫ!g╧ЗКчЦ╞{°iП }lСZь╥nboщ╤\0Cрt─├╪в╪Oz1Ч(%╬5 °}1(╝3UvюХ&0л┴др╜B╨фчq=ЄКОе/┌щmlЁч║FН√0k┐╞q╞гW╥¤к╛Цs╗аmчс,╬¤*▄Ї.ТсhH`╫·┬по1Vp╢▓▄Ў6`A∙З^pN▓ЬыCxG╨▀Guъе-И√ЇyЁлAАю╞J∙J X╧F▐s╗▐bЄЩ;╕Gq>1u(ТёKxc}kЖaНЬ╗2 ▌2╨;A═ └∙tQЛоSс"`┬ [b87v■Ж°Л9╜Cф,}ОЄ9&aО ╜╩╛╥П╕╓k/C3┬1КTиW╓чяжым└ўa>ё∙П╨i╧7╪кЮ┤КюПкДЁ+ЎOаёфыБ,ыАAH▄╓?бО╬Жф╙9:5╬5*Е■h*peXпA2т#▀F1А╢УHgЖ╗√у╫├∙╚ЄYа/h;▄УЗмl/t6▓■о╘гЖz@s:N&Fп╖■у?ыйу╤АuGїЬы6DЭr4╛ Ши=Гї]Лї╜~л╧ю] э¤юфРё ,┴єCdРпQ|W!(▌Fфeч+жСs╜E┐╛sсєL!>°╢{-йО└Учнюр╕Ж╓╙ ·ж JSЫфw|Е kв│?ш╬╖BWХ╢рЛ╣├"uYсmBоtИ╦▌>Эў6ХйН7╖m%ю┘Прf√-аЧ@ў$╚╧┴ё╗QGъД╔zй ▄┬Dg╗StЄ▌'└Fєц├sц+[`L л8пЄ└dж╜[nёdыЪ└"┼T{/jХ,╠\m╠+с*,╞<Y╕8 єДлzR∙ХЧ╢of№{√f▀╘бЎMT?╧Ьд¤фGDї3╝■Gў[GwШk╕А№ръ■╖╜2L╫З▐Ид│ї░пЬ П▀{rtйh╙;/Ь_}jЬ}k-╕{Ў╝3} JJIlWщ░<щ и8}Ї║╤┘уCф▓'Н╠7>╟ь╘c7)▓<двg╬╤N█ї┤╙ЛщЮN#ш╚▐єA╣#">П8h╚}Сs║■ x┐ч╧a;рРм\LDЩI?K gЪ+ ╚т┤└uои╒╓v╧ЛчNЭХ{╖┘.}ЮуM√ьC╗╘╔mn╙╥PШ.*wJзў╟u°хёqm[/б ┐?╙╒Б\o°Ш┼ Ыг╕v■ s╤│┐П┘В┼гw ч┬u"╨`,3Pкїи╟■ ж} М^:sf У!x░V(ХЁпёШQ*тrя╢╪Lgfz5├▄Э╥.+7зн■0╤м└╜╗ПwJ;Q-Бъ▓в3pейI╝.z¤▒ е▀?0^╤_╝w╣╩b┌C╘XЗ╘ф°Ь{ўД╒▄─=·+\ц25їэМс\/cLгД╞>╕бэ█ V╞=p+├бжжQхm▓в╜ 4Ц│}Б№&I╒v╚d╛╧bМSЙ╫] iф\Gи░'Ф8н1ф╣├╕.Ю.Ш╧╓дйЭ┬уVC O/┴│:"Ъ2ц│Ь ┐н@{RpЎ░╬3щЬkщsfв╕ЗЁ7╘▐є1ю'╘_оuЁюN╟tЛф╝╔Є╤Июо?ДБ8Vё#∙zшr_ЧўСЫ"Ї$#SR28╟yЭГmb╪┐`;WЭ▌:ч\C▓э=n┌ы?д║║ml╫pГКd┘КKфЕныxЯHэ< вtЦ┤t8;uzожч|HО8╥<┤jГНkd>╫\╧С:ЭЗ9█щж^Ь√]jЦЪ╘zЫ ╕FAзPJЛпI╬Б╕Хoy│o▓─∙z6}А@Фпц╥p;ДVъ╫'єzx╝еуеW╞ -П├ГF?O▐Мy╪2ШЫ╕w▀╟┘ ЙъcщvO╕ц┐}Гєy└┌┬·{Ej<СИ}azщВ┬_Б}-L4"}яа Є{EїГk°B▒GАjгмюv╟pлgбQт╗&∙пEЭО╘є╬ ┌ЁTшш░┐┘Cжд:╛┼Эгў∙Г@'b8└ь+g@75сv8ўd@ └ЭЛ╬Пt#ц█▀┐┬ез░╜В&╡a■tQ~b?Uc■?ЖєгS█rЮЬ╢гz:▀пК╘N(.вCfЖ╙├∙п·ъrFйЪr.т R▀NчZ Iрv°│]CC╓Вh;єгv░ъ┐~QЎ▓Hа[▀ЧOdТЕЖ╠╬·c╕7щaJд╟М╕╧(m0т!piЧр╜З|' ─C:O,]z X]*3VJлН╡@д╒°║^сGjн.у# ¤AЁ▒H┐#:эЬ+Wg╝У&чБ▓ ВZ■┤ПмДш=┤Р┘EРXУ╩╫wуТИ╚P╔╣ыИ╛дY°Ж$V╔Н $4─mЕL├m▀Еэр>ТєLкc╖IН╚ !l]0▀>Ch∙╣ця╒╓╠а5│П'ыX▐<Р│rtъ~Ycт6u┌К ~╧╪┘у┴├T/юТkA╨Ф╢k┐▐)gLЛу╓╜CЦИ╒▄║'cшвС√WШ┤yТиВ▌dRбU▒▐x5u^ ▀┴K*n╙LVРN*є'ршо─Iє╥hЭ·8ШС:7ЪЫw!Xе╬аЪs╡aЛЮ#─Tb№ўp&┴'иuhм▄жv▄ў]ь<ур\оЛ▒·cУ>д∙╖(-█B|Д╪ЁяR ю$┐u%9?ЪвМjўЮ\f▄юз┌P╗╖╜]└vq и]IЫГ∙mZK╦хЫ┴, dг q~г▓■бкYюбO5hqЕ ╔'П@▐╤J^▐гбy[)_╥Э,ЎЦКnш/&]l░Cy┼юСW} ХьО╢yТМ!~▓9w`ЫZ╬╡ИвЭ°БЖTт0┌╤Й╨QIU~З0.╓А%ЭmшKэє╬m╝[╧"ШCv0│фQзб╒╗╬УЕ-╟03Ё#чZп┴TТh/о[kI`TЄ}еB*╨Лхя░ыWа2ГСЩv#чЪ╪M╗░╥╨1"ГеМ╘Ў╟╫-/Е_╤wP [чФ·ЧГНкЧН╘[j┐Мs9BяUСў3▒];( є╚I╩╪сg7 ═я>ўгX¤·G░·5bХ·▀/w├ўPю─YКнxVaу┐ЭгГ`┴w╚╧ эIас┘Z║QнH)Бя╩h!╬▌▌%ЕT╩· С┌А}ОАЬ√ЄM8ЯБIBПрJpdmАc R▐╞О░oывy╡X╛є t╢╧^▄^ъЕ█^¤)(w`ртr╬_ю Ц√█┐▄л8═ЧрК+╝┌ЪкИ▀═ЯCЄ▄ЕЬoг╖J· M%Д╒умh7fА,F)Р{пбS@╓}Ohе0O'3_рAzв╗┴КJ─e└{┬УЭОBcЇ<4Jt0n║Ёзq║rюПЙ╒ИкдH/═М_Oa)Ё?а Ze!Ду/P%И╦тБ чХ╘╬GX- █Ъ╩PyC╩ш(3НPF:╫cДС╓О▒сфp7Ї=ФЙЩhРuа┼┤╥D<*Ё▓B,!чЖ─я ш╬жU╫d√В*+g∙.░■ mРП░■sРX╖F5Щs═bщ$у"?√) ╩;¤a^DK¤uяйP╨ А┘мрЕС∙#ЁTЖ#╒ъБTшЛ3жё░@пв=°э╘>йTFь&яc$╕ J7%:╗_a ╗╘ошўt4ЪnДЇ\Шhk╣gPQ'ikЫiпT╩╘фlQ)={п?ЇB;°┼ы¤╘ш,JГ╚Ц д S87JфWЗ+R+∙Э¤h╬_:ME6vъЇBуj╩!ХБl1п?TНjp5╙·╔ўФXM╔щA"°√∙иCжdн+єає╠kRИGв╠ мн▀╝1ц]л┐Ч╚О+`Ы ░ъVя┤Q6Ў╕'╓ъQy╓"∙NЯBsФЧvЄц╢к{xй№oЫ$ГхЦ┘э ▒╝Ggs·56 ЦН{е╒╬Ў┌д└Юэ░∙OЁ Я╘╞K┬9<зцьfQи╠T╖X=├Ё ^╫_ИХOО┴╬ЩАТX;ЛўZA╚╪~ш{:O<я╤Г▒IЪ╪6┴╘$H`╞хЕл5Q¤ЙP╘"x-n╞гs╖Лй╕vH╛*l├СёЎА▀чH@J8eН`▐YuТЧDcR╧nх=Р╧1bЫє╕╞n■иъkТCAїQ╥эx┌ъQч√╕-╠Щ▐0>┼╓@ЬPУ┼єЖ1 =Є1┤╦ШANЮ|О(х,Є}&O%█куTL╔Рdgў╝─"МuЎГ}╘2 ї8┐╘H НВу\╓Єк╚r0x?╗Є^.Н╢,H√┴Ь▌r▒9Л|хь╫8Ў ╥&╠-№"а▐─мфУQ\I UsqБп╧Q{▄тЩ░┼Аr╨╬;╧╓ 9Ё│╝y╟┌>┘ФВїcРўўkmR+╢55╖╚gє╬O▒∙╗БїШТ╚yХ║&НE║їЬ`ЎWН│Mа>╚Пр═З▒▐╗Н \v╢*й┘ц╒мыс╚ўм▓╞} briAТЇЙ│З/W<*фе∙I■├ZЮ{╟ЄdК╘хьoяьМ;3Ч│$ъ9сВ╩┐p┌3? ¤G╫╧ЙЎ~М╝─-№ЦPЯXn!]╟Ф▄Ъ&№у├}+\=У|╝╘ОKh├√╧Мп▀┼0╜3м╥nЫ╘╔gюС3XM╗эq|}╧ ╨([ю√Ц[иН╖`╒w*pA[ ў д_у╟┤XЪцGп=^┤╦s╫ьЖ7Й?ф╨7Р╪ўнЕЫ╪Q┬]╫╦н√Y,╪┘ ╕°┐L▓░Я╨м╫Є,mR│┤▀╘Ж√ vcя═н;H&√D╦Lt2:Kl\yЇT│*▄╔=┤BM▄╦╨)╝є8xГaШи¤ч3Є╘1иЛBчз#Ме|з°єЬЁ╖╩/г╡"5Є├√"╤∙u4 ;─ИБкєСїВYxг (~║ JZ╛eФ2Р╫n ceQ┐H``r╚╧RРg лAзCFквЖ┤t═QzVЕыGxзў[@*+aЎ)=Г│<╧┐гдїk╣їЗ╤kйўЭWгз╬╫ўЯЪsЁAцЪ╠ц[тifЧ7*╬¤F 9У╗Ь╢▌G╛hс╣9яKПДy ChL┴╚╪БZЩЗ╣╪╣┌hЖ┤▌XАJa4db╒Є№ЮY ╕ ═КiРT@Ў^а3╢&чW:LЦ№Ьk K▄╘ЖIV(рнZЄ9eA╝Э■iС2схЕ╨U3ся┬Ё┤°HИе■Ц╟a┐оЫ[7v8Ж╥┌Р]сIlф ?п┘Е┌и0╘gШ,╡┬АЮ┼j8ikб╤ЮyBЁ$я═бb╨┴{sВ┬╨Ж▒ ЁZОzн%Б ▄▌<┬Й°MчВo╣{▐╝< b│ ┐─д╙┘Ф╤0Ъ╡6n▌ОФK¤*Л└q{lx▐А╥┘{;+Q▒╢Ш?с╝╧iИЁ5cm8-Cx76к9/й║К#╜■RP┌vн|╤√kЦ█ФDu╡Ь0i╡1пgLшГy?ч║c8N°РW\∙`▌АY<Жv╓Ь¤ї└к╨зО╚Р*╠гQВ╘kШ┘,,╝'№ Щ╚їFБ_:╔X'Гjє┘Qeь@e▓k!eЫ╙пVШN■вwМ снCqю╕ю>┴5,H$╠RiЮХ─y%]x --0 а9{0z┐Ф7}jСЮ∙f╓b:диXє^╬█CЗ▀└{o;яАdNїМ@Isfу p·°О|{╛ ╨А=_.x┼:╧Ъ9╫k▒ДNП▐ Eq. ^Д│9йХэ уэ╥▒\щ√╨■M@▐Я@┤чb╒°1jРs=НD2у\─бВ╛╜Ща░vxAр═│бёЧу aА&Бc"2ШBўнИ▐х}ц Y~├U0x╔ьч┴iУЯЧЎ("╘Ри%█ёd■QЭmУЎ Нл╬(ЎжBk╟Hъ.nб╦zХС№Аj║ Єф8Є9вM$Л│tУ;ёxвЬзtтд╥Поп Л Dс ╥y╣s8J▄┌чь╨dЦMъC, DEq╘ЄRмУcx╚@· Ч╒Р╕7aTCx ХьdЭRЗ╒Р7LКO#K▐yШ┘МтG`йd╦pPоИ╚+▓Ж╙╧Zе6┼Hю┘ыю9раГР LЇ ░╬nф3ъб(ЮН┼|└╤d┼нWDк╓NШrXЗЕ[wHЕoю Ж╞C/г)¤}В81Е▐ч\╧и#CiS&┴Ым╗?Ш!~G.&"B╕л/,ЦD`N┐╢╠hT~Ovиьи8╛%ю┼в╡p▄╜Й╥C;чzъ▌!|З╩эЭ─^Ъy¤░Ч;N)g!ф&-юТТsB-ВW╨У#▌vп╞Mо╬HIжF╩╤╟УI1p5╚ЛgЦHў L╬√ ▓░Ш ДH┤╦╛'єDЮ*dПP+%└ АЬ ╝L╕$└P+! °╕$─0└*└%╓3(P╟HnH l╡lЖk╠RД}%▄W▄еР&S&Ш(#<иG╢уЦя o╦$и▐uFр_зЁ4ёЪЫ┬r|hX┤Omr\ч№┼I8∙вUй╠┐К<У5╚c!@▄UК┌╚"В╓ qЫЩhs`,ЭрpцоМЪа]▀ ╥T╞яqР°pVFkт╓}C4dzх╛xG\▌!P+Э╜ДЇT|ъ╚ъOz °┘сBыФ{Ш ╣оЕsп?GK vBлС▄─#<╪KmЄАLП╟Дз├Sbр4Лw┤\bЪ |Д▀-yцдР-1`i 4Д6J└NЎI"╛`,┤bї╠O!╬┘╡g╔┴юїўСгвh╠▐9Мd■ц╠<'Е╛CзУw·1▄TuЗ·╥T╖}═@Ч[йщB+p√ЕHЧQFєщцhA-╧╥т`оF╨<▌GRШmхмMБFHСф@.ЎОо\▌Щ$}dУvё╥^ yн╣g═Z╗╖0E(:Сы╗┴цЭЄ"я<4№uїЛ╘■.""xя╨XLt╔╝ф│Щ╗╕З' є(9_оB╙вЕ,ьvuC KЬOЪy╬т╔>╟w╔Р╗ц3┴╘cєZ6Ь│HdС)╫Б{жЕ╛sm═NR ▐г,B77╔lцяVvЗЇх│л Ui6╪M▌╕<╠K┘IPсе ]?Ф▓S эy╗╘▌єЗи3╤8e▌Ю$x∙┴Ы╨цK╒e=жш√}0 В┘┐r$n"И'0√ўv'╧vр] ▀oЧц╤>оЙЇ╛│_%>═Ъё│Жл╧╕┐=аЬ│#vL░╦г}@$╞Фxє╬ ]вnЯ°ы┤єDra╚эP┼НРU╥|╦Cа*(Dж√2ЁЖЎJС^h,╜/x╡i"ЦHТаГ┤!Ш·ё¤d[╜┬г¤бЪ`┴╣а{_0№=Nлv_5нлч5W▓FV╫i}дРJМП║Зt▄O|нZ┴ko5▌С└LB░{Ё¤ht╫J┌Э┘.√БнЭgу╓╪еф8O╫Q▓╜Ур╛ {▓twU №ЄНhю]╟8з▀МшI tReВxГ╨ЪезгЖ╗@ф╛Kor{b╖р╤Рлz&┘=Мs║Л┘%═.╟n║ тMdсфcлФEi┌_┴гE>┤{╡ФR╠ЎСE╜д▀#rvУ?Я№g╘Rз└юъ╧р╬╖n2║R▐дAJVCё@np╚Б|Ж▐ЧE┐;ovо╥┼нIа7JJAc7]^└г4E°-СW{■> ∙ЇЩ╨#Ё╪:ьТ▒├&%EЭr ▐▀iо" Vеж@wвZ$ўi(Q╔0bЙ┤ ExЛ Y√╥=╣Д~╧т╤╓П&|╣m∙Ф_0э№jшЫVи└сZЩ│o▓Ч─╤Ъ2ПТ█3зwUТЖЄtО?Е°eo%Є╦цЪ┐╘╙√є╥Яdhлч]▀┴√│iBQiТPt?Р~ПM·╪|~їpй▀&} Э╖I Erf╗wьu╝yQ╖┴╧лчшфГчРn;╚-_°Q│▌ Э,jЭь╒W}~ -╚ьD▌чФ/№▓ К█erPGЎ|r╜╣)╣▐ЪЫwт 6я┤э6sАs>DH╘o7ї█ЬнЧЕЛЪГvяDRЪls█╣lY╣╟иYc7яY9╫ъБ╗┐°Щi^R }ЛwхД╠г▓x╠иЇ▄"ц^i▓│¤v╓gУ|╬цЧAС~\є╔,IsнRc═╦юГkЗЗ╫═Э=мяЩyNpЮ╘└Ї_!KuЗ╛+║п;И║ дaП╘хьV├ЬГч?лnВg·▀ЛХ╡Г╣xdY·┌юЩtпЪєNzбNв√Ъ┼ь=+╬<7 ю>▒@РN├ф+~-H╕PDх~K-л,IР═p`@n ╚Є╠ўЄлаеЎЮul ▀у╛єшHп2█ЗG▀:Аы%┼фшT,эОx│rsа2ї╜и╬УW╙Є O╥Г▓ lHВ9ў▀C■;┌┼°Щэ╫<ХсЩ~╙RBkq╝s·ЯW╞Ь█Co%lYБ"уВ∙(░ъBи╨$Ж╘КИ№L є▌}x╛PЪ▐[Д`VТ╨J■ГКЮWЕVэ■"FЩ╖П■М>шаё╟+ўyl:йЛП$╔AKО№▓?X╝+X▐╝3╝O╜smЯ\ПtU╞єib╬╘ж╕√╓МК·АDЩЭВ и /▓fO╦Ы┤╩'г6пhL▒{r~9Ю^L╩o32ўgvЄжO=1╥rdl┤{Ў╞uЁR╓9╧ч║О█╠зj╛░Km6п▌xYФ╝┌╠эф┬AС[Б╦Ў╗;y╬zBJКхеЄ$ф╛.тQЇсиF░Nн<Иk╛ящ*iК▓У,Ї╦^▐фsLГ┘╟MgD?8ЪаqGдЇ Пм_Ъ¤╒c╚ЩчqН┼3╥b╓Л=╓╦|╝│ Е4GhЛ5{V%СУ0]жV╬]H6╔Хъ╜6R╜р-Х╥3*╩~2√9ч|rЇ=╘╞хsКxМ{p"~╛9['Я9Нур#уАЯ@J╡zбh&Шdха╡зlE√/│╙&∙э▐Еn№p ^нvж(ы╗ЪсВй├УyIгC═ЪЗ▐#аtЩє0+Ш[k`╛ю╝╒Ч ж¤oQВёёjЄюsВ?а╠з╝`─Ыр┼!xЛ(?╢Ы&я╪=6Ў=Ы╣gх ╗Їе "▀▓╪Tаq)чЬ╥6┤k3яо∙▄Ж╗Ы&В Ao:Fт~d▐9дя ░аIOY%!)rшю╚}Тя;A·РшЮ▐wщ─Ў9юб√╔ў║а╢ЎЕш'╛ u╪Z│ТXjЕъК2Ё{│"№ф;Sl╥Зфh|о7┴)╡Y=№╣\яэчxюЭч╖у 5Н╬Бa▄гкхуё╣цоъBлчЎ~└w▒┤ШC┌kХ:L]]▌╥░ще╜6яэ¤`цє]ЗёЁГря6Аб_╧{n ^:╨uЬПы╢!ш╬ :ьqфDЇўa╓╠Nа╨ЭP{╕ОшlНф▐JxЫy╨┤╖KчAфbx╧Э¤]=▐[У∙оn>n┐=╬.9oB╨╬ььъЧ ,Л╥П │═ДЛ═▐б╘"№АDn"L·(Дh╙·iЧ?Рд№блo╟╙}їЗ╨V▐╦Km`/UZ3█┐│po┘┌╗dЇ°F┌K]S{╫ЧР╖NКsА%:╨╣?╚Ks╟в/c%ЦQЗ┐[╦╫&k░тw ~ЫdС82RR ▐ >j(0Nз═т╔█iбЖqU╦╨SW╥8└Нз ╖тлр5Нр%О%MЎl}/FЫ┌BюG['▀ЕЛ&╠5LшF]rS▐&5▀└ТБ%╩=сл^▓Р5╤-├Sс╖рЛ╖╪е▌╕╠ Ц:кДnx╢╩╟qs╧}ЁIk7Лэ▐─q┼╩V╨!;g▌- ╒ў╩ p╩■ашуAўсБЗў┼R┤Fўф║█mdжЕel═ЙнэФE╥иАлш°¤НрE╕я¤╬kЇ╠░*у{n Эп%^║ АUt ^ЦКФъ!▀7Bo=гаMl╚╬ЖЖrБ8exб╞)y mш`╧│а/ОЇ<9h~вд(їе}vйЩT+▀п&ф~@Mn░Q YдмлъБ│|bЧуч╬пЭSh.Ъ7GюU"Ч[$?к╓▒%їAжц╬}ИgDц <@m╖7ж!.1_Бqjf'о╒Т<╚а╩Ё&ZJ°QGП=Й/╦_Ь─{╩еПu┤┐д╗О7∙?о%c▐-?Мз=[dХ▀▄┼Kз╚▌Ц>Щ▄'¤ёlя<╖Ує└╤№Фa═ь#gкw█Бux!рd~3┼╚г)▀'цв;_(╕O8омg"ў]=!░═6╢еюБ ├╣И│Ld7 ░r╖y┤U Ё`NХ_$wXмэ░╡╢Р+░ИЕЪ1╚чбїy╦М╫ЎМ√┤Гь╒█╪}uл5╫2т-XoTХ∙NZхGфLЫ4┼╪єBдП╢VНС@чI╢ч7%НJСї7ъюЦё┬NШв╜I6┴X#░t^├√t╡R!├D▌┐▄&м╙о─дHyБ,8╝КД67Wq[GAF∙i]Щ,xo╦P│R│LY╧Г№їAjЗI√э&Яря╫Ф·ЁкпаЧ_Ж ъoKaъ│,┬_QэёГ█Ы|йЎlбЎъЛRВkГA(6 єЩЪ YMщA╥рmzТ=@ Л$m▄XJ ■Sцгe╩<з└Щ №╣G/ЛЮпВй'KФ∙LБя+p╗_Vр_°и╫(░\Бў(p╢oQ`║F`ро?║B:и№|d1╤┐P:3ф7lH╝ў?ФZБjH|hX▐мъЫAWбЁ7<ъ╜oярЎ║W О3ў╙╕^БН 4(░ў■!∙Зрп щ7°'ЧХUj*к╩ЦN╕╘√ю╤Y бЮ№╒)pC═Я╒√Я╩╤▀╝Є{╦+j╩ ┼UU°▀XЄU╦+К╦E├╥КЕеJ║!═2'Ч╖═61╠ЬХ┼U%e5Жк┬Єe┼б╫sю░╬ЭiЯ3▀─фVЙеЕeЖ▓КъjCEЙб║tYyiIiQayQ▒!-╧>'?▀ДэTИ?Ъл Ь Є-/6TW;╩DCi╡Aми0Tп(,+Г∙ПMЛ+с%а[╝╘Р6o╢%ДE╕╒ех╦eЕUет*CZ╛m╓lеZf╤КBq9`Яf║┘РZН ;jjuZъ▓ЙЖ╘e&Г!нкX\YX6" аmГлсIВgАЯ┴УсnАчс ╠$ГЯ ╧rNДз┬3с▒NА┐Бз╓Gсл╔xя╘ pЮFмg4╕╔Ё<сJАысyq°8<╧C°)АЗчEo°<АЕcf ЦX ╧·<╨f ├┤aаЮnмр<ЯBx1└i╦/l рГЁ|Н╕ax9├|ПaД°▒o3<е є<:o╕тWр│C╕`√╜@WwьX<╨Lсчх0ююШQm6S°C%├,┼:яГ:к`!lhкЖ▒├<YН╦GP!<П@╕рfx!№Ф,║·Оe6└єц°√└єАg╢Е Э7<bА{с∙q╕oМ#Жс9З∙яЗ╛┬г┘Б{0 s╞wр■ ├мГ'aю╔р> Мї ╧┬3┬╠ П╦╝#Д}w┬У╢у ЦR√щў_¤сЮлaM╢Чфt ╟Оbt▒Лc*╡yЯк#N╔╙(╥2;@яЬDї ┬бяП@┌iх=┬pб6у57─лcЦи2╪BсD▐к└╣ \м└*>xdp╗O(ёН lQрз №ZБ¤ М∙JiWБi Ьж└Щ ,Pр= №ХEоQр├ №н7(Ё9╛м└- Ї)pЧ;°ЙП(Ё[ЮS`╠Q ї ╝\Б?W`ЖoVрLЖ~?НЕ S╟ч ╓R\V,чTХКеEЕe∙╩ЩМм╡\,оЪ╠мT═*эЕ╒вХЦ9Жё|▒░JtT┌╩K*xf╡┌V^Кч_Jя┐и╓╟╒╢jKvN╛╜╕piЎ*▒╪  ~5─V^ФХI╨ф:╩─R╠VP1┐tiq╬Є┬*жJЫ_,╬+_^X╛┤мxй╡╢и╕│╧,-lЩ╡∙e┼┼Х╠│┌В▓j@ьО┬2G1єбvЁ9Ё2┤╤'N└CИ 5PPnХЩ╩,ZФ│и║▓╕╧х,вmVсnювEЛ╩КсУ╩┬e┼ЛJхELжоX▓и╚Q╡hEa-MdцBъ▓b╧V-лfЄ!ОЗ К╦W2оXвф╝Л┴J+╩WТў SёъbqQaeх"qU%°ОE4┼Q]\еЬ▄■gнXZV╬мВ╨КъeЛКk▒┤ЗYTDCПCиb┼ └Хa╢3ЛаT9°}Я2ЛJh┌8Ц4ф[┴8┘EeEў2&╒вКrR|ЧjСгЬд=м.\RQ%2V├(A ├<пж-╝н.йм*-KШэrИEL│║дкъюPЧ╘└╕BшМП╬Фc┴│SпPъИ╒м(^QT╣ нwAў└┐╓рYи┬2Р>M╡Xе╦║├e┼°9Ж╩ЛVT2EЪХбжЩ_kjКк╔{ж√ ь╣═:w╢╒~¤фЇеee(I▌ │Ю╒+Лк─v √~Y#▓.Що╫╙Ї╞9:╕ё?Ю№щў╙яз▀ ┤▀D&tЖ[Gy┐L√яЄ{Mб№Хй4 фй,╔ V8 O┐ Y? FFCB:v╓ьyЖ│∙┐╡QgШ┤т╞)ЁGtФO_V\^\UZ╤┬квх╙kз▐8 _.3LЪ3┘0йZ\:}Y╣ШTR2л У&UVоШ^]]9iЙгдд╕jюЭ>ЕIHO┐&]|КkЛ╙ЛШыЦ8J╦Ц.-нвБы▓ч┘ьЦыVДО@OZ95=#=#*KУмЛjJ╦oЬrIюV▒1Eh▌к▒╒E"гMЫx ╔║╪▓КЄeЄ╟QОVQёRШ;ЁFyГ j№нл░p)мо┴*1╛,х^Иkю└U▒╒╦┴КRЫFлАp}ZЭ │kbЗdМ╜.м.'╜╨ъЎA┘ШE╓9╓╝█Ь┘ЛцZsц╠╡0Oи KZв6▄s╨U2,ёТ#Т>│ммeїA·Bг╗Jй?6бj╓E▓)G╦їg├┼аmьl╟К%┼Uy8Ьр╓T┴л╧i)СRшиа Н~Ж·Лa#▓т╞└─щЖ!nё°Gл√#№MXФ3gvБuA╙б╤лЯЙI▌ ї─цe +щgcЧт  Ы7Щ&d─ц╓цTЯ╝HуSbєЛЧх└√ЧbЖ}ёй╖@№e┐уVИ┐Bу╙0>тi№М╧В°л4ЮЕё|И┐Fу┘▒VБ╫iГЦXKUг~Гb)@,УQ┐IcyЫ╠и7╤╪И]╧и7╙╪bИ▌╚и╖╨╪rИ▌─и╖╥Xeь▄┬ZF╜Н╞jcчAь-лЛЭ╗bo╙XCь▄%{З╞cчVW2ъэ4Ў╝Г╪╗4Ў╝+e╘>{jБШЯ╞6╞╬Э╩иЫhdKь\3гnж_ь▄Lш▌kГЇn'Нu@ z╫Bc√!╜kе▒nИMa╘m4&CьF▌Nc╜▒sKп]4╓Яxdюw│├яG┤вjnё▓╥jЇ\╒_╞─ПЛ╟WjО╛Bик(c╘GФ.i8Kё╟▓p·WJч4·у┘UЕхE╦ *HkGХЮF┐ЪYU▒В╝<жЇЬ╛ ЕRTVH1фm╕t@!ОЖQ╧╖═╬Ю3╟╬─мMмGЕУ}gБХЙё\Ж7"ичг└╟2яО96 гf┘(я#s~.г╟ъQэН─╥Мz<Ы╘└"F╬L╦╦Зъ╘yl ■7w#~╢┼ne╘┐W*└"┤╪q6┐ 9/Т╘├╥Fг4тЬy╢┘P╛Ie╥─2╠(ь╥ХHB ЧД║,щw*%╪^вфNХсЦXD/YТхfNЮ╩Гпд╛WЫ&Bzм╜вЖQЧiGь#JJ(]╢ЬQп╨ъwаКbF╙ьъrmм2ы╟`¤ясO b╦╨ДчB s╓жP|гVЦ`Ж╤M╛мН`Є>№╜Ь ОN│┤┬▒дмШQщ5d╩PвZ▌╖Рч ноДP6HК=╞во]РЫ╗(Я┐├║ИЯkхпcNеWпПYш(L?┐вj)гnд╩ЙЙ═' ACU▒Е╦h╩ocЖ!╩Ъ╪╣┼╒┼U+ЛЧВ0 Ожic╔Є╒Ь╩"2¤ЦM;Кэ°УжvR'mуZОУ║IЪ8Я:vЫ:ЙS╗Йу╪ЙТжОг─о_У╛ЧжyНч%q▀I▄{gfБ▌E9=щ;}=┼сrч~ц╬Э;wю╠ь╬юОЯ&╥yЫR.ч7l єЪЗkS└ЯD─ НАЯBj¤-ЯGT√[┐К0Д╨№Ъ `>╛-`ЯААф%Бp3DїяD+C@d┐ э Б╤¤╗╙├1ацў&╬1аш╦sМc@╒W&╟1аь▀ ╠нъ╛*0ўR╤{0╓│▐B╔jЇцп┌ъ1╞п ╧Уc'└ёЮ╖5б{╗╫░х╕ої▌°_Hjs I═ ┤IЙЇ#Ы cDsG_Н├e3|т%╜ъ░┐HMqDР■▐▒цv'ЎBФаЯ┤┼c('С$nщО·є@х│░_:Ъп├7╛hSФ─ф8ыoo8ШЪ И║╬k╔юn№д╓ Сw√╬jАr∙╔DктРiЪ╪Б ы╙ычЦlюzф\ "║~O5/тW╝з╗q ЕЎЙЛ│R╡╗├ш:эjнT├╚╝┌▌x?2З30E─N 1▐н`Д]7─ #Rл[aSQЫ:ШRS?щТЪ▌ы;kЇУ╙(t0"нt╖▒`┐▐?VА╞[хf╙PЕувЩ╣ 0╢╕┼▄4╣pЯ╔▓i┴:╬┤&f│SDZяnBU┌┴XУ:бг┤┴mgp\Clt7й┴V▌[ГuЙ °zCj0ЦT√B╛`(Azд'ЫъЯsБЎУъ▄╪tfжUM╒<мNку╟gqf┼Dр╘КГVє│Рс)О░1·X~fЇ¤"╟)(6Ухyе┐тH+ыФ@>═С╒А─ №3t!Е¤5▌(╗░0/ОиNC╛╠┴zFЗйЬЭc┌}Ег╝АЪ?СЭЗ)GммИЇ╒жj4@ 2L╬e└ГЯчV ╨9n╧▒сkM╒\╪"миь$ ▓_oк╛йЫ4#+RYOФ8№# о"uэ Эo▓П╒`╦-Ej^│█pL╫ЖсH4дq╘KWxы Xьcу3Щ,8рХ^╤И|ЫўSа╛█╝в9SЩ╣IЁ■IЁ╤90eЫЧп▒ь┬щRє╔╙s╟чgSc8`K█9Y)KdT╪╬)╒Ў$мZcS1╓7╞f╡ёbЗW4!▐W╔╨m2╪ZЬRз┘C_'iз╫╛qЕ╬g})ЯМ@4H┼#DСf╝ї╫║бВтNiШёК5$jCдыDнJ67╩Соў┌▄хbb,∙вЪпJє▐·С:fZ╓;nЖU~ д╝╖чхЭ╪╬I╩?!н(JV▐@┌В0ЯЄB'Д╔Фп│:З▄Jц;┼бz;ЖТ╪ПOз9╥л|YnфPЛrб3jU└░|З6(Ч!t3WwЛЄQД9t╣Є/▌┬б+|ЭЙt+З┌№жАЇ6╡+я┴╬rиC∙;ф|;/бS┴ p╥mъRV эvu+е;8╘г▄К┤wp)Aeб;9VЁ[╥]Ь│Oy є▌═биВo╔ТюсP\9Г╨;9ФR■е№ЗЖХBят╨иЄiФЄ╗▐l╣cд%SWЪ┬jЭ╠╘╪8є╣╫█zOЎ╡Ы.ю░zxMz╪[д╛ь4╕┼З nё╟╖x─рbpЛ▄т#╖°иp юъeєy/ўАП<руx╘рЯ0x└' Ё)Г|┌рfЁА╟ ЁГ2у╪YwG(2~Ь8:┘zИlЮ═iыт╕╩∙╟8\p▓p}q>G╗╩ иTжCЪc7Cx7OЬ&О.&дАт╪├А Ha├Иc/ClA*GьcИ+С#0┐Р-трV Оn~}∙Їшл∙e:@Г3╠·К┼|ц°B─ьgД.$░ lОkв{є╔ф╠№╔CЩьм▐=№кT╢╝╓t°°е9]нщп■5Ж╤═3╔тD$Ы[(Gа?pgи╪BСсВ 7╠p|З#─P╟Иd░│#,_╓H Hт8*бщ╖╟ж░6Ид№╛dИ╪нЮр╝▀ї┐А╢╡LP╥╤T$╒Ч@O┼g¤/Вeц`z@фиж[a%dJйбБxjД'╙╤(бШКt ;C7└sвУX┘╣Л╚xМЮad-0х╟+4 ├EТq_*╨GкШ°D"Ц ╞ВмЬШm"╛┴йF =╪?;4HjXцP:SФ╕Xщ;ИЫq@вЦ':HOtcщ"ї╤E─6r дЪXix╡╔Л)0H,CЪ└+T+1СЇЕC╛D┬7BV▒║ёt Т %Вбpdмx"°Хи╒Й█фФGш $─¤_qяЧ>╨╛ЖР▌l ¤]Еv░ ZWХ`╛z !{hBzЭBX▄;▒РЫ═МГ\5Ч+└Ф" ·G┤Ж╛$эG`Ц╡oьж;0juПЭї╬╤*Їгю бQЄtg ¤╟^▌ ПPЗГ┼▓¤у3Уу╫л┬}Tц?╫RКyhU+d╠cI1Не╟hГuтт! 5F╢6 j0┼Q░╬в╟i .╚╩HШф╥q┌r~YцUe;%ЙФ╪RJшYБўКнaЫ$═hWnАq`6W╕1с|Пў═9▒oЖ╨bш┴║НйД■╙Кў├ E║я№bO&d╖#.╠C└д?vтН]|ЕюЗрЁaQ▀XПт!`кl'#¤)╗-ьг╪ @Щ┬+Иш█п3№├А{ё┘╔Bв5¤~╟Kp°?╣ЙРgD,Z┬н9└ыkВk H[╩LV3УЇ┬║Hp p\┼═└┌└}Р°]╢u&№╛═Д╝!2╤ЗЁ▀ ё▐ bГ?┬у└є~O√e╛Й pЇ> щCя█шсKЙ4▌№T╛gd< \°й╟7Q╩р:``├/OРВDБ°6╪У,Ё8$>-сKВ8OА┤╨▌№3` ╟и▒а)Аy╨S)ЕЕюК·B-┴+╪ Й]м`7┴╤╡(2'X'╢рH√ ф ╗жp яFМгл╦Д╝ н╤ В╙т╒\TK85▌ъh═3и╪█АыГPЇрш╜═╒l nРЎЄ:▐[?Ф╚└h'№+G╥Ў=Ї э=i;щ─З!W4+АGh Д╬╜M ? ╚}ыЩИ-b щ┐KР┐ф■ЁM▐/кў _└kX╬VQн_pIc$┌+╨Онр╠╝°AzРЇ/|#рг╤1=нcz\р╖рcя■└▀╧iом%ъ4+■oi5t▐рпАщ+°ХBl╨ЯЁ$■Б @#оNqu╫ЯвwгшШ9>╝ cO{UЁ\жХё└Мl@№║9zpuG ╧+Ж0ГХ╓АIтЯ1ЙOUH|б$ё3LтM эJ|Q/1Ю╦ухЁ▀┼M?D╡]нСТаоНр}╖ tpлhSmюQ№┴M╩C■╦╔╓Є сТ% ║У┼Imлl╒ л▀Д┴·[╜ 1 ╜█¤q╨т жO5ЇU°З▀Н~ О╨+╪aU(┴zА~/АC 9qP№ЩН▄{:└z╨¤ А>"А"·╧s║▄ЦM<ў╥U/мqыVюЎ$о пЩь ШOФ6Їh7zшJЇ5bХ¤(HLNЮ┬b▓╗9ЇL╟ы0о╤DЗW╢▀З▐╘╚PУSЩYь7sp89╦Р┼FЬж╙Сd∙Т╜┼Нo.╢▄╫J`ЄУЇ`1░Р╧OfЛй╔уЩW╩ХdЛ╗╪-_SpdР0║В kQНИк╨Zl1А▓Р▐╬╞▄!▒▐Є,╧▄л╦№ь·╗xцB~аа╟жe~6┴2л╝|ПГ{2b▀Nк▌H▓╢┘ьLф}Ыё й0y╣У┴№9 {Рf┤я▓Шф┴(Ы╦OVИ]/─тр╡/г_&╦ўUe/У:`Y3А╝√P╓d┌QGYЙ├кЪЗщ└tсЖУx/╤┌(Qvч=√─¤tDт■Сю╝РГМhO*hgхvK├aaGU┼ЭwаУ* фИxК@Ь,=u#тYqR<Ц┌#№1■┐ЎЦХг*┴-рS5г8уQхщ▌*рб▄▀6·└сAw╘М П$+\▐#р╔aИ8╤бЪ#,┴■╣К╡гI╚ПЗk╬;z-Ьёа▌ЧpИS]OыKЁJ▐F[Пю▒`LА!Є_l+GCР ╫b╙шў>рщwyGлp2К~╞;·%`╞Г^х= t<\є╡г0K├wgР·+ьНшЄ╝6M&Ч7╫>,╬ ┘[р8╜ї58Y}┐\┌║╣cўoЇОФKя┌Ь.э▌╘О)╢ЫВ├╢┘╠ёщq╚4ХЭ▀V└о█r№ X╬р╞M■╟╣─йув[8Б╕MSNио▀╖╣tRwu▓-Э,2эь"╔[yчo░eє-я┼№ўэ┬4m╝╤э╚╤Ў_I╩╙╕/╘░sJ╬`=▒M ЄNd╞' ─n┼Р╥иэh5!╢aаз╥Г!5ш ╙╤Рў%R_яф├Т- Ж#Дъr%/╩e1r%у╤^цщM┬8TQB8ъыe╪·РX╦▒бa"ыр╨@,1ы╔ф^leЖpJ ─U▀`Pї'|Г└k√Єx¤yОd ХLТ*Ы/Ъ╓▒GЩь ╥щи/RcщTo Ц└к/"Ь:$b╤Xo:джУHЖ┌ЖHuЩКG*╚5e2Ц ∙щ╥ЙL'√ДЩ╚ ]#АА(зwМе¤║╢Т;'uХ╠Аїш1и&√bЙd0АW¤I╜СЪе╥Й┴$i╨┘.ЦNи╥`уhd Т"Н║▓cс╘!_Н ЗаС▒ъ■╨`( А│Рж2k4р-#ё5Ш* ПРfг▒"ГБ`(@VЦ▒╕+ж7ФPГa╚┴▄-Ф$л╩ЇX<е·z╙дE╫оx∙эХHи╛`0A.╙iНR#╨юЁo`g╢Y}rYc ьP&°╩░oнhЦd* hЕ╡║ОI·вС^╝Л╣:X╔ЛТdЭ╤I__Шм7т╤TРl0т№)▓╤мh╪ txжй B6щXВ╥I╝ю%ЫuцDУЗq'Ў^ $[* с¤зн║N0╟цє'╔хF╜·"м╤┬0┼жкщHWIсp"КУm·RjW√╬о▌и▐K%I[Щ▄ ╛Чр.)ВYк╡▌с╥ГЪ¤г1p@╝Йў┌/╞┼.║Ч╪vШГjаyx{геJЬFN╝ %У\^Ть4ТQЧv╒?в╞Зc ╥it№иQЩ9╜ЪКсеzr╒2,сDlА1эZТ [Х▀HТ▌:5Xш78v8.Ш┴╨]╞╓с╖ {Цф(СўЪzW<┘Ч√╔>│guт╬dT"├`иnг╘^v5Т\m╬╡гг+<рS}>h▓▀Lю╕jЧО|НЮ< ┤ЛyE╧2МF╟ЁUpъЖR┐БкЦ▓*▓iФ`E,ХaЄР/.&У ┴TС+6p╦x{о▌╥v-]ЪС├l[ЗUюьфйV>╫╢╕Km▐Z┬цщnл╩v3┘eЮ2╥О╫2╘\╘╕▄¤9\┌avo n0tи*k├h:АJ,█ko<`Гzl;├▓l╧├смe[ФлQД┤л╩ё$КТn_┼й~╤╗5t╬Ї▒Ь▀┬П╓╥НК╟))лФZZgw7┴rjq:ў КnДЕ╩^ч>чg─╦ХMOЄ `└Д═C%┼щyПУ┬^├∙eфя┬ ╔АpщUШм▓ЫIr^┼N╒LО|'╒Йкй`║pcк^м└н0Е[╢6Auj;u _╙▄▌LH]гОь tss─ГE╘╦мЇ^ CщНН╞ iвФеРъ] ╖▓СИY┘@P*!л0AHЛYc`╛╠CMu\▌d╞мй1Ч█*ь@╚Zр╓▒ол1╘k=Єa1╕1╦М▒╞Ш╪Tj.'зlо╤Y єn▒╟~'╢nЩkырjъхкР~гт╢╒╦▐╠.│и╢Fю┬Я╢у╦"█╫┬┐╞v│x щ╨г▒│╙рМЭЭ║·єж╛╩И┬L╗┌ш5═Ы╜╝╟√>?│╚nYЧ┴╥ЇД▄┐ыо│z┼ я╣√,%я}°й√╜m┤,жХ╒fЯlhБюNx╡zЎ~}оИЗч╗F ЭKh╘cи5╫╚чдщ&$·/╡Ї╧¤N╠3ьqbf╝|Ъ+(УЪИPg9.qзЫ╩2zСЫР╛%D!9т<╫тА1┐`ш│n╢иfA─pУГ▄ЬД─JН▓Ф тzє(╤Д$:ЩкI┘ф ) ╨╥m─╪шн`О!sбн╬N&їРlЁлa│╟ЁFAЩ▌═YE#r╪А─#yF╩е∙=!G (& ┬0мЄбо╨gV╣6║<▓14Ы├▓Ан<┌╚KuLЫ╓mэ╞ оh1л ;Юг2`:╡шV▌Iz=е▐с¤m= ¤√OЁ{ 7IУ╧р$Д■_g)№┐╠Я╛'█ ∙е.└N╢хччЛ№q√эЩь°ь┬─фo╚╛=WШ╕fpуJ╙DР╥ а▀c╤6Гoй8Щ╔fЛ< У>└o╦└ фЩ╧Oтz╩▐Й╔)тжйbaВЕт─lц8OOцєlя Ф0Ц╦p\.?│▌BqoКJhШ вШ|╖7 ╙%╜&є┘1T╩ZRJ█╞Y╪vб╦щ,жТKu┼ЄD}╞К3<╒═nкl╦dў│цУ)й▓hўтд7a╬MmM?Че~ЩJ▀вTЦъ=OГ╝╥Fхъ3ЄJщtЫ,┘жхfА%█WJчzv~╬#╫B┬VДЇI┘╔ЪР╝Z╢┘шY┘.╜С╩оYЖ│Ї0Ьи\7 ╪П│d=&?uX▐аI:*╦ї▓фСй═ ╥▄╟dI··SП▄ИЕРэ╢Ч=▓╥v█s▓╦F(╩&=eIЯ╙e▄ЛЇ│Вё!d┤Ї▒Eek█А<-7(!(ёr5RХGmRўgeщ└VЛмHchФа┤Z▒╛╥Ф┼╘ФmЯєX%y╡tсiBхЭ╘j~е:├╜6 ╠Nщх3╚╒яJ╡M·Д▒щ; m▓C:UФ-`1м╛┼v?"╬Ы]z╘VЄа6gБ█!}cБ╩нТcXоТPЪфlУ[!УBl┐'oDЛ╖БJw▓vРбЪВ*█юў╚ ├▌.пE▄Г└6"╦OО0Ц╒╧╩Є)yuш=З╦kчw╔)ї╦ ╥r У▒ПXмЦ Й К╨ОТ│жY8 Wб╪n└╢╜|Тємl};`keO?└┘Є╣Е >╔─Xl╖Б*Юay╒Я.#╫H▀%`p8∙* 7AЯФЫЄ└╖LА№hєЧX╦9Дd┐ь█Z└.\D√(╥╦┤ёИ│I/вЙ=А╞╓│IXj=Ъ▌&]а<ч#ЛЖS╧0еRоЕ╙0kZЛm}Х√ўoб╟ф6·╥@3ШТХ'хi╞┼3╜ пєPщ:х┤╫n∙й\3╘гZsXlяЦe *QЖХэм3Б(▐Pv██нVщБТ|╠КDщЛрvщ√фзP├├P╫)ц█PбO▄вАTє▀0 ,╧С┴░и┤В{╫╫╦uвзV▒єс]Ш╧&UЭ]О· zЦй╘╧·├╓aЩ~▄"CД╟XAЎСеc╛с╞▌°|v*3╜=││kD│╙╙Х┌Т№жХE╗=)¤М╨uыжG┌·зз█пОо[gб 4╧КЩ}+┼@╩\ЪЙ"+`!BЎщу│█Ё>гИФхЫЛЦ ╖cчЕn¤├oЎBГЭjн╢+╤2Ю¤L√<о╘╨ж═.AW╗хO.%ф┤ЖSX█╢╒"╬цЭ8AWП%шR╚M6o2Ї╗▄┐cё╗╝яФ|о╓;м>╫Ц█eЯл¤6Ы╧╒їv{пы<Х·-WЧяiW╗я╫▀_╗Z}_ry¤╧╗▄■P╦▌╦ТM·Щ╖A}ЖA╜▌╝╔╔L7я,z щ│/┌ён|Ц╧х>kё╣╝╖JYЧ√)ЯK∙+Є·S╒Ьк╜┼2А{NУ sD█ czс%╘4В√╨ NТ╜Ah╣ЧВк╣Iь╖к°8н*╛т:╬6]ЛЗd}│Щщ,~3Ч d▓є∙ф┬ё{\[{8\ЭbЯ┌-|63Ш╔│ЭзЕNьЙo▄МЪ)ж{"▄ЇO╬╩T╗n>═dпЯ╠Чфг!°nz╬╪s=▒Й)лэЖRs┌vи╥╛kуkFuп-┐▌Sзз&┤\М╨ЬU▄м╒фТ╧Ё╝i¤s ьЩUёDnl*єу╙lзпlЕ=EcЪЄЧtЪ└ЧX░Ь1▄/THЄЫ_=л=бЬ81ц╦NаЬ)yГxMApv╓№ ` i?зеk┤]у$n[ы│╓2█="¤иg.F╥е╡в>м+JK?a)щ yС|йМ╥Т,ZеOСЫ╧¤{Х╥ъ■МH|ЯЦy╡Ї/╡Эа$NEй╡%ЕJцh┤ЦPцBXДРЪR╬ФЦsE)gъbъщ%м╨┘LKo,5╧╨ы"i)I╥Тї:Chi╡╠f╢а╠·Xйfи─Y"JеUqлУСm лPЄЖF╘╒ш╥\KЪI3└{┼┘AJА+╡лр^вжФ°+ШОЪЩP#НнO│;TBKЯ.eMV*QЩМ╘WQh║2▀╡ВxgЙй┬"Д,ттrLe6MU;)РЭn&ы4─═e┬-Мpq7ЧыafБzШnй╞╢Ц├з╩ю5є╪▐Ъ0+╣я№тТ!рBйЯ[K┼╛yN~uёЮНyЯфїy5рххг▀Л┐щТ─°єZ▓▄wVЙф■х║!цЬ╔y╧Щє2deю┐_*я╥: ўя?█O[чi^t^Ь╤Шн&0 ┤и■АИ▒КєўEП■е8юЬчq╛WЬ╫╗3¤┤▒ыВ8Ыc║∙хЩг╙в┤4 Ф└g─yNЬє&9oU▐ o┐6Ў$~ёАР_┐ ~@K▀ ┐ы─ЩТV"]─ю&№Щ9╞├0ў|Щ Я┴IT!·yЙ╓АO|U╔Є<bтЧрAПm╜╧V|\╔╢╩s 9╕ж╬°Tп)~└щ╝}∙\wP|ъЄ<°$у╜Ч╨Ё9|дКъэ№mdZFgЎ3№╢ФtfKoВ╧{ы0м═╗ ї· ┼ўгш1╪Я║D-ъ!qпA├M|├эЄ╣·-°"█хyn░Ёk.e}╬ц№%,Ў░▀▀{ лBт╡eфhyo0Ф■П|QюЄТё╣═▄%x$|qюЄ№ьf<3╢е╩·╛Їo  ─] pWu^¤╪Цd?█▓м8f╨А\Eqь─%nF╢д─bdG▒х─uЎн▐[=н╜яЗ▌╒Яёд*їL╥РtuЗ╨║н╥Lж5 изMй f├дрi=4эFS\43ui:d└%=gя╜{ўю┘╖√№P╙ЭЙ╡√э┘√Э{ю╣чЮ{я╛Нцлр┐жЖ°╖QЛ?mb╫√2├ DПfЎз╒ЧycЩжQ▒5\fЭ/╙╘W╠fР╔╢└}_fw,╒╗x9k}Щl;УGўШeЫЁ╫Б ~∙Цжr3ЕвU*№Z╬ёF═ВUъ╬б▄эPNзпiз╓_+нdzДМ╓эЩ╙Ю&ЮBv┤Й·hw▐Ё °Ы╤Ш-ЫbJюu]№█  -п&3═ к└∙2_жЕ╩TШ╠И╞айбГЧиh╒∙л Л}бAXм8cT*╠L№и8V╔Э╣5тt.V  ~ВXм7░╪G┤└Y√[lZыа2▄b╢V▌b▌WHkеd│ъbКп>2Ч|м╥▌у  ъю_ЫЩR╠Жx№╢рr┴ЕЮ C ]g╢п(OЭkY,hЛKA[|■]б╓Э┤Е╩х╦Р╢P█╙Чсm1зе╖┼M┤E№╗Т╚бЭ;W&x/п╫▄rQ/"╘лSйWDЖ╫k8и╫Z╫'╗D·ИИЫфєYн║ЭЕ>є ·рё|│╨'╛чRЭ╤/т#Ы╘9ж▌╣╬ХЭЕo<п ▀ИСйHц╪ъР╤▌whдыш`▀68o╤т}┐Я&╪GwM╧p Ує╦лўSaЯ∙└>t°Ўщ╒╥█tVKПcч╡t√\╨к█G╘╜sU║п.╘рл7Wпъ╛ЪM╨П┐j·─√*_╟6Ub▌U@f#фt^Зj╒╕╖0фы_ ┴у▀бЬ╩Кш°%эєв╞Zе>√╠Ў╔P▐ю Zz╠╝дUПЩм_ їя╫кў .╙╫Ы$├╟┴NMXu?н╗_N ▒мRО'│ўhк╠╨▒сtЩ╜╗Уd<█э:vьX ╖J5q^M?о╓╨wfW,M▀Щ╫╥√╬т█и╧ВЦг№╢ш;Ж^Ь▄^}{╡TЩ┴c=щ2{;dЁЁc▌ъД8_4╝q╙qfWд╟yi├7с▀╒к╠R┘РўпYMш▄█@Є1.kщ1сЪЦ>dУь3VqL g[к█ЗЛhБМ┤X╦╥ММЙу╓X╘╥G╞ы5Xc>┴AF╘▓╘╜)бw'шГ╟╧ЪЕ>╒G╞хhШХ\╞G╢ЄТ`╫а @┬Уs/█@ж▓*<Юю[╞F)s`лН░x<ЖO%╚PлЦаN╖й╗ л╞Нз╝]j·PПЕ}ЗyT-З{╘ нЖy╩Ъф№ $iM^s°╚\╤┬Ц  ├н╤╟╩AоуZ╘├o╞ЖW\ьхЎikЎбs"aЯ╬ЖЇUИlВ}D╜▓нK╙у╡цM)эї├eBЯфёBъ№хЖ_e╝╕ое╖EgC┬Кў∙+Нв^8;Zе╩ЁЎ┌▌Р!Sьє?аHч║фИЇОхLgщ╧└S∙u8Э[О?╥в╚XpЪ╔Дe~Р∙L┤_0}Pч╤╞_%╢·yoDЖ╖┼╢а-╢Snч■└╬[h ёуFk #╤·Ыщ╒чц┘Жъ#м╨'╗D· k5мo·╨╡gб╧|В>x№ёrбOї╕Кc╫еїa ∙*z╘e ╚ВВ№' =├╚JH╤* ▓РE┘Hg[dб-ъл╥Ж▀o"є╕Ы░a%бMЕпО╘рл^рл╕Bz+СєcBТoЁХф─JЄШq╥д:} x·},R65tk╤╝ПoБ╠у╦XПijhгЕр·рn█w(hd╦э\┘$ь╝Гъ╝Dv╞уMl},i?ўApўГэГ№vl9╕╟!v6X№Q╦v■╜fag█-фr;BkЎ┴┌┼жещз▓юЭ▒:cЫ■m╨ж┐hНоєуБm·GAЫ■~l9h├м&lИ\1JA╤П,э>[ОW╫ж╟▒Ы│Oї╕:WK\M╨ПУ+Д>╔∙Ж╘∙~нZюЧ╒╥█4Ig7fk╚¤k╚%цSъ~C@{ї\bмb∙╗%A╜|ЇIМ┤Ы├єЭO2л Я├°▄F.Т┘F╛HVA~М2╖ЖС╖щщ #mРВ-╛;М▄Hяmaд╙┤ўЕ\ЮZTРУА╠╜?М|Р┘ДСз╣╛=М№)rэ єВvс?=nW█Л°F╠z┬M°╞SБo╝Ae╕o╝°╞%НE╟РМ╪kk╛Б%>B╩Є╟Э ∙┌чЮфр+ ╙│'<.Р∙g@оьЙZХХМь5V[Ю╒Ци╟5ж╧F╧7╓РUолn1]/ф╜▓б ▀Ыl▒В5▓+D9╒gЇм┐Х┴ Tu^*√poЩk·V}п?иW├▓Ём╩>vЮ┤╣Ё14є1▄┘}┐*#ЎЫД┼Ў╟zР?$°бы9%█,i┘\ї^╪''ь│Н╩pХq╧.u▀su ceS √▌M5ьчfк╫}*ч·uЯлбюsA▌▀√^ў╣ъ~бЖ║gъ╝▀"ъEkAu╓║-ъ║╗kЫГ╚.╗)Вь|╣!В▄u▀ЄсьЧыbя$ьy┬■a  a┐R√V┬~Ь░_$ь=Д¤Х║╪;√a┐@╪▀C╪ыbo#ьCД¤_}й8ъxхйЬ╓9^┴-г'ФuдНА╠)2яфL хрtYЫ/ДezV)їя~ k4kb;OЄиo╛│Я┬ч╦gГ∙r/Хя7еп╧'╠Чё╪ГЫlу╒э<Х;G╡╣qe/ЮZ Р Ў∙n∙M═M╪gоЖїДлБ}b╓m─АMщяk-ж╪ч0╓╘J_Ka2X╬;5▓ЖFъ^}ЭнЦ║▀hJ EX[s ыHыУыЮC▀8Q▌7╞НR▐6й│П>zКy╦sАdD9>ЄнЄЯ┬Ж╖jd┐Ы█p^6╠Pb├ъяP57з█░│╣Жў┘Rl°cиiчЙъ■Г╟гИ5:kр√yС7╕╕5j░╞| ╡&░F╠[Фтm▒м1ЯbН╨хzК5ZёїБЎЫоЎYнUыqЧ┤V╢k░╧╓цЇ╒╦сz▄bК}▐ПU9ЩlЯ╗A&SГ}X9╔Ў╣в-Н}:k░╧ёZ"╥Жd√┴║з╪▀pям┴>Щь│и-Н}║j░╧x Ў╔&╪g╝dёН ЩYНyу%иe(√▒%и{М╬╝ю╫╡ЇС:▒ю,п█╤&ЇёwЫтdh6╕+Agк!╒'╚EI.zНфв¤d■uОоЎ╘┼■ a┐J╪wЎ'щjO]ь √9┬~#j∙╗Ў,√y┬~Ъ░┐J╪▀$sР▌u▒╧Ў_√q║WB╪G√E┬■|]ьGщ^ a"ьч √B]ь#4g#ь¤Д¤,aб.Ўa║SC╪ўЎ╙╗╚├еМ╚├CхИ7U▐╞<\·$фсд^╗■_u▐y>╨╣zN2╘Ш*sўвMc╛фCъuS▐rЕx╦K$FuС ▀#9v}ьЧ √┬▐F╪?,┘∙пH>╙єе,│Ф?&9╜Zh╪▀^oгoр1╖:╠Е3k*°' │-a▐Н╟ч@╞KЩw_ЩWоъ_ШЩOШЫы·t┐4"╛Ц└Vъ╛ %/ЄзЄ "╬3фЧАИ}jЖм5Е?3ф=|щ┐1@vЄ╫Щ!¤А╝дФє y9╚UЩ\#╟nЖ<╛FцQН°жещ8eg1xяП╧В╠A9║]╬┴|-d╓╚╒Ж|Н╫beА\dxE╪> с╦Їjo╜хЧмO█°Eё=&єЛ5r╘cHKл№ю C▐┘╢╝Ю3з-p▀l>мсЭ ╙█"dжrо┐OtIйщ!NШ>╛ ╔ДС▀с2Т¤╙нbN-╩yРsКх┐ф?╒*чхVц╦yн5ZўЯ╖╩QЖ█ъ┤_Сi_╦╛к─,п{╢лCO▀Ka2ўмХ_у▐ИxOЖ!ПоХ3)^w@:о╙kхZC>╚│JM?│6ZЛ/rQС∙* ╫}■im╪[Кf1WЩяб л■ыZVк┤№ ,G╤зuЭ№^oўuЄW╪ d8ЁДвaГGk№н3┴urЭ\НлЎ╤МАзЖ=№▒ur■┼Р'╫E}у@┌TOX'WЁЄўывqу:Цгx]KЖ¤юF>ukЖ¤ъI>u; mJЫ~0#╓[D╜╥╗,№╘╤МЬ├2дРС_╖рq##┐│─Р'Yг╘т│АlSd╛ШС;╬ ∙ Э-av▄пы jaМЦ∙FР╨?╩╕а┤щ╓Зї╤ї╝mы║GZьЮїZ^/3XЖШых/Є1@цTў╦щ ХГ╗"│К> ыгэї @║ВТs▄╟v+ї·■z═ўи╨x╚е {╜№ЎCVАзЬVd6ЄВRЛ.@v*2wl√╪ °у6EЯр■PЁ╘a█4С╣вXь├Ш┘Eд-Лх╝9пhX▐└ZFz┬cdЮ└РП▓U╤Ё@о(\╧"▐s`╚Ч7░6Х╚╒ 2╗Ё#дЕуrП┬ОїюQ╝N█╚Ц╚║НЭ├╛wc4·▌ HптG╣жЇJ№∙╣└оU(╢xЧX╪∙гЩўJЛ}r#SЛqсяr┼ ў;S@цМbН┐Dм╬qklМ┌ЁИ(5mВщB┐b∙   СЇ▐wгМ┬їАМ(O}Р^ефгАlWdL^r(f╢1;Kл~РE┼к▐╞Nе>╚ ┼╬▀kУя1ф'mтэa▒7█фZC6l╥° ░Рy 7ВЪ┬╕ГCтo_ Щ;@&п╘лw╦1еЖGQ,fт)╚щMс╤П'7▒▀¤Е╞ўS,"Й╚C9F╢Lx4 <╡U)∙o╔(~e√5ЬФ∙■жpщў#ъспГМж┤Ec╗\▌eH{╗xL╪ч6@║о;┌х^-C·┌хЪU#╦Я цТ¤(╚ЬU╩)╖у┐ЩРЭЯhПОD╪╬Їх9ф╞#ЦЛ╩■ї|╗x▀Oш№ЧАlW╕╛▐.▐╩2▀dA▒╞ПiVуs╗▄uх#їf╣6╚РнАь ╕╞*жЭЧ▀ю96╚z▌▒Щ═/d╗▀ ╚Eч7│_J─фмRўi@▓ rР╙╩SHЧRпч6Л7сЕ5╛╕Щї\iНo▓D╜dNбэgо┼═тW,gl╩▒щЩ╬~■>V┼1ї▄O`?йьъv╠▒КчtЛч,╧Ў▄╝SЎЇ▒▓У3У┼fJ5H╣х4)ю Q]╖КF┴╘G ╫Дб+ЎqгR╤╜ЩК Уп╚цсЪ├yх '┴ ╝ a}ЁрсС╜CCz └╛#ўыЎОь8tИ┘у,(в8нсxмe#∙ЄФeчsЖУЗЦЄЁ│▄0<МтTk╜dx╓дй╗ь>[,IВ┐╟ W╧х╝▓Cх▒═pbП5╨q21j─╦М[╢єцtотщт}╛Шкш║_ШYЪд╖¤╡н8╘ИAнXY╠-╢J"╞▓YХз┤+J:╘┴мxV╣T╡№єЯ┴wIў_▌[CWХ▌0╥╜╒лpЧЎ{1Sт╘йSjG╫їB.з;f┴rбы*`▐$p╛мьЄиaыyhpWAr>Bl┌7Є└!}hЁЁt*l: b┼)3пgt;W.M2ўЦ╛ВkкыРB∙▓╕╡ *Є'││p▌_ДЖrNтч%¤Ж└╤█╡▒█Nfи^1н;w▀е;%╧*ЪЁ8Ш╓└вж F█▌Cksш╚┴С┴·ЁсБ#¤шЗЖшc╡8╪O├F╥z@├ВШ#▄┬їО╕жsо'РБ№~`!T┼╒╕┤7ю`╜ЇУц kию 8,╘'t?чjт╢О_0А{·╘];еАС╧иК&Sх│XЖр}D:t}¤!) j bм▌бV╙я│J∙с▐.С╦}3Щу▒вю7=~у╛▓│7ЯwL╫Н╣┘WЖ6НФ40mц4Фq║╦%сГе╛ ╟1KЮ/ФkЦ&Кz╨╣lk╘1Ьў╓$│Ци└рmдч&╜╨ХЯ:╦╦)╝ЖQ╚НИP(|i!ИB`╨б┴JF)tg╚╗-╫1№h,штykZпФнТ╜5fЧ ЪН╤ыBШ╢єх ьВ┬f№Ў█I▌_f╥√wьЕ╦Rф3 1║■СЙ28ЩПУ~CВ╦Яp▄qk╠уt.√ФБе░Б═?ы;╠№Ш]ААзH=gЫF b╝ояУъT`ж Cя┤З ТIЁcA-9cq┬Ў░я░+k╟hчзХЄ╘о╨еV8Г;╦[cc№ttЗ(/ФQ='D∙╧P ]А ╗ё╕8ъП╧▌;48єo╗ЇцЪЬгЯЁ▀Y`A яЯгыVyTЫ(х4╓В╙йЯ^╣ЯМD╔╖ГаЦTD╩m┐Щ№ЭCЮMє ╜В єvйJ ┴o·В╒3&)ю·вёЩdў╘ёRgIюIv╗"cЁ▀─ХЧї╥C╗я┌╡ы╬]_У$╞а╟ДФa/G┘z┤Ос "4№{Z▌┤я▄б`P>Ф1Kk№┬Ї■╨8нTJф]:║┼Ду╘4s~├яQГn ╛╛├CжС▀7уЩ╙┌a╙;RbMХу╘}Цэ∙г>╚ЧEё!>ркеdЯ║.├9c╚p╜Ц─O <@du¤╤ЮУh)є ╢NП╤┘╚Б·╨┬<КVr!У╤╦cX F p╦ НыPЭ █╘- └ККїC╡№▓╣3i▓ВМю▌ЙQwлиOЪОЛ╛▀d╪)зэP#bй¤ж ▌уЩЖU╞Ш▄гтУ6Ў([■y╚╙ЎГж3h`┼┤їгшtY@>╟V ╣Ы┼W╦ЎеOцЭ▓JШПыvепШЄє]Тb▀T3IЬbr├┴g─v┴ !╦Щ└█гоiЭї-ь"#хЗн╝┘NЇА>▌нШ9k╠╩ЕЄ╣╘МSz╧╕iT┬N╚уГьёSC┐uq!╢Лу*o·aШнГOiС ▒h╙Jд╛&cЬСч<ПМйx╥┤=u┌Xk▓.ХОEBw+╗б~6АC&йA╥╝=2Я$ ╤IМШж@п,ФКР·кЁhС├wr╟4\$╞n╤p|хЯЪ тт▐╡ГЕЗH■,юV╫2╠И,дЎb¤Б╖dо"╙W┬╝|ё4.ишШ%`ї зi8p>n╠т=ЙЪ╢Ж.kХfBщ 7фd.g;Ш№rCЄ╢╧EКН_ aъ╞╗ЫеВjUЗ(AеЎ ]Э/║У(^(Gk┼xi ,╝═╪&^d└ГX┴яЛ°3RВТlm\л[ЕР!}ЯГ╢ВKЗ╟╦SЕwр╙Ў─u▌w╞И█#╔`░L@#Зb▓░ў$=OA`╠ЫьЗбШGxЪ├▒1W \пhТC)┐╙EZ9bI╩Кк,5ЄR°Ъ╗Ъз┼ч╡ё ЛCдP╢UJ└xUВ6Л.Dи├O8wa^яЕь!є╕ 'X┤:tFh╚Bк╚JDгu╒G┌╚H╞є═p╚Кд9~┘╪╞╨LEнZЦHUТЁсУmвkб╙ъ╦д▒ ╙RСа│·╗юСш "▓$5бW'u┬яY╪їa*Я╟9Нm\┼щВ╪Pu╓YєI╫;й]y`U╔°` юЧr~23│ся┐sТШОw╨иB6e║╩З■°LЫ▌гЦ ес■┌'и║╤YЮОмK╫░;▒u╡┤?}┴RY>Ч╜ЦїЗ   PKВ·Т╒╜РЦwPK-ў`▐Vicon.pngЙPNG  IHDR┬оnБъоPLTE^╚Sе9tRNS°№я &є8 цс▄B┴╦zI ╙гА*╖2ЩЮПФъ╫░╞k.p[VNи╧Ж=u╗│_SКgcм_v#ИIDATx┌ь▌ыV┌PрЭ ╫$еEnjлИўъ╝ ЛїG╗к╢DТvHNц{X af╢╨Юн^f▌Q▌,7╫CбКё╧ё╞Y╖Дкф)┬?юOЕкb╕╞ Ь╗ЖP%╘╪jYкА╙1╬ПЕмWЯ#╓MG╚rэЯ Дм╢ ёйи-d▒┴;Дu!kuF╪)рkўР└№лРХЖчH─чsa+╒║Hиy$doВ─Ь/BЦёЦH┴y▓JcНT▄B6Щ"%ўзР=fHя╗Р-Юaв/dЗШ┘┘рж╬Д╩яцжМЙХ▐ ▓{BеЎ├E&п|Ф┌УЛМ&МКЦ╪Щu┘*н#)0,lЫV)0,lЫп>R`X╪6зsд└░░mъR`X╪6э)0,lЫUД╢═`Б╢MgД╢╬╡Лф╢╨ХГд╢╥╡Гd╢╘еw└ЛP95▒├┬╗ї▒ ├┬Vk∙°├┬Ц╗Ьу3 [я4АКo ЧD=DЖЕ+б!├┬╒░Z`+ЖЕлb0ВК{ЖЕKвsГ 0,\%╟чP╤cX╕$Ж]|└░p╒╘юб"Z ХBэ0,\5▐+▐cX╕r╝1>`X╕jS╝├░pї4fP╤╝*З3иp/Л T4∙9а,·PёйpY▄A┼Tи$.аВ_Є7X─└Л бЬuFXм ЧЁЩp╬Ж=ухЦ'√w"д&■TX/Jq░'д'■TpZР┌Ш╦ДXО╝╫М?╞▄6▒o|д*■w┐UМ┌╪ХP^fx╧┐_ч╪/Щ╩═f/█=Ч~cm╝d·[╢{┐$Й б\\l▌ю9№Ц$╟cЄё│▌sЁт C╣╕r═╢{ЇЛГььа=¤tq╪┌X /Ч wbа╙c"а ,∙P█,╖¤ояHm┬╫_█ KC?]д╙х`м╢~очЮ]дq╬2└VЕ(єЖuї{s=╬h{╠┤рж\q*V█ХЫm┴Mї▐▄В!░X╣¤ч╖╠КГЬЙ-Ж#'√ВЫ┌╜╣░-дл╒T;°Э╜8pB█епvЁ;{qp╬Й`*┼-чIс▐Ь╧.╕╢vиvЁ;√╜╣&@┌p╪Г▀эИу└З╙╛╕╗Кт?VРоa√u╖╟{s+ ┌j]ь█╔▐КГ.з`bи└Є?∙~▄├┐▄Gбэ ~▌gfVуP▐c╨* ╒ю9Ф│┤МЩЛГ}б8┼╛щa~Є▌[тпНPмB_Ї°у┴ш░~ы╙6ЕА%s_╦ЁйфЫ╨6 А)ХЖ▐КГc@╢)NL│4t╞P╝┬└4KCАт(жYтыгP░dLs╨еП▄D╠sN=@ОB&:▒wЗ[i─@Е├ВBUPКв ╥Bе╓"UP▒є■/╓Ю╢ч4*Б,▓╔p┐W Lю╬DцрHВ:дщМ╩i]PuFдq.┴Uш:г╤n╩ЎPvF╧ └Вкqс! хK┘6ъ▐ИYXpе'Гї─Аy╔8Ї┤Ц$0▀ПЖР_kЮуўQКў`РGJШЯОAI`╦╨·о#╡МuяёjХ$WЇ~Ю╥ └№\P|∙I0єєУ_└Jй`~f№VK4є3eё√ щ`~NX¤╛\┬ШЯ╦▀▌└№LX юФzцз╔<└)ї╠GF тв є└0i@ёк/@9ш └x^ЛжМ'сuh └╕ЮП╛М╟└\`\АЎз3уt*░╖Ъ<:h └╕ьImfлsx!▌`=и└╕╗КЎьп╩Н┴bъ0.А.▒ШHЙ-A╗А▒#╚m'0.@║АA╞@0ш└Ю #Г■М pЛАБ ` └@0АБ `H:lYЩl╖K╝8ц▓/└`!╠$V`A $R`AьKдо Ьv ! фJвЇЕ(РЙ─И,ФvФ╪r┌╟@M╬└,е} DPД_АЕ_ FRWb3 щE"C╢Ъц1X`С┼``БЭ┼5" н%1╔n ┬ъHL└|шАWнИe╪С"u BыКнo$/░д╜Иm╛╬О ░Фї┼vcМy╔$░Ф ┼RйЪ▀n3ёFЦ╕3▒M═O% n╩▀┐-▒u █5"+FGl-є╧qM|А%m*Ць Яс╛" └rПБ╬эНa ж~mPМ▒їНе7Р@ └ 3_Є╙=Ф ]ГвЇ┼╓5пьIХЮApю1Рэа.N`4─vi▐║К ШуUП▒НЙlUFVиb[Ї╧╪h╩{`Z8╞@╢│Сl╧▄аHхЪc dkOх-0%z^=╞▐е╝Cж┬W▒=>$√╔а`b█7.х;▒АiQ╦└╕U√▓iw`ЕkИmfЦи~Ц═ЪoЬg)ы│l╥Ф(О1PАO╚FЬМ┴ЙX▓v╕]R░╝M╠J▀└TqНБ▄цШ"╬1Р█cFжЗ{ фЎ╜DжЖў╚6.А)qъ9lцУС┌╜A$Ю╓╝═s_#Sс9╧╚ЎбBж┴ы1╨Юё╫А¤bяN┤╘Д┴(', "*и╒q▀W\╟Щё╛ Л╡=зчФ╢3-┌Є╟ {ДaLрц&б╧ФИ ДКЮ╟0Є\─MДВФ[F╬В╚q[бжтsМ╕qбh1уmU─xBYл#┴ eБ╕╣PW ╕F╪-√√Y{╔0║╞И;Й4>5╕F╓1╥й╪}.АХ!К3ч\г╔═щ═М╕FТZ Фe╦HХ `Et╧┼╡Ю╗°-Пп,д┤1P▄з¤╕├0ЪИ╗ eж√╘Р\#kЧ)*нц└HK╒╢г*ТM┴К)] d7_\╙Б-│ ФсErL'┼иЄM╣жС3тvтw┌╖б.АщхО╕Е°ИY?Rpо╧ВЧЗШкx▀zsuРВ▒|:ёЄбUЙ_-▐║╥ШMЎ╝Ў[x[─m▐Ox╒M╗o╝ЁC┬qюП я╥@ ▓^ FDА8[|╙█╠-д`╟:w╛▒%тjтЛV,сUтw\° цД\Ы╖ёiXўW>юЕа3r /б╦]Ъц╚ъ0nЄдOЧЗ,╝╤╢%aдf═7\ё"o p┬√╚&P7s┬лН╘xЬЁjхУБфNx╡SWIxy╥╫OШ0с╜ёЦN=]ё'╙И^НM9с}h%|ьЁ┬ пЎЮё╛*'╝Пa°~┬╦Ы╕┼?2O.ьСTоме╢P4CLЗ^вь¤ф ёХw▌TДВ■ўДўЩ^Ъ┌╧sqЧжB(8╫ '╝D┘╖╗─/╔Яgы╢уIЯм╙╨┬╗$я┼╘_+Їё▒. мїV┐K№VЯ Їe┐╬ЁG]┴Ї╘:ZHb#ШЖJCЙd$║·щE╗жЧ╪уOДf╘Jed@═\0m╘&к$o╒╓Еy╢Р╬еЙ╜ПwpЁ *Wд╘М<3ФHKrеЧ<╖Г x;qЎ╪@▄Єбэф#юvSf d─;;+╚╩МмнГЁr╨░G╚A(MеЄ└ўЇ╡╖РЗЩ`$Еr▒М ╗Л|x№HQmЙЬЁM}Х|фф*=ю9йrИа║ГЬX|О3A7ЙЬL9 h'СУo !hk ╞ ┤3Р #тщЯв╜D№'¤IкKd7;Єa?D dUхзOWeКld╘ф 8]5Щ╠V▄ ж╠\"у┌М┤╥У~ызnГ╘Ь17 ╔;Iдф╝Ёузпх!c╚П_х ╥ЩsрлЕйtъВщ└ХH┴9єA░z░gHс╬╗╛u1Ж:Л█╛┌p (ыє╗┐6╠T╔W┴┤BХ╧+╛Y8Pё╡n:Йа╞xШЫАьvлRънГ┴║WZ╘4н╕║PуьЕ╛┌е╙mї4ю^Ч3╧2ЁcъЧюquш╘{h@IU╟щ┐╜▐п^ве/СФ╫о\-ЖД&Ф╠┤ ╠Rs3щwдcЖЇo7_BEа╔V╧rхыУў d╫╫)╫ ЫP╤а?ўЩе[╪ фi:д[Еm@AГЎд╖hЖ▌Г─_Q}в97║PР¤¤Ыюыдaсп2"К;б#$╫!9 Ч╫o├@тЯш╗ВШЦDb╜1╬t╧W  RTдДHLрL7╝H№sNHк#у#▒Э д╖Щ[°OB%IЙ╜*┌╖a У|TLРT@c`+┬ЖБ nDуп%╩▓(╝█┤w#┼@$0sСTё╡▐╣!QKGM.|0ыc3гЪРМSф аЎY(а╧э▌щbЪ@рсVDН (ввx▀вЩў▒╓ЮIjЫU9fй▀▀■h;3;;k╙яЪкёсЗ║еє]╖'┐?tD6═- н╝n#ek .@6;└ХЕO%т +С·─Ф121╚%╡╡CXBTh'ГR ЩLБ╩╦■G=аLE&%B╤мV^С'д╖ЗП╚─"xXЎ?a[d▓ xYЎ?в·╚вB Ыхi┘чш░ч"О╤61_╦>?QАM ╬╖╓▒7@╛9@ЦБ,<╚╦(ъP┌▀╗У@╖ #QВ\hД╥ЄД╡улЛ~!_н▒ЁFв.С╨ЩъРНC■╗A║k▄▀жЄB(XKHе╖P 3Q╬/@ы`с}\8X(+╢А┐(Y└жW┬╗ЩpсёzцюOBч4Вм┼∙НX╒л°╛Yb!╚╬▒9ЁsjлУц╙Бo╘D╒└Ф п╣ьt√|X╛ Рov▌Г№М│?!№▓mcd°оEfЧЎоe rUE:$EЩuDLЖ?СO▓3╧ ╨ХА,Т·wn|S~у@#0) пkf╪6Й LRхў ВZЗцglЧ╩э╡ft╛Rп╖1a№Rц(:б╗лМ?ъ╟╝DcL^~;!╬1 e нC·чF╙Фd═сВг\po(,√wTВГЗ{S"╘р эIнй ї╙▄ шж:%'ДwдТ%/gT╧╫.╙к+Н╛Бй2?■НD▀А!Н|я/vй╠ZЭl╙ЯТ3ЖПФй:S╩w╒0▀╣г;5z`·─.№Aъ!%Х▒И ■MцЛО├f#ЖkъTЪDл╬╟E┼╢в√зZх╚╧Є┼XВл║║╬Ьj╠ўЗ╥гs╢4▌<┼{┘деЭncол▐%0Э<хYЫ╩╦─ЬGn?fВ¤RK╔1/UA╒┐c╘тФ╤─<ЮъБ│╖л%╠W╪Дщ┌ШyСмЇ$ёЗBЫ-Є >!Me╠╘хЁс\ _(─L7)5°\н/`VVAГ╖я■|mдЛ╓й lЇЮАщ·s.ю╪■;О╞Ы √s nаўK°╬єс_╤A>см╖jNЗШ q╒Ярс_°╚a?kеWGЄмS аУ!╪■┘уй╩├`Ж┤ ы:F╢·ч.зЩ▐?MР░A╨Ед╘О┴X└;╚у▐╢A|Oў б ╧{┬ыBВdI▌sg г╩╪qх╤<╨ОjР┼[D▒│k_лnКГк╜┐╠┌▐ш №·HO%Ў JMЯФ7fу+sSЮи/WЇю6GbДpQ─`ЛмХЪя┌█ВX°a!rЯП6кbЙР▒3 _т.Zj$┴jЭ╨Б╔ L■╜╘%╟Дз[кhЭ ╟ьЛТW╠O╒-nХХ╣═YУ¤ <░F&╧и┐идf═Ю~ЧЕ'кМY║№Жp└aJц1╓╔╣╝Xg¤dе╗юYt7┐Р┐ЫЄ5╖┘b\Н╚=:Ъ%╥·П═dr·R┬у+xЇvєсЪ$;ИФ;█d3╚=╕y╩ПSLЪ∙АуN╖╟!ъ-иX\╟и°▀▒1√g┴ еZ`ў RеA╤J0 xf'▐гБ▀B&s╓%МXB▓здУ╜mTK╣╓"cXМoЮ╧y°]Qч═;ч<|╓Сф╘Ю┌▓CЧw╫=№Bb9√UВ╟О6GБq*┐╜Д-YЁ╟┬Y}Вz▄╬MX¤m:Ыt@РЄї┴dCJзуН`Є√нДкгАкRУ╝Ї╧╠ГеG√0ї▄бГ,[jpЦ▓дд╚╖@.д5╠яР&_╤╞A└╠учєwаС3 Es╛hDFЄLЯ ї╣Гтh┴[╝цЬ°{°EwЗЇ─ЁMTO╚л╨кxBЁjър┘╔QыюХЯЖXд|А╪AG└2Я┐Iн\┴┤┘ 4о╢ыMdЗn┴j╛?v═o<а╨·у╣ї╫▓d╞t ч╘ ╨┘НnХ'_ZВsяDОp6'╪═_r╬;Б`<m╪╢c¤ЎdR;c4L·6й├V▀Ж╔оN'tж&√▒╝ж0K├-J=╒E╡зZ├m╩.ТэьI╗gкs└└╣╨=у╓5-е_rш9╖Щ┼9;кnи╝─M+ЗъФ╥qО╡H╖@эUO+·Ўє7pD╣GЯ!3ў 3ZАз┌╜┼/*zMыЩm┐┼├а%Ф(xЄ@Н║\щPpЯ│╪й9э╙ЯАLл;ЛXРT╚$∙уo╙qюў!┘УЯАШ6C82ф╬Б,╬╜Ъp?"пр∙╨9фУ[▀^┘°vп=ю[w╗└┘ЎFr.ДЬ╨б@Ы┬Д■╬#¤o0└╘┤xоEЭlg√,ъt┤╕╥HЩt$Bwр,v█Ы°в8ч╔│$╝├┐;KФЁра┴╬╫ЙlЙAЛ║CJ(4^№┌' ФeБ1■.4N¤ХjV░'ф∙ORт*и+Р4ЯNb|NцВgДG║EЄ╫ж0╘Я╔╔Щ#Н╠3¤ уу╓с:╫tWZ┤аLg8√уjо╡}н#J∙Ч4e╖Эx┘t№y{А╥eKРN┼Eюзk▒V╫gРqх/жC~Я°щЇqS2;╖вРєРе╤Ю Тб╜┐М╝vР╩z^%їАн $jzНf║Н6$╗√▓5 S!`кuт;Q$╚№НdWЗ╗Еz^$/Ф╞╝2_ДЄ█Х№Огz|$╥ь#Г B~\iТ╟*∙┼Lв"эЁЮ╝╒╪А╓D·~вX│-╪N&╡ьSТ╤Ш ═Gє┬Ы╪√*ёcЪИВi~╔qPЬ ┘Ч$щЖ <ё┴Пm╥Ор>Pв├s▌G─8┴УгТбAvЧJ8>ЕкЮ}5d ,B:ж╓7!√@hkПЎ^╚!} HX╤0д)d√d[ "Kї`ъюfдх4 ibV*UъВ╔├B┌ёп>ХдПA@(∙QMКУK*Еў№5─├Jы'6Bы╗бiN╔╫ёУС  Ё+¤эНHЖvёЪ╠╬ЮсhOK╗б+`║ї░f0sy╜гGcэчВФнЧЯ═'U#║Гў╦у1),?v╧8┴з° фА▄вЬi╣ь■ ╖KmQ°З° └{ъpШЄsdЕ$Ы╖@Яb┼╤Aлgrър╘┘▐В&дл┼skBо╘├_gQgГд°к└RlD;ЗбylЄ┘┘¤=├R┌'┌и╧ы╔KАоьn_√Хd.Ч=Аo╧жу&Ъ)UЧ їs╞1┬$"okО1q┴ЭC~4ЭQ@3ьR36щ#∙N2,4rеPьян °─mЯд╜waп▀╞ *х╪х№Жuм╝╝yA)?Ъ[╥ ~лн4йв▐н= Д╚ н¤ёў4Ы·еЬД╛Ь8НуZ@┬╩║dи|їрЄОгБ┌чї#╥"=┐R\@█їщ}{Кўdщщ}щcа+!aSДД■A$t=Й│dО:#░з{о ═ @зЖХ'▀шlbе|г`>-Z !╙$S╛╤ЬO╚4\ЁМъ█a▀У▀╜Hc╧{Q·ъi╤и сКвщХFWЎЩR╙.JВJе║еЧ!╟СРOj"h&ovт─Sшw¤∙бЇу╨°А╗ П2 =їT╗А╡л=╝Ь,З└╘ь/═╒├ф╨ №фюм╜\N╡с╨4┘д¤╘H╡hдd'╝!Лясї┘йVЁ&∙╓,=R╪&u┬\ek▒'NB8╔ю]hЬ╚;2;ynУfд│√ K\[Гf([Pй`╞╔Вўv╡]:`7}"O║@B#√%з¤h Йc░╞k#5Ў╝имяЇ∙│─╦ёе!ъх·И|b*'▐╦┐YЯреўБuЬg*8ЧЇИ╒Sл'G%xOн╬ъЄЬн╒щy║╡7чna╤в╕7┴bЦy╬╛SxцОмRЬ;О ъ'~ Y╣0э@q7АP ╕^ ┤JзР╩:кфCЫ╨aёцe8}7mмR_7p3╧e7 ]╟fВ7╒щ°╪n>╩╣6aq╘d╣Bъ╡J¤vS7oЄсЮ╒г╕нk+ъy.0┘д~Б╜ ЯT└┬/╤2P╨цA╖H ▐y·=Ї$ ╞AL┴щ┐шжч|%цЭ╒ыЎМ"/qtхT╚$8O▓@е,░CЪхє·cxHГ О╪"K│)Цг5mVўЙ╡Wї▄╥WD~Bxя╠а╒▌╖f:/╡@¤Cъ>Hы╞КwR9╕6║vеЁ┌цK,:ЕьgнБ:НЬы:дАфу╖■ыЯ №'Оo.ўК▀цЧ'XX▀┼C=вDT_JAwe╝▌·╨zJ¤▒ 8&╥╚L▄z>╝.B ■Меcф^/0З+-1╚С1є┌#хL;Бщ▐Z├ў╨(╨FЗ▌HA4Ь'T@╓5qX[CЄk├НPЫкef0^pПN@ЕKG jРн√╔ьв°CК^9╪ПЛ-╜<М+huЩ▀ОЪЙ▓ b╝Nё└_┬x]ZpRBВєCЗ7яф╣▄hj6ўБригDЖ▀ВGGMчИ▄ЦtэПP%Ё╢┘H║╖эБH?\3B╚ХГR ┤ЯП▓'H■cCЄгжDNЁ╠ ╟ш№Ф?8WД zБГчг╫┐.н·~ RБучI?вF!Ё$tMъO┼г6╙q╙Вs▀ИX╜╣┴Р[╜лXЛФ√bnQ0Dдy,ёer_┤ЪVi{TЪ dьqT#.Дў╜гыЯQ8─▌Л¤╕АЫ▐aЇи{Зш╟┤Р~▄B;[еў▄├┌├┌╙Ж╙7ЖОм_т╝шфЮЖ;╦╒ ц.╖%К _}СХм╛╓:Qє╫0rg╒[ rБq╫hT9o╤s]L/ фJ▌╢н{▐г?0G !ЯхzЧ│╣цтuV0├п)q>``─л└╡I▒O└е_╡\А,▀┬L;╔&э ┘m╢╙Зрпр?о╢{з¤6Ч ┌M¤N_▀У┘Щ╕ХЙВ┤JЇ№ЕЄ│╗П{t3Кз$[Й Rm╗ftnQ┐] РaВ▒╔e╧╦u┘4 &о5ўн╣╩@SЛTЭQущV<╝╞╣Я`i╜ eЙ╨<╚Тїs$ч┌З╘be&┘╝8│╩╨Упр?Dявп¤_╘╗#▓г4#Фs┤Б╜╨syд^┼nБTj║HM╘ьrwо╔Ё▄жы█▒\>З*ы╛2ИmTIlтЙхВїэPъє??Dс~а[С@▐єfp╫р╢▀╠їhМш[lG▀тб╠E8▐дящk┬5a~Ao7щУ -ZЖQп√3М№▌¤ЄШ╚э│I°-xRPЁшх╦yтеГ╟╘W┬K╞l1)╨MцПp¤▀!AдяЙў у┼sЫ!g╧ЗКчЦ╞{°iП }lСZь╥nboщ╤\0Cрt─├╪в╪Oz1Ч(%╬5 °}1(╝3UvюХ&0л┴др╜B╨фчq=ЄКОе/┌щmlЁч║FН√0k┐╞q╞гW╥¤к╛Цs╗аmчс,╬¤*▄Ї.ТсhH`╫·┬по1Vp╢▓▄Ў6`A∙З^pN▓ЬыCxG╨▀Guъе-И√ЇyЁлAАю╞J∙J X╧F▐s╗▐bЄЩ;╕Gq>1u(ТёKxc}kЖaНЬ╗2 ▌2╨;A═ └∙tQЛоSс"`┬ [b87v■Ж°Л9╜Cф,}ОЄ9&aО ╜╩╛╥П╕╓k/C3┬1КTиW╓чяжым└ўa>ё∙П╨i╧7╪кЮ┤КюПкДЁ+ЎOаёфыБ,ыАAH▄╓?бО╬Жф╙9:5╬5*Е■h*peXпA2т#▀F1А╢УHgЖ╗√у╫├∙╚ЄYа/h;▄УЗмl/t6▓■о╘гЖz@s:N&Fп╖■у?ыйу╤АuGїЬы6DЭr4╛ Ши=Гї]Лї╜~л╧ю] э¤юфРё ,┴єCdРпQ|W!(▌Fфeч+жСs╜E┐╛sсєL!>°╢{-йО└Учнюр╕Ж╓╙ ·ж JSЫфw|Е kв│?ш╬╖BWХ╢рЛ╣├"uYсmBоtИ╦▌>Эў6ХйН7╖m%ю┘Прf√-аЧ@ў$╚╧┴ё╗QGъД╔zй ▄┬Dg╗StЄ▌'└Fєц├sц+[`L л8пЄ└dж╜[nёdыЪ└"┼T{/jХ,╠\m╠+с*,╞<Y╕8 єДлzR∙ХЧ╢of№{√f▀╘бЎMT?╧Ьд¤фGDї3╝■Gў[GwШk╕А№ръ■╖╜2L╫З▐Ид│ї░пЬ П▀{rtйh╙;/Ь_}jЬ}k-╕{Ў╝3} JJIlWщ░<щ и8}Ї║╤┘уCф▓'Н╠7>╟ь╘c7)▓<двg╬╤N█ї┤╙ЛщЮN#ш╚▐єA╣#">П8h╚}Сs║■ x┐ч╧a;рРм\LDЩI?K gЪ+ ╚т┤└uои╒╓v╧ЛчNЭХ{╖┘.}ЮуM√ьC╗╘╔mn╙╥PШ.*wJзў╟u°хёqm[/б ┐?╙╒Б\o°Ш┼ Ыг╕v■ s╤│┐П┘В┼гw ч┬u"╨`,3Pкїи╟■ ж} М^:sf У!x░V(ХЁпёШQ*тrя╢╪Lgfz5├▄Э╥.+7зн■0╤м└╜╗ПwJ;Q-Бъ▓в3pейI╝.z¤▒ е▀?0^╤_╝w╣╩b┌C╘XЗ╘ф°Ь{ўД╒▄─=·+\ц25їэМс\/cLгД╞>╕бэ█ V╞=p+├бжжQхm▓в╜ 4Ц│}Б№&I╒v╚d╛╧bМSЙ╫] iф\Gи░'Ф8н1ф╣├╕.Ю.Ш╧╓дйЭ┬уVC O/┴│:"Ъ2ц│Ь ┐н@{RpЎ░╬3щЬkщsfв╕ЗЁ7╘▐є1ю'╘_оuЁюN╟tЛф╝╔Є╤Июо?ДБ8Vё#∙zшr_ЧўСЫ"Ї$#SR28╟yЭГmb╪┐`;WЭ▌:ч\C▓э=n┌ы?д║║ml╫pГКd┘КKфЕныxЯHэ< вtЦ┤t8;uzожч|HО8╥<┤jГНkd>╫\╧С:ЭЗ9█щж^Ь√]jЦЪ╘zЫ ╕FAзPJЛпI╬Б╕Хoy│o▓─∙z6}А@Фпц╥p;ДVъ╫'єzx╝еуеW╞ -П├ГF?O▐Мy╪2ШЫ╕w▀╟┘ ЙъcщvO╕ц┐}Гєy└┌┬·{Ej<СИ}azщВ┬_Б}-L4"}яа Є{EїГk°B▒GАjгмюv╟pлgбQт╗&∙пEЭО╘є╬ ┌ЁTшш░┐┘Cжд:╛┼Эгў∙Г@'b8└ь+g@75сv8ўd@ └ЭЛ╬Пt#ц█▀┐┬ез░╜В&╡a■tQ~b?Uc■?ЖєгS█rЮЬ╢гz:▀пК╘N(.вCfЖ╙├∙п·ъrFйЪr.т R▀NчZ Iрv°│]CC╓Вh;єгv░ъ┐~QЎ▓Hа[▀ЧOdТЕЖ╠╬·c╕7щaJд╟М╕╧(m0т!piЧр╜З|' ─C:O,]z X]*3VJлН╡@д╒°║^сGjн.у# ¤AЁ▒H┐#:эЬ+Wg╝У&чБ▓ ВZ■┤ПмДш=┤Р┘EРXУ╩╫wуТИ╚P╔╣ыИ╛дY°Ж$V╔Н $4─mЕL├m▀Еэр>ТєLкc╖IН╚ !l]0▀>Ch∙╣ця╒╓╠а5│П'ыX▐<Р│rtъ~Ycт6u┌К ~╧╪┘у┴├T/юТkA╨Ф╢k┐▐)gLЛу╓╜CЦИ╒▄║'cшвС√WШ┤yТиВ▌dRбU▒▐x5u^ ▀┴K*n╙LVРN*є'ршо─Iє╥hЭ·8ШС:7ЪЫw!Xе╬аЪs╡aЛЮ#─Tb№ўp&┴'иuhм▄жv▄ў]ь<ур\оЛ▒·cУ>д∙╖(-█B|Д╪ЁяR ю$┐u%9?ЪвМjўЮ\f▄юз┌P╗╖╜]└vq и]IЫГ∙mZK╦хЫ┴, dг q~г▓■бкYюбO5hqЕ ╔'П@▐╤J^▐гбy[)_╥Э,ЎЦКnш/&]l░Cy┼юСW} ХьО╢yТМ!~▓9w`ЫZ╬╡ИвЭ°БЖTт0┌╤Й╨QIU~З0.╓А%ЭmшKэє╬m╝[╧"ШCv0│фQзб╒╗╬УЕ-╟03Ё#чZп┴TТh/о[kI`TЄ}еB*╨Лхя░ыWа2ГСЩv#чЪ╪M╗░╥╨1"ГеМ╘Ў╟╫-/Е_╤wP [чФ·ЧГНкЧН╘[j┐Мs9BяUСў3▒];( є╚I╩╪сg7 ═я>ўгX¤·G░·5bХ·▀/w├ўPю─YКнxVaу┐ЭгГ`┴w╚╧ эIас┘Z║QнH)Бя╩h!╬▌▌%ЕT╩· С┌А}ОАЬ√ЄM8ЯБIBПрJpdmАc R▐╞О░oывy╡X╛є t╢╧^▄^ъЕ█^¤)(w`ртr╬_ю Ц√█┐▄л8═ЧрК+╝┌ЪкИ▀═ЯCЄ▄ЕЬoг╖J· M%Д╒умh7fА,F)Р{пбS@╓}Ohе0O'3_рAzв╗┴КJ─e└{┬УЭОBcЇ<4Jt0n║Ёзq║rюПЙ╒ИкдH/═М_Oa)Ё?а Ze!Ду/P%И╦тБ чХ╘╬GX- █Ъ╩PyC╩ш(3НPF:╫cДС╓О▒сфp7Ї=ФЙЩhРuа┼┤╥D<*Ё▓B,!чЖ─я ш╬жU╫d√В*+g∙.░■ mРП░■sРX╖F5Щs═bщ$у"?√) ╩;¤a^DK¤uяйP╨ А┘мрЕС∙#ЁTЖ#╒ъБTшЛ3жё░@пв=°э╘>йTFь&яc$╕ J7%:╗_a ╗╘ошўt4ЪnДЇ\Шhk╣gPQ'ikЫiпT╩╘фlQ)={п?ЇB;°┼ы¤╘ш,JГ╚Ц д S87JфWЗ+R+∙Э¤h╬_:ME6vъЇBуj╩!ХБl1п?TНjp5╙·╔ўФXM╔щA"°√∙иCжdн+єає╠kRИGв╠ мн▀╝1ц]л┐Ч╚О+`Ы ░ъVя┤Q6Ў╕'╓ъQy╓"∙NЯBsФЧvЄц╢к{xй№oЫ$ГхЦ┘э ▒╝Ggs·56 ЦН{е╒╬Ў┌д└Юэ░∙OЁ Я╘╞K┬9<зцьfQи╠T╖X=├Ё ^╫_ИХOО┴╬ЩАТX;ЛўZA╚╪~ш{:O<я╤Г▒IЪ╪6┴╘$H`╞хЕл5Q¤ЙP╘"x-n╞гs╖Лй╕vH╛*l├СёЎА▀чH@J8eН`▐YuТЧDcR╧nх=Р╧1bЫє╕╞n■иъkТCAїQ╥эx┌ъQч√╕-╠Щ▐0>┼╓@ЬPУ┼єЖ1 =Є1┤╦ШANЮ|О(х,Є}&O%█куTL╔Рdgў╝─"МuЎГ}╘2 ї8┐╘H НВу\╓Єк╚r0x?╗Є^.Н╢,H√┴Ь▌r▒9Л|хь╫8Ў ╥&╠-№"а▐─мфУQ\I UsqБп╧Q{▄тЩ░┼Аr╨╬;╧╓ 9Ё│╝y╟┌>┘ФВїcРўўkmR+╢55╖╚gє╬O▒∙╗БїШТ╚yХ║&НE║їЬ`ЎWН│Mа>╚Пр═З▒▐╗Н \v╢*й┘ц╒мыс╚ўм▓╞} briAТЇЙ│З/W<*фе∙I■├ZЮ{╟ЄdК╘хьoяьМ;3Ч│$ъ9сВ╩┐p┌3? ¤G╫╧ЙЎ~М╝─-№ЦPЯXn!]╟Ф▄Ъ&№у├}+\=У|╝╘ОKh├√╧Мп▀┼0╜3м╥nЫ╘╔gюС3XM╗эq|}╧ ╨([ю√Ц[иН╖`╒w*pA[ ў д_у╟┤XЪцGп=^┤╦s╫ьЖ7Й?ф╨7Р╪ўнЕЫ╪Q┬]╫╦н√Y,╪┘ ╕°┐L▓░Я╨м╫Є,mR│┤▀╘Ж√ vcя═н;H&√D╦Lt2:Kl\yЇT│*▄╔=┤BM▄╦╨)╝є8xГaШи¤ч3Є╘1иЛBчз#Ме|з°єЬЁ╖╩/г╡"5Є├√"╤∙u4 ;─ИБкєСїВYxг (~║ JZ╛eФ2Р╫n ceQ┐H``r╚╧RРg лAзCFквЖ┤t═QzVЕыGxзў[@*+aЎ)=Г│<╧┐гдїk╣їЗ╤kйўЭWгз╬╫ўЯЪsЁAцЪ╠ц[тifЧ7*╬¤F 9У╗Ь╢▌G╛hс╣9яKПДy ChL┴╚╪БZЩЗ╣╪╣┌hЖ┤▌XАJa4db╒Є№ЮY ╕ ═КiРT@Ў^а3╢&чW:LЦ№Ьk K▄╘ЖIV(рнZЄ9eA╝Э■iС2схЕ╨U3ся┬Ё┤°HИе■Ц╟a┐оЫ[7v8Ж╥┌Р]сIlф ?п┘Е┌и0╘gШ,╡┬АЮ┼j8ikб╤ЮyBЁ$я═бb╨┴{sВ┬╨Ж▒ ЁZОzн%Б ▄▌<┬Й°MчВo╣{▐╝< b│ ┐─д╙┘Ф╤0Ъ╡6n▌ОФK¤*Л└q{lx▐А╥┘{;+Q▒╢Ш?с╝╧iИЁ5cm8-Cx76к9/й║К#╜■RP┌vн|╤√kЦ█ФDu╡Ь0i╡1пgLшГy?ч║c8N°РW\∙`▌АY<Жv╓Ь¤ї└к╨зО╚Р*╠гQВ╘kШ┘,,╝'№ Щ╚їFБ_:╔X'Гjє┘Qeь@e▓k!eЫ╙пVШN■вwМ снCqю╕ю>┴5,H$╠RiЮХ─y%]x --0 а9{0z┐Ф7}jСЮ∙f╓b:диXє^╬█CЗ▀└{o;яАdNїМ@Isfу p·°О|{╛ ╨А=_.x┼:╧Ъ9╫k▒ДNП▐ Eq. ^Д│9йХэ уэ╥▒\щ√╨■M@▐Я@┤чb╒°1jРs=НD2у\─бВ╛╜Ща░vxAр═│бёЧу aА&Бc"2ШBўнИ▐х}ц Y~├U0x╔ьч┴iУЯЧЎ("╘Ри%█ёd■QЭmУЎ Нл╬(ЎжBk╟Hъ.nб╦zХС№Аj║ Єф8Є9вM$Л│tУ;ёxвЬзtтд╥Поп Л Dс ╥y╣s8J▄┌чь╨dЦMъC, DEq╘ЄRмУcx╚@· Ч╒Р╕7aTCx ХьdЭRЗ╒Р7LКO#K▐yШ┘МтG`йd╦pPоИ╚+▓Ж╙╧Zе6┼Hю┘ыю9раГР LЇ ░╬nф3ъб(ЮН┼|└╤d┼нWDк╓NШrXЗЕ[wHЕoю Ж╞C/г)¤}В81Е▐ч\╧и#CiS&┴Ым╗?Ш!~G.&"B╕л/,ЦD`N┐╢╠hT~Ovиьи8╛%ю┼в╡p▄╜Й╥C;чzъ▌!|З╩эЭ─^Ъy¤░Ч;N)g!ф&-юТТsB-ВW╨У#▌vп╞Mо╬HIжF╩╤╟УI1p5╚ЛgЦHў L╬√ ▓░Ш ДH┤╦╛'єDЮ*dПP+%└ АЬ ╝L╕$└P+! °╕$─0└*└%╓3(P╟HnH l╡lЖk╠RД}%▄W▄еР&S&Ш(#<иG╢уЦя o╦$и▐uFр_зЁ4ёЪЫ┬r|hX┤Omr\ч№┼I8∙вUй╠┐К<У5╚c!@▄UК┌╚"В╓ qЫЩhs`,ЭрpцоМЪа]▀ ╥T╞яqР°pVFkт╓}C4dzх╛xG\▌!P+Э╜ДЇT|ъ╚ъOz °┘сBыФ{Ш ╣оЕsп?GK vBлС▄─#<╪KmЄАLП╟Дз├Sbр4Лw┤\bЪ |Д▀-yцдР-1`i 4Д6J└NЎI"╛`,┤bї╠O!╬┘╡g╔┴юїўСгвh╠▐9Мd■ц╠<'Е╛CзУw·1▄TuЗ·╥T╖}═@Ч[йщB+p√ЕHЧQFєщцhA-╧╥т`оF╨<▌GRШmхмMБFHСф@.ЎОо\▌Щ$}dУvё╥^ yн╣g═Z╗╖0E(:Сы╗┴цЭЄ"я<4№uїЛ╘■.""xя╨XLt╔╝ф│Щ╗╕З' є(9_оB╙вЕ,ьvuC KЬOЪy╬т╔>╟w╔Р╗ц3┴╘cєZ6Ь│HdС)╫Б{жЕ╛sm═NR ▐г,B77╔lцяVvЗЇх│л Ui6╪M▌╕<╠K┘IPсе ]?Ф▓S эy╗╘▌єЗи3╤8e▌Ю$x∙┴Ы╨цK╒e=жш√}0 В┘┐r$n"И'0√ўv'╧vр] ▀oЧц╤>оЙЇ╛│_%>═Ъё│Жл╧╕┐=аЬ│#vL░╦г}@$╞Фxє╬ ]вnЯ°ы┤єDra╚эP┼НРU╥|╦Cа*(Dж√2ЁЖЎJС^h,╜/x╡i"ЦHТаГ┤!Ш·ё¤d[╜┬г¤бЪ`┴╣а{_0№=Nлv_5нлч5W▓FV╫i}дРJМП║Зt▄O|нZ┴ko5▌С└LB░{Ё¤ht╫J┌Э┘.√БнЭgу╓╪еф8O╫Q▓╜Ур╛ {▓twU №ЄНhю]╟8з▀МшI tReВxГ╨ЪезгЖ╗@ф╛Kor{b╖р╤Рлz&┘=Мs║Л┘%═.╟n║ тMdсфcлФEi┌_┴гE>┤{╡ФR╠ЎСE╜д▀#rvУ?Я№g╘Rз└юъ╧р╬╖n2║R▐дAJVCё@np╚Б|Ж▐ЧE┐;ovо╥┼нIа7JJAc7]^└г4E°-СW{■> ∙ЇЩ╨#Ё╪:ьТ▒├&%EЭr ▐▀iо" Vеж@wвZ$ўi(Q╔0bЙ┤ ExЛ Y√╥=╣Д~╧т╤╓П&|╣m∙Ф_0э№jшЫVи└сZЩ│o▓Ч─╤Ъ2ПТ█3зwUТЖЄtО?Е°eo%Є╦цЪ┐╘╙√є╥Яdhлч]▀┴√│iBQiТPt?Р~ПM·╪|~їpй▀&} Э╖I Erf╗wьu╝yQ╖┴╧лчшфГчРn;╚-_°Q│▌ Э,jЭь╒W}~ -╚ьD▌чФ/№▓ К█erPGЎ|r╜╣)╣▐ЪЫwт 6я┤э6sАs>DH╘o7ї█ЬнЧЕЛЪГvяDRЪls█╣lY╣╟иYc7яY9╫ъБ╗┐°Щi^R }ЛwхД╠г▓x╠иЇ▄"ц^i▓│¤v╓gУ|╬цЧAС~\є╔,IsнRc═╦юГkЗЗ╫═Э=мяЩyNpЮ╘└Ї_!KuЗ╛+║п;И║ дaП╘хьV├ЬГч?лnВg·▀ЛХ╡Г╣xdY·┌юЩtпЪєNzбNв√Ъ┼ь=+╬<7 ю>▒@РN├ф+~-H╕PDх~K-л,IР═p`@n ╚Є╠ўЄлаеЎЮul ▀у╛єшHп2█ЗG▀:Аы%┼фшT,эОx│rsа2ї╜и╬УW╙Є O╥Г▓ lHВ9ў▀C■;┌┼°Щэ╫<ХсЩ~╙RBkq╝s·ЯW╞Ь█Co%lYБ"уВ∙(░ъBи╨$Ж╘КИ№L є▌}x╛PЪ▐[Д`VТ╨J■ГКЮWЕVэ■"FЩ╖П■М>шаё╟+ўyl:йЛП$╔AKО№▓?X╝+X▐╝3╝O╜smЯ\ПtU╞єib╬╘ж╕√╓МК·АDЩЭВ и /▓fO╦Ы┤╩'г6пhL▒{r~9Ю^L╩o32ўgvЄжO=1╥rdl┤{Ў╞uЁR╓9╧ч║О█╠зj╛░Km6п▌xYФ╝┌╠эф┬AС[Б╦Ў╗;y╬zBJКхеЄ$ф╛.тQЇсиF░Nн<Иk╛ящ*iК▓У,Ї╦^▐фsLГ┘╟MgD?8ЪаqGдЇ Пм_Ъ¤╒c╚ЩчqН┼3╥b╓Л=╓╦|╝│ Е4GhЛ5{V%СУ0]жV╬]H6╔Хъ╜6R╜р-Х╥3*╩~2√9ч|rЇ=╘╞хsКxМ{p"~╛9['Я9Нур#уАЯ@J╡zбh&Шdха╡зlE√/│╙&∙э▐Еn№p ^нvж(ы╗ЪсВй├УyIгC═ЪЗ▐#аtЩє0+Ш[k`╛ю╝╒Ч ж¤oQВёёjЄюsВ?а╠з╝`─Ыр┼!xЛ(?╢Ы&я╪=6Ў=Ы╣gх ╗Їе "▀▓╪Tаq)чЬ╥6┤k3яо∙▄Ж╗Ы&В Ao:Fт~d▐9дя ░аIOY%!)rшю╚}Тя;A·РшЮ▐wщ─Ў9юб√╔ў║а╢ЎЕш'╛ u╪Z│ТXjЕъК2Ё{│"№ф;Sl╥Зфh|о7┴)╡Y=№╣\яэчxюЭч╖у 5Н╬Бa▄гкхуё╣цоъBлчЎ~└w▒┤ШC┌kХ:L]]▌╥░ще╜6яэ¤`цє]ЗёЁГря6Аб_╧{n ^:╨uЬПы╢!ш╬ :ьqфDЇўa╓╠Nа╨ЭP{╕ОшlНф▐JxЫy╨┤╖KчAфbx╧Э¤]=▐[У∙оn>n┐=╬.9oB╨╬ььъЧ ,Л╥П │═ДЛ═▐б╘"№АDn"L·(Дh╙·iЧ?Рд№блo╟╙}їЗ╨V▐╦Km`/UZ3█┐│po┘┌╗dЇ°F┌K]S{╫ЧР╖NКsА%:╨╣?╚Ks╟в/c%ЦQЗ┐[╦╫&k░тw ~ЫdС82RR ▐ >j(0Nз═т╔█iбЖqU╦╨SW╥8└Нз ╖тлр5Нр%О%MЎl}/FЫ┌BюG['▀ЕЛ&╠5LшF]rS▐&5▀└ТБ%╩=сл^▓Р5╤-├Sс╖рЛ╖╪е▌╕╠ Ц:кДnx╢╩╟qs╧}ЁIk7Лэ▐─q┼╩V╨!;g▌- ╒ў╩ p╩■ашуAўсБЗў┼R┤Fўф║█mdжЕel═ЙнэФE╥иАлш°¤НрE╕я¤╬kЇ╠░*у{n Эп%^║ АUt ^ЦКФъ!▀7Bo=гаMl╚╬ЖЖrБ8exб╞)y mш`╧│а/ОЇ<9h~вд(їе}vйЩT+▀п&ф~@Mn░Q YдмлъБ│|bЧуч╬пЭSh.Ъ7GюU"Ч[$?к╓▒%їAжц╬}ИgDц <@m╖7ж!.1_Бqjf'о╒Т<╚а╩Ё&ZJ°QGП=Й/╦_Ь─{╩еПu┤┐д╗О7∙?о%c▐-?Мз=[dХ▀▄┼Kз╚▌Ц>Щ▄'¤ёlя<╖Ує└╤№Фa═ь#gкw█Бux!рd~3┼╚г)▀'цв;_(╕O8омg"ў]=!░═6╢еюБ ├╣И│Ld7 ░r╖y┤U Ё`NХ_$wXмэ░╡╢Р+░ИЕЪ1╚чбїy╦М╫ЎМ√┤Гь╒█╪}uл5╫2т-XoTХ∙NZхGфLЫ4┼╪єBдП╢VНС@чI╢ч7%НJСї7ъюЦё┬NШв╜I6┴X#░t^├√t╡R!├D▌┐▄&м╙о─дHyБ,8╝КД67Wq[GAF∙i]Щ,xo╦P│R│LY╧Г№їAjЗI√э&Яря╫Ф·ЁкпаЧ_Ж ъoKaъ│,┬_QэёГ█Ы|йЎlбЎъЛRВkГA(6 єЩЪ YMщA╥рmzТ=@ Л$m▄XJ ■Sцгe╩<з└Щ №╣G/ЛЮпВй'KФ∙LБя+p╗_Vр_°и╫(░\Бў(p╢oQ`║F`ро?║B:и№|d1╤┐P:3ф7lH╝ў?ФZБjH|hX▐мъЫAWбЁ7<ъ╜oярЎ║W О3ў╙╕^БН 4(░ў■!∙Зрп щ7°'ЧХUj*к╩ЦN╕╘√ю╤Y бЮ№╒)pC═Я╒√Я╩╤▀╝Є{╦+j╩ ┼UU°▀XЄU╦+К╦E├╥КЕеJ║!═2'Ч╖═61╠ЬХ┼U%e5Жк┬Єe┼б╫sю░╬ЭiЯ3▀─фVЙеЕeЖ▓КъjCEЙб║tYyiIiQayQ▒!-╧>'?▀ДэTИ?Ъл Ь Є-/6TW;╩DCi╡Aми0Tп(,+Г∙ПMЛ+с%а[╝╘Р6o╢%ДE╕╒ех╦eЕUет*CZ╛m╓lеZf╤КBq9`Яf║┘РZН ;jjuZъ▓ЙЖ╘e&Г!нкX\YX6" аmГлсIВgАЯ┴УсnАчс ╠$ГЯ ╧rNДз┬3с▒NА┐Бз╓Gсл╔xя╘ pЮFмg4╕╔Ё<сJАысyq°8<╧C°)АЗчEo°<АЕcf ЦX ╧·<╨f ├┤aаЮnмр<ЯBx1└i╦/l рГЁ|Н╕ax9├|ПaД°▒o3<е є<:o╕тWр│C╕`√╜@WwьX<╨Lсчх0ююШQm6S°C%├,┼:яГ:к`!lhкЖ▒├<YН╦GP!<П@╕рfx!№Ф,║·Оe6└єц°√└єАg╢Е Э7<bА{с∙q╕oМ#Жс9З∙яЗ╛┬г┘Б{0 s╞wр■ ├мГ'aю╔р> Мї ╧┬3┬╠ П╦╝#Д}w┬У╢у ЦR√щў_¤сЮлaM╢Чфt ╟Оbt▒Лc*╡yЯк#N╔╙(╥2;@яЬDї ┬бяП@┌iх=┬pб6у57─лcЦи2╪BсD▐к└╣ \м└*>xdp╗O(ёН lQрз №ZБ¤ М∙JiWБi Ьж└Щ ,Pр= №ХEоQр├ №н7(Ё9╛м└- Ї)pЧ;°ЙП(Ё[ЮS`╠Q ї ╝\Б?W`ЖoVрLЖ~?НЕ S╟ч ╓R\V,чTХКеEЕe∙╩ЩМм╡\,оЪ╠мT═*эЕ╒вХЦ9Жё|▒░JtT┌╩K*xf╡┌V^Кч_Jя┐и╓╟╒╢jKvN╛╜╕piЎ*▒╪  ~5─V^ФХI╨ф:╩─R╠VP1┐tiq╬Є┬*жJЫ_,╬+_^X╛┤мxй╡╢и╕│╧,-lЩ╡∙e┼┼Х╠│┌В▓j@ьО┬2G1єбvЁ9Ё2┤╤'N└CИ 5PPnХЩ╩,ZФ│и║▓╕╧х,вmVсnювEЛ╩КсУ╩┬e┼ЛJхELжоX▓и╚Q╡hEa-MdцBъ▓b╧V-лfЄ!ОЗ К╦W2оXвф╝Л┴J+╩WТў SёъbqQaeх"qU%°ОE4┼Q]\еЬ▄■gнXZV╬мВ╨КъeЛКk▒┤ЗYTDCПCиb┼ └Хa╢3ЛаT9°}Я2ЛJh┌8Ц4ф[┴8┘EeEў2&╒вКrR|ЧjСгЬд=м.\RQ%2V├(A ├<пж-╝н.йм*-KШэrИEL│║дкъюPЧ╘└╕BшМП╬Фc┴│SпPъИ╒м(^QT╣ нwAў└┐╓рYи┬2Р>M╡Xе╦║├e┼°9Ж╩ЛVT2EЪХбжЩ_kjКк╔{ж√ ь╣═:w╢╒~¤фЇеee(I▌ │Ю╒+Лк─v √~Y#▓.Що╫╙Ї╞9:╕ё?Ю№щў╙яз▀ ┤▀D&tЖ[Gy┐L√яЄ{Mб№Хй4 фй,╔ V8 O┐ Y? FFCB:v╓ьyЖ│∙┐╡QgШ┤т╞)ЁGtФO_V\^\UZ╤┬квх╙kз▐8 _.3LЪ3┘0йZ\:}Y╣ШTR2л У&UVоШ^]]9iЙгдд╕jюЭ>ЕIHO┐&]|КkЛ╙ЛШыЦ8J╦Ц.-нвБы▓ч┘ьЦыVДО@OZ95=#=#*KУмЛjJ╦oЬrIюV▒1Eh▌к▒╒E"гMЫx ╔║╪▓КЄeЄ╟QОVQёRШ;ЁFyГ j№нл░p)мо┴*1╛,х^Иkю└U▒╒╦┴КRЫFлАp}ZЭ │kbЗdМ╜.м.'╜╨ъЎA┘ШE╓9╓╝█Ь┘ЛцZsц╠╡0Oи KZв6▄s╨U2,ёТ#Т>│ммeїA·Bг╗Jй?6бj╓E▓)G╦їg├┼аmьl╟К%┼Uy8Ьр╓T┴л╧i)СRшиа Н~Ж·Лa#▓т╞└─щЖ!nё°Gл√#№MXФ3gvБuA╙б╤лЯЙI▌ ї─цe +щgcЧт  Ы7Щ&d─ц╓цTЯ╝HуSbєЛЧх└√ЧbЖ}ёй╖@№e┐уVИ┐Bу╙0>тi№М╧В°л4ЮЕё|И┐Fу┘▒VБ╫iГЦXKUг~Гb)@,УQ┐IcyЫ╠и7╤╪И]╧и7╙╪bИ▌╚и╖╨╪rИ▌─и╖╥Xeь▄┬ZF╜Н╞jcчAь-лЛЭ╗bo╙XCь▄%{З╞cчVW2ъэ4Ў╝Г╪╗4Ў╝+e╘>{jБШЯ╞6╞╬Э╩иЫhdKь\3гnж_ь▄Lш▌kГЇn'Нu@ z╫Bc√!╜kе▒nИMa╘m4&CьF▌Nc╜▒sKп]4╓Яxdюw│├яG┤вjnё▓╥jЇ\╒_╞─ПЛ╟WjО╛Bик(c╘GФ.i8Kё╟▓p·WJч4·у┘UЕхE╦ *HkGХЮF┐ЪYU▒В╝<жЇЬ╛ ЕRTVH1фm╕t@!ОЖQ╧╖═╬Ю3╟╬─мMмGЕУ}gБХЙё\Ж7"ичг└╟2яО96 гf┘(я#s~.г╟ъQэН─╥Мz<Ы╘└"F╬L╦╦Зъ╘yl ■7w#~╢┼ne╘┐W*└"┤╪q6┐ 9/Т╘├╥Fг4тЬy╢┘P╛Ie╥─2╠(ь╥ХHB ЧД║,щw*%╪^вфNХсЦXD/YТхfNЮ╩Гпд╛WЫ&Bzм╜вЖQЧiGь#JJ(]╢ЬQп╨ъwаКbF╙ьъrmм2ы╟`¤ясO b╦╨ДчB s╓жP|гVЦ`Ж╤M╛мН`Є>№╜Ь ОN│┤┬▒дмШQщ5d╩PвZ▌╖Рч ноДP6HК=╞во]РЫ╗(Я┐├║ИЯkхпcNеWпПYш(L?┐вj)гnд╩ЙЙ═' ACU▒Е╦h╩ocЖ!╩Ъ╪╣┼╒┼U+ЛЧВ0 Ожic╔Є╒Ь╩"2¤ЦM;Кэ°УжvR'mуZОУ║IЪ8Я:vЫ:ЙS╗Йу╪ЙТжОг─о_У╛ЧжyНч%q▀I▄{gfБ▌E9=щ;}=┼сrч~ц╬Э;wю╠ь╬юОЯ&╥yЫR.ч7l єЪЗkS└ЯD─ НАЯBj¤-ЯGT√[┐К0Д╨№Ъ `>╛-`ЯААф%Бp3DїяD+C@d┐ э Б╤¤╗╙├1ацў&╬1аш╦sМc@╒W&╟1аь▀ ╠нъ╛*0ўR╤{0╓│▐B╔jЇцп┌ъ1╞п ╧Уc'└ёЮ╖5б{╗╫░х╕ої▌°_Hjs I═ ┤IЙЇ#Ы cDsG_Н├e3|т%╜ъ░┐HMqDР■▐▒цv'ЎBФаЯ┤┼c('С$nщО·є@х│░_:Ъп├7╛hSФ─ф8ыoo8ШЪ И║╬k╔юn№д╓ Сw√╬jАr∙╔DктРiЪ╪Б ы╙ычЦlюzф\ "║~O5/тW╝з╗q ЕЎЙЛ│R╡╗├ш:эjнT├╚╝┌▌x?2З30E─N 1▐н`Д]7─ #Rл[aSQЫ:ШRS?щТЪ▌ы;kЇУ╙(t0"нt╖▒`┐▐?VА╞[хf╙PЕувЩ╣ 0╢╕┼▄4╣pЯ╔▓i┴:╬┤&f│SDZяnBU┌┴XУ:бг┤┴mgp\Clt7й┴V▌[ГuЙ °zCj0ЦT√B╛`(Azд'ЫъЯsБЎУъ▄╪tfжUM╒<мNку╟gqf┼Dр╘КГVє│Рс)О░1·X~fЇ¤"╟)(6Ухyе┐тH+ыФ@>═С╒А─ №3t!Е¤5▌(╗░0/ОиNC╛╠┴zFЗйЬЭc┌}Ег╝АЪ?СЭЗ)GммИЇ╒жj4@ 2L╬e└ГЯчV ╨9n╧▒сkM╒\╪"миь$ ▓_oк╛йЫ4#+RYOФ8№# о"uэ Эo▓П╒`╦-Ej^│█pL╫ЖсH4дq╘KWxы Xьcу3Щ,8рХ^╤И|ЫўSа╛█╝в9SЩ╣IЁ■IЁ╤90eЫЧп▒ь┬щRє╔╙s╟чgSc8`K█9Y)KdT╪╬)╒Ў$мZcS1╓7╞f╡ёbЗW4!▐W╔╨m2╪ZЬRз┘C_'iз╫╛qЕ╬g})ЯМ@4H┼#DСf╝ї╫║бВтNiШёК5$jCдыDнJ67╩Соў┌▄хbb,∙вЪпJє▐·С:fZ╓;nЖU~ д╝╖чхЭ╪╬I╩?!н(JV▐@┌В0ЯЄB'Д╔Фп│:З▄Jц;┼бz;ЖТ╪ПOз9╥л|YnфPЛrб3jU└░|З6(Ч!t3WwЛЄQД9t╣Є/▌┬б+|ЭЙt+З┌№жАЇ6╡+я┴╬rиC∙;ф|;/бS┴ p╥mъRV эvu+е;8╘г▄К┤wp)Aeб;9VЁ[╥]Ь│Oy є▌═биВo╔ТюсP\9Г╨;9ФR■е№ЗЖХBят╨иЄiФЄ╗▐l╣cд%SWЪ┬jЭ╠╘╪8є╣╫█zOЎ╡Ы.ю░zxMz╪[д╛ь4╕┼З nё╟╖x─рbpЛ▄т#╖°иp юъeєy/ўАП<руx╘рЯ0x└' Ё)Г|┌рfЁА╟ ЁГ2у╪YwG(2~Ь8:┘zИlЮ═iыт╕╩∙╟8\p▓p}q>G╗╩ иTжCЪc7Cx7OЬ&О.&дАт╪├А Ha├Иc/ClA*GьcИ+С#0┐Р-трV Оn~}∙Їшл∙e:@Г3╠·К┼|ц°B─ьgД.$░ lОkв{є╔ф╠№╔CЩьм▐=№кT╢╝╓t°°е9]нщп■5Ж╤═3╔тD$Ы[(Gа?pgи╪BСсВ 7╠p|З#─P╟Иd░│#,_╓H Hт8*бщ╖╟ж░6Ид№╛dИ╪нЮр╝▀ї┐А╢╡LP╥╤T$╒Ч@O┼g¤/Вeц`z@фиж[a%dJйбБxjД'╙╤(бШКt ;C7└sвУX┘╣Л╚xМЮad-0х╟+4 ├EТq_*╨GкШ°D"Ц ╞ВмЬШm"╛┴йF =╪?;4HjXцP:SФ╕Xщ;ИЫq@вЦ':HOtcщ"ї╤E─6r дЪXix╡╔Л)0H,CЪ└+T+1СЇЕC╛D┬7BV▒║ёt Т %Вбpdмx"°Хи╒Й█фФGш $─¤_qяЧ>╨╛ЖР▌l ¤]Еv░ ZWХ`╛z !{hBzЭBX▄;▒РЫ═МГ\5Ч+└Ф" ·G┤Ж╛$эG`Ц╡oьж;0juПЭї╬╤*Їгю бQЄtg ¤╟^▌ ПPЗГ┼▓¤у3Уу╫л┬}Tц?╫RКyhU+d╠cI1Не╟hГuтт! 5F╢6 j0┼Q░╬в╟i .╚╩HШф╥q┌r~YцUe;%ЙФ╪RJшYБўКнaЫ$═hWnАq`6W╕1с|Пў═9▒oЖ╨bш┴║НйД■╙Кў├ E║я№bO&d╖#.╠C└д?vтН]|ЕюЗрЁaQ▀XПт!`кl'#¤)╗-ьг╪ @Щ┬+Иш█п3№├А{ё┘╔Bв5¤~╟Kp°?╣ЙРgD,Z┬н9└ыkВk H[╩LV3УЇ┬║Hp p\┼═└┌└}Р°]╢u&№╛═Д╝!2╤ЗЁ▀ ё▐ bГ?┬у└є~O√e╛Й pЇ> щCя█шсKЙ4▌№T╛gd< \°й╟7Q╩р:``├/OРВDБ°6╪У,Ё8$>-сKВ8OА┤╨▌№3` ╟и▒а)Аy╨S)ЕЕюК·B-┴+╪ Й]м`7┴╤╡(2'X'╢рH√ ф ╗жp яFМгл╦Д╝ н╤ В╙т╒\TK85▌ъh═3и╪█АыГPЇрш╜═╒l nРЎЄ:▐[?Ф╚└h'№+G╥Ў=Ї э=i;щ─З!W4+АGh Д╬╜M ? ╚}ыЩИ-b щ┐KР┐ф■ЁM▐/кў _└kX╬VQн_pIc$┌+╨Онр╠╝°AzРЇ/|#рг╤1=нcz\р╖рcя■└▀╧iом%ъ4+■oi5t▐рпАщ+°ХBl╨ЯЁ$■Б @#оNqu╫ЯвwгшШ9>╝ cO{UЁ\жХё└Мl@№║9zpuG ╧+Ж0ГХ╓АIтЯ1ЙOUH|б$ё3LтM эJ|Q/1Ю╦ухЁ▀┼M?D╡]нСТаоНр}╖ tpлhSmюQ№┴M╩C■╦╔╓Є сТ% ║У┼Imлl╒ л▀Д┴·[╜ 1 ╜█¤q╨т жO5ЇU°З▀Н~ О╨+╪aU(┴zА~/АC 9qP№ЩН▄{:└z╨¤ А>"А"·╧s║▄ЦM<ў╥U/мqыVюЎ$о пЩь ШOФ6Їh7zшJЇ5bХ¤(HLNЮ┬b▓╗9ЇL╟ы0о╤DЗW╢▀З▐╘╚PУSЩYь7sp89╦Р┼FЬж╙Сd∙Т╜┼Нo.╢▄╫J`ЄУЇ`1░Р╧OfЛй╔уЩW╩ХdЛ╗╪-_SpdР0║В kQНИк╨Zl1А▓Р▐╬╞▄!▒▐Є,╧▄л╦№ь·╗xцB~аа╟жe~6┴2л╝|ПГ{2b▀Nк▌H▓╢┘ьLф}Ыё й0y╣У┴№9 {Рf┤я▓Шф┴(Ы╦OVИ]/─тр╡/г_&╦ўUe/У:`Y3А╝√P╓d┌QGYЙ├кЪЗщ└tсЖУx/╤┌(Qvч=√─¤tDт■Сю╝РГМhO*hgхvK├aaGU┼ЭwаУ* фИxК@Ь,=u#тYqR<Ц┌#№1■┐ЎЦХг*┴-рS5г8уQхщ▌*рб▄▀6·└сAw╘М П$+\▐#р╔aИ8╤бЪ#,┴■╣К╡гI╚ПЗk╬;z-Ьёа▌ЧpИS]OыKЁJ▐F[Пю▒`LА!Є_l+GCР ╫b╙шў>рщwyGлp2К~╞;·%`╞Г^х= t<\є╡г0K├wgР·+ьНшЄ╝6M&Ч7╫>,╬ ┘[р8╜ї58Y}┐\┌║╣cўoЇОФKя┌Ь.э▌╘О)╢ЫВ├╢┘╠ёщq╚4ХЭ▀V└о█r№ X╬р╞M■╟╣─йув[8Б╕MSNио▀╖╣tRwu▓-Э,2эь"╔[yчo░eє-я┼№ўэ┬4m╝╤э╚╤Ў_I╩╙╕/╘░sJ╬`=▒M ЄNd╞' ─n┼Р╥иэh5!╢aаз╥Г!5ш ╙╤Рў%R_яф├Т- Ж#Дъr%/╩e1r%у╤^цщM┬8TQB8ъыe╪·РX╦▒бa"ыр╨@,1ы╔ф^leЖpJ ─U▀`Pї'|Г└k√Єx¤yОd ХLТ*Ы/Ъ╓▒GЩь ╥щи/RcщTo Ц└к/"Ь:$b╤Xo:джУHЖ┌ЖHuЩКG*╚5e2Ц ∙щ╥ЙL'√ДЩ╚ ]#АА(зwМе¤║╢Т;'uХ╠Аїш1и&√bЙd0АW¤I╜СЪе╥Й┴$i╨┘.ЦNи╥`уhd Т"Н║▓cс╘!_Н ЗаС▒ъ■╨`( А│Рж2k4р-#ё5Ш* ПРfг▒"ГБ`(@VЦ▒╕+ж7ФPГa╚┴▄-Ф$л╩ЇX<е·z╙дE╫оx∙эХHи╛`0A.╙iНR#╨юЁo`g╢Y}rYc ьP&°╩░oнhЦd* hЕ╡║ОI·вС^╝Л╣:X╔ЛТdЭ╤I__Шм7т╤TРl0т№)▓╤мh╪ txжй B6щXВ╥I╝ю%ЫuцDУЗq'Ў^ $[* с¤зн║N0╟цє'╔хF╜·"м╤┬0┼жкщHWIсp"КУm·RjW√╬о▌и▐K%I[Щ▄ ╛Чр.)ВYк╡▌с╥ГЪ¤г1p@╝Йў┌/╞┼.║Ч╪vШГjаyx{геJЬFN╝ %У\^Ть4ТQЧv╒?в╞Зc ╥it№иQЩ9╜ЪКсеzr╒2,сDlА1эZТ [Х▀HТ▌:5Xш78v8.Ш┴╨]╞╓с╖ {Цф(СўЪzW<┘Ч√╔>│guт╬dT"├`иnг╘^v5Т\m╬╡гг+<рS}>h▓▀Lю╕jЧО|НЮ< ┤ЛyE╧2МF╟ЁUpъЖR┐БкЦ▓*▓iФ`E,ХaЄР/.&У ┴TС+6p╦x{о▌╥v-]ЪС├l[ЗUюьфйV>╫╢╕Km▐Z┬цщnл╩v3┘eЮ2╥О╫2╘\╘╕▄¤9\┌avo n0tи*k├h:АJ,█ko<`Гzl;├▓l╧├смe[ФлQД┤л╩ё$КТn_┼й~╤╗5t╬Ї▒Ь▀┬П╓╥НК╟))лФZZgw7┴rjq:ў КnДЕ╩^ч>чg─╦ХMOЄ `└Д═C%┼щyПУ┬^├∙eфя┬ ╔АpщUШм▓ЫIr^┼N╒LО|'╒Йкй`║pcк^м└н0Е[╢6Auj;u _╙▄▌LH]гОь tss─ГE╘╦мЇ^ CщНН╞ iвФеРъ] ╖▓СИY┘@P*!л0AHЛYc`╛╠CMu\▌d╞мй1Ч█*ь@╚Zр╓▒ол1╘k=Єa1╕1╦М▒╞Ш╪Tj.'зlо╤Y єn▒╟~'╢nЩkырjъхкР~гт╢╒╦▐╠.│и╢Fю┬Я╢у╦"█╫┬┐╞v│x щ╨г▒│╙рМЭЭ║·єж╛╩И┬L╗┌ш5═Ы╜╝╟√>?│╚nYЧ┴╥ЇД▄┐ыо│z┼ я╣√,%я}°й√╜m┤,жХ╒fЯlhБюNx╡zЎ~}оИЗч╗F ЭKh╘cи5╫╚чдщ&$·/╡Ї╧¤N╠3ьqbf╝|Ъ+(УЪИPg9.qзЫ╩2zСЫР╛%D!9т<╫тА1┐`ш│n╢иfA─pУГ▄ЬД─JН▓Ф тzє(╤Д$:ЩкI┘ф ) ╨╥m─╪шн`О!sбн╬N&їРlЁлa│╟ЁFAЩ▌═YE#r╪А─#yF╩е∙=!G (& ┬0мЄбо╨gV╣6║<▓14Ы├▓Ан<┌╚KuLЫ╓mэ╞ оh1л ;Юг2`:╡шV▌Iz=е▐с¤m= ¤√OЁ{ 7IУ╧р$Д■_g)№┐╠Я╛'█ ∙е.└N╢хччЛ№q√эЩь°ь┬─фo╚╛=WШ╕fpуJ╙DР╥ а▀c╤6Гoй8Щ╔fЛ< У>└o╦└ фЩ╧Oтz╩▐Й╔)тжйbaВЕт─lц8OOцєlя Ф0Ц╦p\.?│▌BqoКJhШ вШ|╖7 ╙%╜&є┘1T╩ZRJ█╞Y╪vб╦щ,жТKu┼ЄD}╞К3<╒═nкl╦dў│цУ)й▓hўтд7a╬MmM?Че~ЩJ▀вTЦъ=OГ╝╥Fхъ3ЄJщtЫ,┘жхfА%█WJчzv~╬#╫B┬VДЇI┘╔ЪР╝Z╢┘шY┘.╜С╩оYЖ│Ї0Ьи\7 ╪П│d=&?uX▐аI:*╦ї▓фСй═ ╥▄╟dI··SП▄ИЕРэ╢Ч=▓╥v█s▓╦F(╩&=eIЯ╙e▄ЛЇ│Вё!d┤Ї▒Eek█А<-7(!(ёr5RХGmRўgeщ└VЛмHchФа┤Z▒╛╥Ф┼╘ФmЯєX%y╡tсiBхЭ╘j~е:├╜6 ╠Nщх3╚╒яJ╡M·Д▒щ; m▓C:UФ-`1м╛┼v?"╬Ы]z╘VЄа6gБ█!}cБ╩нТcXоТPЪфlУ[!УBl┐'oDЛ╖БJw▓vРбЪВ*█юў╚ ├▌.пE▄Г└6"╦OО0Ц╒╧╩Є)yuш=З╦kчw╔)ї╦ ╥r У▒ПXмЦ Й К╨ОТ│жY8 Wб╪n└╢╜|Тємl};`keO?└┘Є╣Е >╔─Xl╖Б*Юay╒Я.#╫H▀%`p8∙* 7AЯФЫЄ└╖LА№hєЧX╦9Дd┐ь█Z└.\D√(╥╦┤ёИ│I/вЙ=А╞╓│IXj=Ъ▌&]а<ч#ЛЖS╧0еRоЕ╙0kZЛm}Х√ўoб╟ф6·╥@3ШТХ'хi╞┼3╜ пєPщ:х┤╫n∙й\3╘гZsXlяЦe *QЖХэм3Б(▐Pv██нVщБТ|╠КDщЛрvщ√фзP├├P╫)ц█PбO▄вАTє▀0 ,╧С┴░и┤В{╫╫╦uвзV▒єс]Ш╧&UЭ]О· zЦй╘╧·├╓aЩ~▄"CД╟XAЎСеc╛с╞▌°|v*3╜=││kD│╙╙Х┌Т№жХE╗=)¤М╨uыжG┌·зз█пОо[gб 4╧КЩ}+┼@╩\ЪЙ"+`!BЎщу│█Ё>гИФхЫЛЦ ╖cчЕn¤├oЎBГЭjн╢+╤2Ю¤L√<о╘╨ж═.AW╗хO.%ф┤ЖSX█╢╒"╬цЭ8AWП%шR╚M6o2Ї╗▄┐cё╗╝яФ|о╓;м>╫Ц█eЯл¤6Ы╧╒їv{пы<Х·-WЧяiW╗я╫▀_╗Z}_ry¤╧╗▄■P╦▌╦ТM·Щ╖A}ЖA╜▌╝╔╔L7я,z щ│/┌ён|Ц╧х>kё╣╝╖JYЧ√)ЯK∙+Є·S╒Ьк╜┼2А{NУ sD█ czс%╘4В√╨ NТ╜Ah╣ЧВк╣Iь╖к°8н*╛т:╬6]ЛЗd}│Щщ,~3Ч d▓є∙ф┬ё{\[{8\ЭbЯ┌-|63Ш╔│ЭзЕNьЙo▄МЪ)ж{"▄ЇO╬╩T╗n>═dпЯ╠Чфг!°nz╬╪s=▒Й)лэЖRs┌vи╥╛kуkFuп-┐▌Sзз&┤\М╨ЬU▄м╒фТ╧Ё╝i¤s ьЩUёDnl*єу╙lзпlЕ=EcЪЄЧtЪ└ЧX░Ь1▄/THЄЫ_=л=бЬ81ц╦NаЬ)yГxMApv╓№ ` i?зеk┤]у$n[ы│╓2█="¤иg.F╥е╡в>м+JK?a)щ yС|йМ╥Т,ZеOСЫ╧¤{Х╥ъ■МH|ЯЦy╡Ї/╡Эа$NEй╡%ЕJцh┤ЦPцBXДРЪR╬ФЦsE)gъbъщ%м╨┘LKo,5╧╨ы"i)I╥Тї:Chi╡╠f╢а╠·Xйfи─Y"JеUqлУСm лPЄЖF╘╒ш╥\KЪI3└{┼┘AJА+╡лр^вжФ°+ШОЪЩP#НнO│;TBKЯ.eMV*QЩМ╘WQh║2▀╡ВxgЙй┬"Д,ттrLe6MU;)РЭn&ы4─═e┬-Мpq7ЧыafБzШnй╞╢Ц├з╩ю5є╪▐Ъ0+╣я№тТ!рBйЯ[K┼╛yN~uёЮНyЯфїy5рххг▀Л┐щТ─°єZ▓▄wVЙф■х║!цЬ╔y╧Щє2deю┐_*я╥: ўя?█O[чi^t^Ь╤Шн&0 ┤и■АИ▒КєўEП■е8юЬчq╛WЬ╫╗3¤┤▒ыВ8Ыc║∙хЩг╙в┤4 Ф└g─yNЬє&9oU▐ o┐6Ў$~ёАР_┐ ~@K▀ ┐ы─ЩТV"]─ю&№Щ9╞├0ў|Щ Я┴IT!·yЙ╓АO|U╔Є<bтЧрAПm╜╧V|\╔╢╩s 9╕ж╬°Tп)~└щ╝}∙\wP|ъЄ<°$у╜Ч╨Ё9|дКъэ№mdZFgЎ3№╢ФtfKoВ╧{ы0м═╗ ї· ┼ўгш1╪Я║D-ъ!qпA├M|├эЄ╣·-°"█хyn░Ёk.e}╬ц№%,Ў░▀▀{ лBт╡eфhyo0Ф■П|QюЄТё╣═▄%x$|qюЄ№ьf<3╢е╩·╛Їo  ─] pWu^¤╪Цd?█▓м8f╨А\Eqь─%nF╢д─bdG▒х─uЎн▐[=н╜яЗ▌╒Яёд*їL╥РtuЗ╨║н╥Lж5 изMй f├дрi=4эFS\43ui:d└%=gя╜{ўю┘╖√№P╙ЭЙ╡√э┘√Э{ю╣чЮ{я╛Нцлр┐жЖ°╖QЛ?mb╫√2├ DПfЎз╒ЧycЩжQ▒5\fЭ/╙╘W╠fР╔╢└}_fw,╒╗x9k}Щl;УGўШeЫЁ╫Б ~∙Цжr3ЕвU*№Z╬ёF═ВUъ╬б▄эPNзпiз╓_+нdzДМ╓эЩ╙Ю&ЮBv┤Й·hw▐Ё °Ы╤Ш-ЫbJюu]№█  -п&3═ к└∙2_жЕ╩TШ╠И╞айбГЧиh╒∙л Л}бAXм8cT*╠L№и8V╔Э╣5тt.V  ~ВXм7░╪G┤└Y√[lZыа2▄b╢V▌b▌WHkеd│ъbКп>2Ч|м╥▌у  ъю_ЫЩR╠Жx№╢рr┴ЕЮ C ]g╢п(OЭkY,hЛKA[|■]б╓Э┤Е╩х╦Р╢P█╙Чсm1зе╖┼M┤E№╗Т╚бЭ;W&x/п╫▄rQ/"╘лSйWDЖ╫k8и╫Z╫'╗D·ИИЫфєYн║ЭЕ>є ·рё|│╨'╛чRЭ╤/т#Ы╘9ж▌╣╬ХЭЕo<п ▀ИСйHц╪ъР╤▌whдыш`▀68o╤т}┐Я&╪GwM╧p Ує╦лўSaЯ∙└>t°Ўщ╒╥█tVKПcч╡t√\╨к█G╘╜sU║п.╘рл7Wпъ╛ЪM╨П┐j·─√*_╟6Ub▌U@f#фt^Зj╒╕╖0фы_ ┴у▀бЬ╩Кш°%эєв╞Zе>√╠Ў╔P▐ю Zz╠╝дUПЩм_ їя╫кў .╙╫Ы$├╟┴NMXu?н╗_N ▒мRО'│ўhк╠╨▒сtЩ╜╗Уd<█э:vьX ╖J5q^M?о╓╨wfW,M▀Щ╫╥√╬т█и╧ВЦг№╢ш;Ж^Ь▄^}{╡TЩ┴c=щ2{;dЁЁc▌ъД8_4╝q╙qfWд╟yi├7с▀╒к╠R┘РўпYMш▄█@Є1.kщ1сЪЦ>dУь3VqL g[к█ЗЛhБМ┤X╦╥ММЙу╓X╘╥G╞ы5Xc>┴AF╘▓╘╜)бw'шГ╟╧ЪЕ>╒G╞хhШХ\╞G╢ЄТ`╫а @┬Уs/█@ж▓*<Юю[╞F)s`лН░x<ЖO%╚PлЦаN╖й╗ л╞Нз╝]j·PПЕ}ЗyT-З{╘ нЖy╩Ъф№ $iM^s°╚\╤┬Ц  ├н╤╟╩AоуZ╘├o╞ЖW\ьхЎikЎбs"aЯ╬ЖЇUИlВ}D╜▓нK╙у╡цM)эї├eBЯфёBъ№хЖ_e╝╕ое╖EgC┬Кў∙+Нв^8;Zе╩ЁЎ┌▌Р!Sьє?аHч║фИЇОхLgщ╧└S∙u8Э[О?╥в╚XpЪ╔Дe~Р∙L┤_0}Pч╤╞_%╢·yoDЖ╖┼╢а-╢Snч■└╬[h ёуFk #╤·Ыщ╒чц┘Жъ#м╨'╗D· k5мo·╨╡gб╧|В>x№ёrбOї╕Кc╫еїa ∙*z╘e ╚ВВ№' =├╚JH╤* ▓РE┘Hg[dб-ъл╥Ж▀o"є╕Ы░a%бMЕпО╘рл^рл╕Bz+СєcBТoЁХф─JЄШq╥д:} x·},R65tk╤╝ПoБ╠у╦XПijhгЕр·рn█w(hd╦э\┘$ь╝Гъ╝Dv╞уMl},i?ўApўГэГ№vl9╕╟!v6X№Q╦v■╜fag█-фr;BkЎ┴┌┼жещз▓юЭ▒:cЫ■m╨ж┐hНоєуБm·GAЫ■~l9h├м&lИ\1JA╤П,э>[ОW╫ж╟▒Ы│Oї╕:WK\M╨ПУ+Д>╔∙Ж╘∙~нZюЧ╒╥█4Ig7fk╚¤k╚%цSъ~C@{ї\bмb∙╗%A╜|ЇIМ┤Ы├єЭO2л Я├°▄F.Т┘F╛HVA~М2╖ЖС╖щщ #mРВ-╛;М▄Hяmaд╙┤ўЕ\ЮZTРУА╠╜?М|Р┘ДСз╣╛=М№)rэ єВvс?=nW█Л°F╠z┬M°╞SБo╝Ae╕o╝°╞%НE╟РМ╪kk╛Б%>B╩Є╟Э ∙┌чЮфр+ ╙│'<.Р∙g@оьЙZХХМь5V[Ю╒Ци╟5ж╧F╧7╓РUолn1]/ф╜▓б ▀Ыl▒В5▓+D9╒gЇм┐Х┴ Tu^*√poЩk·V}п?иW├▓Ём╩>vЮ┤╣Ё14є1▄┘}┐*#ЎЫД┼Ў╟zР?$°бы9%█,i┘\ї^╪''ь│Н╩pХq╧.u▀su ceS √▌M5ьчfк╫}*ч·uЯлбюsA▌▀√^ў╣ъ~бЖ║gъ╝▀"ъEkAu╓║-ъ║╗kЫГ╚.╗)Вь|╣!В▄u▀ЄсьЧыbя$ьy┬■a  a┐R√V┬~Ь░_$ь=Д¤Х║╪;√a┐@╪▀C╪ыbo#ьCД¤_}й8ъxхйЬ╓9^┴-г'ФuдНА╠)2яфL хрtYЫ/ДezV)їя~ k4kb;OЄиo╛│Я┬ч╦gГ∙r/Хя7еп╧'╠Чё╪ГЫlу╒э<Х;G╡╣qe/ЮZ Р Ў∙n∙M═M╪gоЖїДлБ}b╓m─АMщяk-ж╪ч0╓╘J_Ka2X╬;5▓ЖFъ^}ЭнЦ║▀hJ EX[s ыHыУыЮC▀8Q▌7╞НR▐6й│П>zКy╦sАdD9>ЄнЄЯ┬Ж╖jd┐Ы█p^6╠Pb├ъяP57з█░│╣Жў┘Rl°cиiчЙъ■Г╟гИ5:kр√yС7╕╕5j░╞| ╡&░F╠[Фтm▒м1ЯbН╨хzК5ZёїБЎЫоЎYнUыqЧ┤V╢k░╧╓цЇ╒╦сz▄bК}▐ПU9ЩlЯ╗A&SГ}X9╔Ў╣в-Н}:k░╧ёZ"╥Жd√┴║з╪▀pям┴>Щь│и-Н}║j░╧x Ў╔&╪g╝dёН ЩYНyу%иe(√▒%и{М╬╝ю╫╡ЇС:▒ю,п█╤&ЇёwЫтdh6╕+Agк!╒'╚EI.zНфв¤d■uОоЎ╘┼■ a┐J╪wЎ'щjO]ь √9┬~#j∙╗Ў,√y┬~Ъ░┐J╪▀$sР▌u▒╧Ў_√q║WB╪G√E┬■|]ьGщ^ a"ьч √B]ь#4g#ь¤Д¤,aб.Ўa║SC╪ўЎ╙╗╚├еМ╚├CхИ7U▐╞<\·$фсд^╗■_u▐y>╨╣zN2╘Ш*sўвMc╛фCъuS▐rЕx╦K$FuС ▀#9v}ьЧ √┬▐F╪?,┘∙пH>╙єе,│Ф?&9╜Zh╪▀^oгoр1╖:╠Е3k*°' │-a▐Н╟ч@╞KЩw_ЩWоъ_ШЩOШЫы·t┐4"╛Ц└Vъ╛ %/ЄзЄ "╬3фЧАИ}jЖм5Е?3ф=|щ┐1@vЄ╫Щ!¤А╝дФє y9╚UЩ\#╟nЖ<╛FцQН°жещ8eg1xяП╧В╠A9║]╬┴|-d╓╚╒Ж|Н╫beА\dxE╪> с╦Їjo╜хЧмO█°Eё=&єЛ5r╘cHKл№ю C▐┘╢╝Ю3з-p▀l>мсЭ ╙█"dжrо┐OtIйщ!NШ>╛ ╔ДС▀с2Т¤╙нbN-╩yРsКх┐ф?╒*чхVц╦yн5ZўЯ╖╩QЖ█ъ┤_Сi_╦╛к─,п{╢лCO▀Ka2ўмХ_у▐ИxOЖ!ПоХ3)^w@:о╙kхZC>╚│JM?│6ZЛ/rQС∙* ╫}■im╪[Кf1WЩяб л■ыZVк┤№ ,G╤зuЭ№^oўuЄW╪ d8ЁДвaГGk№н3┴urЭ\НлЎ╤МАзЖ=№▒ur■┼Р'╫E}у@┌TOX'WЁЄўывqу:Цгx]KЖ¤юF>ukЖ¤ъI>u; mJЫ~0#╓[D╜╥╗,№╘╤МЬ├2дРС_╖рq##┐│─Р'Yг╘т│АlSd╛ШС;╬ ∙ Э-av▄пы jaМЦ∙FР╨?╩╕а┤щ╓Зї╤ї╝mы║GZьЮїZ^/3XЖШых/Є1@цTў╦щ ХГ╗"│К> ыгэї @║ВТs▄╟v+ї·■z═ўи╨x╚е {╜№ЎCVАзЬVd6ЄВRЛ.@v*2wl√╪ °у6EЯр■PЁ╘a█4С╣вXь├Ш┘Eд-Лх╝9пhX▐└ZFz┬cdЮ└РП▓U╤Ё@о(\╧"▐s`╚Ч7░6Х╚╒ 2╗Ё#дЕуrП┬ОїюQ╝N█╚Ц╚║НЭ├╛wc4·▌ HптG╣жЇJ№∙╣└оU(╢xЧX╪∙гЩўJЛ}r#SЛqсяr┼ ў;S@цМbН┐Dм╬qklМ┌ЁИ(5mВщB┐b∙   СЇ▐wгМ┬їАМ(O}Р^ефгАlWdL^r(f╢1;Kл~РE┼к▐╞Nе>╚ ┼╬▀kУя1ф'mтэa▒7█фZC6l╥° ░Рy 7ВЪ┬╕ГCтo_ Щ;@&п╘лw╦1еЖGQ,fт)╚щMс╤П'7▒▀¤Е╞ўS,"Й╚C9F╢Lx4 <╡U)∙o╔(~e√5ЬФ∙■жpщў#ъспГМж┤Ec╗\▌eH{╗xL╪ч6@║о;┌х^-C·┌хЪU#╦Я цТ¤(╚ЬU╩)╖у┐ЩРЭЯhПОD╪╬Їх9ф╞#ЦЛ╩■ї|╗x▀Oш№ЧАlW╕╛▐.▐╩2▀dA▒╞ПiVуs╗▄uх#їf╣6╚РнАь ╕╞*жЭЧ▀ю96╚z▌▒Щ═/d╗▀ ╚Eч7│_J─фмRўi@▓ rР╙╩SHЧRпч6Л7сЕ5╛╕Щї\iНo▓D╜dNбэgо┼═тW,gl╩▒щЩ╬~■>V┼1ї▄O`?йьъv╠▒КчtЛч,╧Ў▄╝SЎЇ▒▓У3У┼fJ5H╣х4)ю Q]╖КF┴╘G ╫Дб+ЎqгR╤╜ЩК Уп╚цсЪ├yх '┴ ╝ a}ЁрсС╜CCz └╛#ўыЎОь8tИ┘у,(в8нсxмe#∙ЄФeчsЖУЗЦЄЁ│▄0<МтTk╜dx╓дй╗ь>[,IВ┐╟ W╧х╝▓Cх▒═pbП5╨q21j─╦М[╢єцtотщт}╛Шкш║_ШYЪд╖¤╡н8╘ИAнXY╠-╢J"╞▓YХз┤+J:╘┴мxV╣T╡№єЯ┴wIў_▌[CWХ▌0╥╜╒лpЧЎ{1Sт╘йSjG╫їB.з;f┴rбы*`▐$p╛мьЄиaыyhpWAr>Bl┌7Є└!}hЁЁt*l: b┼)3пgt;W.M2ўЦ╛ВkкыРB∙▓╕╡ *Є'││p▌_ДЖrNтч%¤Ж└╤█╡▒█Nfи^1н;w▀е;%╧*ЪЁ8Ш╓└вж F█▌Cksш╚┴С┴·ЁсБ#¤шЗЖшc╡8╪O├F╥z@├ВШ#▄┬їО╕жsо'РБ№~`!T┼╒╕┤7ю`╜ЇУц kию 8,╘'t?чjт╢О_0А{·╘];еАС╧иК&Sх│XЖр}D:t}¤!) j bм▌бV╙я│J∙с▐.С╦}3Щу▒вю7=~у╛▓│7ЯwL╫Н╣┘WЖ6НФ40mц4Фq║╦%сГе╛ ╟1KЮ/ФkЦ&Кz╨╣lk╘1Ьў╓$│Ци└рmдч&╜╨ХЯ:╦╦)╝ЖQ╚НИP(|i!ИB`╨б┴JF)tg╚╗-╫1№h,штykZпФнТ╜5fЧ ЪН╤ыBШ╢єх ьВ┬f№Ў█I▌_f╥√wьЕ╦Rф3 1║■СЙ28ЩПУ~CВ╦Яp▄qk╠уt.√ФБе░Б═?ы;╠№Ш]ААзH=gЫF b╝ояУъT`ж Cя┤З ТIЁcA-9cq┬Ў░я░+k╟hчзХЄ╘о╨еV8Г;╦[cc№ttЗ(/ФQ='D∙╧P ]А ╗ё╕8ъП╧▌;48єo╗ЇцЪЬгЯЁ▀Y`A яЯгыVyTЫ(х4╓В╙йЯ^╣ЯМD╔╖ГаЦTD╩m┐Щ№ЭCЮMє ╜В єvйJ ┴o·В╒3&)ю·вёЩdў╘ёRgIюIv╗"cЁ▀─ХЧї╥C╗я┌╡ы╬]_У$╞а╟ДФa/G┘z┤Ос "4№{Z▌┤я▄б`P>Ф1Kk№┬Ї■╨8нTJф]:║┼Ду╘4s~├яQГn ╛╛├CжС▀7уЩ╙┌a╙;RbMХу╘}Цэ∙г>╚ЧEё!>ркеdЯ║.├9c╚p╜Ц─O <@du¤╤ЮУh)є ╢NП╤┘╚Б·╨┬<КVr!У╤╦cX F p╦ НыPЭ █╘- └ККїC╡№▓╣3i▓ВМю▌ЙQwлиOЪОЛ╛▀d╪)зэP#bй¤ж ▌уЩЖU╞Ш▄гтУ6Ў([■y╚╙ЎГж3h`┼┤їгшtY@>╟V ╣Ы┼W╦ЎеOцЭ▓JШПыvепШЄє]Тb▀T3IЬbr├┴g─v┴ !╦Щ└█гоiЭї-ь"#хЗн╝┘NЇА>▌нШ9k╠╩ЕЄ╣╘МSz╧╕iT┬N╚уГьёSC┐uq!╢Лу*o·aШнГOiС ▒h╙Jд╛&cЬСч<ПМйx╥┤=u┌Xk▓.ХОEBw+╗б~6АC&йA╥╝=2Я$ ╤IМШж@п,ФКР·кЁhС├wr╟4\$╞n╤p|хЯЪ тт▐╡ГЕЗH■,юV╫2╠И,дЎb¤Б╖dо"╙W┬╝|ё4.ишШ%`ї зi8p>n╠т=ЙЪ╢Ж.kХfBщ 7фd.g;Ш№rCЄ╢╧EКН_ aъ╞╗ЫеВjUЗ(AеЎ ]Э/║У(^(Gk┼xi ,╝═╪&^d└ГX┴яЛ°3RВТlm\л[ЕР!}ЯГ╢ВKЗ╟╦SЕwр╙Ў─u▌w╞И█#╔`░L@#Зb▓░ў$=OA`╠ЫьЗбШGxЪ├▒1W \пhТC)┐╙EZ9bI╩Кк,5ЄR°Ъ╗Ъз┼ч╡ё ЛCдP╢UJ└xUВ6Л.Dи├O8wa^яЕь!є╕ 'X┤:tFh╚Bк╚JDгu╒G┌╚H╞є═p╚Кд9~┘╪╞╨LEнZЦHUТЁсУmвkб╙ъ╦д▒ ╙RСа│·╗юСш "▓$5бW'u┬яY╪їa*Я╟9Нm\┼щВ╪Pu╓YєI╫;й]y`U╔°` юЧr~23│ся┐sТШОw╨иB6e║╩З■°LЫ▌гЦ ес■┌'и║╤YЮОмK╫░;▒u╡┤?}┴RY>Ч╜ЦїЗ   PKВ·Т╒╜РЦwPK-/_▐Vicon.pngЙPNG  IHDR┬оnБъоPLTE^╚Sе9tRNS°№я &є8 цс▄B┴╦zI ╙гА*╖2ЩЮПФъ╫░╞k.p[VNи╧Ж=u╗│_SКgcм_v#ИIDATx┌ь▌ыV┌PрЭ ╫$еEnjлИўъ╝ ЛїG╗к╢DТvHNц{X af╢╨Юн^f▌Q▌,7╫CбКё╧ё╞Y╖Дкф)┬?юOЕкb╕╞ Ь╗ЖP%╘╪jYкА╙1╬ПЕмWЯ#╓MG╚rэЯ Дм╢ ёйи-d▒┴;Дu!kuF╪)рkўР└№лРХЖчH─чsa+╒║Hиy$doВ─Ь/BЦёЦH┴y▓JcНT▄B6Щ"%ўзР=fHя╗Р-Юaв/dЗШ┘┘рж╬Д╩яцжМЙХ▐ ▓{BеЎ├E&п|Ф┌УЛМ&МКЦ╪Щu┘*н#)0,lЫV)0,lЫп>R`X╪6зsд└░░mъR`X╪6э)0,lЫUД╢═`Б╢MgД╢╬╡Лф╢╨ХГд╢╥╡Гd╢╘еw└ЛP95▒├┬╗ї▒ ├┬Vk∙°├┬Ц╗Ьу3 [я4АКo ЧD=DЖЕ+б!├┬╒░Z`+ЖЕлb0ВК{ЖЕKвsГ 0,\%╟чP╤cX╕$Ж]|└░p╒╘юб"Z ХBэ0,\5▐+▐cX╕r╝1>`X╕jS╝├░pї4fP╤╝*З3иp/Л T4∙9а,·PёйpY▄A┼Tи$.аВ_Є7X─└Л бЬuFXм ЧЁЩp╬Ж=ухЦ'√w"д&■TX/Jq░'д'■TpZР┌Ш╦ДXО╝╫М?╞▄6▒o|д*■w┐UМ┌╪ХP^fx╧┐_ч╪/Щ╩═f/█=Ч~cm╝d·[╢{┐$Й б\\l▌ю9№Ц$╟cЄё│▌sЁт C╣╕r═╢{ЇЛГььа=¤tq╪┌X /Ч wbа╙c"а ,∙P█,╖¤ояHm┬╫_█ KC?]д╙х`м╢~очЮ]дq╬2└VЕ(єЖuї{s=╬h{╠┤рж\q*V█ХЫm┴Mї▐▄В!░X╣¤ч╖╠КГЬЙ-Ж#'√ВЫ┌╜╣░-дл╒T;°Э╜8pB█епvЁ;{qp╬Й`*┼-чIс▐Ь╧.╕╢vиvЁ;√╜╣&@┌p╪Г▀эИу└З╙╛╕╗Кт?VРоa√u╖╟{s+ ┌j]ь█╔▐КГ.з`bи└Є?∙~▄├┐▄Gбэ ~▌gfVуP▐c╨* ╒ю9Ф│┤МЩЛГ}б8┼╛щa~Є▌[тпНPмB_Ї°у┴ш░~ы╙6ЕА%s_╦ЁйфЫ╨6 А)ХЖ▐КГc@╢)NL│4t╞P╝┬└4KCАт(жYтыгP░dLs╨еП▄D╠sN=@ОB&:▒wЗ[i─@Е├ВBUPКв ╥Bе╓"UP▒є■/╓Ю╢ч4*Б,▓╔p┐W Lю╬DцрHВ:дщМ╩i]PuFдq.┴Uш:г╤n╩ЎPvF╧ └Вкqс! хK┘6ъ▐ИYXpе'Гї─Аy╔8Ї┤Ц$0▀ПЖР_kЮуўQКў`РGJШЯОAI`╦╨·о#╡МuяёjХ$WЇ~Ю╥ └№\P|∙I0єєУ_└Jй`~f№VK4є3eё√ щ`~NX¤╛\┬ШЯ╦▀▌└№LX юФzцз╔<└)ї╠GF тв є└0i@ёк/@9ш └x^ЛжМ'сuh └╕ЮП╛М╟└\`\АЎз3уt*░╖Ъ<:h └╕ьImfлsx!▌`=и└╕╗КЎьп╩Н┴bъ0.А.▒ШHЙ-A╗А▒#╚m'0.@║АA╞@0ш└Ю #Г■М pЛАБ ` └@0АБ `H:lYЩl╖K╝8ц▓/└`!╠$V`A $R`AьKдо Ьv ! фJвЇЕ(РЙ─И,ФvФ╪r┌╟@M╬└,е} DPД_АЕ_ FRWb3 щE"C╢Ъц1X`С┼``БЭ┼5" н%1╔n ┬ъHL└|шАWнИe╪С"u BыКнo$/░д╜Иm╛╬О ░Фї┼vcМy╔$░Ф ┼RйЪ▀n3ёFЦ╕3▒M═O% n╩▀┐-▒u █5"+FGl-є╧qM|А%m*Ць Яс╛" └rПБ╬эНa ж~mPМ▒їНе7Р@ └ 3_Є╙=Ф ]ГвЇ┼╓5пьIХЮApю1Рэа.N`4─vi▐║К ШуUП▒НЙlUFVиb[Ї╧╪h╩{`Z8╞@╢│Сl╧▄аHхЪc dkOх-0%z^=╞▐е╝Cж┬W▒=>$√╔а`b█7.х;▒АiQ╦└╕U√▓iw`ЕkИmfЦи~Ц═ЪoЬg)ы│l╥Ф(О1PАO╚FЬМ┴ЙX▓v╕]R░╝M╠J▀└TqНБ▄цШ"╬1Р█cFжЗ{ фЎ╜DжЖў╚6.А)qъ9lцУС┌╜A$Ю╓╝═s_#Sс9╧╚ЎбBж┴ы1╨Юё╫А¤bяN┤╘Д┴(', "*и╒q▀W\╟Щё╛ Л╡=зчФ╢3-┌Є╟ {ДaLрц&б╧ФИ ДКЮ╟0Є\─MДВФ[F╬В╚q[бжтsМ╕qбh1уmU─xBYл#┴ eБ╕╣PW ╕F╪-√√Y{╔0║╞И;Й4>5╕F╓1╥й╪}.АХ!К3ч\г╔═щ═М╕FТZ Фe╦HХ `Et╧┼╡Ю╗°-Пп,д┤1P▄з¤╕├0ЪИ╗ eж√╘Р\#kЧ)*нц└HK╒╢г*ТM┴К)] d7_\╙Б-│ ФсErL'┼иЄM╣жС3тvтw┌╖б.АщхО╕Е°ИY?Rpо╧ВЧЗШкx▀zsuРВ▒|:ёЄбUЙ_-▐║╥ШMЎ╝Ў[x[─m▐Ox╒M╗o╝ЁC┬qюП я╥@ ▓^ FDА8[|╙█╠-д`╟:w╛▒%тjтЛV,сUтw\° цД\Ы╖ёiXўW>юЕа3r /б╦]Ъц╚ъ0nЄдOЧЗ,╝╤╢%aдf═7\ё"o p┬√╚&P7s┬лН╘xЬЁjхУБфNx╡SWIxy╥╫OШ0с╜ёЦN=]ё'╙И^НM9с}h%|ьЁ┬ пЎЮё╛*'╝Пa°~┬╦Ы╕┼?2O.ьСTоме╢P4CLЗ^вь¤ф ёХw▌TДВ■ўДўЩ^Ъ┌╧sqЧжB(8╫ '╝D┘╖╗─/╔Яgы╢уIЯм╙╨┬╗$я┼╘_+Їё▒. мїV┐K№VЯ Їe┐╬ЁG]┴Ї╘:ZHb#ШЖJCЙd$║·щE╗жЧ╪уOДf╘Jed@═\0m╘&к$o╒╓Еy╢Р╬еЙ╜ПwpЁ *Wд╘М<3ФHKrеЧ<╖Г x;qЎ╪@▄Єбэф#юvSf d─;;+╚╩МмнГЁr╨░G╚A(MеЄ└ўЇ╡╖РЗЩ`$Еr▒М ╗Л|x№HQmЙЬЁM}Х|фф*=ю9йrИа║ГЬX|О3A7ЙЬL9 h'СУo !hk ╞ ┤3Р #тщЯв╜D№'¤IкKd7;Єa?D dUхзOWeКld╘ф 8]5Щ╠V▄ ж╠\"у┌М┤╥У~ызnГ╘Ь17 ╔;Iдф╝Ёузпх!c╚П_х ╥ЩsрлЕйtъВщ└ХH┴9єA░z░gHс╬╗╛u1Ж:Л█╛┌p (ыє╗┐6╠T╔W┴┤BХ╧+╛Y8Pё╡n:Йа╞xШЫАьvлRънГ┴║WZ╘4н╕║PуьЕ╛┌е╙mї4ю^Ч3╧2ЁcъЧюquш╘{h@IU╟щ┐╜▐п^ве/СФ╫о\-ЖД&Ф╠┤ ╠Rs3щwдcЖЇo7_BEа╔V╧rхыУў d╫╫)╫ ЫP╤а?ўЩе[╪ фi:д[Еm@AГЎд╖hЖ▌Г─_Q}в97║PР¤¤Ыюыдaсп2"К;б#$╫!9 Ч╫o├@тЯш╗ВШЦDb╜1╬t╧W  RTдДHLрL7╝H№sNHк#у#▒Э д╖Щ[°OB%IЙ╜*┌╖a У|TLРT@c`+┬ЖБ nDуп%╩▓(╝█┤w#┼@$0sСTё╡▐╣!QKGM.|0ыc3гЪРМSф аЎY(а╧э▌щbЪ@рсVDН (ввx▀вЩў▒╓ЮIjЫU9fй▀▀■h;3;;k╙яЪкёсЗ║еє]╖'┐?tD6═- н╝n#ek .@6;└ХЕO%т +С·─Ф121╚%╡╡CXBTh'ГR ЩLБ╩╦■G=аLE&%B╤мV^С'д╖ЗП╚─"xXЎ?a[d▓ xYЎ?в·╚вB Ыхi┘чш░ч"О╤61_╦>?QАM ╬╖╓▒7@╛9@ЦБ,<╚╦(ъP┌▀╗У@╖ #QВ\hД╥ЄД╡улЛ~!_н▒ЁFв.С╨ЩъРНC■╗A║k▄▀жЄB(XKHе╖P 3Q╬/@ы`с}\8X(+╢А┐(Y└жW┬╗ЩpсёzцюOBч4Вм┼∙НX╒л°╛Yb!╚╬▒9ЁsjлУц╙Бo╘D╒└Ф п╣ьt√|X╛ Рov▌Г№М│?!№▓mcd°оEfЧЎоe rUE:$EЩuDLЖ?СO▓3╧ ╨ХА,Т·wn|S~у@#0) пkf╪6Й LRхў ВZЗцglЧ╩э╡ft╛Rп╖1a№Rц(:б╗лМ?ъ╟╝DcL^~;!╬1 e нC·чF╙Фd═сВг\po(,√wTВГЗ{S"╘р эIнй ї╙▄ шж:%'ДwдТ%/gT╧╫.╙к+Н╛Бй2?■НD▀А!Н|я/vй╠ZЭl╙ЯТ3ЖПФй:S╩w╒0▀╣г;5z`·─.№Aъ!%Х▒И ■MцЛО├f#ЖkъTЪDл╬╟E┼╢в√зZх╚╧Є┼XВл║║╬Ьj╠ўЗ╥гs╢4▌<┼{┘деЭncол▐%0Э<хYЫ╩╦─ЬGn?fВ¤RK╔1/UA╒┐c╘тФ╤─<ЮъБ│╖л%╠W╪Дщ┌ШyСмЇ$ёЗBЫ-Є >!Me╠╘хЁс\ _(─L7)5°\н/`VVAГ╖я■|mдЛ╓й lЇЮАщ·s.ю╪■;О╞Ы √s nаўK°╬єс_╤A>см╖jNЗШ q╒Ярс_°╚a?kеWGЄмS аУ!╪■┘уй╩├`Ж┤ ы:F╢·ч.зЩ▐?MР░A╨Ед╘О┴X└;╚у▐╢A|Oў б ╧{┬ыBВdI▌sg г╩╪qх╤<╨ОjР┼[D▒│k_лnКГк╜┐╠┌▐ш №·HO%Ў JMЯФ7fу+sSЮи/WЇю6GbДpQ─`ЛмХЪя┌█ВX°a!rЯП6кbЙР▒3 _т.Zj$┴jЭ╨Б╔ L■╜╘%╟Дз[кhЭ ╟ьЛТW╠O╒-nХХ╣═YУ¤ <░F&╧и┐идf═Ю~ЧЕ'кМY║№Жp└aJц1╓╔╣╝Xg¤dе╗юYt7┐Р┐ЫЄ5╖┘b\Н╚=:Ъ%╥·П═dr·R┬у+xЇvєсЪ$;ИФ;█d3╚=╕y╩ПSLЪ∙АуN╖╟!ъ-иX\╟и°▀▒1√g┴ еZ`ў RеA╤J0 xf'▐гБ▀B&s╓%МXB▓здУ╜mTK╣╓"cXМoЮ╧y°]Qч═;ч<|╓Сф╘Ю┌▓CЧw╫=№Bb9√UВ╟О6GБq*┐╜Д-YЁ╟┬Y}Вz▄╬MX¤m:Ыt@РЄї┴dCJзуН`Є√нДкгАкRУ╝Ї╧╠ГеG√0ї▄бГ,[jpЦ▓дд╚╖@.д5╠яР&_╤╞A└╠учєwаС3 Es╛hDFЄLЯ ї╣Гтh┴[╝цЬ°{°EwЗЇ─ЁMTO╚л╨кxBЁjър┘╔QыюХЯЖXд|А╪AG└2Я┐Iн\┴┤┘ 4о╢ыMdЗn┴j╛?v═o<а╨·у╣ї╫▓d╞t ч╘ ╨┘НnХ'_ZВsяDОp6'╪═_r╬;Б`<m╪╢c¤ЎdR;c4L·6й├V▀Ж╔оN'tж&√▒╝ж0K├-J=╒E╡зZ├m╩.ТэьI╗gкs└└╣╨=у╓5-е_rш9╖Щ┼9;кnи╝─M+ЗъФ╥qО╡H╖@эUO+·Ўє7pD╣GЯ!3ў 3ZАз┌╜┼/*zMыЩm┐┼├а%Ф(xЄ@Н║\щPpЯ│╪й9э╙ЯАLл;ЛXРT╚$∙уo╙qюў!┘УЯАШ6C82ф╬Б,╬╜Ъp?"пр∙╨9фУ[▀^┘°vп=ю[w╗└┘ЎFr.ДЬ╨б@Ы┬Д■╬#¤o0└╘┤xоEЭlg√,ъt┤╕╥HЩt$Bwр,v█Ы°в8ч╔│$╝├┐;KФЁра┴╬╫ЙlЙAЛ║CJ(4^№┌' ФeБ1■.4N¤ХjV░'ф∙ORт*и+Р4ЯNb|NцВgДG║EЄ╫ж0╘Я╔╔Щ#Н╠3¤ уу╓с:╫tWZ┤аLg8√уjо╡}н#J∙Ч4e╖Эx┘t№y{А╥eKРN┼Eюзk▒V╫gРqх/жC~Я°щЇqS2;╖вРєРе╤Ю Тб╜┐М╝vР╩z^%їАн $jzНf║Н6$╗√▓5 S!`кuт;Q$╚№НdWЗ╗Еz^$/Ф╞╝2_ДЄ█Х№Огz|$╥ь#Г B~\iТ╟*∙┼Lв"эЁЮ╝╒╪А╓D·~вX│-╪N&╡ьSТ╤Ш ═Gє┬Ы╪√*ёcЪИВi~╔qPЬ ┘Ч$щЖ <ё┴Пm╥Ор>Pв├s▌G─8┴УгТбAvЧJ8>ЕкЮ}5d ,B:ж╓7!√@hkПЎ^╚!} HX╤0д)d√d[ "Kї`ъюfдх4 ibV*UъВ╔├B┌ёп>ХдПA@(∙QMКУK*Еў№5─├Jы'6Bы╗бiN╔╫ёУС  Ё+¤эНHЖvёЪ╠╬ЮсhOK╗б+`║ї░f0sy╜гGcэчВФнЧЯ═'U#║Гў╦у1),?v╧8┴з° фА▄вЬi╣ь■ ╖KmQ°З° └{ъpШЄsdЕ$Ы╖@Яb┼╤Aлgrър╘┘▐В&дл┼skBо╘├_gQgГд°к└RlD;ЗбylЄ┘┘¤=├R┌'┌и╧ы╔KАоьn_√Хd.Ч=Аo╧жу&Ъ)UЧ їs╞1┬$"okО1q┴ЭC~4ЭQ@3ьR36щ#∙N2,4rеPьян °─mЯд╜waп▀╞ *х╪х№Жuм╝╝yA)?Ъ[╥ ~лн4йв▐н= Д╚ н¤ёў4Ы·еЬД╛Ь8НуZ@┬╩║dи|їрЄОгБ┌чї#╥"=┐R\@█їщ}{Кўdщщ}щcа+!aSДД■A$t=Й│dО:#░з{о ═ @зЖХ'▀шlbе|г`>-Z !╙$S╛╤ЬO╚4\ЁМъ█a▀У▀╜Hc╧{Q·ъi╤и сКвщХFWЎЩR╙.JВJе║еЧ!╟СРOj"h&ovт─Sшw¤∙бЇу╨°А╗ П2 =їT╗А╡л=╝Ь,З└╘ь/═╒├ф╨ №фюм╜\N╡с╨4┘д¤╘H╡hдd'╝!Лясї┘йVЁ&∙╓,=R╪&u┬\ek▒'NB8╔ю]hЬ╚;2;ynУfд│√ K\[Гf([Pй`╞╔Вўv╡]:`7}"O║@B#√%з¤h Йc░╞k#5Ў╝имяЇ∙│─╦ёе!ъх·И|b*'▐╦┐YЯреўБuЬg*8ЧЇИ╒Sл'G%xOн╬ъЄЬн╒щy║╡7чna╤в╕7┴bЦy╬╛SxцОмRЬ;О ъ'~ Y╣0э@q7АP ╕^ ┤JзР╩:кфCЫ╨aёцe8}7mмR_7p3╧e7 ]╟fВ7╒щ°╪n>╩╣6aq╘d╣Bъ╡J¤vS7oЄсЮ╒г╕нk+ъy.0┘д~Б╜ ЯT└┬/╤2P╨цA╖H ▐y·=Ї$ ╞AL┴щ┐шжч|%цЭ╒ыЎМ"/qtхT╚$8O▓@е,░CЪхє·cxHГ О╪"K│)Цг5mVўЙ╡Wї▄╥WD~Bxя╠а╒▌╖f:/╡@¤Cъ>Hы╞КwR9╕6║vеЁ┌цK,:ЕьgнБ:НЬы:дАфу╖■ыЯ №'Оo.ўК▀цЧ'XX▀┼C=вDT_JAwe╝▌·╨zJ¤▒ 8&╥╚L▄z>╝.B ■Меcф^/0З+-1╚С1є┌#хL;Бщ▐Z├ў╨(╨FЗ▌HA4Ь'T@╓5qX[CЄk├НPЫкef0^pПN@ЕKG jРн√╔ьв°CК^9╪ПЛ-╜<М+huЩ▀ОЪЙ▓ b╝Nё└_┬x]ZpRBВєCЗ7яф╣▄hj6ўБригDЖ▀ВGGMчИ▄ЦtэПP%Ё╢┘H║╖эБH?\3B╚ХГR ┤ЯП▓'H■cCЄгжDNЁ╠ ╟ш№Ф?8WД zБГчг╫┐.н·~ RБучI?вF!Ё$tMъO┼г6╙q╙Вs▀ИX╜╣┴Р[╜лXЛФ√bnQ0Dдy,ёer_┤ЪVi{TЪ dьqT#.Дў╜гыЯQ8─▌Л¤╕АЫ▐aЇи{Зш╟┤Р~▄B;[еў▄├┌├┌╙Ж╙7ЖОм_т╝шфЮЖ;╦╒ ц.╖%К _}СХм╛╓:Qє╫0rg╒[ rБq╫hT9o╤s]L/ фJ▌╢н{▐г?0G !ЯхzЧ│╣цтuV0├п)q>``─л└╡I▒O└е_╡\А,▀┬L;╔&э ┘m╢╙Зрпр?о╢{з¤6Ч ┌M¤N_▀У┘Щ╕ХЙВ┤JЇ№ЕЄ│╗П{t3Кз$[Й Rm╗ftnQ┐] РaВ▒╔e╧╦u┘4 &о5ўн╣╩@SЛTЭQущV<╝╞╣Я`i╜ eЙ╨<╚Тїs$ч┌З╘be&┘╝8│╩╨Упр?Dявп¤_╘╗#▓г4#Фs┤Б╜╨syд^┼nБTj║HM╘ьrwо╔Ё▄жы█▒\>З*ы╛2ИmTIlтЙхВїэPъє??Dс~а[С@▐єfp╫р╢▀╠їhМш[lG▀тб╠E8▐дящk┬5a~Ao7щУ -ZЖQп√3М№▌¤ЄШ╚э│I°-xRPЁшх╦yтеГ╟╘W┬K╞l1)╨MцПp¤▀!AдяЙў у┼sЫ!g╧ЗКчЦ╞{°iП }lСZь╥nboщ╤\0Cрt─├╪в╪Oz1Ч(%╬5 °}1(╝3UvюХ&0л┴др╜B╨фчq=ЄКОе/┌щmlЁч║FН√0k┐╞q╞гW╥¤к╛Цs╗аmчс,╬¤*▄Ї.ТсhH`╫·┬по1Vp╢▓▄Ў6`A∙З^pN▓ЬыCxG╨▀Guъе-И√ЇyЁлAАю╞J∙J X╧F▐s╗▐bЄЩ;╕Gq>1u(ТёKxc}kЖaНЬ╗2 ▌2╨;A═ └∙tQЛоSс"`┬ [b87v■Ж°Л9╜Cф,}ОЄ9&aО ╜╩╛╥П╕╓k/C3┬1КTиW╓чяжым└ўa>ё∙П╨i╧7╪кЮ┤КюПкДЁ+ЎOаёфыБ,ыАAH▄╓?бО╬Жф╙9:5╬5*Е■h*peXпA2т#▀F1А╢УHgЖ╗√у╫├∙╚ЄYа/h;▄УЗмl/t6▓■о╘гЖz@s:N&Fп╖■у?ыйу╤АuGїЬы6DЭr4╛ Ши=Гї]Лї╜~л╧ю] э¤юфРё ,┴єCdРпQ|W!(▌Fфeч+жСs╜E┐╛sсєL!>°╢{-йО└Учнюр╕Ж╓╙ ·ж JSЫфw|Е kв│?ш╬╖BWХ╢рЛ╣├"uYсmBоtИ╦▌>Эў6ХйН7╖m%ю┘Прf√-аЧ@ў$╚╧┴ё╗QGъД╔zй ▄┬Dg╗StЄ▌'└Fєц├sц+[`L л8пЄ└dж╜[nёdыЪ└"┼T{/jХ,╠\m╠+с*,╞<Y╕8 єДлzR∙ХЧ╢of№{√f▀╘бЎMT?╧Ьд¤фGDї3╝■Gў[GwШk╕А№ръ■╖╜2L╫З▐Ид│ї░пЬ П▀{rtйh╙;/Ь_}jЬ}k-╕{Ў╝3} JJIlWщ░<щ и8}Ї║╤┘уCф▓'Н╠7>╟ь╘c7)▓<двg╬╤N█ї┤╙ЛщЮN#ш╚▐єA╣#">П8h╚}Сs║■ x┐ч╧a;рРм\LDЩI?K gЪ+ ╚т┤└uои╒╓v╧ЛчNЭХ{╖┘.}ЮуM√ьC╗╘╔mn╙╥PШ.*wJзў╟u°хёqm[/б ┐?╙╒Б\o°Ш┼ Ыг╕v■ s╤│┐П┘В┼гw ч┬u"╨`,3Pкїи╟■ ж} М^:sf У!x░V(ХЁпёШQ*тrя╢╪Lgfz5├▄Э╥.+7зн■0╤м└╜╗ПwJ;Q-Бъ▓в3pейI╝.z¤▒ е▀?0^╤_╝w╣╩b┌C╘XЗ╘ф°Ь{ўД╒▄─=·+\ц25їэМс\/cLгД╞>╕бэ█ V╞=p+├бжжQхm▓в╜ 4Ц│}Б№&I╒v╚d╛╧bМSЙ╫] iф\Gи░'Ф8н1ф╣├╕.Ю.Ш╧╓дйЭ┬уVC O/┴│:"Ъ2ц│Ь ┐н@{RpЎ░╬3щЬkщsfв╕ЗЁ7╘▐є1ю'╘_оuЁюN╟tЛф╝╔Є╤Июо?ДБ8Vё#∙zшr_ЧўСЫ"Ї$#SR28╟yЭГmb╪┐`;WЭ▌:ч\C▓э=n┌ы?д║║ml╫pГКd┘КKфЕныxЯHэ< вtЦ┤t8;uzожч|HО8╥<┤jГНkd>╫\╧С:ЭЗ9█щж^Ь√]jЦЪ╘zЫ ╕FAзPJЛпI╬Б╕Хoy│o▓─∙z6}А@Фпц╥p;ДVъ╫'єzx╝еуеW╞ -П├ГF?O▐Мy╪2ШЫ╕w▀╟┘ ЙъcщvO╕ц┐}Гєy└┌┬·{Ej<СИ}azщВ┬_Б}-L4"}яа Є{EїГk°B▒GАjгмюv╟pлgбQт╗&∙пEЭО╘є╬ ┌ЁTшш░┐┘Cжд:╛┼Эгў∙Г@'b8└ь+g@75сv8ўd@ └ЭЛ╬Пt#ц█▀┐┬ез░╜В&╡a■tQ~b?Uc■?ЖєгS█rЮЬ╢гz:▀пК╘N(.вCfЖ╙├∙п·ъrFйЪr.т R▀NчZ Iрv°│]CC╓Вh;єгv░ъ┐~QЎ▓Hа[▀ЧOdТЕЖ╠╬·c╕7щaJд╟М╕╧(m0т!piЧр╜З|' ─C:O,]z X]*3VJлН╡@д╒°║^сGjн.у# ¤AЁ▒H┐#:эЬ+Wg╝У&чБ▓ ВZ■┤ПмДш=┤Р┘EРXУ╩╫wуТИ╚P╔╣ыИ╛дY°Ж$V╔Н $4─mЕL├m▀Еэр>ТєLкc╖IН╚ !l]0▀>Ch∙╣ця╒╓╠а5│П'ыX▐<Р│rtъ~Ycт6u┌К ~╧╪┘у┴├T/юТkA╨Ф╢k┐▐)gLЛу╓╜CЦИ╒▄║'cшвС√WШ┤yТиВ▌dRбU▒▐x5u^ ▀┴K*n╙LVРN*є'ршо─Iє╥hЭ·8ШС:7ЪЫw!Xе╬аЪs╡aЛЮ#─Tb№ўp&┴'иuhм▄жv▄ў]ь<ур\оЛ▒·cУ>д∙╖(-█B|Д╪ЁяR ю$┐u%9?ЪвМjўЮ\f▄юз┌P╗╖╜]└vq и]IЫГ∙mZK╦хЫ┴, dг q~г▓■бкYюбO5hqЕ ╔'П@▐╤J^▐гбy[)_╥Э,ЎЦКnш/&]l░Cy┼юСW} ХьО╢yТМ!~▓9w`ЫZ╬╡ИвЭ°БЖTт0┌╤Й╨QIU~З0.╓А%ЭmшKэє╬m╝[╧"ШCv0│фQзб╒╗╬УЕ-╟03Ё#чZп┴TТh/о[kI`TЄ}еB*╨Лхя░ыWа2ГСЩv#чЪ╪M╗░╥╨1"ГеМ╘Ў╟╫-/Е_╤wP [чФ·ЧГНкЧН╘[j┐Мs9BяUСў3▒];( є╚I╩╪сg7 ═я>ўгX¤·G░·5bХ·▀/w├ўPю─YКнxVaу┐ЭгГ`┴w╚╧ эIас┘Z║QнH)Бя╩h!╬▌▌%ЕT╩· С┌А}ОАЬ√ЄM8ЯБIBПрJpdmАc R▐╞О░oывy╡X╛є t╢╧^▄^ъЕ█^¤)(w`ртr╬_ю Ц√█┐▄л8═ЧрК+╝┌ЪкИ▀═ЯCЄ▄ЕЬoг╖J· M%Д╒умh7fА,F)Р{пбS@╓}Ohе0O'3_рAzв╗┴КJ─e└{┬УЭОBcЇ<4Jt0n║Ёзq║rюПЙ╒ИкдH/═М_Oa)Ё?а Ze!Ду/P%И╦тБ чХ╘╬GX- █Ъ╩PyC╩ш(3НPF:╫cДС╓О▒сфp7Ї=ФЙЩhРuа┼┤╥D<*Ё▓B,!чЖ─я ш╬жU╫d√В*+g∙.░■ mРП░■sРX╖F5Щs═bщ$у"?√) ╩;¤a^DK¤uяйP╨ А┘мрЕС∙#ЁTЖ#╒ъБTшЛ3жё░@пв=°э╘>йTFь&яc$╕ J7%:╗_a ╗╘ошўt4ЪnДЇ\Шhk╣gPQ'ikЫiпT╩╘фlQ)={п?ЇB;°┼ы¤╘ш,JГ╚Ц д S87JфWЗ+R+∙Э¤h╬_:ME6vъЇBуj╩!ХБl1п?TНjp5╙·╔ўФXM╔щA"°√∙иCжdн+єає╠kRИGв╠ мн▀╝1ц]л┐Ч╚О+`Ы ░ъVя┤Q6Ў╕'╓ъQy╓"∙NЯBsФЧvЄц╢к{xй№oЫ$ГхЦ┘э ▒╝Ggs·56 ЦН{е╒╬Ў┌д└Юэ░∙OЁ Я╘╞K┬9<зцьfQи╠T╖X=├Ё ^╫_ИХOО┴╬ЩАТX;ЛўZA╚╪~ш{:O<я╤Г▒IЪ╪6┴╘$H`╞хЕл5Q¤ЙP╘"x-n╞гs╖Лй╕vH╛*l├СёЎА▀чH@J8eН`▐YuТЧDcR╧nх=Р╧1bЫє╕╞n■иъkТCAїQ╥эx┌ъQч√╕-╠Щ▐0>┼╓@ЬPУ┼єЖ1 =Є1┤╦ШANЮ|О(х,Є}&O%█куTL╔Рdgў╝─"МuЎГ}╘2 ї8┐╘H НВу\╓Єк╚r0x?╗Є^.Н╢,H√┴Ь▌r▒9Л|хь╫8Ў ╥&╠-№"а▐─мфУQ\I UsqБп╧Q{▄тЩ░┼Аr╨╬;╧╓ 9Ё│╝y╟┌>┘ФВїcРўўkmR+╢55╖╚gє╬O▒∙╗БїШТ╚yХ║&НE║їЬ`ЎWН│Mа>╚Пр═З▒▐╗Н \v╢*й┘ц╒мыс╚ўм▓╞} briAТЇЙ│З/W<*фе∙I■├ZЮ{╟ЄdК╘хьoяьМ;3Ч│$ъ9сВ╩┐p┌3? ¤G╫╧ЙЎ~М╝─-№ЦPЯXn!]╟Ф▄Ъ&№у├}+\=У|╝╘ОKh├√╧Мп▀┼0╜3м╥nЫ╘╔gюС3XM╗эq|}╧ ╨([ю√Ц[иН╖`╒w*pA[ ў д_у╟┤XЪцGп=^┤╦s╫ьЖ7Й?ф╨7Р╪ўнЕЫ╪Q┬]╫╦н√Y,╪┘ ╕°┐L▓░Я╨м╫Є,mR│┤▀╘Ж√ vcя═н;H&√D╦Lt2:Kl\yЇT│*▄╔=┤BM▄╦╨)╝є8xГaШи¤ч3Є╘1иЛBчз#Ме|з°єЬЁ╖╩/г╡"5Є├√"╤∙u4 ;─ИБкєСїВYxг (~║ JZ╛eФ2Р╫n ceQ┐H``r╚╧RРg лAзCFквЖ┤t═QzVЕыGxзў[@*+aЎ)=Г│<╧┐гдїk╣їЗ╤kйўЭWгз╬╫ўЯЪsЁAцЪ╠ц[тifЧ7*╬¤F 9У╗Ь╢▌G╛hс╣9яKПДy ChL┴╚╪БZЩЗ╣╪╣┌hЖ┤▌XАJa4db╒Є№ЮY ╕ ═КiРT@Ў^а3╢&чW:LЦ№Ьk K▄╘ЖIV(рнZЄ9eA╝Э■iС2схЕ╨U3ся┬Ё┤°HИе■Ц╟a┐оЫ[7v8Ж╥┌Р]сIlф ?п┘Е┌и0╘gШ,╡┬АЮ┼j8ikб╤ЮyBЁ$я═бb╨┴{sВ┬╨Ж▒ ЁZОzн%Б ▄▌<┬Й°MчВo╣{▐╝< b│ ┐─д╙┘Ф╤0Ъ╡6n▌ОФK¤*Л└q{lx▐А╥┘{;+Q▒╢Ш?с╝╧iИЁ5cm8-Cx76к9/й║К#╜■RP┌vн|╤√kЦ█ФDu╡Ь0i╡1пgLшГy?ч║c8N°РW\∙`▌АY<Жv╓Ь¤ї└к╨зО╚Р*╠гQВ╘kШ┘,,╝'№ Щ╚їFБ_:╔X'Гjє┘Qeь@e▓k!eЫ╙пVШN■вwМ снCqю╕ю>┴5,H$╠RiЮХ─y%]x --0 а9{0z┐Ф7}jСЮ∙f╓b:диXє^╬█CЗ▀└{o;яАdNїМ@Isfу p·°О|{╛ ╨А=_.x┼:╧Ъ9╫k▒ДNП▐ Eq. ^Д│9йХэ уэ╥▒\щ√╨■M@▐Я@┤чb╒°1jРs=НD2у\─бВ╛╜Ща░vxAр═│бёЧу aА&Бc"2ШBўнИ▐х}ц Y~├U0x╔ьч┴iУЯЧЎ("╘Ри%█ёd■QЭmУЎ Нл╬(ЎжBk╟Hъ.nб╦zХС№Аj║ Єф8Є9вM$Л│tУ;ёxвЬзtтд╥Поп Л Dс ╥y╣s8J▄┌чь╨dЦMъC, DEq╘ЄRмУcx╚@· Ч╒Р╕7aTCx ХьdЭRЗ╒Р7LКO#K▐yШ┘МтG`йd╦pPоИ╚+▓Ж╙╧Zе6┼Hю┘ыю9раГР LЇ ░╬nф3ъб(ЮН┼|└╤d┼нWDк╓NШrXЗЕ[wHЕoю Ж╞C/г)¤}В81Е▐ч\╧и#CiS&┴Ым╗?Ш!~G.&"B╕л/,ЦD`N┐╢╠hT~Ovиьи8╛%ю┼в╡p▄╜Й╥C;чzъ▌!|З╩эЭ─^Ъy¤░Ч;N)g!ф&-юТТsB-ВW╨У#▌vп╞Mо╬HIжF╩╤╟УI1p5╚ЛgЦHў L╬√ ▓░Ш ДH┤╦╛'єDЮ*dПP+%└ АЬ ╝L╕$└P+! °╕$─0└*└%╓3(P╟HnH l╡lЖk╠RД}%▄W▄еР&S&Ш(#<иG╢уЦя o╦$и▐uFр_зЁ4ёЪЫ┬r|hX┤Omr\ч№┼I8∙вUй╠┐К<У5╚c!@▄UК┌╚"В╓ qЫЩhs`,ЭрpцоМЪа]▀ ╥T╞яqР°pVFkт╓}C4dzх╛xG\▌!P+Э╜ДЇT|ъ╚ъOz °┘сBыФ{Ш ╣оЕsп?GK vBлС▄─#<╪KmЄАLП╟Дз├Sbр4Лw┤\bЪ |Д▀-yцдР-1`i 4Д6J└NЎI"╛`,┤bї╠O!╬┘╡g╔┴юїўСгвh╠▐9Мd■ц╠<'Е╛CзУw·1▄TuЗ·╥T╖}═@Ч[йщB+p√ЕHЧQFєщцhA-╧╥т`оF╨<▌GRШmхмMБFHСф@.ЎОо\▌Щ$}dУvё╥^ yн╣g═Z╗╖0E(:Сы╗┴цЭЄ"я<4№uїЛ╘■.""xя╨XLt╔╝ф│Щ╗╕З' є(9_оB╙вЕ,ьvuC KЬOЪy╬т╔>╟w╔Р╗ц3┴╘cєZ6Ь│HdС)╫Б{жЕ╛sm═NR ▐г,B77╔lцяVvЗЇх│л Ui6╪M▌╕<╠K┘IPсе ]?Ф▓S эy╗╘▌єЗи3╤8e▌Ю$x∙┴Ы╨цK╒e=жш√}0 В┘┐r$n"И'0√ўv'╧vр] ▀oЧц╤>оЙЇ╛│_%>═Ъё│Жл╧╕┐=аЬ│#vL░╦г}@$╞Фxє╬ ]вnЯ°ы┤єDra╚эP┼НРU╥|╦Cа*(Dж√2ЁЖЎJС^h,╜/x╡i"ЦHТаГ┤!Ш·ё¤d[╜┬г¤бЪ`┴╣а{_0№=Nлv_5нлч5W▓FV╫i}дРJМП║Зt▄O|нZ┴ko5▌С└LB░{Ё¤ht╫J┌Э┘.√БнЭgу╓╪еф8O╫Q▓╜Ур╛ {▓twU №ЄНhю]╟8з▀МшI tReВxГ╨ЪезгЖ╗@ф╛Kor{b╖р╤Рлz&┘=Мs║Л┘%═.╟n║ тMdсфcлФEi┌_┴гE>┤{╡ФR╠ЎСE╜д▀#rvУ?Я№g╘Rз└юъ╧р╬╖n2║R▐дAJVCё@np╚Б|Ж▐ЧE┐;ovо╥┼нIа7JJAc7]^└г4E°-СW{■> ∙ЇЩ╨#Ё╪:ьТ▒├&%EЭr ▐▀iо" Vеж@wвZ$ўi(Q╔0bЙ┤ ExЛ Y√╥=╣Д~╧т╤╓П&|╣m∙Ф_0э№jшЫVи└сZЩ│o▓Ч─╤Ъ2ПТ█3зwUТЖЄtО?Е°eo%Є╦цЪ┐╘╙√є╥Яdhлч]▀┴√│iBQiТPt?Р~ПM·╪|~їpй▀&} Э╖I Erf╗wьu╝yQ╖┴╧лчшфГчРn;╚-_°Q│▌ Э,jЭь╒W}~ -╚ьD▌чФ/№▓ К█erPGЎ|r╜╣)╣▐ЪЫwт 6я┤э6sАs>DH╘o7ї█ЬнЧЕЛЪГvяDRЪls█╣lY╣╟иYc7яY9╫ъБ╗┐°Щi^R }ЛwхД╠г▓x╠иЇ▄"ц^i▓│¤v╓gУ|╬цЧAС~\є╔,IsнRc═╦юГkЗЗ╫═Э=мяЩyNpЮ╘└Ї_!KuЗ╛+║п;И║ дaП╘хьV├ЬГч?лnВg·▀ЛХ╡Г╣xdY·┌юЩtпЪєNzбNв√Ъ┼ь=+╬<7 ю>▒@РN├ф+~-H╕PDх~K-л,IР═p`@n ╚Є╠ўЄлаеЎЮul ▀у╛єшHп2█ЗG▀:Аы%┼фшT,эОx│rsа2ї╜и╬УW╙Є O╥Г▓ lHВ9ў▀C■;┌┼°Щэ╫<ХсЩ~╙RBkq╝s·ЯW╞Ь█Co%lYБ"уВ∙(░ъBи╨$Ж╘КИ№L є▌}x╛PЪ▐[Д`VТ╨J■ГКЮWЕVэ■"FЩ╖П■М>шаё╟+ўyl:йЛП$╔AKО№▓?X╝+X▐╝3╝O╜smЯ\ПtU╞єib╬╘ж╕√╓МК·АDЩЭВ и /▓fO╦Ы┤╩'г6пhL▒{r~9Ю^L╩o32ўgvЄжO=1╥rdl┤{Ў╞uЁR╓9╧ч║О█╠зj╛░Km6п▌xYФ╝┌╠эф┬AС[Б╦Ў╗;y╬zBJКхеЄ$ф╛.тQЇсиF░Nн<Иk╛ящ*iК▓У,Ї╦^▐фsLГ┘╟MgD?8ЪаqGдЇ Пм_Ъ¤╒c╚ЩчqН┼3╥b╓Л=╓╦|╝│ Е4GhЛ5{V%СУ0]жV╬]H6╔Хъ╜6R╜р-Х╥3*╩~2√9ч|rЇ=╘╞хsКxМ{p"~╛9['Я9Нур#уАЯ@J╡zбh&Шdха╡зlE√/│╙&∙э▐Еn№p ^нvж(ы╗ЪсВй├УyIгC═ЪЗ▐#аtЩє0+Ш[k`╛ю╝╒Ч ж¤oQВёёjЄюsВ?а╠з╝`─Ыр┼!xЛ(?╢Ы&я╪=6Ў=Ы╣gх ╗Їе "▀▓╪Tаq)чЬ╥6┤k3яо∙▄Ж╗Ы&В Ao:Fт~d▐9дя ░аIOY%!)rшю╚}Тя;A·РшЮ▐wщ─Ў9юб√╔ў║а╢ЎЕш'╛ u╪Z│ТXjЕъК2Ё{│"№ф;Sl╥Зфh|о7┴)╡Y=№╣\яэчxюЭч╖у 5Н╬Бa▄гкхуё╣цоъBлчЎ~└w▒┤ШC┌kХ:L]]▌╥░ще╜6яэ¤`цє]ЗёЁГря6Аб_╧{n ^:╨uЬПы╢!ш╬ :ьqфDЇўa╓╠Nа╨ЭP{╕ОшlНф▐JxЫy╨┤╖KчAфbx╧Э¤]=▐[У∙оn>n┐=╬.9oB╨╬ььъЧ ,Л╥П │═ДЛ═▐б╘"№АDn"L·(Дh╙·iЧ?Рд№блo╟╙}їЗ╨V▐╦Km`/UZ3█┐│po┘┌╗dЇ°F┌K]S{╫ЧР╖NКsА%:╨╣?╚Ks╟в/c%ЦQЗ┐[╦╫&k░тw ~ЫdС82RR ▐ >j(0Nз═т╔█iбЖqU╦╨SW╥8└Нз ╖тлр5Нр%О%MЎl}/FЫ┌BюG['▀ЕЛ&╠5LшF]rS▐&5▀└ТБ%╩=сл^▓Р5╤-├Sс╖рЛ╖╪е▌╕╠ Ц:кДnx╢╩╟qs╧}ЁIk7Лэ▐─q┼╩V╨!;g▌- ╒ў╩ p╩■ашуAўсБЗў┼R┤Fўф║█mdжЕel═ЙнэФE╥иАлш°¤НрE╕я¤╬kЇ╠░*у{n Эп%^║ АUt ^ЦКФъ!▀7Bo=гаMl╚╬ЖЖrБ8exб╞)y mш`╧│а/ОЇ<9h~вд(їе}vйЩT+▀п&ф~@Mn░Q YдмлъБ│|bЧуч╬пЭSh.Ъ7GюU"Ч[$?к╓▒%їAжц╬}ИgDц <@m╖7ж!.1_Бqjf'о╒Т<╚а╩Ё&ZJ°QGП=Й/╦_Ь─{╩еПu┤┐д╗О7∙?о%c▐-?Мз=[dХ▀▄┼Kз╚▌Ц>Щ▄'¤ёlя<╖Ує└╤№Фa═ь#gкw█Бux!рd~3┼╚г)▀'цв;_(╕O8омg"ў]=!░═6╢еюБ ├╣И│Ld7 ░r╖y┤U Ё`NХ_$wXмэ░╡╢Р+░ИЕЪ1╚чбїy╦М╫ЎМ√┤Гь╒█╪}uл5╫2т-XoTХ∙NZхGфLЫ4┼╪єBдП╢VНС@чI╢ч7%НJСї7ъюЦё┬NШв╜I6┴X#░t^├√t╡R!├D▌┐▄&м╙о─дHyБ,8╝КД67Wq[GAF∙i]Щ,xo╦P│R│LY╧Г№їAjЗI√э&Яря╫Ф·ЁкпаЧ_Ж ъoKaъ│,┬_QэёГ█Ы|йЎlбЎъЛRВkГA(6 єЩЪ YMщA╥рmzТ=@ Л$m▄XJ ■Sцгe╩<з└Щ №╣G/ЛЮпВй'KФ∙LБя+p╗_Vр_°и╫(░\Бў(p╢oQ`║F`ро?║B:и№|d1╤┐P:3ф7lH╝ў?ФZБjH|hX▐мъЫAWбЁ7<ъ╜oярЎ║W О3ў╙╕^БН 4(░ў■!∙Зрп щ7°'ЧХUj*к╩ЦN╕╘√ю╤Y бЮ№╒)pC═Я╒√Я╩╤▀╝Є{╦+j╩ ┼UU°▀XЄU╦+К╦E├╥КЕеJ║!═2'Ч╖═61╠ЬХ┼U%e5Жк┬Єe┼б╫sю░╬ЭiЯ3▀─фVЙеЕeЖ▓КъjCEЙб║tYyiIiQayQ▒!-╧>'?▀ДэTИ?Ъл Ь Є-/6TW;╩DCi╡Aми0Tп(,+Г∙ПMЛ+с%а[╝╘Р6o╢%ДE╕╒ех╦eЕUет*CZ╛m╓lеZf╤КBq9`Яf║┘РZН ;jjuZъ▓ЙЖ╘e&Г!нкX\YX6" аmГлсIВgАЯ┴УсnАчс ╠$ГЯ ╧rNДз┬3с▒NА┐Бз╓Gсл╔xя╘ pЮFмg4╕╔Ё<сJАысyq°8<╧C°)АЗчEo°<АЕcf ЦX ╧·<╨f ├┤aаЮnмр<ЯBx1└i╦/l рГЁ|Н╕ax9├|ПaД°▒o3<е є<:o╕тWр│C╕`√╜@WwьX<╨Lсчх0ююШQm6S°C%├,┼:яГ:к`!lhкЖ▒├<YН╦GP!<П@╕рfx!№Ф,║·Оe6└єц°√└єАg╢Е Э7<bА{с∙q╕oМ#Жс9З∙яЗ╛┬г┘Б{0 s╞wр■ ├мГ'aю╔р> Мї ╧┬3┬╠ П╦╝#Д}w┬У╢у ЦR√щў_¤сЮлaM╢Чфt ╟Оbt▒Лc*╡yЯк#N╔╙(╥2;@яЬDї ┬бяП@┌iх=┬pб6у57─лcЦи2╪BсD▐к└╣ \м└*>xdp╗O(ёН lQрз №ZБ¤ М∙JiWБi Ьж└Щ ,Pр= №ХEоQр├ №н7(Ё9╛м└- Ї)pЧ;°ЙП(Ё[ЮS`╠Q ї ╝\Б?W`ЖoVрLЖ~?НЕ S╟ч ╓R\V,чTХКеEЕe∙╩ЩМм╡\,оЪ╠мT═*эЕ╒вХЦ9Жё|▒░JtT┌╩K*xf╡┌V^Кч_Jя┐и╓╟╒╢jKvN╛╜╕piЎ*▒╪  ~5─V^ФХI╨ф:╩─R╠VP1┐tiq╬Є┬*жJЫ_,╬+_^X╛┤мxй╡╢и╕│╧,-lЩ╡∙e┼┼Х╠│┌В▓j@ьО┬2G1єбvЁ9Ё2┤╤'N└CИ 5PPnХЩ╩,ZФ│и║▓╕╧х,вmVсnювEЛ╩КсУ╩┬e┼ЛJхELжоX▓и╚Q╡hEa-MdцBъ▓b╧V-лfЄ!ОЗ К╦W2оXвф╝Л┴J+╩WТў SёъbqQaeх"qU%°ОE4┼Q]\еЬ▄■gнXZV╬мВ╨КъeЛКk▒┤ЗYTDCПCиb┼ └Хa╢3ЛаT9°}Я2ЛJh┌8Ц4ф[┴8┘EeEў2&╒вКrR|ЧjСгЬд=м.\RQ%2V├(A ├<пж-╝н.йм*-KШэrИEL│║дкъюPЧ╘└╕BшМП╬Фc┴│SпPъИ╒м(^QT╣ нwAў└┐╓рYи┬2Р>M╡Xе╦║├e┼°9Ж╩ЛVT2EЪХбжЩ_kjКк╔{ж√ ь╣═:w╢╒~¤фЇеee(I▌ │Ю╒+Лк─v √~Y#▓.Що╫╙Ї╞9:╕ё?Ю№щў╙яз▀ ┤▀D&tЖ[Gy┐L√яЄ{Mб№Хй4 фй,╔ V8 O┐ Y? FFCB:v╓ьyЖ│∙┐╡QgШ┤т╞)ЁGtФO_V\^\UZ╤┬квх╙kз▐8 _.3LЪ3┘0йZ\:}Y╣ШTR2л У&UVоШ^]]9iЙгдд╕jюЭ>ЕIHO┐&]|КkЛ╙ЛШыЦ8J╦Ц.-нвБы▓ч┘ьЦыVДО@OZ95=#=#*KУмЛjJ╦oЬrIюV▒1Eh▌к▒╒E"гMЫx ╔║╪▓КЄeЄ╟QОVQёRШ;ЁFyГ j№нл░p)мо┴*1╛,х^Иkю└U▒╒╦┴КRЫFлАp}ZЭ │kbЗdМ╜.м.'╜╨ъЎA┘ШE╓9╓╝█Ь┘ЛцZsц╠╡0Oи KZв6▄s╨U2,ёТ#Т>│ммeїA·Bг╗Jй?6бj╓E▓)G╦їg├┼аmьl╟К%┼Uy8Ьр╓T┴л╧i)СRшиа Н~Ж·Лa#▓т╞└─щЖ!nё°Gл√#№MXФ3gvБuA╙б╤лЯЙI▌ ї─цe +щgcЧт  Ы7Щ&d─ц╓цTЯ╝HуSbєЛЧх└√ЧbЖ}ёй╖@№e┐уVИ┐Bу╙0>тi№М╧В°л4ЮЕё|И┐Fу┘▒VБ╫iГЦXKUг~Гb)@,УQ┐IcyЫ╠и7╤╪И]╧и7╙╪bИ▌╚и╖╨╪rИ▌─и╖╥Xeь▄┬ZF╜Н╞jcчAь-лЛЭ╗bo╙XCь▄%{З╞cчVW2ъэ4Ў╝Г╪╗4Ў╝+e╘>{jБШЯ╞6╞╬Э╩иЫhdKь\3гnж_ь▄Lш▌kГЇn'Нu@ z╫Bc√!╜kе▒nИMa╘m4&CьF▌Nc╜▒sKп]4╓Яxdюw│├яG┤вjnё▓╥jЇ\╒_╞─ПЛ╟WjО╛Bик(c╘GФ.i8Kё╟▓p·WJч4·у┘UЕхE╦ *HkGХЮF┐ЪYU▒В╝<жЇЬ╛ ЕRTVH1фm╕t@!ОЖQ╧╖═╬Ю3╟╬─мMмGЕУ}gБХЙё\Ж7"ичг└╟2яО96 гf┘(я#s~.г╟ъQэН─╥Мz<Ы╘└"F╬L╦╦Зъ╘yl ■7w#~╢┼ne╘┐W*└"┤╪q6┐ 9/Т╘├╥Fг4тЬy╢┘P╛Ie╥─2╠(ь╥ХHB ЧД║,щw*%╪^вфNХсЦXD/YТхfNЮ╩Гпд╛WЫ&Bzм╜вЖQЧiGь#JJ(]╢ЬQп╨ъwаКbF╙ьъrmм2ы╟`¤ясO b╦╨ДчB s╓жP|гVЦ`Ж╤M╛мН`Є>№╜Ь ОN│┤┬▒дмШQщ5d╩PвZ▌╖Рч ноДP6HК=╞во]РЫ╗(Я┐├║ИЯkхпcNеWпПYш(L?┐вj)гnд╩ЙЙ═' ACU▒Е╦h╩ocЖ!╩Ъ╪╣┼╒┼U+ЛЧВ0 Ожic╔Є╒Ь╩"2¤ЦM;Кэ°УжvR'mуZОУ║IЪ8Я:vЫ:ЙS╗Йу╪ЙТжОг─о_У╛ЧжyНч%q▀I▄{gfБ▌E9=щ;}=┼сrч~ц╬Э;wю╠ь╬юОЯ&╥yЫR.ч7l єЪЗkS└ЯD─ НАЯBj¤-ЯGT√[┐К0Д╨№Ъ `>╛-`ЯААф%Бp3DїяD+C@d┐ э Б╤¤╗╙├1ацў&╬1аш╦sМc@╒W&╟1аь▀ ╠нъ╛*0ўR╤{0╓│▐B╔jЇцп┌ъ1╞п ╧Уc'└ёЮ╖5б{╗╫░х╕ої▌°_Hjs I═ ┤IЙЇ#Ы cDsG_Н├e3|т%╜ъ░┐HMqDР■▐▒цv'ЎBФаЯ┤┼c('С$nщО·є@х│░_:Ъп├7╛hSФ─ф8ыoo8ШЪ И║╬k╔юn№д╓ Сw√╬jАr∙╔DктРiЪ╪Б ы╙ычЦlюzф\ "║~O5/тW╝з╗q ЕЎЙЛ│R╡╗├ш:эjнT├╚╝┌▌x?2З30E─N 1▐н`Д]7─ #Rл[aSQЫ:ШRS?щТЪ▌ы;kЇУ╙(t0"нt╖▒`┐▐?VА╞[хf╙PЕувЩ╣ 0╢╕┼▄4╣pЯ╔▓i┴:╬┤&f│SDZяnBU┌┴XУ:бг┤┴mgp\Clt7й┴V▌[ГuЙ °zCj0ЦT√B╛`(Azд'ЫъЯsБЎУъ▄╪tfжUM╒<мNку╟gqf┼Dр╘КГVє│Рс)О░1·X~fЇ¤"╟)(6Ухyе┐тH+ыФ@>═С╒А─ №3t!Е¤5▌(╗░0/ОиNC╛╠┴zFЗйЬЭc┌}Ег╝АЪ?СЭЗ)GммИЇ╒жj4@ 2L╬e└ГЯчV ╨9n╧▒сkM╒\╪"миь$ ▓_oк╛йЫ4#+RYOФ8№# о"uэ Эo▓П╒`╦-Ej^│█pL╫ЖсH4дq╘KWxы Xьcу3Щ,8рХ^╤И|ЫўSа╛█╝в9SЩ╣IЁ■IЁ╤90eЫЧп▒ь┬щRє╔╙s╟чgSc8`K█9Y)KdT╪╬)╒Ў$мZcS1╓7╞f╡ёbЗW4!▐W╔╨m2╪ZЬRз┘C_'iз╫╛qЕ╬g})ЯМ@4H┼#DСf╝ї╫║бВтNiШёК5$jCдыDнJ67╩Соў┌▄хbb,∙вЪпJє▐·С:fZ╓;nЖU~ д╝╖чхЭ╪╬I╩?!н(JV▐@┌В0ЯЄB'Д╔Фп│:З▄Jц;┼бz;ЖТ╪ПOз9╥л|YnфPЛrб3jU└░|З6(Ч!t3WwЛЄQД9t╣Є/▌┬б+|ЭЙt+З┌№жАЇ6╡+я┴╬rиC∙;ф|;/бS┴ p╥mъRV эvu+е;8╘г▄К┤wp)Aeб;9VЁ[╥]Ь│Oy є▌═биВo╔ТюсP\9Г╨;9ФR■е№ЗЖХBят╨иЄiФЄ╗▐l╣cд%SWЪ┬jЭ╠╘╪8є╣╫█zOЎ╡Ы.ю░zxMz╪[д╛ь4╕┼З nё╟╖x─рbpЛ▄т#╖°иp юъeєy/ўАП<руx╘рЯ0x└' Ё)Г|┌рfЁА╟ ЁГ2у╪YwG(2~Ь8:┘zИlЮ═iыт╕╩∙╟8\p▓p}q>G╗╩ иTжCЪc7Cx7OЬ&О.&дАт╪├А Ha├Иc/ClA*GьcИ+С#0┐Р-трV Оn~}∙Їшл∙e:@Г3╠·К┼|ц°B─ьgД.$░ lОkв{є╔ф╠№╔CЩьм▐=№кT╢╝╓t°°е9]нщп■5Ж╤═3╔тD$Ы[(Gа?pgи╪BСсВ 7╠p|З#─P╟Иd░│#,_╓H Hт8*бщ╖╟ж░6Ид№╛dИ╪нЮр╝▀ї┐А╢╡LP╥╤T$╒Ч@O┼g¤/Вeц`z@фиж[a%dJйбБxjД'╙╤(бШКt ;C7└sвУX┘╣Л╚xМЮad-0х╟+4 ├EТq_*╨GкШ°D"Ц ╞ВмЬШm"╛┴йF =╪?;4HjXцP:SФ╕Xщ;ИЫq@вЦ':HOtcщ"ї╤E─6r дЪXix╡╔Л)0H,CЪ└+T+1СЇЕC╛D┬7BV▒║ёt Т %Вбpdмx"°Хи╒Й█фФGш $─¤_qяЧ>╨╛ЖР▌l ¤]Еv░ ZWХ`╛z !{hBzЭBX▄;▒РЫ═МГ\5Ч+└Ф" ·G┤Ж╛$эG`Ц╡oьж;0juПЭї╬╤*Їгю бQЄtg ¤╟^▌ ПPЗГ┼▓¤у3Уу╫л┬}Tц?╫RКyhU+d╠cI1Не╟hГuтт! 5F╢6 j0┼Q░╬в╟i .╚╩HШф╥q┌r~YцUe;%ЙФ╪RJшYБўКнaЫ$═hWnАq`6W╕1с|Пў═9▒oЖ╨bш┴║НйД■╙Кў├ E║я№bO&d╖#.╠C└д?vтН]|ЕюЗрЁaQ▀XПт!`кl'#¤)╗-ьг╪ @Щ┬+Иш█п3№├А{ё┘╔Bв5¤~╟Kp°?╣ЙРgD,Z┬н9└ыkВk H[╩LV3УЇ┬║Hp p\┼═└┌└}Р°]╢u&№╛═Д╝!2╤ЗЁ▀ ё▐ bГ?┬у└є~O√e╛Й pЇ> щCя█шсKЙ4▌№T╛gd< \°й╟7Q╩р:``├/OРВDБ°6╪У,Ё8$>-сKВ8OА┤╨▌№3` ╟и▒а)Аy╨S)ЕЕюК·B-┴+╪ Й]м`7┴╤╡(2'X'╢рH√ ф ╗жp яFМгл╦Д╝ н╤ В╙т╒\TK85▌ъh═3и╪█АыГPЇрш╜═╒l nРЎЄ:▐[?Ф╚└h'№+G╥Ў=Ї э=i;щ─З!W4+АGh Д╬╜M ? ╚}ыЩИ-b щ┐KР┐ф■ЁM▐/кў _└kX╬VQн_pIc$┌+╨Онр╠╝°AzРЇ/|#рг╤1=нcz\р╖рcя■└▀╧iом%ъ4+■oi5t▐рпАщ+°ХBl╨ЯЁ$■Б @#оNqu╫ЯвwгшШ9>╝ cO{UЁ\жХё└Мl@№║9zpuG ╧+Ж0ГХ╓АIтЯ1ЙOUH|б$ё3LтM эJ|Q/1Ю╦ухЁ▀┼M?D╡]нСТаоНр}╖ tpлhSmюQ№┴M╩C■╦╔╓Є сТ% ║У┼Imлl╒ л▀Д┴·[╜ 1 ╜█¤q╨т жO5ЇU°З▀Н~ О╨+╪aU(┴zА~/АC 9qP№ЩН▄{:└z╨¤ А>"А"·╧s║▄ЦM<ў╥U/мqыVюЎ$о пЩь ШOФ6Їh7zшJЇ5bХ¤(HLNЮ┬b▓╗9ЇL╟ы0о╤DЗW╢▀З▐╘╚PУSЩYь7sp89╦Р┼FЬж╙Сd∙Т╜┼Нo.╢▄╫J`ЄУЇ`1░Р╧OfЛй╔уЩW╩ХdЛ╗╪-_SpdР0║В kQНИк╨Zl1А▓Р▐╬╞▄!▒▐Є,╧▄л╦№ь·╗xцB~аа╟жe~6┴2л╝|ПГ{2b▀Nк▌H▓╢┘ьLф}Ыё й0y╣У┴№9 {Рf┤я▓Шф┴(Ы╦OVИ]/─тр╡/г_&╦ўUe/У:`Y3А╝√P╓d┌QGYЙ├кЪЗщ└tсЖУx/╤┌(Qvч=√─¤tDт■Сю╝РГМhO*hgхvK├aaGU┼ЭwаУ* фИxК@Ь,=u#тYqR<Ц┌#№1■┐ЎЦХг*┴-рS5г8уQхщ▌*рб▄▀6·└сAw╘М П$+\▐#р╔aИ8╤бЪ#,┴■╣К╡гI╚ПЗk╬;z-Ьёа▌ЧpИS]OыKЁJ▐F[Пю▒`LА!Є_l+GCР ╫b╙шў>рщwyGлp2К~╞;·%`╞Г^х= t<\є╡г0K├wgР·+ьНшЄ╝6M&Ч7╫>,╬ ┘[р8╜ї58Y}┐\┌║╣cўoЇОФKя┌Ь.э▌╘О)╢ЫВ├╢┘╠ёщq╚4ХЭ▀V└о█r№ X╬р╞M■╟╣─йув[8Б╕MSNио▀╖╣tRwu▓-Э,2эь"╔[yчo░eє-я┼№ўэ┬4m╝╤э╚╤Ў_I╩╙╕/╘░sJ╬`=▒M ЄNd╞' ─n┼Р╥иэh5!╢aаз╥Г!5ш ╙╤Рў%R_яф├Т- Ж#Дъr%/╩e1r%у╤^цщM┬8TQB8ъыe╪·РX╦▒бa"ыр╨@,1ы╔ф^leЖpJ ─U▀`Pї'|Г└k√Єx¤yОd ХLТ*Ы/Ъ╓▒GЩь ╥щи/RcщTo Ц└к/"Ь:$b╤Xo:джУHЖ┌ЖHuЩКG*╚5e2Ц ∙щ╥ЙL'√ДЩ╚ ]#АА(зwМе¤║╢Т;'uХ╠Аїш1и&√bЙd0АW¤I╜СЪе╥Й┴$i╨┘.ЦNи╥`уhd Т"Н║▓cс╘!_Н ЗаС▒ъ■╨`( А│Рж2k4р-#ё5Ш* ПРfг▒"ГБ`(@VЦ▒╕+ж7ФPГa╚┴▄-Ф$л╩ЇX<е·z╙дE╫оx∙эХHи╛`0A.╙iНR#╨юЁo`g╢Y}rYc ьP&°╩░oнhЦd* hЕ╡║ОI·вС^╝Л╣:X╔ЛТdЭ╤I__Шм7т╤TРl0т№)▓╤мh╪ txжй B6щXВ╥I╝ю%ЫuцDУЗq'Ў^ $[* с¤зн║N0╟цє'╔хF╜·"м╤┬0┼жкщHWIсp"КУm·RjW√╬о▌и▐K%I[Щ▄ ╛Чр.)ВYк╡▌с╥ГЪ¤г1p@╝Йў┌/╞┼.║Ч╪vШГjаyx{геJЬFN╝ %У\^Ть4ТQЧv╒?в╞Зc ╥it№иQЩ9╜ЪКсеzr╒2,сDlА1эZТ [Х▀HТ▌:5Xш78v8.Ш┴╨]╞╓с╖ {Цф(СўЪzW<┘Ч√╔>│guт╬dT"├`иnг╘^v5Т\m╬╡гг+<рS}>h▓▀Lю╕jЧО|НЮ< ┤ЛyE╧2МF╟ЁUpъЖR┐БкЦ▓*▓iФ`E,ХaЄР/.&У ┴TС+6p╦x{о▌╥v-]ЪС├l[ЗUюьфйV>╫╢╕Km▐Z┬цщnл╩v3┘eЮ2╥О╫2╘\╘╕▄¤9\┌avo n0tи*k├h:АJ,█ko<`Гzl;├▓l╧├смe[ФлQД┤л╩ё$КТn_┼й~╤╗5t╬Ї▒Ь▀┬П╓╥НК╟))лФZZgw7┴rjq:ў КnДЕ╩^ч>чg─╦ХMOЄ `└Д═C%┼щyПУ┬^├∙eфя┬ ╔АpщUШм▓ЫIr^┼N╒LО|'╒Йкй`║pcк^м└н0Е[╢6Auj;u _╙▄▌LH]гОь tss─ГE╘╦мЇ^ CщНН╞ iвФеРъ] ╖▓СИY┘@P*!л0AHЛYc`╛╠CMu\▌d╞мй1Ч█*ь@╚Zр╓▒ол1╘k=Єa1╕1╦М▒╞Ш╪Tj.'зlо╤Y єn▒╟~'╢nЩkырjъхкР~гт╢╒╦▐╠.│и╢Fю┬Я╢у╦"█╫┬┐╞v│x щ╨г▒│╙рМЭЭ║·єж╛╩И┬L╗┌ш5═Ы╜╝╟√>?│╚nYЧ┴╥ЇД▄┐ыо│z┼ я╣√,%я}°й√╜m┤,жХ╒fЯlhБюNx╡zЎ~}оИЗч╗F ЭKh╘cи5╫╚чдщ&$·/╡Ї╧¤N╠3ьqbf╝|Ъ+(УЪИPg9.qзЫ╩2zСЫР╛%D!9т<╫тА1┐`ш│n╢иfA─pУГ▄ЬД─JН▓Ф тzє(╤Д$:ЩкI┘ф ) ╨╥m─╪шн`О!sбн╬N&їРlЁлa│╟ЁFAЩ▌═YE#r╪А─#yF╩е∙=!G (& ┬0мЄбо╨gV╣6║<▓14Ы├▓Ан<┌╚KuLЫ╓mэ╞ оh1л ;Юг2`:╡шV▌Iz=е▐с¤m= ¤√OЁ{ 7IУ╧р$Д■_g)№┐╠Я╛'█ ∙е.└N╢хччЛ№q√эЩь°ь┬─фo╚╛=WШ╕fpуJ╙DР╥ а▀c╤6Гoй8Щ╔fЛ< У>└o╦└ фЩ╧Oтz╩▐Й╔)тжйbaВЕт─lц8OOцєlя Ф0Ц╦p\.?│▌BqoКJhШ вШ|╖7 ╙%╜&є┘1T╩ZRJ█╞Y╪vб╦щ,жТKu┼ЄD}╞К3<╒═nкl╦dў│цУ)й▓hўтд7a╬MmM?Че~ЩJ▀вTЦъ=OГ╝╥Fхъ3ЄJщtЫ,┘жхfА%█WJчzv~╬#╫B┬VДЇI┘╔ЪР╝Z╢┘шY┘.╜С╩оYЖ│Ї0Ьи\7 ╪П│d=&?uX▐аI:*╦ї▓фСй═ ╥▄╟dI··SП▄ИЕРэ╢Ч=▓╥v█s▓╦F(╩&=eIЯ╙e▄ЛЇ│Вё!d┤Ї▒Eek█А<-7(!(ёr5RХGmRўgeщ└VЛмHchФа┤Z▒╛╥Ф┼╘ФmЯєX%y╡tсiBхЭ╘j~е:├╜6 ╠Nщх3╚╒яJ╡M·Д▒щ; m▓C:UФ-`1м╛┼v?"╬Ы]z╘VЄа6gБ█!}cБ╩нТcXоТPЪфlУ[!УBl┐'oDЛ╖БJw▓vРбЪВ*█юў╚ ├▌.пE▄Г└6"╦OО0Ц╒╧╩Є)yuш=З╦kчw╔)ї╦ ╥r У▒ПXмЦ Й К╨ОТ│жY8 Wб╪n└╢╜|Тємl};`keO?└┘Є╣Е >╔─Xl╖Б*Юay╒Я.#╫H▀%`p8∙* 7AЯФЫЄ└╖LА№hєЧX╦9Дd┐ь█Z└.\D√(╥╦┤ёИ│I/вЙ=А╞╓│IXj=Ъ▌&]а<ч#ЛЖS╧0еRоЕ╙0kZЛm}Х√ўoб╟ф6·╥@3ШТХ'хi╞┼3╜ пєPщ:х┤╫n∙й\3╘гZsXlяЦe *QЖХэм3Б(▐Pv██нVщБТ|╠КDщЛрvщ√фзP├├P╫)ц█PбO▄вАTє▀0 ,╧С┴░и┤В{╫╫╦uвзV▒єс]Ш╧&UЭ]О· zЦй╘╧·├╓aЩ~▄"CД╟XAЎСеc╛с╞▌°|v*3╜=││kD│╙╙Х┌Т№жХE╗=)¤М╨uыжG┌·зз█пОо[gб 4╧КЩ}+┼@╩\ЪЙ"+`!BЎщу│█Ё>гИФхЫЛЦ ╖cчЕn¤├oЎBГЭjн╢+╤2Ю¤L√<о╘╨ж═.AW╗хO.%ф┤ЖSX█╢╒"╬цЭ8AWП%шR╚M6o2Ї╗▄┐cё╗╝яФ|о╓;м>╫Ц█eЯл¤6Ы╧╒їv{пы<Х·-WЧяiW╗я╫▀_╗Z}_ry¤╧╗▄■P╦▌╦ТM·Щ╖A}ЖA╜▌╝╔╔L7я,z щ│/┌ён|Ц╧х>kё╣╝╖JYЧ√)ЯK∙+Є·S╒Ьк╜┼2А{NУ sD█ czс%╘4В√╨ NТ╜Ah╣ЧВк╣Iь╖к°8н*╛т:╬6]ЛЗd}│Щщ,~3Ч d▓є∙ф┬ё{\[{8\ЭbЯ┌-|63Ш╔│ЭзЕNьЙo▄МЪ)ж{"▄ЇO╬╩T╗n>═dпЯ╠Чфг!°nz╬╪s=▒Й)лэЖRs┌vи╥╛kуkFuп-┐▌Sзз&┤\М╨ЬU▄м╒фТ╧Ё╝i¤s ьЩUёDnl*єу╙lзпlЕ=EcЪЄЧtЪ└ЧX░Ь1▄/THЄЫ_=л=бЬ81ц╦NаЬ)yГxMApv╓№ ` i?зеk┤]у$n[ы│╓2█="¤иg.F╥е╡в>м+JK?a)щ yС|йМ╥Т,ZеOСЫ╧¤{Х╥ъ■МH|ЯЦy╡Ї/╡Эа$NEй╡%ЕJцh┤ЦPцBXДРЪR╬ФЦsE)gъbъщ%м╨┘LKo,5╧╨ы"i)I╥Тї:Chi╡╠f╢а╠·Xйfи─Y"JеUqлУСm лPЄЖF╘╒ш╥\KЪI3└{┼┘AJА+╡лр^вжФ°+ШОЪЩP#НнO│;TBKЯ.eMV*QЩМ╘WQh║2▀╡ВxgЙй┬"Д,ттrLe6MU;)РЭn&ы4─═e┬-Мpq7ЧыafБzШnй╞╢Ц├з╩ю5є╪▐Ъ0+╣я№тТ!рBйЯ[K┼╛yN~uёЮНyЯфїy5рххг▀Л┐щТ─°єZ▓▄wVЙф■х║!цЬ╔y╧Щє2deю┐_*я╥: ўя?█O[чi^t^Ь╤Шн&0 ┤и■АИ▒КєўEП■е8юЬчq╛WЬ╫╗3¤┤▒ыВ8Ыc║∙хЩг╙в┤4 Ф└g─yNЬє&9oU▐ o┐6Ў$~ёАР_┐ ~@K▀ ┐ы─ЩТV"]─ю&№Щ9╞├0ў|Щ Я┴IT!·yЙ╓АO|U╔Є<bтЧрAПm╜╧V|\╔╢╩s 9╕ж╬°Tп)~└щ╝}∙\wP|ъЄ<°$у╜Ч╨Ё9|дКъэ№mdZFgЎ3№╢ФtfKoВ╧{ы0м═╗ ї· ┼ўгш1╪Я║D-ъ!qпA├M|├эЄ╣·-°"█хyn░Ёk.e}╬ц№%,Ў░▀▀{ лBт╡eфhyo0Ф■П|QюЄТё╣═▄%x$|qюЄ№ьf<3╢е╩·╛Їo  ─] pWu^¤╪Цd?█▓м8f╨А\Eqь─%nF╢д─bdG▒х─uЎн▐[=н╜яЗ▌╒Яёд*їL╥РtuЗ╨║н╥Lж5 изMй f├дрi=4эFS\43ui:d└%=gя╜{ўю┘╖√№P╙ЭЙ╡√э┘√Э{ю╣чЮ{я╛Нцлр┐жЖ°╖QЛ?mb╫√2├ DПfЎз╒ЧycЩжQ▒5\fЭ/╙╘W╠fР╔╢└}_fw,╒╗x9k}Щl;УGўШeЫЁ╫Б ~∙Цжr3ЕвU*№Z╬ёF═ВUъ╬б▄эPNзпiз╓_+нdzДМ╓эЩ╙Ю&ЮBv┤Й·hw▐Ё °Ы╤Ш-ЫbJюu]№█  -п&3═ к└∙2_жЕ╩TШ╠И╞айбГЧиh╒∙л Л}бAXм8cT*╠L№и8V╔Э╣5тt.V  ~ВXм7░╪G┤└Y√[lZыа2▄b╢V▌b▌WHkеd│ъbКп>2Ч|м╥▌у  ъю_ЫЩR╠Жx№╢рr┴ЕЮ C ]g╢п(OЭkY,hЛKA[|■]б╓Э┤Е╩х╦Р╢P█╙Чсm1зе╖┼M┤E№╗Т╚бЭ;W&x/п╫▄rQ/"╘лSйWDЖ╫k8и╫Z╫'╗D·ИИЫфєYн║ЭЕ>є ·рё|│╨'╛чRЭ╤/т#Ы╘9ж▌╣╬ХЭЕo<п ▀ИСйHц╪ъР╤▌whдыш`▀68o╤т}┐Я&╪GwM╧p Ує╦лўSaЯ∙└>t°Ўщ╒╥█tVKПcч╡t√\╨к█G╘╜sU║п.╘рл7Wпъ╛ЪM╨П┐j·─√*_╟6Ub▌U@f#фt^Зj╒╕╖0фы_ ┴у▀бЬ╩Кш°%эєв╞Zе>√╠Ў╔P▐ю Zz╠╝дUПЩм_ їя╫кў .╙╫Ы$├╟┴NMXu?н╗_N ▒мRО'│ўhк╠╨▒сtЩ╜╗Уd<█э:vьX ╖J5q^M?о╓╨wfW,M▀Щ╫╥√╬т█и╧ВЦг№╢ш;Ж^Ь▄^}{╡TЩ┴c=щ2{;dЁЁc▌ъД8_4╝q╙qfWд╟yi├7с▀╒к╠R┘РўпYMш▄█@Є1.kщ1сЪЦ>dУь3VqL g[к█ЗЛhБМ┤X╦╥ММЙу╓X╘╥G╞ы5Xc>┴AF╘▓╘╜)бw'шГ╟╧ЪЕ>╒G╞хhШХ\╞G╢ЄТ`╫а @┬Уs/█@ж▓*<Юю[╞F)s`лН░x<ЖO%╚PлЦаN╖й╗ л╞Нз╝]j·PПЕ}ЗyT-З{╘ нЖy╩Ъф№ $iM^s°╚\╤┬Ц  ├н╤╟╩AоуZ╘├o╞ЖW\ьхЎikЎбs"aЯ╬ЖЇUИlВ}D╜▓нK╙у╡цM)эї├eBЯфёBъ№хЖ_e╝╕ое╖EgC┬Кў∙+Нв^8;Zе╩ЁЎ┌▌Р!Sьє?аHч║фИЇОхLgщ╧└S∙u8Э[О?╥в╚XpЪ╔Дe~Р∙L┤_0}Pч╤╞_%╢·yoDЖ╖┼╢а-╢Snч■└╬[h ёуFk #╤·Ыщ╒чц┘Жъ#м╨'╗D· k5мo·╨╡gб╧|В>x№ёrбOї╕Кc╫еїa ∙*z╘e ╚ВВ№' =├╚JH╤* ▓РE┘Hg[dб-ъл╥Ж▀o"є╕Ы░a%бMЕпО╘рл^рл╕Bz+СєcBТoЁХф─JЄШq╥д:} x·},R65tk╤╝ПoБ╠у╦XПijhгЕр·рn█w(hd╦э\┘$ь╝Гъ╝Dv╞уMl},i?ўApўГэГ№vl9╕╟!v6X№Q╦v■╜fag█-фr;BkЎ┴┌┼жещз▓юЭ▒:cЫ■m╨ж┐hНоєуБm·GAЫ■~l9h├м&lИ\1JA╤П,э>[ОW╫ж╟▒Ы│Oї╕:WK\M╨ПУ+Д>╔∙Ж╘∙~нZюЧ╒╥█4Ig7fk╚¤k╚%цSъ~C@{ї\bмb∙╗%A╜|ЇIМ┤Ы├єЭO2л Я├°▄F.Т┘F╛HVA~М2╖ЖС╖щщ #mРВ-╛;М▄Hяmaд╙┤ўЕ\ЮZTРУА╠╜?М|Р┘ДСз╣╛=М№)rэ єВvс?=nW█Л°F╠z┬M°╞SБo╝Ae╕o╝°╞%НE╟РМ╪kk╛Б%>B╩Є╟Э ∙┌чЮфр+ ╙│'<.Р∙g@оьЙZХХМь5V[Ю╒Ци╟5ж╧F╧7╓РUолn1]/ф╜▓б ▀Ыl▒В5▓+D9╒gЇм┐Х┴ Tu^*√poЩk·V}п?иW├▓Ём╩>vЮ┤╣Ё14є1▄┘}┐*#ЎЫД┼Ў╟zР?$°бы9%█,i┘\ї^╪''ь│Н╩pХq╧.u▀su ceS √▌M5ьчfк╫}*ч·uЯлбюsA▌▀√^ў╣ъ~бЖ║gъ╝▀"ъEkAu╓║-ъ║╗kЫГ╚.╗)Вь|╣!В▄u▀ЄсьЧыbя$ьy┬■a  a┐R√V┬~Ь░_$ь=Д¤Х║╪;√a┐@╪▀C╪ыbo#ьCД¤_}й8ъxхйЬ╓9^┴-г'ФuдНА╠)2яфL хрtYЫ/ДezV)їя~ k4kb;OЄиo╛│Я┬ч╦gГ∙r/Хя7еп╧'╠Чё╪ГЫlу╒э<Х;G╡╣qe/ЮZ Р Ў∙n∙M═M╪gоЖїДлБ}b╓m─АMщяk-ж╪ч0╓╘J_Ka2X╬;5▓ЖFъ^}ЭнЦ║▀hJ EX[s ыHыУыЮC▀8Q▌7╞НR▐6й│П>zКy╦sАdD9>ЄнЄЯ┬Ж╖jd┐Ы█p^6╠Pb├ъяP57з█░│╣Жў┘Rl°cиiчЙъ■Г╟гИ5:kр√yС7╕╕5j░╞| ╡&░F╠[Фтm▒м1ЯbН╨хzК5ZёїБЎЫоЎYнUыqЧ┤V╢k░╧╓цЇ╒╦сz▄bК}▐ПU9ЩlЯ╗A&SГ}X9╔Ў╣в-Н}:k░╧ёZ"╥Жd√┴║з╪▀pям┴>Щь│и-Н}║j░╧x Ў╔&╪g╝dёН ЩYНyу%иe(√▒%и{М╬╝ю╫╡ЇС:▒ю,п█╤&ЇёwЫтdh6╕+Agк!╒'╚EI.zНфв¤d■uОоЎ╘┼■ a┐J╪wЎ'щjO]ь √9┬~#j∙╗Ў,√y┬~Ъ░┐J╪▀$sР▌u▒╧Ў_√q║WB╪G√E┬■|]ьGщ^ a"ьч √B]ь#4g#ь¤Д¤,aб.Ўa║SC╪ўЎ╙╗╚├еМ╚├CхИ7U▐╞<\·$фсд^╗■_u▐y>╨╣zN2╘Ш*sўвMc╛фCъuS▐rЕx╦K$FuС ▀#9v}ьЧ √┬▐F╪?,┘∙пH>╙єе,│Ф?&9╜Zh╪▀^oгoр1╖:╠Е3k*°' │-a▐Н╟ч@╞KЩw_ЩWоъ_ШЩOШЫы·t┐4"╛Ц└Vъ╛ %/ЄзЄ "╬3фЧАИ}jЖм5Е?3ф=|щ┐1@vЄ╫Щ!¤А╝дФє y9╚UЩ\#╟nЖ<╛FцQН°жещ8eg1xяП╧В╠A9║]╬┴|-d╓╚╒Ж|Н╫beА\dxE╪> с╦Їjo╜хЧмO█°Eё=&єЛ5r╘cHKл№ю C▐┘╢╝Ю3з-p▀l>мсЭ ╙█"dжrо┐OtIйщ!NШ>╛ ╔ДС▀с2Т¤╙нbN-╩yРsКх┐ф?╒*чхVц╦yн5ZўЯ╖╩QЖ█ъ┤_Сi_╦╛к─,п{╢лCO▀Ka2ўмХ_у▐ИxOЖ!ПоХ3)^w@:о╙kхZC>╚│JM?│6ZЛ/rQС∙* ╫}■im╪[Кf1WЩяб л■ыZVк┤№ ,G╤зuЭ№^oўuЄW╪ d8ЁДвaГGk№н3┴urЭ\НлЎ╤МАзЖ=№▒ur■┼Р'╫E}у@┌TOX'WЁЄўывqу:Цгx]KЖ¤юF>ukЖ¤ъI>u; mJЫ~0#╓[D╜╥╗,№╘╤МЬ├2дРС_╖рq##┐│─Р'Yг╘т│АlSd╛ШС;╬ ∙ Э-av▄пы jaМЦ∙FР╨?╩╕а┤щ╓Зї╤ї╝mы║GZьЮїZ^/3XЖШых/Є1@цTў╦щ ХГ╗"│К> ыгэї @║ВТs▄╟v+ї·■z═ўи╨x╚е {╜№ЎCVАзЬVd6ЄВRЛ.@v*2wl√╪ °у6EЯр■PЁ╘a█4С╣вXь├Ш┘Eд-Лх╝9пhX▐└ZFz┬cdЮ└РП▓U╤Ё@о(\╧"▐s`╚Ч7░6Х╚╒ 2╗Ё#дЕуrП┬ОїюQ╝N█╚Ц╚║НЭ├╛wc4·▌ HптG╣жЇJ№∙╣└оU(╢xЧX╪∙гЩўJЛ}r#SЛqсяr┼ ў;S@цМbН┐Dм╬qklМ┌ЁИ(5mВщB┐b∙   СЇ▐wгМ┬їАМ(O}Р^ефгАlWdL^r(f╢1;Kл~РE┼к▐╞Nе>╚ ┼╬▀kУя1ф'mтэa▒7█фZC6l╥° ░Рy 7ВЪ┬╕ГCтo_ Щ;@&п╘лw╦1еЖGQ,fт)╚щMс╤П'7▒▀¤Е╞ўS,"Й╚C9F╢Lx4 <╡U)∙o╔(~e√5ЬФ∙■жpщў#ъспГМж┤Ec╗\▌eH{╗xL╪ч6@║о;┌х^-C·┌хЪU#╦Я цТ¤(╚ЬU╩)╖у┐ЩРЭЯhПОD╪╬Їх9ф╞#ЦЛ╩■ї|╗x▀Oш№ЧАlW╕╛▐.▐╩2▀dA▒╞ПiVуs╗▄uх#їf╣6╚РнАь ╕╞*жЭЧ▀ю96╚z▌▒Щ═/d╗▀ ╚Eч7│_J─фмRўi@▓ rР╙╩SHЧRпч6Л7сЕ5╛╕Щї\iНo▓D╜dNбэgо┼═тW,gl╩▒щЩ╬~■>V┼1ї▄O`?йьъv╠▒КчtЛч,╧Ў▄╝SЎЇ▒▓У3У┼fJ5H╣х4)ю Q]╖КF┴╘G ╫Дб+ЎqгR╤╜ЩК Уп╚цсЪ├yх '┴ ╝ a}ЁрсС╜CCz └╛#ўыЎОь8tИ┘у,(в8нсxмe#∙ЄФeчsЖУЗЦЄЁ│▄0<МтTk╜dx╓дй╗ь>[,IВ┐╟ W╧х╝▓Cх▒═pbП5╨q21j─╦М[╢єцtотщт}╛Шкш║_ШYЪд╖¤╡н8╘ИAнXY╠-╢J"╞▓YХз┤+J:╘┴мxV╣T╡№єЯ┴wIў_▌[CWХ▌0╥╜╒лpЧЎ{1Sт╘йSjG╫їB.з;f┴rбы*`▐$p╛мьЄиaыyhpWAr>Bl┌7Є└!}hЁЁt*l: b┼)3пgt;W.M2ўЦ╛ВkкыРB∙▓╕╡ *Є'││p▌_ДЖrNтч%¤Ж└╤█╡▒█Nfи^1н;w▀е;%╧*ЪЁ8Ш╓└вж F█▌Cksш╚┴С┴·ЁсБ#¤шЗЖшc╡8╪O├F╥z@├ВШ#▄┬їО╕жsо'РБ№~`!T┼╒╕┤7ю`╜ЇУц kию 8,╘'t?чjт╢О_0А{·╘];еАС╧иК&Sх│XЖр}D:t}¤!) j bм▌бV╙я│J∙с▐.С╦}3Щу▒вю7=~у╛▓│7ЯwL╫Н╣┘WЖ6НФ40mц4Фq║╦%сГе╛ ╟1KЮ/ФkЦ&Кz╨╣lk╘1Ьў╓$│Ци└рmдч&╜╨ХЯ:╦╦)╝ЖQ╚НИP(|i!ИB`╨б┴JF)tg╚╗-╫1№h,штykZпФнТ╜5fЧ ЪН╤ыBШ╢єх ьВ┬f№Ў█I▌_f╥√wьЕ╦Rф3 1║■СЙ28ЩПУ~CВ╦Яp▄qk╠уt.√ФБе░Б═?ы;╠№Ш]ААзH=gЫF b╝ояУъT`ж Cя┤З ТIЁcA-9cq┬Ў░я░+k╟hчзХЄ╘о╨еV8Г;╦[cc№ttЗ(/ФQ='D∙╧P ]А ╗ё╕8ъП╧▌;48єo╗ЇцЪЬгЯЁ▀Y`A яЯгыVyTЫ(х4╓В╙йЯ^╣ЯМD╔╖ГаЦTD╩m┐Щ№ЭCЮMє ╜В єvйJ ┴o·В╒3&)ю·вёЩdў╘ёRgIюIv╗"cЁ▀─ХЧї╥C╗я┌╡ы╬]_У$╞а╟ДФa/G┘z┤Ос "4№{Z▌┤я▄б`P>Ф1Kk№┬Ї■╨8нTJф]:║┼Ду╘4s~├яQГn ╛╛├CжС▀7уЩ╙┌a╙;RbMХу╘}Цэ∙г>╚ЧEё!>ркеdЯ║.├9c╚p╜Ц─O <@du¤╤ЮУh)є ╢NП╤┘╚Б·╨┬<КVr!У╤╦cX F p╦ НыPЭ █╘- └ККїC╡№▓╣3i▓ВМю▌ЙQwлиOЪОЛ╛▀d╪)зэP#bй¤ж ▌уЩЖU╞Ш▄гтУ6Ў([■y╚╙ЎГж3h`┼┤їгшtY@>╟V ╣Ы┼W╦ЎеOцЭ▓JШПыvепШЄє]Тb▀T3IЬbr├┴g─v┴ !╦Щ└█гоiЭї-ь"#хЗн╝┘NЇА>▌нШ9k╠╩ЕЄ╣╘МSz╧╕iT┬N╚уГьёSC┐uq!╢Лу*o·aШнГOiС ▒h╙Jд╛&cЬСч<ПМйx╥┤=u┌Xk▓.ХОEBw+╗б~6АC&йA╥╝=2Я$ ╤IМШж@п,ФКР·кЁhС├wr╟4\$╞n╤p|хЯЪ тт▐╡ГЕЗH■,юV╫2╠И,дЎb¤Б╖dо"╙W┬╝|ё4.ишШ%`ї зi8p>n╠т=ЙЪ╢Ж.kХfBщ 7фd.g;Ш№rCЄ╢╧EКН_ aъ╞╗ЫеВjUЗ(AеЎ ]Э/║У(^(Gk┼xi ,╝═╪&^d└ГX┴яЛ°3RВТlm\л[ЕР!}ЯГ╢ВKЗ╟╦SЕwр╙Ў─u▌w╞И█#╔`░L@#Зb▓░ў$=OA`╠ЫьЗбШGxЪ├▒1W \пhТC)┐╙EZ9bI╩Кк,5ЄR°Ъ╗Ъз┼ч╡ё ЛCдP╢UJ└xUВ6Л.Dи├O8wa^яЕь!є╕ 'X┤:tFh╚Bк╚JDгu╒G┌╚H╞є═p╚Кд9~┘╪╞╨LEнZЦHUТЁсУmвkб╙ъ╦д▒ ╙RСа│·╗юСш "▓$5бW'u┬яY╪їa*Я╟9Нm\┼щВ╪Pu╓YєI╫;й]y`U╔°` юЧr~23│ся┐sТШОw╨иB6e║╩З■°LЫ▌гЦ ес■┌'и║╤YЮОмK╫░;▒u╡┤?}┴RY>Ч╜ЦїЗ   PKВ·Т╒╜РЦwPK-Нh▌Vicon.pngЙPNG  IHDR┬оnБъоPLTE^╚Sе9tRNS°№я &є8 цс▄B┴╦zI ╙гА*╖2ЩЮПФъ╫░╞k.p[VNи╧Ж=u╗│_SКgcм_v#ИIDATx┌ь▌ыV┌PрЭ ╫$еEnjлИўъ╝ ЛїG╗к╢DТvHNц{X af╢╨Юн^f▌Q▌,7╫CбКё╧ё╞Y╖Дкф)┬?юOЕкb╕╞ Ь╗ЖP%╘╪jYкА╙1╬ПЕмWЯ#╓MG╚rэЯ Дм╢ ёйи-d▒┴;Дu!kuF╪)рkўР└№лРХЖчH─чsa+╒║Hиy$doВ─Ь/BЦёЦH┴y▓JcНT▄B6Щ"%ўзР=fHя╗Р-Юaв/dЗШ┘┘рж╬Д╩яцжМЙХ▐ ▓{BеЎ├E&п|Ф┌УЛМ&МКЦ╪Щu┘*н#)0,lЫV)0,lЫп>R`X╪6зsд└░░mъR`X╪6э)0,lЫUД╢═`Б╢MgД╢╬╡Лф╢╨ХГд╢╥╡Гd╢╘еw└ЛP95▒├┬╗ї▒ ├┬Vk∙°├┬Ц╗Ьу3 [я4АКo ЧD=DЖЕ+б!├┬╒░Z`+ЖЕлb0ВК{ЖЕKвsГ 0,\%╟чP╤cX╕$Ж]|└░p╒╘юб"Z ХBэ0,\5▐+▐cX╕r╝1>`X╕jS╝├░pї4fP╤╝*З3иp/Л T4∙9а,·PёйpY▄A┼Tи$.аВ_Є7X─└Л бЬuFXм ЧЁЩp╬Ж=ухЦ'√w"д&■TX/Jq░'д'■TpZР┌Ш╦ДXО╝╫М?╞▄6▒o|д*■w┐UМ┌╪ХP^fx╧┐_ч╪/Щ╩═f/█=Ч~cm╝d·[╢{┐$Й б\\l▌ю9№Ц$╟cЄё│▌sЁт C╣╕r═╢{ЇЛГььа=¤tq╪┌X /Ч wbа╙c"а ,∙P█,╖¤ояHm┬╫_█ KC?]д╙х`м╢~очЮ]дq╬2└VЕ(єЖuї{s=╬h{╠┤рж\q*V█ХЫm┴Mї▐▄В!░X╣¤ч╖╠КГЬЙ-Ж#'√ВЫ┌╜╣░-дл╒T;°Э╜8pB█епvЁ;{qp╬Й`*┼-чIс▐Ь╧.╕╢vиvЁ;√╜╣&@┌p╪Г▀эИу└З╙╛╕╗Кт?VРоa√u╖╟{s+ ┌j]ь█╔▐КГ.з`bи└Є?∙~▄├┐▄Gбэ ~▌gfVуP▐c╨* ╒ю9Ф│┤МЩЛГ}б8┼╛щa~Є▌[тпНPмB_Ї°у┴ш░~ы╙6ЕА%s_╦ЁйфЫ╨6 А)ХЖ▐КГc@╢)NL│4t╞P╝┬└4KCАт(жYтыгP░dLs╨еП▄D╠sN=@ОB&:▒wЗ[i─@Е├ВBUPКв ╥Bе╓"UP▒є■/╓Ю╢ч4*Б,▓╔p┐W Lю╬DцрHВ:дщМ╩i]PuFдq.┴Uш:г╤n╩ЎPvF╧ └Вкqс! хK┘6ъ▐ИYXpе'Гї─Аy╔8Ї┤Ц$0▀ПЖР_kЮуўQКў`РGJШЯОAI`╦╨·о#╡МuяёjХ$WЇ~Ю╥ └№\P|∙I0єєУ_└Jй`~f№VK4є3eё√ щ`~NX¤╛\┬ШЯ╦▀▌└№LX юФzцз╔<└)ї╠GF тв є└0i@ёк/@9ш └x^ЛжМ'сuh └╕ЮП╛М╟└\`\АЎз3уt*░╖Ъ<:h └╕ьImfлsx!▌`=и└╕╗КЎьп╩Н┴bъ0.А.▒ШHЙ-A╗А▒#╚m'0.@║АA╞@0ш└Ю #Г■М pЛАБ ` └@0АБ `H:lYЩl╖K╝8ц▓/└`!╠$V`A $R`AьKдо Ьv ! фJвЇЕ(РЙ─И,ФvФ╪r┌╟@M╬└,е} DPД_АЕ_ FRWb3 щE"C╢Ъц1X`С┼``БЭ┼5" н%1╔n ┬ъHL└|шАWнИe╪С"u BыКнo$/░д╜Иm╛╬О ░Фї┼vcМy╔$░Ф ┼RйЪ▀n3ёFЦ╕3▒M═O% n╩▀┐-▒u █5"+FGl-є╧qM|А%m*Ць Яс╛" └rПБ╬эНa ж~mPМ▒їНе7Р@ └ 3_Є╙=Ф ]ГвЇ┼╓5пьIХЮApю1Рэа.N`4─vi▐║К ШуUП▒НЙlUFVиb[Ї╧╪h╩{`Z8╞@╢│Сl╧▄аHхЪc dkOх-0%z^=╞▐е╝Cж┬W▒=>$√╔а`b█7.х;▒АiQ╦└╕U√▓iw`ЕkИmfЦи~Ц═ЪoЬg)ы│l╥Ф(О1PАO╚FЬМ┴ЙX▓v╕]R░╝M╠J▀└TqНБ▄цШ"╬1Р█cFжЗ{ фЎ╜DжЖў╚6.А)qъ9lцУС┌╜A$Ю╓╝═s_#Sс9╧╚ЎбBж┴ы1╨Юё╫А¤bяN┤╘Д┴(', "*и╒q▀W\╟Щё╛ Л╡=зчФ╢3-┌Є╟ {ДaLрц&б╧ФИ ДКЮ╟0Є\─MДВФ[F╬В╚q[бжтsМ╕qбh1уmU─xBYл#┴ eБ╕╣PW ╕F╪-√√Y{╔0║╞И;Й4>5╕F╓1╥й╪}.АХ!К3ч\г╔═щ═М╕FТZ Фe╦HХ `Et╧┼╡Ю╗°-Пп,д┤1P▄з¤╕├0ЪИ╗ eж√╘Р\#kЧ)*нц└HK╒╢г*ТM┴К)] d7_\╙Б-│ ФсErL'┼иЄM╣жС3тvтw┌╖б.АщхО╕Е°ИY?Rpо╧ВЧЗШкx▀zsuРВ▒|:ёЄбUЙ_-▐║╥ШMЎ╝Ў[x[─m▐Ox╒M╗o╝ЁC┬qюП я╥@ ▓^ FDА8[|╙█╠-д`╟:w╛▒%тjтЛV,сUтw\° цД\Ы╖ёiXўW>юЕа3r /б╦]Ъц╚ъ0nЄдOЧЗ,╝╤╢%aдf═7\ё"o p┬√╚&P7s┬лН╘xЬЁjхУБфNx╡SWIxy╥╫OШ0с╜ёЦN=]ё'╙И^НM9с}h%|ьЁ┬ пЎЮё╛*'╝Пa°~┬╦Ы╕┼?2O.ьСTоме╢P4CLЗ^вь¤ф ёХw▌TДВ■ўДўЩ^Ъ┌╧sqЧжB(8╫ '╝D┘╖╗─/╔Яgы╢уIЯм╙╨┬╗$я┼╘_+Їё▒. мїV┐K№VЯ Їe┐╬ЁG]┴Ї╘:ZHb#ШЖJCЙd$║·щE╗жЧ╪уOДf╘Jed@═\0m╘&к$o╒╓Еy╢Р╬еЙ╜ПwpЁ *Wд╘М<3ФHKrеЧ<╖Г x;qЎ╪@▄Єбэф#юvSf d─;;+╚╩МмнГЁr╨░G╚A(MеЄ└ўЇ╡╖РЗЩ`$Еr▒М ╗Л|x№HQmЙЬЁM}Х|фф*=ю9йrИа║ГЬX|О3A7ЙЬL9 h'СУo !hk ╞ ┤3Р #тщЯв╜D№'¤IкKd7;Єa?D dUхзOWeКld╘ф 8]5Щ╠V▄ ж╠\"у┌М┤╥У~ызnГ╘Ь17 ╔;Iдф╝Ёузпх!c╚П_х ╥ЩsрлЕйtъВщ└ХH┴9єA░z░gHс╬╗╛u1Ж:Л█╛┌p (ыє╗┐6╠T╔W┴┤BХ╧+╛Y8Pё╡n:Йа╞xШЫАьvлRънГ┴║WZ╘4н╕║PуьЕ╛┌е╙mї4ю^Ч3╧2ЁcъЧюquш╘{h@IU╟щ┐╜▐п^ве/СФ╫о\-ЖД&Ф╠┤ ╠Rs3щwдcЖЇo7_BEа╔V╧rхыУў d╫╫)╫ ЫP╤а?ўЩе[╪ фi:д[Еm@AГЎд╖hЖ▌Г─_Q}в97║PР¤¤Ыюыдaсп2"К;б#$╫!9 Ч╫o├@тЯш╗ВШЦDb╜1╬t╧W  RTдДHLрL7╝H№sNHк#у#▒Э д╖Щ[°OB%IЙ╜*┌╖a У|TLРT@c`+┬ЖБ nDуп%╩▓(╝█┤w#┼@$0sСTё╡▐╣!QKGM.|0ыc3гЪРМSф аЎY(а╧э▌щbЪ@рсVDН (ввx▀вЩў▒╓ЮIjЫU9fй▀▀■h;3;;k╙яЪкёсЗ║еє]╖'┐?tD6═- н╝n#ek .@6;└ХЕO%т +С·─Ф121╚%╡╡CXBTh'ГR ЩLБ╩╦■G=аLE&%B╤мV^С'д╖ЗП╚─"xXЎ?a[d▓ xYЎ?в·╚вB Ыхi┘чш░ч"О╤61_╦>?QАM ╬╖╓▒7@╛9@ЦБ,<╚╦(ъP┌▀╗У@╖ #QВ\hД╥ЄД╡улЛ~!_н▒ЁFв.С╨ЩъРНC■╗A║k▄▀жЄB(XKHе╖P 3Q╬/@ы`с}\8X(+╢А┐(Y└жW┬╗ЩpсёzцюOBч4Вм┼∙НX╒л°╛Yb!╚╬▒9ЁsjлУц╙Бo╘D╒└Ф п╣ьt√|X╛ Рov▌Г№М│?!№▓mcd°оEfЧЎоe rUE:$EЩuDLЖ?СO▓3╧ ╨ХА,Т·wn|S~у@#0) пkf╪6Й LRхў ВZЗцglЧ╩э╡ft╛Rп╖1a№Rц(:б╗лМ?ъ╟╝DcL^~;!╬1 e нC·чF╙Фd═сВг\po(,√wTВГЗ{S"╘р эIнй ї╙▄ шж:%'ДwдТ%/gT╧╫.╙к+Н╛Бй2?■НD▀А!Н|я/vй╠ZЭl╙ЯТ3ЖПФй:S╩w╒0▀╣г;5z`·─.№Aъ!%Х▒И ■MцЛО├f#ЖkъTЪDл╬╟E┼╢в√зZх╚╧Є┼XВл║║╬Ьj╠ўЗ╥гs╢4▌<┼{┘деЭncол▐%0Э<хYЫ╩╦─ЬGn?fВ¤RK╔1/UA╒┐c╘тФ╤─<ЮъБ│╖л%╠W╪Дщ┌ШyСмЇ$ёЗBЫ-Є >!Me╠╘хЁс\ _(─L7)5°\н/`VVAГ╖я■|mдЛ╓й lЇЮАщ·s.ю╪■;О╞Ы √s nаўK°╬єс_╤A>см╖jNЗШ q╒Ярс_°╚a?kеWGЄмS аУ!╪■┘уй╩├`Ж┤ ы:F╢·ч.зЩ▐?MР░A╨Ед╘О┴X└;╚у▐╢A|Oў б ╧{┬ыBВdI▌sg г╩╪qх╤<╨ОjР┼[D▒│k_лnКГк╜┐╠┌▐ш №·HO%Ў JMЯФ7fу+sSЮи/WЇю6GbДpQ─`ЛмХЪя┌█ВX°a!rЯП6кbЙР▒3 _т.Zj$┴jЭ╨Б╔ L■╜╘%╟Дз[кhЭ ╟ьЛТW╠O╒-nХХ╣═YУ¤ <░F&╧и┐идf═Ю~ЧЕ'кМY║pc∙╦Р▄ж ■G?KNЦJа7OЧєР╙h╓jsa─F:╬$█LbJ╪оМиC:░┘оЪфR┌║ф█PU╢╪^╘u┬·ж}╨бЦуш\W5W█Д╜ыoёq>F╓б█Yя│Ї√╨╣.t&ЕVQнКДэ>gvL:∙ V{#%t▀d╬UсQ∙)uъmW3;:АМjP8Qё┌Д;n pЧЁ,\ёJЦ█v╠{}DHЎ╔щЪТЕTЗYПq╨╤8>O┬&.x╙zюPJ░ъ№_FУ│рo╣╝═Юф=╣╡tЎЪЮ<у╒Х/╦;унг-▐█у О░ ZB"^╧DоС╪n╬Ф╠▐ё╟б╜ RГUM╨3!3х╠vйеr)m╖$Zw╔{АtЯ│рОNяеї╝ЬХPс╞╪АC╚w№&ь\оKНыЁ)ЮД ╙ЬЇЇhС└+Ш_╡╤ЩI░▀эo╧ `[╝ГFR┌iц╒╟M┐q▓╢м╟~▀├уЦб▐Ў?╨ь/  PKJХ╟╪ЕqPK-Нh▌VAppxBlockMap.xmllТ]oв@Жя7┘ `╪K│╠ атж┤ёЫВийаЦ╗С╧Шб ф╫╗qcЫ╜<'чЭўЩўЬЗз:K;чарДQM@":їШOhд О= н ^bъуФ╤@(Ю■xз╠K,ЬwZ=хЪЧe■ю┼AЖ╣Шп`ЬЕеш▒ р<пБ╟л,├╣╨╤1ПнаМЩ O\UХX╔"+вv"╨╛▐т№т1ю!Ix|ШУ4шмp╓Т╝SN"°bPBgKЪ╢7ьг^√Гe нХлцї╙Oв┌╔ЁЭlx&Л┼3{уЖd5г4┐d║|yы├05'ыН3<ОVЗххxм▐Т^щN еN═!tцj┼│·нЄЮ-l7Сж▌d╒Б╛ЪzI=єнЄ╬г╦Аўнє╤)╙рАHQ1:ЯїВ8┌йЛ]Ъ╝╓7Ў╛l╢юb|Jз {_ЬўТэао▌xй√║Х┤0ч╥Эi╪WоЮрЪ╬ЧМИ╟иШ╙ш6┘ыї╒╗xdї[<╦хВe:ъцfQ╩┤4)█░ ЗЇ╕/ыї&ФГ╥%■ЛLдщk9│Ю╖|д╧|yр;°`╔Жб╘зhг{cl^║╧/Щ1jI K7j╧┬┬ФД/┼v╙7J$х√%Ў┐Qт*Ў▄┬А ^└ эНW║е$n╖{Сьa▒╗wЪ┌XЪxIю*sХТgОМЙ╛у╡i7;;tЗе║N╙<╟цЦ╘щсш.OE╛╖S№  PK$╙ыd5-PK-Нh▌V[Content_Types].xmlНР═N─0 Д_%╩5)BmW№▐°9,`R╖mтDIX┬█уv%hЕ8z<єНхnS╜L┘ъх╣jе@2a┤4ўЄm√╪\╔═╨m┐"f┴V╩╜▄Хп╡╬fЗ▓ Й7SH Пi╓╠f╘m{йMаВTЪ▓0ф╨▌уоИЗ╩Є▒+JqwЇ-U╜ДЭ5Pxнkує>╔е╨' Сц_ыЧ V¤tДo■гЇ@гЄ╣aй*d'╠хlН0эЕЦьИтRy╧Y}├╬[╠■ в·?√}ЙxИ?l╜■z°PKI<█тЩPK--Нh▌VВ·Т╒             unsigned.exeЦw╜РPK--Нh▌V.Щд            icon.png└└ РPK--Нh▌VJХ╟╪            AppxManifest.xmlqЕ¤жPK--Нh▌V$╙ыd            AppxBlockMap.xml-5╚йPK--Нh▌VI<█            [Content_Types].xmlЩтCмPK,--╣nнPK'пPK                PK·Gэ/ЙпЙпPK-/_▐Vunsigned/AppxManifest.xmlЬT▀O█0~жЕх╜Ц╕Y5UI EBjY5<ўЪZ$vцРюп▀╣MJК╪S%╣;ў▌▌wI╬Ык$╧`м╘*еуhD (бWR)їn}·ХЮgГd╔┼/`@╞+Ы╥НsїФ1+6PqURmї┌EBWМ╫u├*офмckэ╒К;L└^дZщ;╤iъy¤!4М ╠xЇ @мПe└К▓zпFЖ8╬Hс`Еp№QЦ╥I░4├D╔ї ФУnЛяД▄Ё Rкн-н,BўБNю╗б|О╛D#╠рdщKi7`R:K√с▀асU]B`6$∙MЪГqr-w0$?~е∙эЯGgЖdЮ>pc∙╦Р▄ж ■G?KNЦJа7OЧєР╙h╓jsa─F:╬$█LbJ╪оМиC:░┘оЪфR┌║ф█PU╢╪^╘u┬·ж}╨бЦуш\W5W█Д╜ыoёq>F╓б█Yя│Ї√╨╣.t&ЕVQнКДэ>gvL:∙ V{#%t▀d╬UсQ∙)uъmW3;:АМjP8Qё┌Д;n pЧЁ,\ёJЦ█v╠{}DHЎ╔щЪТЕTЗYПq╨╤8>O┬&.x╙zюPJ░ъ№_FУ│рo╣╝═Юф=╣╡tЎЪЮ<у╒Х/╦;унг-▐█у О░ ZB"^╧DоС╪n╬Ф╠▐ё╟б╜ RГUM╨3!3х╠vйеr)m╖$Zw╔{АtЯ│рОNяеї╝ЬХPс╞╪АC╚w№&ь\оKНыЁ)ЮД ╙ЬЇЇhС└+Ш_╡╤ЩI░▀эo╧ `[╝ГFR┌iц╒╟M┐q▓╢м╟~▀├уЦб▐Ў?╨ь/  PKJХ╟╪ЕqPK-/_▐Vunsigned/icon.pngЙPNG  IHDR┬оnБъоPLTE^╚Sе9tRNS°№я &є8 цс▄B┴╦zI ╙гА*╖2ЩЮПФъ╫░╞k.p[VNи╧Ж=u╗│_SКgcм_v#ИIDATx┌ь▌ыV┌PрЭ ╫$еEnjлИўъ╝ ЛїG╗к╢DТvHNц{X af╢╨Юн^f▌Q▌,7╫CбКё╧ё╞Y╖Дкф)┬?юOЕкb╕╞ Ь╗ЖP%╘╪jYкА╙1╬ПЕмWЯ#╓MG╚rэЯ Дм╢ ёйи-d▒┴;Дu!kuF╪)рkўР└№лРХЖчH─чsa+╒║Hиy$doВ─Ь/BЦёЦH┴y▓JcНT▄B6Щ"%ўзР=fHя╗Р-Юaв/dЗШ┘┘рж╬Д╩яцжМЙХ▐ ▓{BеЎ├E&п|Ф┌УЛМ&МКЦ╪Щu┘*н#)0,lЫV)0,lЫп>R`X╪6зsд└░░mъR`X╪6э)0,lЫUД╢═`Б╢MgД╢╬╡Лф╢╨ХГд╢╥╡Гd╢╘еw└ЛP95▒├┬╗ї▒ ├┬Vk∙°├┬Ц╗Ьу3 [я4АКo ЧD=DЖЕ+б!├┬╒░Z`+ЖЕлb0ВК{ЖЕKвsГ 0,\%╟чP╤cX╕$Ж]|└░p╒╘юб"Z ХBэ0,\5▐+▐cX╕r╝1>`X╕jS╝├░pї4fP╤╝*З3иp/Л T4∙9а,·PёйpY▄A┼Tи$.аВ_Є7X─└Л бЬuFXм ЧЁЩp╬Ж=ухЦ'√w"д&■TX/Jq░'д'■TpZР┌Ш╦ДXО╝╫М?╞▄6▒o|д*■w┐UМ┌╪ХP^fx╧┐_ч╪/Щ╩═f/█=Ч~cm╝d·[╢{┐$Й б\\l▌ю9№Ц$╟cЄё│▌sЁт C╣╕r═╢{ЇЛГььа=¤tq╪┌X /Ч wbа╙c"а ,∙P█,╖¤ояHm┬╫_█ KC?]д╙х`м╢~очЮ]дq╬2└VЕ(єЖuї{s=╬h{╠┤рж\q*V█ХЫm┴Mї▐▄В!░X╣¤ч╖╠КГЬЙ-Ж#'√ВЫ┌╜╣░-дл╒T;°Э╜8pB█епvЁ;{qp╬Й`*┼-чIс▐Ь╧.╕╢vиvЁ;√╜╣&@┌p╪Г▀эИу└З╙╛╕╗Кт?VРоa√u╖╟{s+ ┌j]ь█╔▐КГ.з`bи└Є?∙~▄├┐▄Gбэ ~▌gfVуP▐c╨* ╒ю9Ф│┤МЩЛГ}б8┼╛щa~Є▌[тпНPмB_Ї°у┴ш░~ы╙6ЕА%s_╦ЁйфЫ╨6 А)ХЖ▐КГc@╢)NL│4t╞P╝┬└4KCАт(жYтыгP░dLs╨еП▄D╠sN=@ОB&:▒wЗ[i─@Е├ВBUPКв ╥Bе╓"UP▒є■/╓Ю╢ч4*Б,▓╔p┐W Lю╬DцрHВ:дщМ╩i]PuFдq.┴Uш:г╤n╩ЎPvF╧ └Вкqс! хK┘6ъ▐ИYXpе'Гї─Аy╔8Ї┤Ц$0▀ПЖР_kЮуўQКў`РGJШЯОAI`╦╨·о#╡МuяёjХ$WЇ~Ю╥ └№\P|∙I0єєУ_└Jй`~f№VK4є3eё√ щ`~NX¤╛\┬ШЯ╦▀▌└№LX юФzцз╔<└)ї╠GF тв є└0i@ёк/@9ш └x^ЛжМ'сuh └╕ЮП╛М╟└\`\АЎз3уt*░╖Ъ<:h └╕ьImfлsx!▌`=и└╕╗КЎьп╩Н┴bъ0.А.▒ШHЙ-A╗А▒#╚m'0.@║АA╞@0ш└Ю #Г■М pЛАБ ` └@0АБ `H:lYЩl╖K╝8ц▓/└`!╠$V`A $R`AьKдо Ьv ! фJвЇЕ(РЙ─И,ФvФ╪r┌╟@M╬└,е} DPД_АЕ_ FRWb3 щE"C╢Ъц1X`С┼``БЭ┼5" н%1╔n ┬ъHL└|шАWнИe╪С"u BыКнo$/░д╜Иm╛╬О ░Фї┼vcМy╔$░Ф ┼RйЪ▀n3ёFЦ╕3▒M═O% n╩▀┐-▒u █5"+FGl-є╧qM|А%m*Ць Яс╛" └rПБ╬эНa ж~mPМ▒їНе7Р@ └ 3_Є╙=Ф ]ГвЇ┼╓5пьIХЮApю1Рэа.N`4─vi▐║К ШуUП▒НЙlUFVиb[Ї╧╪h╩{`Z8╞@╢│Сl╧▄аHхЪc dkOх-0%z^=╞▐е╝Cж┬W▒=>$√╔а`b█7.х;▒АiQ╦└╕U√▓iw`ЕkИmfЦи~Ц═ЪoЬg)ы│l╥Ф(О1PАO╚FЬМ┴ЙX▓v╕]R░╝M╠J▀└TqНБ▄цШ"╬1Р█cFжЗ{ фЎ╜DжЖў╚6.А)qъ9lцУС┌╜A$Ю╓╝═s_#Sс9╧╚ЎбBж┴ы1╨Юё╫А¤bяN┤╘Д┴(', "*и╒q▀W\╟Щё╛ Л╡=зчФ╢3-┌Є╟ {ДaLрц&б╧ФИ ДКЮ╟0Є\─MДВФ[F╬В╚q[бжтsМ╕qбh1уmU─xBYл#┴ eБ╕╣PW ╕F╪-√√Y{╔0║╞И;Й4>5╕F╓1╥й╪}.АХ!К3ч\г╔═щ═М╕FТZ Фe╦HХ `Et╧┼╡Ю╗°-Пп,д┤1P▄з¤╕├0ЪИ╗ eж√╘Р\#kЧ)*нц└HK╒╢г*ТM┴К)] d7_\╙Б-│ ФсErL'┼иЄM╣жС3тvтw┌╖б.АщхО╕Е°ИY?Rpо╧ВЧЗШкx▀zsuРВ▒|:ёЄбUЙ_-▐║╥ШMЎ╝Ў[x[─m▐Ox╒M╗o╝ЁC┬qюП я╥@ ▓^ FDА8[|╙█╠-д`╟:w╛▒%тjтЛV,сUтw\° цД\Ы╖ёiXўW>юЕа3r /б╦]Ъц╚ъ0nЄдOЧЗ,╝╤╢%aдf═7\ё"o p┬√╚&P7s┬лН╘xЬЁjхУБфNx╡SWIxy╥╫OШ0с╜ёЦN=]ё'╙И^НM9с}h%|ьЁ┬ пЎЮё╛*'╝Пa°~┬╦Ы╕┼?2O.ьСTоме╢P4CLЗ^вь¤ф ёХw▌TДВ■ўДўЩ^Ъ┌╧sqЧжB(8╫ '╝D┘╖╗─/╔Яgы╢уIЯм╙╨┬╗$я┼╘_+Їё▒. мїV┐K№VЯ Їe┐╬ЁG]┴Ї╘:ZHb#ШЖJCЙd$║·щE╗жЧ╪уOДf╘Jed@═\0m╘&к$o╒╓Еy╢Р╬еЙ╜ПwpЁ *Wд╘М<3ФHKrеЧ<╖Г x;qЎ╪@▄Єбэф#юvSf d─;;+╚╩МмнГЁr╨░G╚A(MеЄ└ўЇ╡╖РЗЩ`$Еr▒М ╗Л|x№HQmЙЬЁM}Х|фф*=ю9йrИа║ГЬX|О3A7ЙЬL9 h'СУo !hk ╞ ┤3Р #тщЯв╜D№'¤IкKd7;Єa?D dUхзOWeКld╘ф 8]5Щ╠V▄ ж╠\"у┌М┤╥У~ызnГ╘Ь17 ╔;Iдф╝Ёузпх!c╚П_х ╥ЩsрлЕйtъВщ└ХH┴9єA░z░gHс╬╗╛u1Ж:Л█╛┌p (ыє╗┐6╠T╔W┴┤BХ╧+╛Y8Pё╡n:Йа╞xШЫАьvлRънГ┴║WZ╘4н╕║PуьЕ╛┌е╙mї4ю^Ч3╧2ЁcъЧюquш╘{h@IU╟щ┐╜▐п^ве/СФ╫о\-ЖД&Ф╠┤ ╠Rs3щwдcЖЇo7_BEа╔V╧rхыУў d╫╫)╫ ЫP╤а?ўЩе[╪ фi:д[Еm@AГЎд╖hЖ▌Г─_Q}в97║PР¤¤Ыюыдaсп2"К;б#$╫!9 Ч╫o├@тЯш╗ВШЦDb╜1╬t╧W  RTдДHLрL7╝H№sNHк#у#▒Э д╖Щ[°OB%IЙ╜*┌╖a У|TLРT@c`+┬ЖБ nDуп%╩▓(╝█┤w#┼@$0sСTё╡▐╣!QKGM.|0ыc3гЪРМSф аЎY(а╧э▌щbЪ@рсVDН (ввx▀вЩў▒╓ЮIjЫU9fй▀▀■h;3;;k╙яЪкёсЗ║еє]╖'┐?tD6═- н╝n#ek .@6;└ХЕO%т +С·─Ф121╚%╡╡CXBTh'ГR ЩLБ╩╦■G=аLE&%B╤мV^С'д╖ЗП╚─"xXЎ?a[d▓ xYЎ?в·╚вB Ыхi┘чш░ч"О╤61_╦>?QАM ╬╖╓▒7@╛9@ЦБ,<╚╦(ъP┌▀╗У@╖ #QВ\hД╥ЄД╡улЛ~!_н▒ЁFв.С╨ЩъРНC■╗A║k▄▀жЄB(XKHе╖P 3Q╬/@ы`с}\8X(+╢А┐(Y└жW┬╗ЩpсёzцюOBч4Вм┼∙НX╒л°╛Yb!╚╬▒9ЁsjлУц╙Бo╘D╒└Ф п╣ьt√|X╛ Рov▌Г№М│?!№▓mcd°оEfЧЎоe rUE:$EЩuDLЖ?СO▓3╧ ╨ХА,Т·wn|S~у@#0) пkf╪6Й LRхў ВZЗцglЧ╩э╡ft╛Rп╖1a№Rц(:б╗лМ?ъ╟╝DcL^~;!╬1 e нC·чF╙Фd═сВг\po(,√wTВГЗ{S"╘р эIнй ї╙▄ шж:%'ДwдТ%/gT╧╫.╙к+Н╛Бй2?■НD▀А!Н|я/vй╠ZЭl╙ЯТ3ЖПФй:S╩w╒0▀╣г;5z`·─.№Aъ!%Х▒И ■MцЛО├f#ЖkъTЪDл╬╟E┼╢в√зZх╚╧Є┼XВл║║╬Ьj╠ўЗ╥гs╢4▌<┼{┘деЭncол▐%0Э<хYЫ╩╦─ЬGn?fВ¤RK╔1/UA╒┐c╘тФ╤─<ЮъБ│╖л%╠W╪Дщ┌ШyСмЇ$ёЗBЫ-Є >!Me╠╘хЁс\ _(─L7)5°\н/`VVAГ╖я■|mдЛ╓й lЇЮАщ·s.ю╪■;О╞Ы √s nаўK°╬єс_╤A>см╖jNЗШ q╒Ярс_°╚a?kеWGЄмS аУ!╪■┘уй╩├`Ж┤ ы:F╢·ч.зЩ▐?MР░A╨Ед╘О┴X└;╚у▐╢A|Oў б ╧{┬ыBВdI▌sg г╩╪qх╤<╨ОjР┼[D▒│k_лnКГк╜┐╠┌▐ш №·HO%Ў JMЯФ7fу+sSЮи/WЇю6GbДpQ─`ЛмХЪя┌█ВX°a!rЯП6кbЙР▒3 _т.Zj$┴jЭ╨Б╔ L■╜╘%╟Дз[кhЭ ╟ьЛТW╠O╒-nХХ╣═YУ¤ <░F&╧и┐идf═Ю~ЧЕ'кМY║№Жp└aJц1╓╔╣╝Xg¤dе╗юYt7┐Р┐ЫЄ5╖┘b\Н╚=:Ъ%╥·П═dr·R┬у+xЇvєсЪ$;ИФ;█d3╚=╕y╩ПSLЪ∙АуN╖╟!ъ-иX\╟и°▀▒1√g┴ еZ`ў RеA╤J0 xf'▐гБ▀B&s╓%МXB▓здУ╜mTK╣╓"cXМoЮ╧y°]Qч═;ч<|╓Сф╘Ю┌▓CЧw╫=№Bb9√UВ╟О6GБq*┐╜Д-YЁ╟┬Y}Вz▄╬MX¤m:Ыt@РЄї┴dCJзуН`Є√нДкгАкRУ╝Ї╧╠ГеG√0ї▄бГ,[jpЦ▓дд╚╖@.д5╠яР&_╤╞A└╠учєwаС3 Es╛hDFЄLЯ ї╣Гтh┴[╝цЬ°{°EwЗЇ─ЁMTO╚л╨кxBЁjър┘╔QыюХЯЖXд|А╪AG└2Я┐Iн\┴┤┘ 4о╢ыMdЗn┴j╛?v═o<а╨·у╣ї╫▓d╞t ч╘ ╨┘НnХ'_ZВsяDОp6'╪═_r╬;Б`<m╪╢c¤ЎdR;c4L·6й├V▀Ж╔оN'tж&√▒╝ж0K├-J=╒E╡зZ├m╩.ТэьI╗gкs└└╣╨=у╓5-е_rш9╖Щ┼9;кnи╝─M+ЗъФ╥qО╡H╖@эUO+·Ўє7pD╣GЯ!3ў 3ZАз┌╜┼/*zMыЩm┐┼├а%Ф(xЄ@Н║\щPpЯ│╪й9э╙ЯАLл;ЛXРT╚$∙уo╙qюў!┘УЯАШ6C82ф╬Б,╬╜Ъp?"пр∙╨9фУ[▀^┘°vп=ю[w╗└┘ЎFr.ДЬ╨б@Ы┬Д■╬#¤o0└╘┤xоEЭlg√,ъt┤╕╥HЩt$Bwр,v█Ы°в8ч╔│$╝├┐;KФЁра┴╬╫ЙlЙAЛ║CJ(4^№┌' ФeБ1■.4N¤ХjV░'ф∙ORт*и+Р4ЯNb|NцВgДG║EЄ╫ж0╘Я╔╔Щ#Н╠3¤ уу╓с:╫tWZ┤аLg8√уjо╡}н#J∙Ч4e╖Эx┘t№y{А╥eKРN┼Eюзk▒V╫gРqх/жC~Я°щЇqS2;╖вРєРе╤Ю Тб╜┐М╝vР╩z^%їАн $jzНf║Н6$╗√▓5 S!`кuт;Q$╚№НdWЗ╗Еz^$/Ф╞╝2_ДЄ█Х№Огz|$╥ь#Г B~\iТ╟*∙┼Lв"эЁЮ╝╒╪А╓D·~вX│-╪N&╡ьSТ╤Ш ═Gє┬Ы╪√*ёcЪИВi~╔qPЬ ┘Ч$щЖ <ё┴Пm╥Ор>Pв├s▌G─8┴УгТбAvЧJ8>ЕкЮ}5d ,B:ж╓7!√@hkПЎ^╚!} HX╤0д)d√d[ "Kї`ъюfдх4 ibV*UъВ╔├B┌ёп>ХдПA@(∙QMКУK*Еў№5─├Jы'6Bы╗бiN╔╫ёУС  Ё+¤эНHЖvёЪ╠╬ЮсhOK╗б+`║ї░f0sy╜гGcэчВФнЧЯ═'U#║Гў╦у1),?v╧8┴з° фА▄вЬi╣ь■ ╖KmQ°З° └{ъpШЄsdЕ$Ы╖@Яb┼╤Aлgrър╘┘▐В&дл┼skBо╘├_gQgГд°к└RlD;ЗбylЄ┘┘¤=├R┌'┌и╧ы╔KАоьn_√Хd.Ч=Аo╧жу&Ъ)UЧ їs╞1┬$"okО1q┴ЭC~4ЭQ@3ьR36щ#∙N2,4rеPьян °─mЯд╜waп▀╞ *х╪х№Жuм╝╝yA)?Ъ[╥ ~лн4йв▐н= Д╚ н¤ёў4Ы·еЬД╛Ь8НуZ@┬╩║dи|їрЄОгБ┌чї#╥"=┐R\@█їщ}{Кўdщщ}щcа+!aSДД■A$t=Й│dО:#░з{о ═ @зЖХ'▀шlbе|г`>-Z !╙$S╛╤ЬO╚4\ЁМъ█a▀У▀╜Hc╧{Q·ъi╤и сКвщХFWЎЩR╙.JВJе║еЧ!╟СРOj"h&ovт─Sшw¤∙бЇу╨°А╗ П2 =їT╗А╡л=╝Ь,З└╘ь/═╒├ф╨ №фюм╜\N╡с╨4┘д¤╘H╡hдd'╝!Лясї┘йVЁ&∙╓,=R╪&u┬\ek▒'NB8╔ю]hЬ╚;2;ynУfд│√ K\[Гf([Pй`╞╔Вўv╡]:`7}"O║@B#√%з¤h Йc░╞k#5Ў╝имяЇ∙│─╦ёе!ъх·И|b*'▐╦┐YЯреўБuЬg*8ЧЇИ╒Sл'G%xOн╬ъЄЬн╒щy║╡7чna╤в╕7┴bЦy╬╛SxцОмRЬ;О ъ'~ Y╣0э@q7АP ╕^ ┤JзР╩:кфCЫ╨aёцe8}7mмR_7p3╧e7 ]╟fВ7╒щ°╪n>╩╣6aq╘d╣Bъ╡J¤vS7oЄсЮ╒г╕нk+ъy.0┘д~Б╜ ЯT└┬/╤2P╨цA╖H ▐y·=Ї$ ╞AL┴щ┐шжч|%цЭ╒ыЎМ"/qtхT╚$8O▓@е,░CЪхє·cxHГ О╪"K│)Цг5mVўЙ╡Wї▄╥WD~Bxя╠а╒▌╖f:/╡@¤Cъ>Hы╞КwR9╕6║vеЁ┌цK,:ЕьgнБ:НЬы:дАфу╖■ыЯ №'Оo.ўК▀цЧ'XX▀┼C=вDT_JAwe╝▌·╨zJ¤▒ 8&╥╚L▄z>╝.B ■Меcф^/0З+-1╚С1є┌#хL;Бщ▐Z├ў╨(╨FЗ▌HA4Ь'T@╓5qX[CЄk├НPЫкef0^pПN@ЕKG jРн√╔ьв°CК^9╪ПЛ-╜<М+huЩ▀ОЪЙ▓ b╝Nё└_┬x]ZpRBВєCЗ7яф╣▄hj6ўБригDЖ▀ВGGMчИ▄ЦtэПP%Ё╢┘H║╖эБH?\3B╚ХГR ┤ЯП▓'H■cCЄгжDNЁ╠ ╟ш№Ф?8WД zБГчг╫┐.н·~ RБучI?вF!Ё$tMъO┼г6╙q╙Вs▀ИX╜╣┴Р[╜лXЛФ√bnQ0Dдy,ёer_┤ЪVi{TЪ dьqT#.Дў╜гыЯQ8─▌Л¤╕АЫ▐aЇи{Зш╟┤Р~▄B;[еў▄├┌├┌╙Ж╙7ЖОм_т╝шфЮЖ;╦╒ ц.╖%К _}СХм╛╓:Qє╫0rg╒[ rБq╫hT9o╤s]L/ фJ▌╢н{▐г?0G !ЯхzЧ│╣цтuV0├п)q>``─л└╡I▒O└е_╡\А,▀┬L;╔&э ┘m╢╙Зрпр?о╢{з¤6Ч ┌M¤N_▀У┘Щ╕ХЙВ┤JЇ№ЕЄ│╗П{t3Кз$[Й Rm╗ftnQ┐] РaВ▒╔e╧╦u┘4 &о5ўн╣╩@SЛTЭQущV<╝╞╣Я`i╜ eЙ╨<╚Тїs$ч┌З╘be&┘╝8│╩╨Упр?Dявп¤_╘╗#▓г4#Фs┤Б╜╨syд^┼nБTj║HM╘ьrwо╔Ё▄жы█▒\>З*ы╛2ИmTIlтЙхВїэPъє??Dс~а[С@▐єfp╫р╢▀╠їhМш[lG▀тб╠E8▐дящk┬5a~Ao7щУ -ZЖQп√3М№▌¤ЄШ╚э│I°-xRPЁшх╦yтеГ╟╘W┬K╞l1)╨MцПp¤▀!AдяЙў у┼sЫ!g╧ЗКчЦ╞{°iП }lСZь╥nboщ╤\0Cрt─├╪в╪Oz1Ч(%╬5 °}1(╝3UvюХ&0л┴др╜B╨фчq=ЄКОе/┌щmlЁч║FН√0k┐╞q╞гW╥¤к╛Цs╗аmчс,╬¤*▄Ї.ТсhH`╫·┬по1Vp╢▓▄Ў6`A∙З^pN▓ЬыCxG╨▀Guъе-И√ЇyЁлAАю╞J∙J X╧F▐s╗▐bЄЩ;╕Gq>1u(ТёKxc}kЖaНЬ╗2 ▌2╨;A═ └∙tQЛоSс"`┬ [b87v■Ж°Л9╜Cф,}ОЄ9&aО ╜╩╛╥П╕╓k/C3┬1КTиW╓чяжым└ўa>ё∙П╨i╧7╪кЮ┤КюПкДЁ+ЎOаёфыБ,ыАAH▄╓?бО╬Жф╙9:5╬5*Е■h*peXпA2т#▀F1А╢УHgЖ╗√у╫├∙╚ЄYа/h;▄УЗмl/t6▓■о╘гЖz@s:N&Fп╖■у?ыйу╤АuGїЬы6DЭr4╛ Ши=Гї]Лї╜~л╧ю] э¤юфРё ,┴єCdРпQ|W!(▌Fфeч+жСs╜E┐╛sсєL!>°╢{-йО└Учнюр╕Ж╓╙ ·ж JSЫфw|Е kв│?ш╬╖BWХ╢рЛ╣├"uYсmBоtИ╦▌>Эў6ХйН7╖m%ю┘Прf√-аЧ@ў$╚╧┴ё╗QGъД╔zй ▄┬Dg╗StЄ▌'└Fєц├sц+[`L л8пЄ└dж╜[nёdыЪ└"┼T{/jХ,╠\m╠+с*,╞<Y╕8 єДлzR∙ХЧ╢of№{√f▀╘бЎMT?╧Ьд¤фGDї3╝■Gў[GwШk╕А№ръ■╖╜2L╫З▐Ид│ї░пЬ П▀{rtйh╙;/Ь_}jЬ}k-╕{Ў╝3} JJIlWщ░<щ и8}Ї║╤┘уCф▓'Н╠7>╟ь╘c7)▓<двg╬╤N█ї┤╙ЛщЮN#ш╚▐єA╣#">П8h╚}Сs║■ x┐ч╧a;рРм\LDЩI?K gЪ+ ╚т┤└uои╒╓v╧ЛчNЭХ{╖┘.}ЮуM√ьC╗╘╔mn╙╥PШ.*wJзў╟u°хёqm[/б ┐?╙╒Б\o°Ш┼ Ыг╕v■ s╤│┐П┘В┼гw ч┬u"╨`,3Pкїи╟■ ж} М^:sf У!x░V(ХЁпёШQ*тrя╢╪Lgfz5├▄Э╥.+7зн■0╤м└╜╗ПwJ;Q-Бъ▓в3pейI╝.z¤▒ е▀?0^╤_╝w╣╩b┌C╘XЗ╘ф°Ь{ўД╒▄─=·+\ц25їэМс\/cLгД╞>╕бэ█ V╞=p+├бжжQхm▓в╜ 4Ц│}Б№&I╒v╚d╛╧bМSЙ╫] iф\Gи░'Ф8н1ф╣├╕.Ю.Ш╧╓дйЭ┬уVC O/┴│:"Ъ2ц│Ь ┐н@{RpЎ░╬3щЬkщsfв╕ЗЁ7╘▐є1ю'╘_оuЁюN╟tЛф╝╔Є╤Июо?ДБ8Vё#∙zшr_ЧўСЫ"Ї$#SR28╟yЭГmb╪┐`;WЭ▌:ч\C▓э=n┌ы?д║║ml╫pГКd┘КKфЕныxЯHэ< вtЦ┤t8;uzожч|HО8╥<┤jГНkd>╫\╧С:ЭЗ9█щж^Ь√]jЦЪ╘zЫ ╕FAзPJЛпI╬Б╕Хoy│o▓─∙z6}А@Фпц╥p;ДVъ╫'єzx╝еуеW╞ -П├ГF?O▐Мy╪2ШЫ╕w▀╟┘ ЙъcщvO╕ц┐}Гєy└┌┬·{Ej<СИ}azщВ┬_Б}-L4"}яа Є{EїГk°B▒GАjгмюv╟pлgбQт╗&∙пEЭО╘є╬ ┌ЁTшш░┐┘Cжд:╛┼Эгў∙Г@'b8└ь+g@75сv8ўd@ └ЭЛ╬Пt#ц█▀┐┬ез░╜В&╡a■tQ~b?Uc■?ЖєгS█rЮЬ╢гz:▀пК╘N(.вCfЖ╙├∙п·ъrFйЪr.т R▀NчZ Iрv°│]CC╓Вh;єгv░ъ┐~QЎ▓Hа[▀ЧOdТЕЖ╠╬·c╕7щaJд╟М╕╧(m0т!piЧр╜З|' ─C:O,]z X]*3VJлН╡@д╒°║^сGjн.у# ¤AЁ▒H┐#:эЬ+Wg╝У&чБ▓ ВZ■┤ПмДш=┤Р┘EРXУ╩╫wуТИ╚P╔╣ыИ╛дY°Ж$V╔Н $4─mЕL├m▀Еэр>ТєLкc╖IН╚ !l]0▀>Ch∙╣ця╒╓╠а5│П'ыX▐<Р│rtъ~Ycт6u┌К ~╧╪┘у┴├T/юТkA╨Ф╢k┐▐)gLЛу╓╜CЦИ╒▄║'cшвС√WШ┤yТиВ▌dRбU▒▐x5u^ ▀┴K*n╙LVРN*є'ршо─Iє╥hЭ·8ШС:7ЪЫw!Xе╬аЪs╡aЛЮ#─Tb№ўp&┴'иuhм▄жv▄ў]ь<ур\оЛ▒·cУ>д∙╖(-█B|Д╪ЁяR ю$┐u%9?ЪвМjўЮ\f▄юз┌P╗╖╜]└vq и]IЫГ∙mZK╦хЫ┴, dг q~г▓■бкYюбO5hqЕ ╔'П@▐╤J^▐гбy[)_╥Э,ЎЦКnш/&]l░Cy┼юСW} ХьО╢yТМ!~▓9w`ЫZ╬╡ИвЭ°БЖTт0┌╤Й╨QIU~З0.╓А%ЭmшKэє╬m╝[╧"ШCv0│фQзб╒╗╬УЕ-╟03Ё#чZп┴TТh/о[kI`TЄ}еB*╨Лхя░ыWа2ГСЩv#чЪ╪M╗░╥╨1"ГеМ╘Ў╟╫-/Е_╤wP [чФ·ЧГНкЧН╘[j┐Мs9BяUСў3▒];( є╚I╩╪сg7 ═я>ўгX¤·G░·5bХ·▀/w├ўPю─YКнxVaу┐ЭгГ`┴w╚╧ эIас┘Z║QнH)Бя╩h!╬▌▌%ЕT╩· С┌А}ОАЬ√ЄM8ЯБIBПрJpdmАc R▐╞О░oывy╡X╛є t╢╧^▄^ъЕ█^¤)(w`ртr╬_ю Ц√█┐▄л8═ЧрК+╝┌ЪкИ▀═ЯCЄ▄ЕЬoг╖J· M%Д╒умh7fА,F)Р{пбS@╓}Ohе0O'3_рAzв╗┴КJ─e└{┬УЭОBcЇ<4Jt0n║Ёзq║rюПЙ╒ИкдH/═М_Oa)Ё?а Ze!Ду/P%И╦тБ чХ╘╬GX- █Ъ╩PyC╩ш(3НPF:╫cДС╓О▒сфp7Ї=ФЙЩhРuа┼┤╥D<*Ё▓B,!чЖ─я ш╬жU╫d√В*+g∙.░■ mРП░■sРX╖F5Щs═bщ$у"?√) ╩;¤a^DK¤uяйP╨ А┘мрЕС∙#ЁTЖ#╒ъБTшЛ3жё░@пв=°э╘>йTFь&яc$╕ J7%:╗_a ╗╘ошўt4ЪnДЇ\Шhk╣gPQ'ikЫiпT╩╘фlQ)={п?ЇB;°┼ы¤╘ш,JГ╚Ц д S87JфWЗ+R+∙Э¤h╬_:ME6vъЇBуj╩!ХБl1п?TНjp5╙·╔ўФXM╔щA"°√∙иCжdн+єає╠kRИGв╠ мн▀╝1ц]л┐Ч╚О+`Ы ░ъVя┤Q6Ў╕'╓ъQy╓"∙NЯBsФЧvЄц╢к{xй№oЫ$ГхЦ┘э ▒╝Ggs·56 ЦН{е╒╬Ў┌д└Юэ░∙OЁ Я╘╞K┬9<зцьfQи╠T╖X=├Ё ^╫_ИХOО┴╬ЩАТX;ЛўZA╚╪~ш{:O<я╤Г▒IЪ╪6┴╘$H`╞хЕл5Q¤ЙP╘"x-n╞гs╖Лй╕vH╛*l├СёЎА▀чH@J8eН`▐YuТЧDcR╧nх=Р╧1bЫє╕╞n■иъkТCAїQ╥эx┌ъQч√╕-╠Щ▐0>┼╓@ЬPУ┼єЖ1 =Є1┤╦ШANЮ|О(х,Є}&O%█куTL╔Рdgў╝─"МuЎГ}╘2 ї8┐╘H НВу\╓Єк╚r0x?╗Є^.Н╢,H√┴Ь▌r▒9Л|хь╫8Ў ╥&╠-№"а▐─мфУQ\I UsqБп╧Q{▄тЩ░┼Аr╨╬;╧╓ 9Ё│╝y╟┌>┘ФВїcРўўkmR+╢55╖╚gє╬O▒∙╗БїШТ╚yХ║&НE║їЬ`ЎWН│Mа>╚Пр═З▒▐╗Н \v╢*й┘ц╒мыс╚ўм▓╞} briAТЇЙ│З/W<*фе∙I■├ZЮ{╟ЄdК╘хьoяьМ;3Ч│$ъ9сВ╩┐p┌3? ¤G╫╧ЙЎ~М╝─-№ЦPЯXn!]╟Ф▄Ъ&№у├}+\=У|╝╘ОKh├√╧Мп▀┼0╜3м╥nЫ╘╔gюС3XM╗эq|}╧ ╨([ю√Ц[иН╖`╒w*pA[ ў д_у╟┤XЪцGп=^┤╦s╫ьЖ7Й?ф╨7Р╪ўнЕЫ╪Q┬]╫╦н√Y,╪┘ ╕°┐L▓░Я╨м╫Є,mR│┤▀╘Ж√ vcя═н;H&√D╦Lt2:Kl\yЇT│*▄╔=┤BM▄╦╨)╝є8xГaШи¤ч3Є╘1иЛBчз#Ме|з°єЬЁ╖╩/г╡"5Є├√"╤∙u4 ;─ИБкєСїВYxг (~║ JZ╛eФ2Р╫n ceQ┐H``r╚╧RРg лAзCFквЖ┤t═QzVЕыGxзў[@*+aЎ)=Г│<╧┐гдїk╣їЗ╤kйўЭWгз╬╫ўЯЪsЁAцЪ╠ц[тifЧ7*╬¤F 9У╗Ь╢▌G╛hс╣9яKПДy ChL┴╚╪БZЩЗ╣╪╣┌hЖ┤▌XАJa4db╒Є№ЮY ╕ ═КiРT@Ў^а3╢&чW:LЦ№Ьk K▄╘ЖIV(рнZЄ9eA╝Э■iС2схЕ╨U3ся┬Ё┤°HИе■Ц╟a┐оЫ[7v8Ж╥┌Р]сIlф ?п┘Е┌и0╘gШ,╡┬АЮ┼j8ikб╤ЮyBЁ$я═бb╨┴{sВ┬╨Ж▒ ЁZОzн%Б ▄▌<┬Й°MчВo╣{▐╝< b│ ┐─д╙┘Ф╤0Ъ╡6n▌ОФK¤*Л└q{lx▐А╥┘{;+Q▒╢Ш?с╝╧iИЁ5cm8-Cx76к9/й║К#╜■RP┌vн|╤√kЦ█ФDu╡Ь0i╡1пgLшГy?ч║c8N°РW\∙`▌АY<Жv╓Ь¤ї└к╨зО╚Р*╠гQВ╘kШ┘,,╝'№ Щ╚їFБ_:╔X'Гjє┘Qeь@e▓k!eЫ╙пVШN■вwМ снCqю╕ю>┴5,H$╠RiЮХ─y%]x --0 а9{0z┐Ф7}jСЮ∙f╓b:диXє^╬█CЗ▀└{o;яАdNїМ@Isfу p·°О|{╛ ╨А=_.x┼:╧Ъ9╫k▒ДNП▐ Eq. ^Д│9йХэ уэ╥▒\щ√╨■M@▐Я@┤чb╒°1jРs=НD2у\─бВ╛╜Ща░vxAр═│бёЧу aА&Бc"2ШBўнИ▐х}ц Y~├U0x╔ьч┴iУЯЧЎ("╘Ри%█ёd■QЭmУЎ Нл╬(ЎжBk╟Hъ.nб╦zХС№Аj║ Єф8Є9вM$Л│tУ;ёxвЬзtтд╥Поп Л Dс ╥y╣s8J▄┌чь╨dЦMъC, DEq╘ЄRмУcx╚@· Ч╒Р╕7aTCx ХьdЭRЗ╒Р7LКO#K▐yШ┘МтG`йd╦pPоИ╚+▓Ж╙╧Zе6┼Hю┘ыю9раГР LЇ ░╬nф3ъб(ЮН┼|└╤d┼нWDк╓NШrXЗЕ[wHЕoю Ж╞C/г)¤}В81Е▐ч\╧и#CiS&┴Ым╗?Ш!~G.&"B╕л/,ЦD`N┐╢╠hT~Ovиьи8╛%ю┼в╡p▄╜Й╥C;чzъ▌!|З╩эЭ─^Ъy¤░Ч;N)g!ф&-юТТsB-ВW╨У#▌vп╞Mо╬HIжF╩╤╟УI1p5╚ЛgЦHў L╬√ ▓░Ш ДH┤╦╛'єDЮ*dПP+%└ АЬ ╝L╕$└P+! °╕$─0└*└%╓3(P╟HnH l╡lЖk╠RД}%▄W▄еР&S&Ш(#<иG╢уЦя o╦$и▐uFр_зЁ4ёЪЫ┬r|hX┤Omr\ч№┼I8∙вUй╠┐К<У5╚c!@▄UК┌╚"В╓ qЫЩhs`,ЭрpцоМЪа]▀ ╥T╞яqР°pVFkт╓}C4dzх╛xG\▌!P+Э╜ДЇT|ъ╚ъOz °┘сBыФ{Ш ╣оЕsп?GK vBлС▄─#<╪KmЄАLП╟Дз├Sbр4Лw┤\bЪ |Д▀-yцдР-1`i 4Д6J└NЎI"╛`,┤bї╠O!╬┘╡g╔┴юїўСгвh╠▐9Мd■ц╠<'Е╛CзУw·1▄TuЗ·╥T╖}═@Ч[йщB+p√ЕHЧQFєщцhA-╧╥т`оF╨<▌GRШmхмMБFHСф@.ЎОо\▌Щ$}dУvё╥^ yн╣g═Z╗╖0E(:Сы╗┴цЭЄ"я<4№uїЛ╘■.""xя╨XLt╔╝ф│Щ╗╕З' є(9_оB╙вЕ,ьvuC KЬOЪy╬т╔>╟w╔Р╗ц3┴╘cєZ6Ь│HdС)╫Б{жЕ╛sm═NR ▐г,B77╔lцяVvЗЇх│л Ui6╪M▌╕<╠K┘IPсе ]?Ф▓S эy╗╘▌єЗи3╤8e▌Ю$x∙┴Ы╨цK╒e=жш√}0 В┘┐r$n"И'0√ўv'╧vр] ▀oЧц╤>оЙЇ╛│_%>═Ъё│Жл╧╕┐=аЬ│#vL░╦г}@$╞Фxє╬ ]вnЯ°ы┤єDra╚эP┼НРU╥|╦Cа*(Dж√2ЁЖЎJС^h,╜/x╡i"ЦHТаГ┤!Ш·ё¤d[╜┬г¤бЪ`┴╣а{_0№=Nлv_5нлч5W▓FV╫i}дРJМП║Зt▄O|нZ┴ko5▌С└LB░{Ё¤ht╫J┌Э┘.√БнЭgу╓╪еф8O╫Q▓╜Ур╛ {▓twU №ЄНhю]╟8з▀МшI tReВxГ╨ЪезгЖ╗@ф╛Kor{b╖р╤Рлz&┘=Мs║Л┘%═.╟n║ тMdсфcлФEi┌_┴гE>┤{╡ФR╠ЎСE╜д▀#rvУ?Я№g╘Rз└юъ╧р╬╖n2║R▐дAJVCё@np╚Б|Ж▐ЧE┐;ovо╥┼нIа7JJAc7]^└г4E°-СW{■> ∙ЇЩ╨#Ё╪:ьТ▒├&%EЭr ▐▀iо" Vеж@wвZ$ўi(Q╔0bЙ┤ ExЛ Y√╥=╣Д~╧т╤╓П&|╣m∙Ф_0э№jшЫVи└сZЩ│o▓Ч─╤Ъ2ПТ█3зwUТЖЄtО?Е°eo%Є╦цЪ┐╘╙√є╥Яdhлч]▀┴√│iBQiТPt?Р~ПM·╪|~їpй▀&} Э╖I Erf╗wьu╝yQ╖┴╧лчшфГчРn;╚-_°Q│▌ Э,jЭь╒W}~ -╚ьD▌чФ/№▓ К█erPGЎ|r╜╣)╣▐ЪЫwт 6я┤э6sАs>DH╘o7ї█ЬнЧЕЛЪГvяDRЪls█╣lY╣╟иYc7яY9╫ъБ╗┐°Щi^R }ЛwхД╠г▓x╠иЇ▄"ц^i▓│¤v╓gУ|╬цЧAС~\є╔,IsнRc═╦юГkЗЗ╫═Э=мяЩyNpЮ╘└Ї_!KuЗ╛+║п;И║ дaП╘хьV├ЬГч?лnВg·▀ЛХ╡Г╣xdY·┌юЩtпЪєNzбNв√Ъ┼ь=+╬<7 ю>▒@РN├ф+~-H╕PDх~K-л,IР═p`@n ╚Є╠ўЄлаеЎЮul ▀у╛єшHп2█ЗG▀:Аы%┼фшT,эОx│rsа2ї╜и╬УW╙Є O╥Г▓ lHВ9ў▀C■;┌┼°Щэ╫<ХсЩ~╙RBkq╝s·ЯW╞Ь█Co%lYБ"уВ∙(░ъBи╨$Ж╘КИ№L є▌}x╛PЪ▐[Д`VТ╨J■ГКЮWЕVэ■"FЩ╖П■М>шаё╟+ўyl:йЛП$╔AKО№▓?X╝+X▐╝3╝O╜smЯ\ПtU╞єib╬╘ж╕√╓МК·АDЩЭВ и /▓fO╦Ы┤╩'г6пhL▒{r~9Ю^L╩o32ўgvЄжO=1╥rdl┤{Ў╞uЁR╓9╧ч║О█╠зj╛░Km6п▌xYФ╝┌╠эф┬AС[Б╦Ў╗;y╬zBJКхеЄ$ф╛.тQЇсиF░Nн<Иk╛ящ*iК▓У,Ї╦^▐фsLГ┘╟MgD?8ЪаqGдЇ Пм_Ъ¤╒c╚ЩчqН┼3╥b╓Л=╓╦|╝│ Е4GhЛ5{V%СУ0]жV╬]H6╔Хъ╜6R╜р-Х╥3*╩~2√9ч|rЇ=╘╞хsКxМ{p"~╛9['Я9Нур#уАЯ@J╡zбh&Шdха╡зlE√/│╙&∙э▐Еn№p ^нvж(ы╗ЪсВй├УyIгC═ЪЗ▐#аtЩє0+Ш[k`╛ю╝╒Ч ж¤oQВёёjЄюsВ?а╠з╝`─Ыр┼!xЛ(?╢Ы&я╪=6Ў=Ы╣gх ╗Їе "▀▓╪Tаq)чЬ╥6┤k3яо∙▄Ж╗Ы&В Ao:Fт~d▐9дя ░аIOY%!)rшю╚}Тя;A·РшЮ▐wщ─Ў9юб√╔ў║а╢ЎЕш'╛ u╪Z│ТXjЕъК2Ё{│"№ф;Sl╥Зфh|о7┴)╡Y=№╣\яэчxюЭч╖у 5Н╬Бa▄гкхуё╣цоъBлчЎ~└w▒┤ШC┌kХ:L]]▌╥░ще╜6яэ¤`цє]ЗёЁГря6Аб_╧{n ^:╨uЬПы╢!ш╬ :ьqфDЇўa╓╠Nа╨ЭP{╕ОшlНф▐JxЫy╨┤╖KчAфbx╧Э¤]=▐[У∙оn>n┐=╬.9oB╨╬ььъЧ ,Л╥П │═ДЛ═▐б╘"№АDn"L·(Дh╙·iЧ?Рд№блo╟╙}їЗ╨V▐╦Km`/UZ3█┐│po┘┌╗dЇ°F┌K]S{╫ЧР╖NКsА%:╨╣?╚Ks╟в/c%ЦQЗ┐[╦╫&k░тw ~ЫdС82RR ▐ >j(0Nз═т╔█iбЖqU╦╨SW╥8└Нз ╖тлр5Нр%О%MЎl}/FЫ┌BюG['▀ЕЛ&╠5LшF]rS▐&5▀└ТБ%╩=сл^▓Р5╤-├Sс╖рЛ╖╪е▌╕╠ Ц:кДnx╢╩╟qs╧}ЁIk7Лэ▐─q┼╩V╨!;g▌- ╒ў╩ p╩■ашуAўсБЗў┼R┤Fўф║█mdжЕel═ЙнэФE╥иАлш°¤НрE╕я¤╬kЇ╠░*у{n Эп%^║ АUt ^ЦКФъ!▀7Bo=гаMl╚╬ЖЖrБ8exб╞)y mш`╧│а/ОЇ<9h~вд(їе}vйЩT+▀п&ф~@Mn░Q YдмлъБ│|bЧуч╬пЭSh.Ъ7GюU"Ч[$?к╓▒%їAжц╬}ИgDц <@m╖7ж!.1_Бqjf'о╒Т<╚а╩Ё&ZJ°QGП=Й/╦_Ь─{╩еПu┤┐д╗О7∙?о%c▐-?Мз=[dХ▀▄┼Kз╚▌Ц>Щ▄'¤ёlя<╖Ує└╤№Фa═ь#gкw█Бux!рd~3┼╚г)▀'цв;_(╕O8омg"ў]=!░═6╢еюБ ├╣И│Ld7 ░r╖y┤U Ё`NХ_$wXмэ░╡╢Р+░ИЕЪ1╚чбїy╦М╫ЎМ√┤Гь╒█╪}uл5╫2т-XoTХ∙NZхGфLЫ4┼╪єBдП╢VНС@чI╢ч7%НJСї7ъюЦё┬NШв╜I6┴X#░t^├√t╡R!├D▌┐▄&м╙о─дHyБ,8╝КД67Wq[GAF∙i]Щ,xo╦P│R│LY╧Г№їAjЗI√э&Яря╫Ф·ЁкпаЧ_Ж ъoKaъ│,┬_QэёГ█Ы|йЎlбЎъЛRВkГA(6 єЩЪ YMщA╥рmzТ=@ Л$m▄XJ ■Sцгe╩<з└Щ №╣G/ЛЮпВй'KФ∙LБя+p╗_Vр_°и╫(░\Бў(p╢oQ`║F`ро?║B:и№|d1╤┐P:3ф7lH╝ў?ФZБjH|hX▐мъЫAWбЁ7<ъ╜oярЎ║W О3ў╙╕^БН 4(░ў■!∙Зрп щ7°'ЧХUj*к╩ЦN╕╘√ю╤Y бЮ№╒)pC═Я╒√Я╩╤▀╝Є{╦+j╩ ┼UU°▀XЄU╦+К╦E├╥КЕеJ║!═2'Ч╖═61╠ЬХ┼U%e5Жк┬Єe┼б╫sю░╬ЭiЯ3▀─фVЙеЕeЖ▓КъjCEЙб║tYyiIiQayQ▒!-╧>'?▀ДэTИ?Ъл Ь Є-/6TW;╩DCi╡Aми0Tп(,+Г∙ПMЛ+с%а[╝╘Р6o╢%ДE╕╒ех╦eЕUет*CZ╛m╓lеZf╤КBq9`Яf║┘РZН ;jjuZъ▓ЙЖ╘e&Г!нкX\YX6" аmГлсIВgАЯ┴УсnАчс ╠$ГЯ ╧rNДз┬3с▒NА┐Бз╓Gсл╔xя╘ pЮFмg4╕╔Ё<сJАысyq°8<╧C°)АЗчEo°<АЕcf ЦX ╧·<╨f ├┤aаЮnмр<ЯBx1└i╦/l рГЁ|Н╕ax9├|ПaД°▒o3<е є<:o╕тWр│C╕`√╜@WwьX<╨Lсчх0ююШQm6S°C%├,┼:яГ:к`!lhкЖ▒├<YН╦GP!<П@╕рfx!№Ф,║·Оe6└єц°√└єАg╢Е Э7<bА{с∙q╕oМ#Жс9З∙яЗ╛┬г┘Б{0 s╞wр■ ├мГ'aю╔р> Мї ╧┬3┬╠ П╦╝#Д}w┬У╢у ЦR√щў_¤сЮлaM╢Чфt ╟Оbt▒Лc*╡yЯк#N╔╙(╥2;@яЬDї ┬бяП@┌iх=┬pб6у57─лcЦи2╪BсD▐к└╣ \м└*>xdp╗O(ёН lQрз №ZБ¤ М∙JiWБi Ьж└Щ ,Pр= №ХEоQр├ №н7(Ё9╛м└- Ї)pЧ;°ЙП(Ё[ЮS`╠Q ї ╝\Б?W`ЖoVрLЖ~?НЕ S╟ч ╓R\V,чTХКеEЕe∙╩ЩМм╡\,оЪ╠мT═*эЕ╒вХЦ9Жё|▒░JtT┌╩K*xf╡┌V^Кч_Jя┐и╓╟╒╢jKvN╛╜╕piЎ*▒╪  ~5─V^ФХI╨ф:╩─R╠VP1┐tiq╬Є┬*жJЫ_,╬+_^X╛┤мxй╡╢и╕│╧,-lЩ╡∙e┼┼Х╠│┌В▓j@ьО┬2G1єбvЁ9Ё2┤╤'N└CИ 5PPnХЩ╩,ZФ│и║▓╕╧х,вmVсnювEЛ╩КсУ╩┬e┼ЛJхELжоX▓и╚Q╡hEa-MdцBъ▓b╧V-лfЄ!ОЗ К╦W2оXвф╝Л┴J+╩WТў SёъbqQaeх"qU%°ОE4┼Q]\еЬ▄■gнXZV╬мВ╨КъeЛКk▒┤ЗYTDCПCиb┼ └Хa╢3ЛаT9°}Я2ЛJh┌8Ц4ф[┴8┘EeEў2&╒вКrR|ЧjСгЬд=м.\RQ%2V├(A ├<пж-╝н.йм*-KШэrИEL│║дкъюPЧ╘└╕BшМП╬Фc┴│SпPъИ╒м(^QT╣ нwAў└┐╓рYи┬2Р>M╡Xе╦║├e┼°9Ж╩ЛVT2EЪХбжЩ_kjКк╔{ж√ ь╣═:w╢╒~¤фЇеee(I▌ │Ю╒+Лк─v √~Y#▓.Що╫╙Ї╞9:╕ё?Ю№щў╙яз▀ ┤▀D&tЖ[Gy┐L√яЄ{Mб№Хй4 фй,╔ V8 O┐ Y? FFCB:v╓ьyЖ│∙┐╡QgШ┤т╞)ЁGtФO_V\^\UZ╤┬квх╙kз▐8 _.3LЪ3┘0йZ\:}Y╣ШTR2л У&UVоШ^]]9iЙгдд╕jюЭ>ЕIHO┐&]|КkЛ╙ЛШыЦ8J╦Ц.-нвБы▓ч┘ьЦыVДО@OZ95=#=#*KУмЛjJ╦oЬrIюV▒1Eh▌к▒╒E"гMЫx ╔║╪▓КЄeЄ╟QОVQёRШ;ЁFyГ j№нл░p)мо┴*1╛,х^Иkю└U▒╒╦┴КRЫFлАp}ZЭ │kbЗdМ╜.м.'╜╨ъЎA┘ШE╓9╓╝█Ь┘ЛцZsц╠╡0Oи KZв6▄s╨U2,ёТ#Т>│ммeїA·Bг╗Jй?6бj╓E▓)G╦їg├┼аmьl╟К%┼Uy8Ьр╓T┴л╧i)СRшиа Н~Ж·Лa#▓т╞└─щЖ!nё°Gл√#№MXФ3gvБuA╙б╤лЯЙI▌ ї─цe +щgcЧт  Ы7Щ&d─ц╓цTЯ╝HуSbєЛЧх└√ЧbЖ}ёй╖@№e┐уVИ┐Bу╙0>тi№М╧В°л4ЮЕё|И┐Fу┘▒VБ╫iГЦXKUг~Гb)@,УQ┐IcyЫ╠и7╤╪И]╧и7╙╪bИ▌╚и╖╨╪rИ▌─и╖╥Xeь▄┬ZF╜Н╞jcчAь-лЛЭ╗bo╙XCь▄%{З╞cчVW2ъэ4Ў╝Г╪╗4Ў╝+e╘>{jБШЯ╞6╞╬Э╩иЫhdKь\3гnж_ь▄Lш▌kГЇn'Нu@ z╫Bc√!╜kе▒nИMa╘m4&CьF▌Nc╜▒sKп]4╓Яxdюw│├яG┤вjnё▓╥jЇ\╒_╞─ПЛ╟WjО╛Bик(c╘GФ.i8Kё╟▓p·WJч4·у┘UЕхE╦ *HkGХЮF┐ЪYU▒В╝<жЇЬ╛ ЕRTVH1фm╕t@!ОЖQ╧╖═╬Ю3╟╬─мMмGЕУ}gБХЙё\Ж7"ичг└╟2яО96 гf┘(я#s~.г╟ъQэН─╥Мz<Ы╘└"F╬L╦╦Зъ╘yl ■7w#~╢┼ne╘┐W*└"┤╪q6┐ 9/Т╘├╥Fг4тЬy╢┘P╛Ie╥─2╠(ь╥ХHB ЧД║,щw*%╪^вфNХсЦXD/YТхfNЮ╩Гпд╛WЫ&Bzм╜вЖQЧiGь#JJ(]╢ЬQп╨ъwаКbF╙ьъrmм2ы╟`¤ясO b╦╨ДчB s╓жP|гVЦ`Ж╤M╛мН`Є>№╜Ь ОN│┤┬▒дмШQщ5d╩PвZ▌╖Рч ноДP6HК=╞во]РЫ╗(Я┐├║ИЯkхпcNеWпПYш(L?┐вj)гnд╩ЙЙ═' ACU▒Е╦h╩ocЖ!╩Ъ╪╣┼╒┼U+ЛЧВ0 Ожic╔Є╒Ь╩"2¤ЦM;Кэ°УжvR'mуZОУ║IЪ8Я:vЫ:ЙS╗Йу╪ЙТжОг─о_У╛ЧжyНч%q▀I▄{gfБ▌E9=щ;}=┼сrч~ц╬Э;wю╠ь╬юОЯ&╥yЫR.ч7l єЪЗkS└ЯD─ НАЯBj¤-ЯGT√[┐К0Д╨№Ъ `>╛-`ЯААф%Бp3DїяD+C@d┐ э Б╤¤╗╙├1ацў&╬1аш╦sМc@╒W&╟1аь▀ ╠нъ╛*0ўR╤{0╓│▐B╔jЇцп┌ъ1╞п ╧Уc'└ёЮ╖5б{╗╫░х╕ої▌°_Hjs I═ ┤IЙЇ#Ы cDsG_Н├e3|т%╜ъ░┐HMqDР■▐▒цv'ЎBФаЯ┤┼c('С$nщО·є@х│░_:Ъп├7╛hSФ─ф8ыoo8ШЪ И║╬k╔юn№д╓ Сw√╬jАr∙╔DктРiЪ╪Б ы╙ычЦlюzф\ "║~O5/тW╝з╗q ЕЎЙЛ│R╡╗├ш:эjнT├╚╝┌▌x?2З30E─N 1▐н`Д]7─ #Rл[aSQЫ:ШRS?щТЪ▌ы;kЇУ╙(t0"нt╖▒`┐▐?VА╞[хf╙PЕувЩ╣ 0╢╕┼▄4╣pЯ╔▓i┴:╬┤&f│SDZяnBU┌┴XУ:бг┤┴mgp\Clt7й┴V▌[ГuЙ °zCj0ЦT√B╛`(Azд'ЫъЯsБЎУъ▄╪tfжUM╒<мNку╟gqf┼Dр╘КГVє│Рс)О░1·X~fЇ¤"╟)(6Ухyе┐тH+ыФ@>═С╒А─ №3t!Е¤5▌(╗░0/ОиNC╛╠┴zFЗйЬЭc┌}Ег╝АЪ?СЭЗ)GммИЇ╒жj4@ 2L╬e└ГЯчV ╨9n╧▒сkM╒\╪"миь$ ▓_oк╛йЫ4#+RYOФ8№# о"uэ Эo▓П╒`╦-Ej^│█pL╫ЖсH4дq╘KWxы Xьcу3Щ,8рХ^╤И|ЫўSа╛█╝в9SЩ╣IЁ■IЁ╤90eЫЧп▒ь┬щRє╔╙s╟чgSc8`K█9Y)KdT╪╬)╒Ў$мZcS1╓7╞f╡ёbЗW4!▐W╔╨m2╪ZЬRз┘C_'iз╫╛qЕ╬g})ЯМ@4H┼#DСf╝ї╫║бВтNiШёК5$jCдыDнJ67╩Соў┌▄хbb,∙вЪпJє▐·С:fZ╓;nЖU~ д╝╖чхЭ╪╬I╩?!н(JV▐@┌В0ЯЄB'Д╔Фп│:З▄Jц;┼бz;ЖТ╪ПOз9╥л|YnфPЛrб3jU└░|З6(Ч!t3WwЛЄQД9t╣Є/▌┬б+|ЭЙt+З┌№жАЇ6╡+я┴╬rиC∙;ф|;/бS┴ p╥mъRV эvu+е;8╘г▄К┤wp)Aeб;9VЁ[╥]Ь│Oy є▌═биВo╔ТюсP\9Г╨;9ФR■е№ЗЖХBят╨иЄiФЄ╗▐l╣cд%SWЪ┬jЭ╠╘╪8є╣╫█zOЎ╡Ы.ю░zxMz╪[д╛ь4╕┼З nё╟╖x─рbpЛ▄т#╖°иp юъeєy/ўАП<руx╘рЯ0x└' Ё)Г|┌рfЁА╟ ЁГ2у╪YwG(2~Ь8:┘zИlЮ═iыт╕╩∙╟8\p▓p}q>G╗╩ иTжCЪc7Cx7OЬ&О.&дАт╪├А Ha├Иc/ClA*GьcИ+С#0┐Р-трV Оn~}∙Їшл∙e:@Г3╠·К┼|ц°B─ьgД.$░ lОkв{є╔ф╠№╔CЩьм▐=№кT╢╝╓t°°е9]нщп■5Ж╤═3╔тD$Ы[(Gа?pgи╪BСсВ 7╠p|З#─P╟Иd░│#,_╓H Hт8*бщ╖╟ж░6Ид№╛dИ╪нЮр╝▀ї┐А╢╡LP╥╤T$╒Ч@O┼g¤/Вeц`z@фиж[a%dJйбБxjД'╙╤(бШКt ;C7└sвУX┘╣Л╚xМЮad-0х╟+4 ├EТq_*╨GкШ°D"Ц ╞ВмЬШm"╛┴йF =╪?;4HjXцP:SФ╕Xщ;ИЫq@вЦ':HOtcщ"ї╤E─6r дЪXix╡╔Л)0H,CЪ└+T+1СЇЕC╛D┬7BV▒║ёt Т %Вбpdмx"°Хи╒Й█фФGш $─¤_qяЧ>╨╛ЖР▌l ¤]Еv░ ZWХ`╛z !{hBzЭBX▄;▒РЫ═МГ\5Ч+└Ф" ·G┤Ж╛$эG`Ц╡oьж;0juПЭї╬╤*Їгю бQЄtg ¤╟^▌ ПPЗГ┼▓¤у3Уу╫л┬}Tц?╫RКyhU+d╠cI1Не╟hГuтт! 5F╢6 j0┼Q░╬в╟i .╚╩HШф╥q┌r~YцUe;%ЙФ╪RJшYБўКнaЫ$═hWnАq`6W╕1с|Пў═9▒oЖ╨bш┴║НйД■╙Кў├ E║я№bO&d╖#.╠C└д?vтН]|ЕюЗрЁaQ▀XПт!`кl'#¤)╗-ьг╪ @Щ┬+Иш█п3№├А{ё┘╔Bв5¤~╟Kp°?╣ЙРgD,Z┬н9└ыkВk H[╩LV3УЇ┬║Hp p\┼═└┌└}Р°]╢u&№╛═Д╝!2╤ЗЁ▀ ё▐ bГ?┬у└є~O√e╛Й pЇ> щCя█шсKЙ4▌№T╛gd< \°й╟7Q╩р:``├/OРВDБ°6╪У,Ё8$>-сKВ8OА┤╨▌№3` ╟и▒а)Аy╨S)ЕЕюК·B-┴+╪ Й]м`7┴╤╡(2'X'╢рH√ ф ╗жp яFМгл╦Д╝ н╤ В╙т╒\TK85▌ъh═3и╪█АыГPЇрш╜═╒l nРЎЄ:▐[?Ф╚└h'№+G╥Ў=Ї э=i;щ─З!W4+АGh Д╬╜M ? ╚}ыЩИ-b щ┐KР┐ф■ЁM▐/кў _└kX╬VQн_pIc$┌+╨Онр╠╝°AzРЇ/|#рг╤1=нcz\р╖рcя■└▀╧iом%ъ4+■oi5t▐рпАщ+°ХBl╨ЯЁ$■Б @#оNqu╫ЯвwгшШ9>╝ cO{UЁ\жХё└Мl@№║9zpuG ╧+Ж0ГХ╓АIтЯ1ЙOUH|б$ё3LтM эJ|Q/1Ю╦ухЁ▀┼M?D╡]нСТаоНр}╖ tpлhSmюQ№┴M╩C■╦╔╓Є сТ% ║У┼Imлl╒ л▀Д┴·[╜ 1 ╜█¤q╨т жO5ЇU°З▀Н~ О╨+╪aU(┴zА~/АC 9qP№ЩН▄{:└z╨¤ А>"А"·╧s║▄ЦM<ў╥U/мqыVюЎ$о пЩь ШOФ6Їh7zшJЇ5bХ¤(HLNЮ┬b▓╗9ЇL╟ы0о╤DЗW╢▀З▐╘╚PУSЩYь7sp89╦Р┼FЬж╙Сd∙Т╜┼Нo.╢▄╫J`ЄУЇ`1░Р╧OfЛй╔уЩW╩ХdЛ╗╪-_SpdР0║В kQНИк╨Zl1А▓Р▐╬╞▄!▒▐Є,╧▄л╦№ь·╗xцB~аа╟жe~6┴2л╝|ПГ{2b▀Nк▌H▓╢┘ьLф}Ыё й0y╣У┴№9 {Рf┤я▓Шф┴(Ы╦OVИ]/─тр╡/г_&╦ўUe/У:`Y3А╝√P╓d┌QGYЙ├кЪЗщ└tсЖУx/╤┌(Qvч=√─¤tDт■Сю╝РГМhO*hgхvK├aaGU┼ЭwаУ* фИxК@Ь,=u#тYqR<Ц┌#№1■┐ЎЦХг*┴-рS5г8уQхщ▌*рб▄▀6·└сAw╘М П$+\▐#р╔aИ8╤бЪ#,┴■╣К╡гI╚ПЗk╬;z-Ьёа▌ЧpИS]OыKЁJ▐F[Пю▒`LА!Є_l+GCР ╫b╙шў>рщwyGлp2К~╞;·%`╞Г^х= t<\є╡г0K├wgР·+ьНшЄ╝6M&Ч7╫>,╬ ┘[р8╜ї58Y}┐\┌║╣cўoЇОФKя┌Ь.э▌╘О)╢ЫВ├╢┘╠ёщq╚4ХЭ▀V└о█r№ X╬р╞M■╟╣─йув[8Б╕MSNио▀╖╣tRwu▓-Э,2эь"╔[yчo░eє-я┼№ўэ┬4m╝╤э╚╤Ў_I╩╙╕/╘░sJ╬`=▒M ЄNd╞' ─n┼Р╥иэh5!╢aаз╥Г!5ш ╙╤Рў%R_яф├Т- Ж#Дъr%/╩e1r%у╤^цщM┬8TQB8ъыe╪·РX╦▒бa"ыр╨@,1ы╔ф^leЖpJ ─U▀`Pї'|Г└k√Єx¤yОd ХLТ*Ы/Ъ╓▒GЩь ╥щи/RcщTo Ц└к/"Ь:$b╤Xo:джУHЖ┌ЖHuЩКG*╚5e2Ц ∙щ╥ЙL'√ДЩ╚ ]#АА(зwМе¤║╢Т;'uХ╠Аїш1и&√bЙd0АW¤I╜СЪе╥Й┴$i╨┘.ЦNи╥`уhd Т"Н║▓cс╘!_Н ЗаС▒ъ■╨`( А│Рж2k4р-#ё5Ш* ПРfг▒"ГБ`(@VЦ▒╕+ж7ФPГa╚┴▄-Ф$л╩ЇX<е·z╙дE╫оx∙эХHи╛`0A.╙iНR#╨юЁo`g╢Y}rYc ьP&°╩░oнhЦd* hЕ╡║ОI·вС^╝Л╣:X╔ЛТdЭ╤I__Шм7т╤TРl0т№)▓╤мh╪ txжй B6щXВ╥I╝ю%ЫuцDУЗq'Ў^ $[* с¤зн║N0╟цє'╔хF╜·"м╤┬0┼жкщHWIсp"КУm·RjW√╬о▌и▐K%I[Щ▄ ╛Чр.)ВYк╡▌с╥ГЪ¤г1p@╝Йў┌/╞┼.║Ч╪vШГjаyx{геJЬFN╝ %У\^Ть4ТQЧv╒?в╞Зc ╥it№иQЩ9╜ЪКсеzr╒2,сDlА1эZТ [Х▀HТ▌:5Xш78v8.Ш┴╨]╞╓с╖ {Цф(СўЪzW<┘Ч√╔>│guт╬dT"├`иnг╘^v5Т\m╬╡гг+<рS}>h▓▀Lю╕jЧО|НЮ< ┤ЛyE╧2МF╟ЁUpъЖR┐БкЦ▓*▓iФ`E,ХaЄР/.&У ┴TС+6p╦x{о▌╥v-]ЪС├l[ЗUюьфйV>╫╢╕Km▐Z┬цщnл╩v3┘eЮ2╥О╫2╘\╘╕▄¤9\┌avo n0tи*k├h:АJ,█ko<`Гzl;├▓l╧├смe[ФлQД┤л╩ё$КТn_┼й~╤╗5t╬Ї▒Ь▀┬П╓╥НК╟))лФZZgw7┴rjq:ў КnДЕ╩^ч>чg─╦ХMOЄ `└Д═C%┼щyПУ┬^├∙eфя┬ ╔АpщUШм▓ЫIr^┼N╒LО|'╒Йкй`║pcк^м└н0Е[╢6Auj;u _╙▄▌LH]гОь tss─ГE╘╦мЇ^ CщНН╞ iвФеРъ] ╖▓СИY┘@P*!л0AHЛYc`╛╠CMu\▌d╞мй1Ч█*ь@╚Zр╓▒ол1╘k=Єa1╕1╦М▒╞Ш╪Tj.'зlо╤Y єn▒╟~'╢nЩkырjъхкР~гт╢╒╦▐╠.│и╢Fю┬Я╢у╦"█╫┬┐╞v│x щ╨г▒│╙рМЭЭ║·єж╛╩И┬L╗┌ш5═Ы╜╝╟√>?│╚nYЧ┴╥ЇД▄┐ыо│z┼ я╣√,%я}°й√╜m┤,жХ╒fЯlhБюNx╡zЎ~}оИЗч╗F ЭKh╘cи5╫╚чдщ&$·/╡Ї╧¤N╠3ьqbf╝|Ъ+(УЪИPg9.qзЫ╩2zСЫР╛%D!9т<╫тА1┐`ш│n╢иfA─pУГ▄ЬД─JН▓Ф тzє(╤Д$:ЩкI┘ф ) ╨╥m─╪шн`О!sбн╬N&їРlЁлa│╟ЁFAЩ▌═YE#r╪А─#yF╩е∙=!G (& ┬0мЄбо╨gV╣6║<▓14Ы├▓Ан<┌╚KuLЫ╓mэ╞ оh1л ;Юг2`:╡шV▌Iz=е▐с¤m= ¤√OЁ{ 7IУ╧р$Д■_g)№┐╠Я╛'█ ∙е.└N╢хччЛ№q√эЩь°ь┬─фo╚╛=WШ╕fpуJ╙DР╥ а▀c╤6Гoй8Щ╔fЛ< У>└o╦└ фЩ╧Oтz╩▐Й╔)тжйbaВЕт─lц8OOцєlя Ф0Ц╦p\.?│▌BqoКJhШ вШ|╖7 ╙%╜&є┘1T╩ZRJ█╞Y╪vб╦щ,жТKu┼ЄD}╞К3<╒═nкl╦dў│цУ)й▓hўтд7a╬MmM?Че~ЩJ▀вTЦъ=OГ╝╥Fхъ3ЄJщtЫ,┘жхfА%█WJчzv~╬#╫B┬VДЇI┘╔ЪР╝Z╢┘шY┘.╜С╩оYЖ│Ї0Ьи\7 ╪П│d=&?uX▐аI:*╦ї▓фСй═ ╥▄╟dI··SП▄ИЕРэ╢Ч=▓╥v█s▓╦F(╩&=eIЯ╙e▄ЛЇ│Вё!d┤Ї▒Eek█А<-7(!(ёr5RХGmRўgeщ└VЛмHchФа┤Z▒╛╥Ф┼╘ФmЯєX%y╡tсiBхЭ╘j~е:├╜6 ╠Nщх3╚╒яJ╡M·Д▒щ; m▓C:UФ-`1м╛┼v?"╬Ы]z╘VЄа6gБ█!}cБ╩нТcXоТPЪфlУ[!УBl┐'oDЛ╖БJw▓vРбЪВ*█юў╚ ├▌.пE▄Г└6"╦OО0Ц╒╧╩Є)yuш=З╦kчw╔)ї╦ ╥r У▒ПXмЦ Й К╨ОТ│жY8 Wб╪n└╢╜|Тємl};`keO?└┘Є╣Е >╔─Xl╖Б*Юay╒Я.#╫H▀%`p8∙* 7AЯФЫЄ└╖LА№hєЧX╦9Дd┐ь█Z└.\D√(╥╦┤ёИ│I/вЙ=А╞╓│IXj=Ъ▌&]а<ч#ЛЖS╧0еRоЕ╙0kZЛm}Х√ўoб╟ф6·╥@3ШТХ'хi╞┼3╜ пєPщ:х┤╫n∙й\3╘гZsXlяЦe *QЖХэм3Б(▐Pv██нVщБТ|╠КDщЛрvщ√фзP├├P╫)ц█PбO▄вАTє▀0 ,╧С┴░и┤В{╫╫╦uвзV▒єс]Ш╧&UЭ]О· zЦй╘╧·├╓aЩ~▄"CД╟XAЎСеc╛с╞▌°|v*3╜=││kD│╙╙Х┌Т№жХE╗=)¤М╨uыжG┌·зз█пОо[gб 4╧КЩ}+┼@╩\ЪЙ"+`!BЎщу│█Ё>гИФхЫЛЦ ╖cчЕn¤├oЎBГЭjн╢+╤2Ю¤L√<о╘╨ж═.AW╗хO.%ф┤ЖSX█╢╒"╬цЭ8AWП%шR╚M6o2Ї╗▄┐cё╗╝яФ|о╓;м>╫Ц█eЯл¤6Ы╧╒їv{пы<Х·-WЧяiW╗я╫▀_╗Z}_ry¤╧╗▄■P╦▌╦ТM·Щ╖A}ЖA╜▌╝╔╔L7я,z щ│/┌ён|Ц╧х>kё╣╝╖JYЧ√)ЯK∙+Є·S╒Ьк╜┼2А{NУ sD█ czс%╘4В√╨ NТ╜Ah╣ЧВк╣Iь╖к°8н*╛т:╬6]ЛЗd}│Щщ,~3Ч d▓є∙ф┬ё{\[{8\ЭbЯ┌-|63Ш╔│ЭзЕNьЙo▄МЪ)ж{"▄ЇO╬╩T╗n>═dпЯ╠Чфг!°nz╬╪s=▒Й)лэЖRs┌vи╥╛kуkFuп-┐▌Sзз&┤\М╨ЬU▄м╒фТ╧Ё╝i¤s ьЩUёDnl*єу╙lзпlЕ=EcЪЄЧtЪ└ЧX░Ь1▄/THЄЫ_=л=бЬ81ц╦NаЬ)yГxMApv╓№ ` i?зеk┤]у$n[ы│╓2█="¤иg.F╥е╡в>м+JK?a)щ yС|йМ╥Т,ZеOСЫ╧¤{Х╥ъ■МH|ЯЦy╡Ї/╡Эа$NEй╡%ЕJцh┤ЦPцBXДРЪR╬ФЦsE)gъbъщ%м╨┘LKo,5╧╨ы"i)I╥Тї:Chi╡╠f╢а╠·Xйfи─Y"JеUqлУСm лPЄЖF╘╒ш╥\KЪI3└{┼┘AJА+╡лр^вжФ°+ШОЪЩP#НнO│;TBKЯ.eMV*QЩМ╘WQh║2▀╡ВxgЙй┬"Д,ттrLe6MU;)РЭn&ы4─═e┬-Мpq7ЧыafБzШnй╞╢Ц├з╩ю5є╪▐Ъ0+╣я№тТ!рBйЯ[K┼╛yN~uёЮНyЯфїy5рххг▀Л┐щТ─°єZ▓▄wVЙф■х║!цЬ╔y╧Щє2deю┐_*я╥: ўя?█O[чi^t^Ь╤Шн&0 ┤и■АИ▒КєўEП■е8юЬчq╛WЬ╫╗3¤┤▒ыВ8Ыc║∙хЩг╙в┤4 Ф└g─yNЬє&9oU▐ o┐6Ў$~ёАР_┐ ~@K▀ ┐ы─ЩТV"]─ю&№Щ9╞├0ў|Щ Я┴IT!·yЙ╓АO|U╔Є<bтЧрAПm╜╧V|\╔╢╩s 9╕ж╬°Tп)~└щ╝}∙\wP|ъЄ<°$у╜Ч╨Ё9|дКъэ№mdZFgЎ3№╢ФtfKoВ╧{ы0м═╗ ї· ┼ўгш1╪Я║D-ъ!qпA├M|├эЄ╣·-°"█хyn░Ёk.e}╬ц№%,Ў░▀▀{ лBт╡eфhyo0Ф■П|QюЄТё╣═▄%x$|qюЄ№ьf<3╢е╩·╛Їo  ─] pWu^¤╪Цd?█▓м8f╨А\Eqь─%nF╢д─bdG▒х─uЎн▐[=н╜яЗ▌╒Яёд*їL╥РtuЗ╨║н╥Lж5 изMй f├дрi=4эFS\43ui:d└%=gя╜{ўю┘╖√№P╙ЭЙ╡√э┘√Э{ю╣чЮ{я╛Нцлр┐жЖ°╖QЛ?mb╫√2├ DПfЎз╒ЧycЩжQ▒5\fЭ/╙╘W╠fР╔╢└}_fw,╒╗x9k}Щl;УGўШeЫЁ╫Б ~∙Цжr3ЕвU*№Z╬ёF═ВUъ╬б▄эPNзпiз╓_+нdzДМ╓эЩ╙Ю&ЮBv┤Й·hw▐Ё °Ы╤Ш-ЫbJюu]№█  -п&3═ к└∙2_жЕ╩TШ╠И╞айбГЧиh╒∙л Л}бAXм8cT*╠L№и8V╔Э╣5тt.V  ~ВXм7░╪G┤└Y√[lZыа2▄b╢V▌b▌WHkеd│ъbКп>2Ч|м╥▌у  ъю_ЫЩR╠Жx№╢рr┴ЕЮ C ]g╢п(OЭkY,hЛKA[|■]б╓Э┤Е╩х╦Р╢P█╙Чсm1зе╖┼M┤E№╗Т╚бЭ;W&x/п╫▄rQ/"╘лSйWDЖ╫k8и╫Z╫'╗D·ИИЫфєYн║ЭЕ>є ·рё|│╨'╛чRЭ╤/т#Ы╘9ж▌╣╬ХЭЕo<п ▀ИСйHц╪ъР╤▌whдыш`▀68o╤т}┐Я&╪GwM╧p Ує╦лўSaЯ∙└>t°Ўщ╒╥█tVKПcч╡t√\╨к█G╘╜sU║п.╘рл7Wпъ╛ЪM╨П┐j·─√*_╟6Ub▌U@f#фt^Зj╒╕╖0фы_ ┴у▀бЬ╩Кш°%эєв╞Zе>√╠Ў╔P▐ю Zz╠╝дUПЩм_ їя╫кў .╙╫Ы$├╟┴NMXu?н╗_N ▒мRО'│ўhк╠╨▒сtЩ╜╗Уd<█э:vьX ╖J5q^M?о╓╨wfW,M▀Щ╫╥√╬т█и╧ВЦг№╢ш;Ж^Ь▄^}{╡TЩ┴c=щ2{;dЁЁc▌ъД8_4╝q╙qfWд╟yi├7с▀╒к╠R┘РўпYMш▄█@Є1.kщ1сЪЦ>dУь3VqL g[к█ЗЛhБМ┤X╦╥ММЙу╓X╘╥G╞ы5Xc>┴AF╘▓╘╜)бw'шГ╟╧ЪЕ>╒G╞хhШХ\╞G╢ЄТ`╫а @┬Уs/█@ж▓*<Юю[╞F)s`лН░x<ЖO%╚PлЦаN╖й╗ л╞Нз╝]j·PПЕ}ЗyT-З{╘ нЖy╩Ъф№ $iM^s°╚\╤┬Ц  ├н╤╟╩AоуZ╘├o╞ЖW\ьхЎikЎбs"aЯ╬ЖЇUИlВ}D╜▓нK╙у╡цM)эї├eBЯфёBъ№хЖ_e╝╕ое╖EgC┬Кў∙+Нв^8;Zе╩ЁЎ┌▌Р!Sьє?аHч║фИЇОхLgщ╧└S∙u8Э[О?╥в╚XpЪ╔Дe~Р∙L┤_0}Pч╤╞_%╢·yoDЖ╖┼╢а-╢Snч■└╬[h ёуFk #╤·Ыщ╒чц┘Жъ#м╨'╗D· k5мo·╨╡gб╧|В>x№ёrбOї╕Кc╫еїa ∙*z╘e ╚ВВ№' =├╚JH╤* ▓РE┘Hg[dб-ъл╥Ж▀o"є╕Ы░a%бMЕпО╘рл^рл╕Bz+СєcBТoЁХф─JЄШq╥д:} x·},R65tk╤╝ПoБ╠у╦XПijhгЕр·рn█w(hd╦э\┘$ь╝Гъ╝Dv╞уMl},i?ўApўГэГ№vl9╕╟!v6X№Q╦v■╜fag█-фr;BkЎ┴┌┼жещз▓юЭ▒:cЫ■m╨ж┐hНоєуБm·GAЫ■~l9h├м&lИ\1JA╤П,э>[ОW╫ж╟▒Ы│Oї╕:WK\M╨ПУ+Д>╔∙Ж╘∙~нZюЧ╒╥█4Ig7fk╚¤k╚%цSъ~C@{ї\bмb∙╗%A╜|ЇIМ┤Ы├єЭO2л Я├°▄F.Т┘F╛HVA~М2╖ЖС╖щщ #mРВ-╛;М▄Hяmaд╙┤ўЕ\ЮZTРУА╠╜?М|Р┘ДСз╣╛=М№)rэ єВvс?=nW█Л°F╠z┬M°╞SБo╝Ae╕o╝°╞%НE╟РМ╪kk╛Б%>B╩Є╟Э ∙┌чЮфр+ ╙│'<.Р∙g@оьЙZХХМь5V[Ю╒Ци╟5ж╧F╧7╓РUолn1]/ф╜▓б ▀Ыl▒В5▓+D9╒gЇм┐Х┴ Tu^*√poЩk·V}п?иW├▓Ём╩>vЮ┤╣Ё14є1▄┘}┐*#ЎЫД┼Ў╟zР?$°бы9%█,i┘\ї^╪''ь│Н╩pХq╧.u▀su ceS √▌M5ьчfк╫}*ч·uЯлбюsA▌▀√^ў╣ъ~бЖ║gъ╝▀"ъEkAu╓║-ъ║╗kЫГ╚.╗)Вь|╣!В▄u▀ЄсьЧыbя$ьy┬■a  a┐R√V┬~Ь░_$ь=Д¤Х║╪;√a┐@╪▀C╪ыbo#ьCД¤_}й8ъxхйЬ╓9^┴-г'ФuдНА╠)2яфL хрtYЫ/ДezV)їя~ k4kb;OЄиo╛│Я┬ч╦gГ∙r/Хя7еп╧'╠Чё╪ГЫlу╒э<Х;G╡╣qe/ЮZ Р Ў∙n∙M═M╪gоЖїДлБ}b╓m─АMщяk-ж╪ч0╓╘J_Ka2X╬;5▓ЖFъ^}ЭнЦ║▀hJ EX[s ыHыУыЮC▀8Q▌7╞НR▐6й│П>zКy╦sАdD9>ЄнЄЯ┬Ж╖jd┐Ы█p^6╠Pb├ъяP57з█░│╣Жў┘Rl°cиiчЙъ■Г╟гИ5:kр√yС7╕╕5j░╞| ╡&░F╠[Фтm▒м1ЯbН╨хzК5ZёїБЎЫоЎYнUыqЧ┤V╢k░╧╓цЇ╒╦сz▄bК}▐ПU9ЩlЯ╗A&SГ}X9╔Ў╣в-Н}:k░╧ёZ"╥Жd√┴║з╪▀pям┴>Щь│и-Н}║j░╧x Ў╔&╪g╝dёН ЩYНyу%иe(√▒%и{М╬╝ю╫╡ЇС:▒ю,п█╤&ЇёwЫтdh6╕+Agк!╒'╚EI.zНфв¤d■uОоЎ╘┼■ a┐J╪wЎ'щjO]ь √9┬~#j∙╗Ў,√y┬~Ъ░┐J╪▀$sР▌u▒╧Ў_√q║WB╪G√E┬■|]ьGщ^ a"ьч √B]ь#4g#ь¤Д¤,aб.Ўa║SC╪ўЎ╙╗╚├еМ╚├CхИ7U▐╞<\·$фсд^╗■_u▐y>╨╣zN2╘Ш*sўвMc╛фCъuS▐rЕx╦K$FuС ▀#9v}ьЧ √┬▐F╪?,┘∙пH>╙єе,│Ф?&9╜Zh╪▀^oгoр1╖:╠Е3k*°' │-a▐Н╟ч@╞KЩw_ЩWоъ_ШЩOШЫы·t┐4"╛Ц└Vъ╛ %/ЄзЄ "╬3фЧАИ}jЖм5Е?3ф=|щ┐1@vЄ╫Щ!¤А╝дФє y9╚UЩ\#╟nЖ<╛FцQН°жещ8eg1xяП╧В╠A9║]╬┴|-d╓╚╒Ж|Н╫beА\dxE╪> с╦Їjo╜хЧмO█°Eё=&єЛ5r╘cHKл№ю C▐┘╢╝Ю3з-p▀l>мсЭ ╙█"dжrо┐OtIйщ!NШ>╛ ╔ДС▀с2Т¤╙нbN-╩yРsКх┐ф?╒*чхVц╦yн5ZўЯ╖╩QЖ█ъ┤_Сi_╦╛к─,п{╢лCO▀Ka2ўмХ_у▐ИxOЖ!ПоХ3)^w@:о╙kхZC>╚│JM?│6ZЛ/rQС∙* ╫}■im╪[Кf1WЩяб л■ыZVк┤№ ,G╤зuЭ№^oўuЄW╪ d8ЁДвaГGk№н3┴urЭ\НлЎ╤МАзЖ=№▒ur■┼Р'╫E}у@┌TOX'WЁЄўывqу:Цгx]KЖ¤юF>ukЖ¤ъI>u; mJЫ~0#╓[D╜╥╗,№╘╤МЬ├2дРС_╖рq##┐│─Р'Yг╘т│АlSd╛ШС;╬ ∙ Э-av▄пы jaМЦ∙FР╨?╩╕а┤щ╓Зї╤ї╝mы║GZьЮїZ^/3XЖШых/Є1@цTў╦щ ХГ╗"│К> ыгэї @║ВТs▄╟v+ї·■z═ўи╨x╚е {╜№ЎCVАзЬVd6ЄВRЛ.@v*2wl√╪ °у6EЯр■PЁ╘a█4С╣вXь├Ш┘Eд-Лх╝9пhX▐└ZFz┬cdЮ└РП▓U╤Ё@о(\╧"▐s`╚Ч7░6Х╚╒ 2╗Ё#дЕуrП┬ОїюQ╝N█╚Ц╚║НЭ├╛wc4·▌ HптG╣жЇJ№∙╣└оU(╢xЧX╪∙гЩўJЛ}r#SЛqсяr┼ ў;S@цМbН┐Dм╬qklМ┌ЁИ(5mВщB┐b∙   СЇ▐wгМ┬їАМ(O}Р^ефгАlWdL^r(f╢1;Kл~РE┼к▐╞Nе>╚ ┼╬▀kУя1ф'mтэa▒7█фZC6l╥° ░Рy 7ВЪ┬╕ГCтo_ Щ;@&п╘лw╦1еЖGQ,fт)╚щMс╤П'7▒▀¤Е╞ўS,"Й╚C9F╢Lx4 <╡U)∙o╔(~e√5ЬФ∙■жpщў#ъспГМж┤Ec╗\▌eH{╗xL╪ч6@║о;┌х^-C·┌хЪU#╦Я цТ¤(╚ЬU╩)╖у┐ЩРЭЯhПОD╪╬Їх9ф╞#ЦЛ╩■ї|╗x▀Oш№ЧАlW╕╛▐.▐╩2▀dA▒╞ПiVуs╗▄uх#їf╣6╚РнАь ╕╞*жЭЧ▀ю96╚z▌▒Щ═/d╗▀ ╚Eч7│_J─фмRўi@▓ rР╙╩SHЧRпч6Л7сЕ5╛╕Щї\iНo▓D╜dNбэgо┼═тW,gl╩▒щЩ╬~■>V┼1ї▄O`?йьъv╠▒КчtЛч,╧Ў▄╝SЎЇ▒▓У3У┼fJ5H╣х4)ю Q]╖КF┴╘G ╫Дб+ЎqгR╤╜ЩК Уп╚цсЪ├yх '┴ ╝ a}ЁрсС╜CCz └╛#ўыЎОь8tИ┘у,(в8нсxмe#∙ЄФeчsЖУЗЦЄЁ│▄0<МтTk╜dx╓дй╗ь>[,IВ┐╟ W╧х╝▓Cх▒═pbП5╨q21j─╦М[╢єцtотщт}╛Шкш║_ШYЪд╖¤╡н8╘ИAнXY╠-╢J"╞▓YХз┤+J:╘┴мxV╣T╡№єЯ┴wIў_▌[CWХ▌0╥╜╒лpЧЎ{1Sт╘йSjG╫їB.з;f┴rбы*`▐$p╛мьЄиaыyhpWAr>Bl┌7Є└!}hЁЁt*l: b┼)3пgt;W.M2ўЦ╛ВkкыРB∙▓╕╡ *Є'││p▌_ДЖrNтч%¤Ж└╤█╡▒█Nfи^1н;w▀е;%╧*ЪЁ8Ш╓└вж F█▌Cksш╚┴С┴·ЁсБ#¤шЗЖшc╡8╪O├F╥z@├ВШ#▄┬їО╕жsо'РБ№~`!T┼╒╕┤7ю`╜ЇУц kию 8,╘'t?чjт╢О_0А{·╘];еАС╧иК&Sх│XЖр}D:t}¤!) j bм▌бV╙я│J∙с▐.С╦}3Щу▒вю7=~у╛▓│7ЯwL╫Н╣┘WЖ6НФ40mц4Фq║╦%сГе╛ ╟1KЮ/ФkЦ&Кz╨╣lk╘1Ьў╓$│Ци└рmдч&╜╨ХЯ:╦╦)╝ЖQ╚НИP(|i!ИB`╨б┴JF)tg╚╗-╫1№h,штykZпФнТ╜5fЧ ЪН╤ыBШ╢єх ьВ┬f№Ў█I▌_f╥√wьЕ╦Rф3 1║■СЙ28ЩПУ~CВ╦Яp▄qk╠уt.√ФБе░Б═?ы;╠№Ш]ААзH=gЫF b╝ояУъT`ж Cя┤З ТIЁcA-9cq┬Ў░я░+k╟hчзХЄ╘о╨еV8Г;╦[cc№ttЗ(/ФQ='D∙╧P ]А ╗ё╕8ъП╧▌;48єo╗ЇцЪЬгЯЁ▀Y`A яЯгыVyTЫ(х4╓В╙йЯ^╣ЯМD╔╖ГаЦTD╩m┐Щ№ЭCЮMє ╜В єvйJ ┴o·В╒3&)ю·вёЩdў╘ёRgIюIv╗"cЁ▀─ХЧї╥C╗я┌╡ы╬]_У$╞а╟ДФa/G┘z┤Ос "4№{Z▌┤я▄б`P>Ф1Kk№┬Ї■╨8нTJф]:║┼Ду╘4s~├яQГn ╛╛├CжС▀7уЩ╙┌a╙;RbMХу╘}Цэ∙г>╚ЧEё!>ркеdЯ║.├9c╚p╜Ц─O <@du¤╤ЮУh)є ╢NП╤┘╚Б·╨┬<КVr!У╤╦cX F p╦ НыPЭ █╘- └ККїC╡№▓╣3i▓ВМю▌ЙQwлиOЪОЛ╛▀d╪)зэP#bй¤ж ▌уЩЖU╞Ш▄гтУ6Ў([■y╚╙ЎГж3h`┼┤їгшtY@>╟V ╣Ы┼W╦ЎеOцЭ▓JШПыvепШЄє]Тb▀T3IЬbr├┴g─v┴ !╦Щ└█гоiЭї-ь"#хЗн╝┘NЇА>▌нШ9k╠╩ЕЄ╣╘МSz╧╕iT┬N╚уГьёSC┐uq!╢Лу*o·aШнГOiС ▒h╙Jд╛&cЬСч<ПМйx╥┤=u┌Xk▓.ХОEBw+╗б~6АC&йA╥╝=2Я$ ╤IМШж@п,ФКР·кЁhС├wr╟4\$╞n╤p|хЯЪ тт▐╡ГЕЗH■,юV╫2╠И,дЎb¤Б╖dо"╙W┬╝|ё4.ишШ%`ї зi8p>n╠т=ЙЪ╢Ж.kХfBщ 7фd.g;Ш№rCЄ╢╧EКН_ aъ╞╗ЫеВjUЗ(AеЎ ]Э/║У(^(Gk┼xi ,╝═╪&^d└ГX┴яЛ°3RВТlm\л[ЕР!}ЯГ╢ВKЗ╟╦SЕwр╙Ў─u▌w╞И█#╔`░L@#Зb▓░ў$=OA`╠ЫьЗбШGxЪ├▒1W \пhТC)┐╙EZ9bI╩Кк,5ЄR°Ъ╗Ъз┼ч╡ё ЛCдP╢UJ└xUВ6Л.Dи├O8wa^яЕь!є╕ 'X┤:tFh╚Bк╚JDгu╒G┌╚H╞є═p╚Кд9~┘╪╞╨LEнZЦHUТЁсУmвkб╙ъ╦д▒ ╙RСа│·╗юСш "▓$5бW'u┬яY╪їa*Я╟9Нm\┼щВ╪Pu╓YєI╫;й]y`U╔°` юЧr~23│ся┐sТШОw╨иB6e║╩З■°LЫ▌гЦ ес■┌'и║╤YЮОмK╫░;▒u╡┤?}┴RY>Ч╜ЦїЗ   PKВ·Т╒╜РЦwPK-/_▐V unsigned/%5BContent_Types%5D.xmlМР═N─0 Д_%╩5)BmW№▐°9,`R╖mтDIX┬█уv%hЕ8z<єНхnS╜L┘ъх╣jе@2a┤4ўЄm√╪\╔═╨m┐"f┴V╩╜▄Хп╡╬fЗ▓ Й7SH Пi╓╠f╘m{йMаВTЪ▓0ф╨▌уоИЗ╩Є▒+JqwЇ-U╜ДЭ5Pxнkує>╔е╨' Сц_ыЧ V¤tДo■гЇ@гЄ╣aй*d'╠хlН0эЕЦьИтRy╧Y}├╬[╠■ в·?√}ЙxИ?l╜■z°  PKI<█шЩPK-/_▐Vunsigned/AppxBlockMap.xmllТ]oв@Жя7┘ `╪K│╠ атж┤ёЫВийаЦ╗С╧Шб ф╫╗qcЫ╜<'чЭўЩўЬЗз:K;чарДQM@":їШOhд О= н ^bъуФ╤@(Ю■xз╠K,ЬwZ=хЪЧe■ю┼AЖ╣Шп`ЬЕеш▒ р<пБ╟л,├╣╨╤1ПнаМЩ O\UХX╔"+вv"╨╛▐т№т1ю!Ix|ШУ4шмp╓Т╝SN"°bPBgKЪ╢7ьг^√Гe нХлцї╙Oв┌╔ЁЭlx&Л┼3{уЖd5г4┐d║|yы├05'ыН3<ОVЗххxм▐Т^щN еN═!tцj┼│·нЄЮ-l7Сж▌d╒Б╛ЪzI=єнЄ╬г╦Аўнє╤)╙рАHQ1:ЯїВ8┌йЛ]Ъ╝╓7Ў╛l╢юb|Jз {_ЬўТэао▌xй√║Х┤0ч╥Эi╪WоЮрЪ╬ЧМИ╟иШ╙ш6┘ыї╒╗xdї[<╦хВe:ъцfQ╩┤4)█░ ЗЇ╕/ыї&ФГ╥%■ЛLдщk9│Ю╖|д╧|yр;°`╔Жб╘зhг{cl^║╧/Щ1jI K7j╧┬┬ФД/┼v╙7J$х√%Ў┐Qт*Ў▄┬А ^└ эНW║е$n╖{Сьa▒╗wЪ┌XЪxIю*sХТgОМЙ╛у╡i7;;tЗе║N╙<╟цЦ╘щсш.OE╛╖S№  PK$╙ыd5-PK-/_▐VAppxManifest.xmlЬT▀O█0~жЕх╜Ц╕Y5UI EBjY5<ўЪZ$vцРюп▀╣MJК╪S%╣;ў▌▌wI╬Ык$╧`м╘*еуhD (бWR)їn}·ХЮgГd╔┼/`@╞+Ы╥НsїФ1+6PqURmї┌EBWМ╫u├*офмckэ╒К;L└^дZщ;╤iъy¤!4М ╠xЇ @мПe└К▓zпFЖ8╬Hс`Еp№QЦ╥I░4├D╔ї ФУnЛяД▄Ё Rкн-н,BўБNю╗б|О╛D#╠рdщKi7`R:K√с▀асU]B`6$∙MЪГqr-w0$?~е∙эЯGgЖdЮ>pc∙╦Р▄ж ■G?KNЦJа7OЧєР╙h╓jsa─F:╬$█LbJ╪оМиC:░┘оЪфR┌║ф█PU╢╪^╘u┬·ж}╨бЦуш\W5W█Д╜ыoёq>F╓б█Yя│Ї√╨╣.t&ЕVQнКДэ>gvL:∙ V{#%t▀d╬UсQ∙)uъmW3;:АМjP8Qё┌Д;n pЧЁ,\ёJЦ█v╠{}DHЎ╔щЪТЕTЗYПq╨╤8>O┬&.x╙zюPJ░ъ№_FУ│рo╣╝═Юф=╣╡tЎЪЮ<у╒Х/╦;унг-▐█у О░ ZB"^╧DоС╪n╬Ф╠▐ё╟б╜ RГUM╨3!3х╠vйеr)m╖$Zw╔{АtЯ│рОNяеї╝ЬХPс╞╪АC╚w№&ь\оKНыЁ)ЮД ╙ЬЇЇhС└+Ш_╡╤ЩI░▀эo╧ `[╝ГFR┌iц╒╟M┐q▓╢м╟~▀├уЦб▐Ў?╨ь/  PKJХ╟╪ЕqPK-/_▐VAppxBlockMap.xml╘T[sЪ@}яL CЭrбУA-▐/%MзГ╦+░аЛ@ЄыГщhМ╙&yh·╕╠~чЄЭ├^\Хq─фhKqBЪм╚ ,ГL\L№&√═4>л,C3З╕NФ╘dI┬^]~№p╤КОЭФйц m▓AЦе_xЮ┬┼хb ╖ M╝МГI╠;iZЄuA°╒~,vRЦщ94г,H▄уpQ\!q╔╓п. "/╚|Е^╔∙DзЎЄ┬└bоЭ╕R▓#√╣*╦╠ёCїMSDP9y┴п│\пfЮд>ё5Y┼65нUWы*ьЇ╞b▒ Бс┤ghBи]мь~^│l0SЫPI╘╦┐Тrc▀Ш╦]г#A c╖wЯєx╨ъ/@9\зэPшЦЮж-П@Кж╚{~ятЕ ┬е─?▄@QOlHъЩНpыЗ3╦_-oЛиРж#╦╔║S·Э \оfЖРХ;D█жN╦п═▀3╖╖╧ц@+╦Ъ╘8]Яt╞[Sъ∙э4═jЕэB├ўы·lR^╦╤X)юш8R7ыб.n{■╝wz┼;vЎ═╕*цГQ╥д ЬI░M4єW╠Ыл▌._╩└ ?З]{.╡G·ЄF1)нЄ\╖Ц·єт+#плy#╣ё╧╕{OПБ°Ї°hъ{;!"┘Oє>EЇ╟i└▓аЭ8S╬ ╨а3╖ч%юж·┌ kГЮх9ўtиЩ=-╒ &5U_lМp╨ПВъТЁО╢ЮмS1к°j┘╘╝▐ж}┤╬mRb,Еmk╤╦}╚╗33╠╙аИ╟У\[┼ф╣l@∙C┘▐┘xY∙ыНч╓/  PK{vDХuЁPK/_▐V=3ъ4т[Content_Types].xmlФТ╧N1Зя&╛C╙л┘=и1,DQиЙ°c;, █?i\▐▐Їzь╠|▀пЭ┤?ьl╦ЦУёоцчв╟:х╡qM═▀'П╒5gЙ└ih╜├Ъп0ёсрЇд?YL,╙.╒|FnдLjЖТЁ]юL}┤@∙@═бAy╤ы]JхбгККГ·ў8ЕEKьб╦х═M░C╬FЫ╣Usб5 (╖eW┘д¤зk=h.ў Вk╢╞Ц Ф·~"t2ЧN Ыкї╘~A~ЄO╪С,х ╝ф-GгС╜Bдg░╣-o│l ╬L1С╪┼ЙЎ9;в╛k╜ЪП!№C¤Q сШ·═4hQДл?nMдцр:Р@БyНO┘┌DC+Сu╟S┬▄$Te4╚ї|  PK/_▐VcЎ$┤о AppxMetadata/CodeIntegrity.cat╠V{4Ф[▀w^3╠┼%╣$фТ$╔фТ╖У[╣* &&ўq╠й├╩ЧK$Э2Ж▄вє╫SжЖш&кГ\║8╔ С∙B║83╒*з╒Yg}k}gня} ╪k?√┘{ Ўє№~{?АE$`E╓е╪д╠С`┬a▐aБa▓ aE|Rl`*E`!░iмИ&FaЦц░▀ДD,■гС├иxз║╞∙║Щ╒О9ю∙uP╥T│ IGшы2`гЮ;]тОм зБ─гиТ╓zжс·D┐ТНЛ╩vLк╝юл'Ц║╗q╙Т вєоЄr <┴РС|ў╔В└(┘╪┘%1А╟ BZ,Ё%qЮ┐▀Є ╫:tyВЎn└щъРз▓Ь▐S еG╖zMСЧ}╩с╦╤z@gЙFWE"фэА╠б(■OGPqВQв┤ ╥З6@:qX╕b└┬Ьс╙!ЧГA`Yю%Г iЮ╗░р╞q*Лoнюъл ╙Ьє#╙`?є╗╚ В┼╕вXI─iY H :x"1,228ТъцO%+EБЩ@Ф▒д╥гh{h~Ф(ZXиТytT`ЭGчsКяБ!т╢ЗЕE)YЪE┘РXч°Я;ЯГ·K║└ч┤│,Р■░│ШmhХBїзQви,Xeщq∙i┼░`1█ё ЖбБ╦ Нж7мб▄+Л╤═╝3░s▌НЮ╖─Fbи√;ЙГSl-┐л< ▒ХЕ√bn┼С'ЁШ▒~q╞9ЪE└~хр╬ФйNvO,╓,л∙╘Ш)╧╕н╚М^:P~╧g╧°JN▀H┌ч╕1СIЎИбГєv¤╓п=╣c╛?j╒W╛&еtЯ,╨ЦkUОТЙs▐¤zkОOrМ╨m╞щ5оНЪ7д_9╢[/-ё]ь1oJ╕пCХзУТ№эёЗcg╡взбx▌в;╤&юЭmEr7}║$М┘Zм╤їpaвєqъ═Ь╩aЬ┤Л,UєRфd╞¤ Эо ╪ў╥х▄м│║╠╢фpF┬ў`2УЙ`°,:╡°Гe№*H┬Ё"* ░№Б!а ░Йв╥шЄG ═ЗУEЬ▀зУ╪Гw}в╨ `Х`XхG?a∙оCС╣G╛с=P╟Сd┐VAжўя∙а &Xх╙1х тa ╨ШCG,рMjурlokf╙*Ксw^BЬ╥PZ2ъ╟kM{█v│YНfLЦИx6У√,=Pг^цш^sЫ9█>ЬX▄EU╢q█L┬-╪№БЫзюjЁ=Й!ФщК° ░~╡Zк)o<▄4М╦nоЭQSъ▌j_:4юA┐?Wё╠5╔n╥Цс╤лТ!У ╡|╙фb▌▌ksmиIj╛┤уў Кф6+ї▀Єb4ЖвлОXЇЬm ╔║&,ХвтЮСЫъPF┴-T╕dяeЮЯ:V{йUнF╗b┌█э╒╜|▌d=}╥jЯ8rIsд▀═sЖy┘∙3ў╦TYSьntNЯo╝╞HTМиgє║°zЭфы╡яг^╡В╒▀!Ы/К.r▒UКfГeWой╫^5_╤нYGўУn ■ aРtДЙтЎФ°░E╔Й╬oB¤ия_/■ОИ▌IбGRЧЁрb,w8СЧ┐з#с3x*Yи}КД,-╗t3j,%$<Ш║┴/,фoU▀tю┤Б▒Єvy╡с▌╗?и╒>yъK╜t┐се╧еe$и╝■╖═б∙ъWw▌2░PЪuж°eфЩ┌┼+ф:7n╔a╡сmё┘t\yДNОЮcЯИўф╕╝p╗зmIглM`jbтёD█7ФшuєК^ ╒Ь*q╤╦Ё┬ФО№j*╬^┘╩ъ┘с╩Нг╩NЯr│п HРцnПNёМOw╦NЪИ*iуmЭ╜Х╝Е╤╡°№aМ7AqбТqмлr$ш`№7╡│iL/{ щ░+o║Yu╒аF{Rў]╚СЮ┼cХП/'vt@НФ{<юКOйлSЫ1С╫╫r5М|ЕчL╘▐Y╡и╜╬∙аz_рє>Й Т(ЦК▌uDx=w╦Ё╦║╤j╠┴р▐┼╜иiЇЯ─■╒█@РV5TРHa■╦%$Д├`╛жx╞ъЭUЭ ?;╩╔╘IIф╢пS6*z4Щб>╬ЧT>я╚УK3]ў╨ИЇZ╠21╖╧ющў/Rt■╖╠бгb┘▀.▐╢є!m^fТNf!J|┼╦єk;√╧Л∙пяФ%╡З╣д A`"Y@┘╧b├Р KJN ┐─Ч@]Rz"░╨■<%лаJЗ▀ЎI─╛h╤nXc3d╤ ZVч4╥vAy[BO~!UФCa╝¤/rцi цCk╦+ЙЇФМ╤4нИ╬█|ьў)[ОЫ╩eё`═ёў┤>їcjО;їтR=]2╙█╧ .nЖj╝,тп┌&:╓ov┼нbЕ░╡╡мj>95p╩ж╫╩└$╦6щyE sЩуїгH▌nfрJ<}eх}я┬1n▌╜bыЧЖ╖ЙТ│сч┤j|фv,║3w'ш▓j-Ф:їЛ[ ХдM'ЄF j*74▓∙L╘}d^vє/л╕лЗO~╗,┬╤м█·НфC▌YЎhcє+ёО╫Я╜ў┌Ю_├√Я<╙HлН ╚▌√╢╛┘├&юЯшП┌╕`"№@N&R╧ж║p▓╞у`■  PK`▐VМЭё▀├ AppxSignature.p7x┤Цy<Ф█└╜3/├,Ц[МДkI╢ф╞B$Kc_# Жж┴0Ц▒toЩDхЧ¤в[╢Т5ў╫┬%k ┼══%E*5Y▓Dqgъ~nnЯючў╧я╛я√∙Ь╧єЬєЮєЬчy╛чЙ ┬^ИИє!U∙`ш└░РЁst д╡I+ )┬@рсЕн╟█СИЮзД┌yж^aA/ р┘№Aё]_-╞╫Щ╪┘╣Щ╕┘Щf┘ў№╕uаГть└ьlx▌р▀9Fё╛░лъ·Уgjю!&nжfЧз╓F[Цr═dэ$yй╦2╖хШ*5wXОHu1Dj┼КgМпбгь[SЯnd╙aЇpё▐ ЎфиГJa9│gХФ№▌rM▄ЎКrЁБ9учYw│OїГМЪЎ03ж7хlр]*bйьU gK^ЁW╟╬ЧenG╦gЯ·зЮk6u█i&╓рк║ u[цX!q b└пB XV!└`[╜░ЁрЦх╞UЧB╗Т╪╢k╜C7й▄  щk┼ёи Ё┴ЭA╛-0╗Г8Qh W@в╤╘ЁЁаpr`И╒ЯДУБд╣jkJвEР╚~─25D╞$2тХFОИ┴ CВ▄p4┬БJНР15Бд▒Ь.Ду╝ЯЮCXМЖЎ&Є∙?н,Й}^Y╚2$ВD &∙УЙ$о @nєv9ёЕ3!n!a NЖ░┐+╨Ы█╜У8ZеЩ·ИхкЄА╒ф-вЕ9t╩Jф╠l╛Ъ_GУИ╨ЎВвzbp3╚2°Лaa zy_рП▓AgцDєз╡\~!Е╔╓Vxз╖hC|ЪЫ┐р+в;ўрф╢Zёq8П(l╥е▌6┐цY ┬7%Ёg╡ъК5LR^▀┼яя&lГ░\Б-L ╞Rг╚D;з ё#}:┐9]4Я+СNд У╣h∙┘\╕йгnызtфШЖ·b< з)№х @L|є╞дhbphi╖5°R▀\WоАвoя/╜ж;2r\с╞л╫╛╤д;Пk5ЪЬZз(е╒┐Дф*v╕їшьУY▓'ы°еdSМмbе▓l╬ы╖ц╬Ыя■xйЎ QжСЙ╖Ёf┐ФфяЄ┤,╛хlqд44Їx EjКё}MЧ╞╧4bо_Ю(v┬зx┴пL¤f$Ь┐╜Н1рш\CЯ╗ьBи Lлw JЇМM╢}С~r&вШ┘d╜╘У░Я▐╗ёЎIФ7Jz╡ВЦS═'ЧA9╗ў╞╥щ8/Bv▀к┤╣╗▓Cч║:[s=8c`#зb·n№¤√з@=┘ПсYEE╥F <╝Sй^Y╧Ч┘Pa▌╝UО▓Ц∙Щz_╚чSе╢А0h3ь╬S№╗ъўO.▐|~ ~&hpу(h∙7╪┐yp├*еr╔╧╣Йyyp°╖Изя°Oн№·пнЎжиHVЧК┐^╤3Ўщ╪╞ъ_LщКmУ─iг╒Ч╩с^iЖ&ДЇБсP "i√╔_░g│Нh&ozХА▒]РЭ╬IoTгУ%k$·═─о];▒4ь{╕WbyїАбюOВ╜WuЄWЇaTYoRЬt(ЕъZG╨y╫4╩Cж▓─ц30▓IU├!,яєКK фYeЛжl╜╘9гЇмP@╜^iЯuоЯ■)idRR^МхДb∙·ГУ^╚xя╠Лў┬¤П3нї╖+╫яЕvуН├╦Л└Ц#9 п╕opїЬeaH╧н╨╬З╦ис╠╪.скыЄ ЦM├1`▓те8╒ ¤я├№╧g╩жвзЁ$╝й~Bу╕ ▒э lpzs╤InТP8Ahsп(д■хG'╩$╦fс∙c($>ЛЎAЦЗэ░Учsp┴жC╔z>мъС╓a╗пX|"ЛФj┘╦·х¤▒#`╛hб4_1Я~s╟ЁS(│▄Ї┘oег3╬M*o╘Ъ┌гR╠\CниЫл'╪▓▄С╢uq2К(:▐╦е╧[╬},Й╜_╡%▀кА1>┬оr═Ї╖Vў╪тх╓ПЁ.z╛Яп;ЬУdf`▐пг▓¤^+-╧iO*АЯ$з╙щ╤Ўs■├Сfэ3C=щlmВМnОzbV/єъ{Ww╒iў ╥#и4Йїы╥И╙┘iеВГ╝я5Ю┐kч░ Y█*▐EКVрд" R┬╦║ЕW┴╚Х*╩┤┴юШЙpbўХЖ}TпЫ╛+@░iiИКB;\┤°ynщU╠З3  PK--/_▐VВ·Т╒╜РЦw unsigned.exePK--/_▐V.Щд└└ Рicon.pngPK--/_▐V·Gэ/ЙпЙп ¤жunsigned.appxPK--/_▐VJХ╟╪Еq╔Vunsigned/AppxManifest.xmlPK--/_▐V.Щд└└ЭYunsigned/icon.pngPK--/_▐VВ·Т╒╜РЦwдounsigned/unsigned.exePK--/_▐VI<█шЩ мunsigned/%5BContent_Types%5D.xmlPK--/_▐V$╙ыd5-ъunsigned/AppxBlockMap.xmlPK--/_▐VJХ╟╪ЕqnAppxManifest.xmlPK--/_▐V{vDХuЁ9AppxBlockMap.xmlPK-/_▐V=3ъ4тЇ [Content_Types].xmlPK-/_▐VcЎ$┤о Y AppxMetadata/CodeIntegrity.catPK-`▐VМЭё▀├ CAppxSignature.p7xPK,-- Q5PKЖ PK            PKЭ╨│ш ш PK-ў`▐VAppxManifest.xmlЬT▀O█0~жЕх╜Ц╕Y5UI EBjY5<ўЪZ$vцРюп▀╣MJК╪S%╣;ў▌▌wI╬Ык$╧`м╘*еуhD (бWR)їn}·ХЮgГd╔┼/`@╞+Ы╥НsїФ1+6PqURmї┌EBWМ╫u├*офмckэ╒К;L└^дZщ;╤iъy¤!4М ╠xЇ @мПe└К▓zпFЖ8╬Hс`Еp№QЦ╥I░4├D╔ї ФУnЛяД▄Ё Rкн-н,BўБNю╗б|О╛D#╠рdщKi7`R:K√с▀асU]B`6$∙MЪГqr-w0$?~е∙эЯGgЖdЮ>pc∙╦Р▄ж ■G?KNЦJа7OЧєР╙h╓jsa─F:╬$█LbJ╪оМиC:░┘оЪфR┌║ф█PU╢╪^╘u┬·ж}╨бЦуш\W5W█Д╜ыoёq>F╓б█Yя│Ї√╨╣.t&ЕVQнКДэ>gvL:∙ V{#%t▀d╬UсQ∙)uъmW3;:АМjP8Qё┌Д;n pЧЁ,\ёJЦ█v╠{}DHЎ╔щЪТЕTЗYПq╨╤8>O┬&.x╙zюPJ░ъ№_FУ│рo╣╝═Юф=╣╡tЎЪЮ<у╒Х/╦;унг-▐█у О░ ZB"^╧DоС╪n╬Ф╠▐ё╟б╜ RГUM╨3!3х╠vйеr)m╖$Zw╔{АtЯ│рОNяеї╝ЬХPс╞╪АC╚w№&ь\оKНыЁ)ЮД ╙ЬЇЇhС└+Ш_╡╤ЩI░▀эo╧ `[╝ГFR┌iц╒╟M┐q▓╢м╟~▀├уЦб▐Ў?╨ь/  PKJХ╟╪ЕqPK-ў`▐VAppxBlockMap.xmltУ]sв0Жяwf ├^:K@>*;╡░ы╖UС zBД$h@h¤b╗vmwў2Щ╝я{ЮsNnяы,N°╚ г]QСdQ└▒Р╨и+>╣¤яQрд!L┼]С2ё■юыЧ[;e(Щ┴\hЇФw┼╕(Єpу r)#ш╚8█bАy^Г╢м╚ 8╦2ШЛ┬ЄxЖЛШЕятккдJХ╪1j╦ Р5╨╕7х|у1lыЖxw█')a╓TRRN"КC ╫XVфе╣3 Eoж╗°эм╡═kйпy]╤X╦ЗЦi╖Нё■Е╦еuуy▐TО√░чрхЫ*╪МNнїFw:▌Лй*╦Э|4RO¤I6w¤ЄцAE║F┬сє Р▒=ЄЇz▓╧{Й<иwЦ╛┤z72LC;√А3┼ВХr]^ъ║╤╣┬P;Я0ТcФ8ы(Ё╖UZй╦щГхEфN_.ъєЮkё·gў▀Й┐{wЮ╠%TQM═4о╗з|К-їH7нYv╗╞I╡r№Жp└aJц1╓╔╣╝Xg¤dе╗юYt7┐Р┐ЫЄ5╖┘b\Н╚=:Ъ%╥·П═dr·R┬у+xЇvєсЪ$;ИФ;█d3╚=╕y╩ПSLЪ∙АуN╖╟!ъ-иX\╟и°▀▒1√g┴ еZ`ў RеA╤J0 xf'▐гБ▀B&s╓%МXB▓здУ╜mTK╣╓"cXМoЮ╧y°]Qч═;ч<|╓Сф╘Ю┌▓CЧw╫=№Bb9√UВ╟О6GБq*┐╜Д-YЁ╟┬Y}Вz▄╬MX¤m:Ыt@РЄї┴dCJзуН`Є√нДкгАкRУ╝Ї╧╠ГеG√0ї▄бГ,[jpЦ▓дд╚╖@.д5╠яР&_╤╞A└╠учєwаС3 Es╛hDFЄLЯ ї╣Гтh┴[╝цЬ°{°EwЗЇ─ЁMTO╚л╨кxBЁjър┘╔QыюХЯЖXд|А╪AG└2Я┐Iн\┴┤┘ 4о╢ыMdЗn┴j╛?v═o<а╨·у╣ї╫▓d╞t ч╘ ╨┘НnХ'_ZВsяDОp6'╪═_r╬;Б`<m╪╢c¤ЎdR;c4L·6й├V▀Ж╔оN'tж&√▒╝ж0K├-J=╒E╡зZ├m╩.ТэьI╗gкs└└╣╨=у╓5-е_rш9╖Щ┼9;кnи╝─M+ЗъФ╥qО╡H╖@эUO+·Ўє7pD╣GЯ!3ў 3ZАз┌╜┼/*zMыЩm┐┼├а%Ф(xЄ@Н║\щPpЯ│╪й9э╙ЯАLл;ЛXРT╚$∙уo╙qюў!┘УЯАШ6C82ф╬Б,╬╜Ъp?"пр∙╨9фУ[▀^┘°vп=ю[w╗└┘ЎFr.ДЬ╨б@Ы┬Д■╬#¤o0└╘┤xоEЭlg√,ъt┤╕╥HЩt$Bwр,v█Ы°в8ч╔│$╝├┐;KФЁра┴╬╫ЙlЙAЛ║CJ(4^№┌' ФeБ1■.4N¤ХjV░'ф∙ORт*и+Р4ЯNb|NцВgДG║EЄ╫ж0╘Я╔╔Щ#Н╠3¤ уу╓с:╫tWZ┤аLg8√уjо╡}н#J∙Ч4e╖Эx┘t№y{А╥eKРN┼Eюзk▒V╫gРqх/жC~Я°щЇqS2;╖вРєРе╤Ю Тб╜┐М╝vР╩z^%їАн $jzНf║Н6$╗√▓5 S!`кuт;Q$╚№НdWЗ╗Еz^$/Ф╞╝2_ДЄ█Х№Огz|$╥ь#Г B~\iТ╟*∙┼Lв"эЁЮ╝╒╪А╓D·~вX│-╪N&╡ьSТ╤Ш ═Gє┬Ы╪√*ёcЪИВi~╔qPЬ ┘Ч$щЖ <ё┴Пm╥Ор>Pв├s▌G─8┴УгТбAvЧJ8>ЕкЮ}5d ,B:ж╓7!√@hkПЎ^╚!} HX╤0д)d√d[ "Kї`ъюfдх4 ibV*UъВ╔├B┌ёп>ХдПA@(∙QMКУK*Еў№5─├Jы'6Bы╗бiN╔╫ёУС  Ё+¤эНHЖvёЪ╠╬ЮсhOK╗б+`║ї░f0sy╜гGcэчВФнЧЯ═'U#║Гў╦у1),?v╧8┴з° фА▄вЬi╣ь■ ╖KmQ°З° └{ъpШЄsdЕ$Ы╖@Яb┼╤Aлgrър╘┘▐В&дл┼skBо╘├_gQgГд°к└RlD;ЗбylЄ┘┘¤=├R┌'┌и╧ы╔KАоьn_√Хd.Ч=Аo╧жу&Ъ)UЧ їs╞1┬$"okО1q┴ЭC~4ЭQ@3ьR36щ#∙N2,4rеPьян °─mЯд╜waп▀╞ *х╪х№Жuм╝╝yA)?Ъ[╥ ~лн4йв▐н= Д╚ н¤ёў4Ы·еЬД╛Ь8НуZ@┬╩║dи|їрЄОгБ┌чї#╥"=┐R\@█їщ}{Кўdщщ}щcа+!aSДД■A$t=Й│dО:#░з{о ═ @зЖХ'▀шlbе|г`>-Z !╙$S╛╤ЬO╚4\ЁМъ█a▀У▀╜Hc╧{Q·ъi╤и сКвщХFWЎЩR╙.JВJе║еЧ!╟СРOj"h&ovт─Sшw¤∙бЇу╨°А╗ П2 =їT╗А╡л=╝Ь,З└╘ь/═╒├ф╨ №фюм╜\N╡с╨4┘д¤╘H╡hдd'╝!Лясї┘йVЁ&∙╓,=R╪&u┬\ek▒'NB8╔ю]hЬ╚;2;ynУfд│√ K\[Гf([Pй`╞╔Вўv╡]:`7}"O║@B#√%з¤h Йc░╞k#5Ў╝имяЇ∙│─╦ёе!ъх·И|b*'▐╦┐YЯреўБuЬg*8ЧЇИ╒Sл'G%xOн╬ъЄЬн╒щy║╡7чna╤в╕7┴bЦy╬╛SxцОмRЬ;О ъ'~ Y╣0э@q7АP ╕^ ┤JзР╩:кфCЫ╨aёцe8}7mмR_7p3╧e7 ]╟fВ7╒щ°╪n>╩╣6aq╘d╣Bъ╡J¤vS7oЄсЮ╒г╕нk+ъy.0┘д~Б╜ ЯT└┬/╤2P╨цA╖H ▐y·=Ї$ ╞AL┴щ┐шжч|%цЭ╒ыЎМ"/qtхT╚$8O▓@е,░CЪхє·cxHГ О╪"K│)Цг5mVўЙ╡Wї▄╥WD~Bxя╠а╒▌╖f:/╡@¤Cъ>Hы╞КwR9╕6║vеЁ┌цK,:ЕьgнБ:НЬы:дАфу╖■ыЯ №'Оo.ўК▀цЧ'XX▀┼C=вDT_JAwe╝▌·╨zJ¤▒ 8&╥╚L▄z>╝.B ■Меcф^/0З+-1╚С1є┌#хL;Бщ▐Z├ў╨(╨FЗ▌HA4Ь'T@╓5qX[CЄk├НPЫкef0^pПN@ЕKG jРн√╔ьв°CК^9╪ПЛ-╜<М+huЩ▀ОЪЙ▓ b╝Nё└_┬x]ZpRBВєCЗ7яф╣▄hj6ўБригDЖ▀ВGGMчИ▄ЦtэПP%Ё╢┘H║╖эБH?\3B╚ХГR ┤ЯП▓'H■cCЄгжDNЁ╠ ╟ш№Ф?8WД zБГчг╫┐.н·~ RБучI?вF!Ё$tMъO┼г6╙q╙Вs▀ИX╜╣┴Р[╜лXЛФ√bnQ0Dдy,ёer_┤ЪVi{TЪ dьqT#.Дў╜гыЯQ8─▌Л¤╕АЫ▐aЇи{Зш╟┤Р~▄B;[еў▄├┌├┌╙Ж╙7ЖОм_т╝шфЮЖ;╦╒ ц.╖%К _}СХм╛╓:Qє╫0rg╒[ rБq╫hT9o╤s]L/ фJ▌╢н{▐г?0G !ЯхzЧ│╣цтuV0├п)q>``─л└╡I▒O└е_╡\А,▀┬L;╔&э ┘m╢╙Зрпр?о╢{з¤6Ч ┌M¤N_▀У┘Щ╕ХЙВ┤JЇ№ЕЄ│╗П{t3Кз$[Й Rm╗ftnQ┐] РaВ▒╔e╧╦u┘4 &о5ўн╣╩@SЛTЭQущV<╝╞╣Я`i╜ eЙ╨<╚Тїs$ч┌З╘be&┘╝8│╩╨Упр?Dявп¤_╘╗#▓г4#Фs┤Б╜╨syд^┼nБTj║HM╘ьrwо╔Ё▄жы█▒\>З*ы╛2ИmTIlтЙхВїэPъє??Dс~а[С@▐єfp╫р╢▀╠їhМш[lG▀тб╠E8▐дящk┬5a~Ao7щУ -ZЖQп√3М№▌¤ЄШ╚э│I°-xRPЁшх╦yтеГ╟╘W┬K╞l1)╨MцПp¤▀!AдяЙў у┼sЫ!g╧ЗКчЦ╞{°iП }lСZь╥nboщ╤\0Cрt─├╪в╪Oz1Ч(%╬5 °}1(╝3UvюХ&0л┴др╜B╨фчq=ЄКОе/┌щmlЁч║FН√0k┐╞q╞гW╥¤к╛Цs╗аmчс,╬¤*▄Ї.ТсhH`╫·┬по1Vp╢▓▄Ў6`A∙З^pN▓ЬыCxG╨▀Guъе-И√ЇyЁлAАю╞J∙J X╧F▐s╗▐bЄЩ;╕Gq>1u(ТёKxc}kЖaНЬ╗2 ▌2╨;A═ └∙tQЛоSс"`┬ [b87v■Ж°Л9╜Cф,}ОЄ9&aО ╜╩╛╥П╕╓k/C3┬1КTиW╓чяжым└ўa>ё∙П╨i╧7╪кЮ┤КюПкДЁ+ЎOаёфыБ,ыАAH▄╓?бО╬Жф╙9:5╬5*Е■h*peXпA2т#▀F1А╢УHgЖ╗√у╫├∙╚ЄYа/h;▄УЗмl/t6▓■о╘гЖz@s:N&Fп╖■у?ыйу╤АuGїЬы6DЭr4╛ Ши=Гї]Лї╜~л╧ю] э¤юфРё ,┴єCdРпQ|W!(▌Fфeч+жСs╜E┐╛sсєL!>°╢{-йО└Учнюр╕Ж╓╙ ·ж JSЫфw|Е kв│?ш╬╖BWХ╢рЛ╣├"uYсmBоtИ╦▌>Эў6ХйН7╖m%ю┘Прf√-аЧ@ў$╚╧┴ё╗QGъД╔zй ▄┬Dg╗StЄ▌'└Fєц├sц+[`L л8пЄ└dж╜[nёdыЪ└"┼T{/jХ,╠\m╠+с*,╞<Y╕8 єДлzR∙ХЧ╢of№{√f▀╘бЎMT?╧Ьд¤фGDї3╝■Gў[GwШk╕А№ръ■╖╜2L╫З▐Ид│ї░пЬ П▀{rtйh╙;/Ь_}jЬ}k-╕{Ў╝3} JJIlWщ░<щ и8}Ї║╤┘уCф▓'Н╠7>╟ь╘c7)▓<двg╬╤N█ї┤╙ЛщЮN#ш╚▐єA╣#">П8h╚}Сs║■ x┐ч╧a;рРм\LDЩI?K gЪ+ ╚т┤└uои╒╓v╧ЛчNЭХ{╖┘.}ЮуM√ьC╗╘╔mn╙╥PШ.*wJзў╟u°хёqm[/б ┐?╙╒Б\o°Ш┼ Ыг╕v■ s╤│┐П┘В┼гw ч┬u"╨`,3Pкїи╟■ ж} М^:sf У!x░V(ХЁпёШQ*тrя╢╪Lgfz5├▄Э╥.+7зн■0╤м└╜╗ПwJ;Q-Бъ▓в3pейI╝.z¤▒ е▀?0^╤_╝w╣╩b┌C╘XЗ╘ф°Ь{ўД╒▄─=·+\ц25їэМс\/cLгД╞>╕бэ█ V╞=p+├бжжQхm▓в╜ 4Ц│}Б№&I╒v╚d╛╧bМSЙ╫] iф\Gи░'Ф8н1ф╣├╕.Ю.Ш╧╓дйЭ┬уVC O/┴│:"Ъ2ц│Ь ┐н@{RpЎ░╬3щЬkщsfв╕ЗЁ7╘▐є1ю'╘_оuЁюN╟tЛф╝╔Є╤Июо?ДБ8Vё#∙zшr_ЧўСЫ"Ї$#SR28╟yЭГmb╪┐`;WЭ▌:ч\C▓э=n┌ы?д║║ml╫pГКd┘КKфЕныxЯHэ< вtЦ┤t8;uzожч|HО8╥<┤jГНkd>╫\╧С:ЭЗ9█щж^Ь√]jЦЪ╘zЫ ╕FAзPJЛпI╬Б╕Хoy│o▓─∙z6}А@Фпц╥p;ДVъ╫'єzx╝еуеW╞ -П├ГF?O▐Мy╪2ШЫ╕w▀╟┘ ЙъcщvO╕ц┐}Гєy└┌┬·{Ej<СИ}azщВ┬_Б}-L4"}яа Є{EїГk°B▒GАjгмюv╟pлgбQт╗&∙пEЭО╘є╬ ┌ЁTшш░┐┘Cжд:╛┼Эгў∙Г@'b8└ь+g@75сv8ўd@ └ЭЛ╬Пt#ц█▀┐┬ез░╜В&╡a■tQ~b?Uc■?ЖєгS█rЮЬ╢гz:▀пК╘N(.вCfЖ╙├∙п·ъrFйЪr.т R▀NчZ Iрv°│]CC╓Вh;єгv░ъ┐~QЎ▓Hа[▀ЧOdТЕЖ╠╬·c╕7щaJд╟М╕╧(m0т!piЧр╜З|' ─C:O,]z X]*3VJлН╡@д╒°║^сGjн.у# ¤AЁ▒H┐#:эЬ+Wg╝У&чБ▓ ВZ■┤ПмДш=┤Р┘EРXУ╩╫wуТИ╚P╔╣ыИ╛дY°Ж$V╔Н $4─mЕL├m▀Еэр>ТєLкc╖IН╚ !l]0▀>Ch∙╣ця╒╓╠а5│П'ыX▐<Р│rtъ~Ycт6u┌К ~╧╪┘у┴├T/юТkA╨Ф╢k┐▐)gLЛу╓╜CЦИ╒▄║'cшвС√WШ┤yТиВ▌dRбU▒▐x5u^ ▀┴K*n╙LVРN*є'ршо─Iє╥hЭ·8ШС:7ЪЫw!Xе╬аЪs╡aЛЮ#─Tb№ўp&┴'иuhм▄жv▄ў]ь<ур\оЛ▒·cУ>д∙╖(-█B|Д╪ЁяR ю$┐u%9?ЪвМjўЮ\f▄юз┌P╗╖╜]└vq и]IЫГ∙mZK╦хЫ┴, dг q~г▓■бкYюбO5hqЕ ╔'П@▐╤J^▐гбy[)_╥Э,ЎЦКnш/&]l░Cy┼юСW} ХьО╢yТМ!~▓9w`ЫZ╬╡ИвЭ°БЖTт0┌╤Й╨QIU~З0.╓А%ЭmшKэє╬m╝[╧"ШCv0│фQзб╒╗╬УЕ-╟03Ё#чZп┴TТh/о[kI`TЄ}еB*╨Лхя░ыWа2ГСЩv#чЪ╪M╗░╥╨1"ГеМ╘Ў╟╫-/Е_╤wP [чФ·ЧГНкЧН╘[j┐Мs9BяUСў3▒];( є╚I╩╪сg7 ═я>ўгX¤·G░·5bХ·▀/w├ўPю─YКнxVaу┐ЭгГ`┴w╚╧ эIас┘Z║QнH)Бя╩h!╬▌▌%ЕT╩· С┌А}ОАЬ√ЄM8ЯБIBПрJpdmАc R▐╞О░oывy╡X╛є t╢╧^▄^ъЕ█^¤)(w`ртr╬_ю Ц√█┐▄л8═ЧрК+╝┌ЪкИ▀═ЯCЄ▄ЕЬoг╖J· M%Д╒умh7fА,F)Р{пбS@╓}Ohе0O'3_рAzв╗┴КJ─e└{┬УЭОBcЇ<4Jt0n║Ёзq║rюПЙ╒ИкдH/═М_Oa)Ё?а Ze!Ду/P%И╦тБ чХ╘╬GX- █Ъ╩PyC╩ш(3НPF:╫cДС╓О▒сфp7Ї=ФЙЩhРuа┼┤╥D<*Ё▓B,!чЖ─я ш╬жU╫d√В*+g∙.░■ mРП░■sРX╖F5Щs═bщ$у"?√) ╩;¤a^DK¤uяйP╨ А┘мрЕС∙#ЁTЖ#╒ъБTшЛ3жё░@пв=°э╘>йTFь&яc$╕ J7%:╗_a ╗╘ошўt4ЪnДЇ\Шhk╣gPQ'ikЫiпT╩╘фlQ)={п?ЇB;°┼ы¤╘ш,JГ╚Ц д S87JфWЗ+R+∙Э¤h╬_:ME6vъЇBуj╩!ХБl1п?TНjp5╙·╔ўФXM╔щA"°√∙иCжdн+єає╠kRИGв╠ мн▀╝1ц]л┐Ч╚О+`Ы ░ъVя┤Q6Ў╕'╓ъQy╓"∙NЯBsФЧvЄц╢к{xй№oЫ$ГхЦ┘э ▒╝Ggs·56 ЦН{е╒╬Ў┌д└Юэ░∙OЁ Я╘╞K┬9<зцьfQи╠T╖X=├Ё ^╫_ИХOО┴╬ЩАТX;ЛўZA╚╪~ш{:O<я╤Г▒IЪ╪6┴╘$H`╞хЕл5Q¤ЙP╘"x-n╞гs╖Лй╕vH╛*l├СёЎА▀чH@J8eН`▐YuТЧDcR╧nх=Р╧1bЫє╕╞n■иъkТCAїQ╥эx┌ъQч√╕-╠Щ▐0>┼╓@ЬPУ┼єЖ1 =Є1┤╦ШANЮ|О(х,Є}&O%█куTL╔Рdgў╝─"МuЎГ}╘2 ї8┐╘H НВу\╓Єк╚r0x?╗Є^.Н╢,H√┴Ь▌r▒9Л|хь╫8Ў ╥&╠-№"а▐─мфУQ\I UsqБп╧Q{▄тЩ░┼Аr╨╬;╧╓ 9Ё│╝y╟┌>┘ФВїcРўўkmR+╢55╖╚gє╬O▒∙╗БїШТ╚yХ║&НE║їЬ`ЎWН│Mа>╚Пр═З▒▐╗Н \v╢*й┘ц╒мыс╚ўм▓╞} briAТЇЙ│З/W<*фе∙I■├ZЮ{╟ЄdК╘хьoяьМ;3Ч│$ъ9сВ╩┐p┌3? ¤G╫╧ЙЎ~М╝─-№ЦPЯXn!]╟Ф▄Ъ&№у├}+\=У|╝╘ОKh├√╧Мп▀┼0╜3м╥nЫ╘╔gюС3XM╗эq|}╧ ╨([ю√Ц[иН╖`╒w*pA[ ў д_у╟┤XЪцGп=^┤╦s╫ьЖ7Й?ф╨7Р╪ўнЕЫ╪Q┬]╫╦н√Y,╪┘ ╕°┐L▓░Я╨м╫Є,mR│┤▀╘Ж√ vcя═н;H&√D╦Lt2:Kl\yЇT│*▄╔=┤BM▄╦╨)╝є8xГaШи¤ч3Є╘1иЛBчз#Ме|з°єЬЁ╖╩/г╡"5Є├√"╤∙u4 ;─ИБкєСїВYxг (~║ JZ╛eФ2Р╫n ceQ┐H``r╚╧RРg лAзCFквЖ┤t═QzVЕыGxзў[@*+aЎ)=Г│<╧┐гдїk╣їЗ╤kйўЭWгз╬╫ўЯЪsЁAцЪ╠ц[тifЧ7*╬¤F 9У╗Ь╢▌G╛hс╣9яKПДy ChL┴╚╪БZЩЗ╣╪╣┌hЖ┤▌XАJa4db╒Є№ЮY ╕ ═КiРT@Ў^а3╢&чW:LЦ№Ьk K▄╘ЖIV(рнZЄ9eA╝Э■iС2схЕ╨U3ся┬Ё┤°HИе■Ц╟a┐оЫ[7v8Ж╥┌Р]сIlф ?п┘Е┌и0╘gШ,╡┬АЮ┼j8ikб╤ЮyBЁ$я═бb╨┴{sВ┬╨Ж▒ ЁZОzн%Б ▄▌<┬Й°MчВo╣{▐╝< b│ ┐─д╙┘Ф╤0Ъ╡6n▌ОФK¤*Л└q{lx▐А╥┘{;+Q▒╢Ш?с╝╧iИЁ5cm8-Cx76к9/й║К#╜■RP┌vн|╤√kЦ█ФDu╡Ь0i╡1пgLшГy?ч║c8N°РW\∙`▌АY<Жv╓Ь¤ї└к╨зО╚Р*╠гQВ╘kШ┘,,╝'№ Щ╚їFБ_:╔X'Гjє┘Qeь@e▓k!eЫ╙пVШN■вwМ снCqю╕ю>┴5,H$╠RiЮХ─y%]x --0 а9{0z┐Ф7}jСЮ∙f╓b:диXє^╬█CЗ▀└{o;яАdNїМ@Isfу p·°О|{╛ ╨А=_.x┼:╧Ъ9╫k▒ДNП▐ Eq. ^Д│9йХэ уэ╥▒\щ√╨■M@▐Я@┤чb╒°1jРs=НD2у\─бВ╛╜Ща░vxAр═│бёЧу aА&Бc"2ШBўнИ▐х}ц Y~├U0x╔ьч┴iУЯЧЎ("╘Ри%█ёd■QЭmУЎ Нл╬(ЎжBk╟Hъ.nб╦zХС№Аj║ Єф8Є9вM$Л│tУ;ёxвЬзtтд╥Поп Л Dс ╥y╣s8J▄┌чь╨dЦMъC, DEq╘ЄRмУcx╚@· Ч╒Р╕7aTCx ХьdЭRЗ╒Р7LКO#K▐yШ┘МтG`йd╦pPоИ╚+▓Ж╙╧Zе6┼Hю┘ыю9раГР LЇ ░╬nф3ъб(ЮН┼|└╤d┼нWDк╓NШrXЗЕ[wHЕoю Ж╞C/г)¤}В81Е▐ч\╧и#CiS&┴Ым╗?Ш!~G.&"B╕л/,ЦD`N┐╢╠hT~Ovиьи8╛%ю┼в╡p▄╜Й╥C;чzъ▌!|З╩эЭ─^Ъy¤░Ч;N)g!ф&-юТТsB-ВW╨У#▌vп╞Mо╬HIжF╩╤╟УI1p5╚ЛgЦHў L╬√ ▓░Ш ДH┤╦╛'єDЮ*dПP+%└ АЬ ╝L╕$└P+! °╕$─0└*└%╓3(P╟HnH l╡lЖk╠RД}%▄W▄еР&S&Ш(#<иG╢уЦя o╦$и▐uFр_зЁ4ёЪЫ┬r|hX┤Omr\ч№┼I8∙вUй╠┐К<У5╚c!@▄UК┌╚"В╓ qЫЩhs`,ЭрpцоМЪа]▀ ╥T╞яqР°pVFkт╓}C4dzх╛xG\▌!P+Э╜ДЇT|ъ╚ъOz °┘сBыФ{Ш ╣оЕsп?GK vBлС▄─#<╪KmЄАLП╟Дз├Sbр4Лw┤\bЪ |Д▀-yцдР-1`i 4Д6J└NЎI"╛`,┤bї╠O!╬┘╡g╔┴юїўСгвh╠▐9Мd■ц╠<'Е╛CзУw·1▄TuЗ·╥T╖}═@Ч[йщB+p√ЕHЧQFєщцhA-╧╥т`оF╨<▌GRШmхмMБFHСф@.ЎОо\▌Щ$}dУvё╥^ yн╣g═Z╗╖0E(:Сы╗┴цЭЄ"я<4№uїЛ╘■.""xя╨XLt╔╝ф│Щ╗╕З' є(9_оB╙вЕ,ьvuC KЬOЪy╬т╔>╟w╔Р╗ц3┴╘cєZ6Ь│HdС)╫Б{жЕ╛sm═NR ▐г,B77╔lцяVvЗЇх│л Ui6╪M▌╕<╠K┘IPсе ]?Ф▓S эy╗╘▌єЗи3╤8e▌Ю$x∙┴Ы╨цK╒e=жш√}0 В┘┐r$n"И'0√ўv'╧vр] ▀oЧц╤>оЙЇ╛│_%>═Ъё│Жл╧╕┐=аЬ│#vL░╦г}@$╞Фxє╬ ]вnЯ°ы┤єDra╚эP┼НРU╥|╦Cа*(Dж√2ЁЖЎJС^h,╜/x╡i"ЦHТаГ┤!Ш·ё¤d[╜┬г¤бЪ`┴╣а{_0№=Nлv_5нлч5W▓FV╫i}дРJМП║Зt▄O|нZ┴ko5▌С└LB░{Ё¤ht╫J┌Э┘.√БнЭgу╓╪еф8O╫Q▓╜Ур╛ {▓twU №ЄНhю]╟8з▀МшI tReВxГ╨ЪезгЖ╗@ф╛Kor{b╖р╤Рлz&┘=Мs║Л┘%═.╟n║ тMdсфcлФEi┌_┴гE>┤{╡ФR╠ЎСE╜д▀#rvУ?Я№g╘Rз└юъ╧р╬╖n2║R▐дAJVCё@np╚Б|Ж▐ЧE┐;ovо╥┼нIа7JJAc7]^└г4E°-СW{■> ∙ЇЩ╨#Ё╪:ьТ▒├&%EЭr ▐▀iо" Vеж@wвZ$ўi(Q╔0bЙ┤ ExЛ Y√╥=╣Д~╧т╤╓П&|╣m∙Ф_0э№jшЫVи└сZЩ│o▓Ч─╤Ъ2ПТ█3зwUТЖЄtО?Е°eo%Є╦цЪ┐╘╙√є╥Яdhлч]▀┴√│iBQiТPt?Р~ПM·╪|~їpй▀&} Э╖I Erf╗wьu╝yQ╖┴╧лчшфГчРn;╚-_°Q│▌ Э,jЭь╒W}~ -╚ьD▌чФ/№▓ К█erPGЎ|r╜╣)╣▐ЪЫwт 6я┤э6sАs>DH╘o7ї█ЬнЧЕЛЪГvяDRЪls█╣lY╣╟иYc7яY9╫ъБ╗┐°Щi^R }ЛwхД╠г▓x╠иЇ▄"ц^i▓│¤v╓gУ|╬цЧAС~\є╔,IsнRc═╦юГkЗЗ╫═Э=мяЩyNpЮ╘└Ї_!KuЗ╛+║п;И║ дaП╘хьV├ЬГч?лnВg·▀ЛХ╡Г╣xdY·┌юЩtпЪєNzбNв√Ъ┼ь=+╬<7 ю>▒@РN├ф+~-H╕PDх~K-л,IР═p`@n ╚Є╠ўЄлаеЎЮul ▀у╛єшHп2█ЗG▀:Аы%┼фшT,эОx│rsа2ї╜и╬УW╙Є O╥Г▓ lHВ9ў▀C■;┌┼°Щэ╫<ХсЩ~╙RBkq╝s·ЯW╞Ь█Co%lYБ"уВ∙(░ъBи╨$Ж╘КИ№L є▌}x╛PЪ▐[Д`VТ╨J■ГКЮWЕVэ■"FЩ╖П■М>шаё╟+ўyl:йЛП$╔AKО№▓?X╝+X▐╝3╝O╜smЯ\ПtU╞єib╬╘ж╕√╓МК·АDЩЭВ и /▓fO╦Ы┤╩'г6пhL▒{r~9Ю^L╩o32ўgvЄжO=1╥rdl┤{Ў╞uЁR╓9╧ч║О█╠зj╛░Km6п▌xYФ╝┌╠эф┬AС[Б╦Ў╗;y╬zBJКхеЄ$ф╛.тQЇсиF░Nн<Иk╛ящ*iК▓У,Ї╦^▐фsLГ┘╟MgD?8ЪаqGдЇ Пм_Ъ¤╒c╚ЩчqН┼3╥b╓Л=╓╦|╝│ Е4GhЛ5{V%СУ0]жV╬]H6╔Хъ╜6R╜р-Х╥3*╩~2√9ч|rЇ=╘╞хsКxМ{p"~╛9['Я9Нур#уАЯ@J╡zбh&Шdха╡зlE√/│╙&∙э▐Еn№p ^нvж(ы╗ЪсВй├УyIгC═ЪЗ▐#аtЩє0+Ш[k`╛ю╝╒Ч ж¤oQВёёjЄюsВ?а╠з╝`─Ыр┼!xЛ(?╢Ы&я╪=6Ў=Ы╣gх ╗Їе "▀▓╪Tаq)чЬ╥6┤k3яо∙▄Ж╗Ы&В Ao:Fт~d▐9дя ░аIOY%!)rшю╚}Тя;A·РшЮ▐wщ─Ў9юб√╔ў║а╢ЎЕш'╛ u╪Z│ТXjЕъК2Ё{│"№ф;Sl╥Зфh|о7┴)╡Y=№╣\яэчxюЭч╖у 5Н╬Бa▄гкхуё╣цоъBлчЎ~└w▒┤ШC┌kХ:L]]▌╥░ще╜6яэ¤`цє]ЗёЁГря6Аб_╧{n ^:╨uЬПы╢!ш╬ :ьqфDЇўa╓╠Nа╨ЭP{╕ОшlНф▐JxЫy╨┤╖KчAфbx╧Э¤]=▐[У∙оn>n┐=╬.9oB╨╬ььъЧ ,Л╥П │═ДЛ═▐б╘"№АDn"L·(Дh╙·iЧ?Рд№блo╟╙}їЗ╨V▐╦Km`/UZ3█┐│po┘┌╗dЇ°F┌K]S{╫ЧР╖NКsА%:╨╣?╚Ks╟в/c%ЦQЗ┐[╦╫&k░тw ~ЫdС82RR ▐ >j(0Nз═т╔█iбЖqU╦╨SW╥8└Нз ╖тлр5Нр%О%MЎl}/FЫ┌BюG['▀ЕЛ&╠5LшF]rS▐&5▀└ТБ%╩=сл^▓Р5╤-├Sс╖рЛ╖╪е▌╕╠ Ц:кДnx╢╩╟qs╧}ЁIk7Лэ▐─q┼╩V╨!;g▌- ╒ў╩ p╩■ашуAўсБЗў┼R┤Fўф║█mdжЕel═ЙнэФE╥иАлш°¤НрE╕я¤╬kЇ╠░*у{n Эп%^║ АUt ^ЦКФъ!▀7Bo=гаMl╚╬ЖЖrБ8exб╞)y mш`╧│а/ОЇ<9h~вд(їе}vйЩT+▀п&ф~@Mn░Q YдмлъБ│|bЧуч╬пЭSh.Ъ7GюU"Ч[$?к╓▒%їAжц╬}ИgDц <@m╖7ж!.1_Бqjf'о╒Т<╚а╩Ё&ZJ°QGП=Й/╦_Ь─{╩еПu┤┐д╗О7∙?о%c▐-?Мз=[dХ▀▄┼Kз╚▌Ц>Щ▄'¤ёlя<╖Ує└╤№Фa═ь#gкw█Бux!рd~3┼╚г)▀'цв;_(╕O8омg"ў]=!░═6╢еюБ ├╣И│Ld7 ░r╖y┤U Ё`NХ_$wXмэ░╡╢Р+░ИЕЪ1╚чбїy╦М╫ЎМ√┤Гь╒█╪}uл5╫2т-XoTХ∙NZхGфLЫ4┼╪єBдП╢VНС@чI╢ч7%НJСї7ъюЦё┬NШв╜I6┴X#░t^├√t╡R!├D▌┐▄&м╙о─дHyБ,8╝КД67Wq[GAF∙i]Щ,xo╦P│R│LY╧Г№їAjЗI√э&Яря╫Ф·ЁкпаЧ_Ж ъoKaъ│,┬_QэёГ█Ы|йЎlбЎъЛRВkГA(6 єЩЪ YMщA╥рmzТ=@ Л$m▄XJ ■Sцгe╩<з└Щ №╣G/ЛЮпВй'KФ∙LБя+p╗_Vр_°и╫(░\Бў(p╢oQ`║F`ро?║B:и№|d1╤┐P:3ф7lH╝ў?ФZБjH|hX▐мъЫAWбЁ7<ъ╜oярЎ║W О3ў╙╕^БН 4(░ў■!∙Зрп щ7°'ЧХUj*к╩ЦN╕╘√ю╤Y бЮ№╒)pC═Я╒√Я╩╤▀╝Є{╦+j╩ ┼UU°▀XЄU╦+К╦E├╥КЕеJ║!═2'Ч╖═61╠ЬХ┼U%e5Жк┬Єe┼б╫sю░╬ЭiЯ3▀─фVЙеЕeЖ▓КъjCEЙб║tYyiIiQayQ▒!-╧>'?▀ДэTИ?Ъл Ь Є-/6TW;╩DCi╡Aми0Tп(,+Г∙ПMЛ+с%а[╝╘Р6o╢%ДE╕╒ех╦eЕUет*CZ╛m╓lеZf╤КBq9`Яf║┘РZН ;jjuZъ▓ЙЖ╘e&Г!нкX\YX6" аmГлсIВgАЯ┴УсnАчс ╠$ГЯ ╧rNДз┬3с▒NА┐Бз╓Gсл╔xя╘ pЮFмg4╕╔Ё<сJАысyq°8<╧C°)АЗчEo°<АЕcf ЦX ╧·<╨f ├┤aаЮnмр<ЯBx1└i╦/l рГЁ|Н╕ax9├|ПaД°▒o3<е є<:o╕тWр│C╕`√╜@WwьX<╨Lсчх0ююШQm6S°C%├,┼:яГ:к`!lhкЖ▒├<YН╦GP!<П@╕рfx!№Ф,║·Оe6└єц°√└єАg╢Е Э7<bА{с∙q╕oМ#Жс9З∙яЗ╛┬г┘Б{0 s╞wр■ ├мГ'aю╔р> Мї ╧┬3┬╠ П╦╝#Д}w┬У╢у ЦR√щў_¤сЮлaM╢Чфt ╟Оbt▒Лc*╡yЯк#N╔╙(╥2;@яЬDї ┬бяП@┌iх=┬pб6у57─лcЦи2╪BсD▐к└╣ \м└*>xdp╗O(ёН lQрз №ZБ¤ М∙JiWБi Ьж└Щ ,Pр= №ХEоQр├ №н7(Ё9╛м└- Ї)pЧ;°ЙП(Ё[ЮS`╠Q ї ╝\Б?W`ЖoVрLЖ~?НЕ S╟ч ╓R\V,чTХКеEЕe∙╩ЩМм╡\,оЪ╠мT═*эЕ╒вХЦ9Жё|▒░JtT┌╩K*xf╡┌V^Кч_Jя┐и╓╟╒╢jKvN╛╜╕piЎ*▒╪  ~5─V^ФХI╨ф:╩─R╠VP1┐tiq╬Є┬*жJЫ_,╬+_^X╛┤мxй╡╢и╕│╧,-lЩ╡∙e┼┼Х╠│┌В▓j@ьО┬2G1єбvЁ9Ё2┤╤'N└CИ 5PPnХЩ╩,ZФ│и║▓╕╧х,вmVсnювEЛ╩КсУ╩┬e┼ЛJхELжоX▓и╚Q╡hEa-MdцBъ▓b╧V-лfЄ!ОЗ К╦W2оXвф╝Л┴J+╩WТў SёъbqQaeх"qU%°ОE4┼Q]\еЬ▄■gнXZV╬мВ╨КъeЛКk▒┤ЗYTDCПCиb┼ └Хa╢3ЛаT9°}Я2ЛJh┌8Ц4ф[┴8┘EeEў2&╒вКrR|ЧjСгЬд=м.\RQ%2V├(A ├<пж-╝н.йм*-KШэrИEL│║дкъюPЧ╘└╕BшМП╬Фc┴│SпPъИ╒м(^QT╣ нwAў└┐╓рYи┬2Р>M╡Xе╦║├e┼°9Ж╩ЛVT2EЪХбжЩ_kjКк╔{ж√ ь╣═:w╢╒~¤фЇеee(I▌ │Ю╒+Лк─v √~Y#▓.Що╫╙Ї╞9:╕ё?Ю№щў╙яз▀ ┤▀D&tЖ[Gy┐L√яЄ{Mб№Хй4 фй,╔ V8 O┐ Y? FFCB:v╓ьyЖ│∙┐╡QgШ┤т╞)ЁGtФO_V\^\UZ╤┬квх╙kз▐8 _.3LЪ3┘0йZ\:}Y╣ШTR2л У&UVоШ^]]9iЙгдд╕jюЭ>ЕIHO┐&]|КkЛ╙ЛШыЦ8J╦Ц.-нвБы▓ч┘ьЦыVДО@OZ95=#=#*KУмЛjJ╦oЬrIюV▒1Eh▌к▒╒E"гMЫx ╔║╪▓КЄeЄ╟QОVQёRШ;ЁFyГ j№нл░p)мо┴*1╛,х^Иkю└U▒╒╦┴КRЫFлАp}ZЭ │kbЗdМ╜.м.'╜╨ъЎA┘ШE╓9╓╝█Ь┘ЛцZsц╠╡0Oи KZв6▄s╨U2,ёТ#Т>│ммeїA·Bг╗Jй?6бj╓E▓)G╦їg├┼аmьl╟К%┼Uy8Ьр╓T┴л╧i)СRшиа Н~Ж·Лa#▓т╞└─щЖ!nё°Gл√#№MXФ3gvБuA╙б╤лЯЙI▌ ї─цe +щgcЧт  Ы7Щ&d─ц╓цTЯ╝HуSbєЛЧх└√ЧbЖ}ёй╖@№e┐уVИ┐Bу╙0>тi№М╧В°л4ЮЕё|И┐Fу┘▒VБ╫iГЦXKUг~Гb)@,УQ┐IcyЫ╠и7╤╪И]╧и7╙╪bИ▌╚и╖╨╪rИ▌─и╖╥Xeь▄┬ZF╜Н╞jcчAь-лЛЭ╗bo╙XCь▄%{З╞cчVW2ъэ4Ў╝Г╪╗4Ў╝+e╘>{jБШЯ╞6╞╬Э╩иЫhdKь\3гnж_ь▄Lш▌kГЇn'Нu@ z╫Bc√!╜kе▒nИMa╘m4&CьF▌Nc╜▒sKп]4╓Яxdюw│├яG┤вjnё▓╥jЇ\╒_╞─ПЛ╟WjО╛Bик(c╘GФ.i8Kё╟▓p·WJч4·у┘UЕхE╦ *HkGХЮF┐ЪYU▒В╝<жЇЬ╛ ЕRTVH1фm╕t@!ОЖQ╧╖═╬Ю3╟╬─мMмGЕУ}gБХЙё\Ж7"ичг└╟2яО96 гf┘(я#s~.г╟ъQэН─╥Мz<Ы╘└"F╬L╦╦Зъ╘yl ■7w#~╢┼ne╘┐W*└"┤╪q6┐ 9/Т╘├╥Fг4тЬy╢┘P╛Ie╥─2╠(ь╥ХHB ЧД║,щw*%╪^вфNХсЦXD/YТхfNЮ╩Гпд╛WЫ&Bzм╜вЖQЧiGь#JJ(]╢ЬQп╨ъwаКbF╙ьъrmм2ы╟`¤ясO b╦╨ДчB s╓жP|гVЦ`Ж╤M╛мН`Є>№╜Ь ОN│┤┬▒дмШQщ5d╩PвZ▌╖Рч ноДP6HК=╞во]РЫ╗(Я┐├║ИЯkхпcNеWпПYш(L?┐вj)гnд╩ЙЙ═' ACU▒Е╦h╩ocЖ!╩Ъ╪╣┼╒┼U+ЛЧВ0 Ожic╔Є╒Ь╩"2¤ЦM;Кэ°УжvR'mуZОУ║IЪ8Я:vЫ:ЙS╗Йу╪ЙТжОг─о_У╛ЧжyНч%q▀I▄{gfБ▌E9=щ;}=┼сrч~ц╬Э;wю╠ь╬юОЯ&╥yЫR.ч7l єЪЗkS└ЯD─ НАЯBj¤-ЯGT√[┐К0Д╨№Ъ `>╛-`ЯААф%Бp3DїяD+C@d┐ э Б╤¤╗╙├1ацў&╬1аш╦sМc@╒W&╟1аь▀ ╠нъ╛*0ўR╤{0╓│▐B╔jЇцп┌ъ1╞п ╧Уc'└ёЮ╖5б{╗╫░х╕ої▌°_Hjs I═ ┤IЙЇ#Ы cDsG_Н├e3|т%╜ъ░┐HMqDР■▐▒цv'ЎBФаЯ┤┼c('С$nщО·є@х│░_:Ъп├7╛hSФ─ф8ыoo8ШЪ И║╬k╔юn№д╓ Сw√╬jАr∙╔DктРiЪ╪Б ы╙ычЦlюzф\ "║~O5/тW╝з╗q ЕЎЙЛ│R╡╗├ш:эjнT├╚╝┌▌x?2З30E─N 1▐н`Д]7─ #Rл[aSQЫ:ШRS?щТЪ▌ы;kЇУ╙(t0"нt╖▒`┐▐?VА╞[хf╙PЕувЩ╣ 0╢╕┼▄4╣pЯ╔▓i┴:╬┤&f│SDZяnBU┌┴XУ:бг┤┴mgp\Clt7й┴V▌[ГuЙ °zCj0ЦT√B╛`(Azд'ЫъЯsБЎУъ▄╪tfжUM╒<мNку╟gqf┼Dр╘КГVє│Рс)О░1·X~fЇ¤"╟)(6Ухyе┐тH+ыФ@>═С╒А─ №3t!Е¤5▌(╗░0/ОиNC╛╠┴zFЗйЬЭc┌}Ег╝АЪ?СЭЗ)GммИЇ╒жj4@ 2L╬e└ГЯчV ╨9n╧▒сkM╒\╪"миь$ ▓_oк╛йЫ4#+RYOФ8№# о"uэ Эo▓П╒`╦-Ej^│█pL╫ЖсH4дq╘KWxы Xьcу3Щ,8рХ^╤И|ЫўSа╛█╝в9SЩ╣IЁ■IЁ╤90eЫЧп▒ь┬щRє╔╙s╟чgSc8`K█9Y)KdT╪╬)╒Ў$мZcS1╓7╞f╡ёbЗW4!▐W╔╨m2╪ZЬRз┘C_'iз╫╛qЕ╬g})ЯМ@4H┼#DСf╝ї╫║бВтNiШёК5$jCдыDнJ67╩Соў┌▄хbb,∙вЪпJє▐·С:fZ╓;nЖU~ д╝╖чхЭ╪╬I╩?!н(JV▐@┌В0ЯЄB'Д╔Фп│:З▄Jц;┼бz;ЖТ╪ПOз9╥л|YnфPЛrб3jU└░|З6(Ч!t3WwЛЄQД9t╣Є/▌┬б+|ЭЙt+З┌№жАЇ6╡+я┴╬rиC∙;ф|;/бS┴ p╥mъRV эvu+е;8╘г▄К┤wp)Aeб;9VЁ[╥]Ь│Oy є▌═биВo╔ТюсP\9Г╨;9ФR■е№ЗЖХBят╨иЄiФЄ╗▐l╣cд%SWЪ┬jЭ╠╘╪8є╣╫█zOЎ╡Ы.ю░zxMz╪[д╛ь4╕┼З nё╟╖x─рbpЛ▄т#╖°иp юъeєy/ўАП<руx╘рЯ0x└' Ё)Г|┌рfЁА╟ ЁГ2у╪YwG(2~Ь8:┘zИlЮ═iыт╕╩∙╟8\p▓p}q>G╗╩ иTжCЪc7Cx7OЬ&О.&дАт╪├А Ha├Иc/ClA*GьcИ+С#0┐Р-трV Оn~}∙Їшл∙e:@Г3╠·К┼|ц°B─ьgД.$░ lОkв{є╔ф╠№╔CЩьм▐=№кT╢╝╓t°°е9]нщп■5Ж╤═3╔тD$Ы[(Gа?pgи╪BСсВ 7╠p|З#─P╟Иd░│#,_╓H Hт8*бщ╖╟ж░6Ид№╛dИ╪нЮр╝▀ї┐А╢╡LP╥╤T$╒Ч@O┼g¤/Вeц`z@фиж[a%dJйбБxjД'╙╤(бШКt ;C7└sвУX┘╣Л╚xМЮad-0х╟+4 ├EТq_*╨GкШ°D"Ц ╞ВмЬШm"╛┴йF =╪?;4HjXцP:SФ╕Xщ;ИЫq@вЦ':HOtcщ"ї╤E─6r дЪXix╡╔Л)0H,CЪ└+T+1СЇЕC╛D┬7BV▒║ёt Т %Вбpdмx"°Хи╒Й█фФGш $─¤_qяЧ>╨╛ЖР▌l ¤]Еv░ ZWХ`╛z !{hBzЭBX▄;▒РЫ═МГ\5Ч+└Ф" ·G┤Ж╛$эG`Ц╡oьж;0juПЭї╬╤*Їгю бQЄtg ¤╟^▌ ПPЗГ┼▓¤у3Уу╫л┬}Tц?╫RКyhU+d╠cI1Не╟hГuтт! 5F╢6 j0┼Q░╬в╟i .╚╩HШф╥q┌r~YцUe;%ЙФ╪RJшYБўКнaЫ$═hWnАq`6W╕1с|Пў═9▒oЖ╨bш┴║НйД■╙Кў├ E║я№bO&d╖#.╠C└д?vтН]|ЕюЗрЁaQ▀XПт!`кl'#¤)╗-ьг╪ @Щ┬+Иш█п3№├А{ё┘╔Bв5¤~╟Kp°?╣ЙРgD,Z┬н9└ыkВk H[╩LV3УЇ┬║Hp p\┼═└┌└}Р°]╢u&№╛═Д╝!2╤ЗЁ▀ ё▐ bГ?┬у└є~O√e╛Й pЇ> щCя█шсKЙ4▌№T╛gd< \°й╟7Q╩р:``├/OРВDБ°6╪У,Ё8$>-сKВ8OА┤╨▌№3` ╟и▒а)Аy╨S)ЕЕюК·B-┴+╪ Й]м`7┴╤╡(2'X'╢рH√ ф ╗жp яFМгл╦Д╝ н╤ В╙т╒\TK85▌ъh═3и╪█АыГPЇрш╜═╒l nРЎЄ:▐[?Ф╚└h'№+G╥Ў=Ї э=i;щ─З!W4+АGh Д╬╜M ? ╚}ыЩИ-b щ┐KР┐ф■ЁM▐/кў _└kX╬VQн_pIc$┌+╨Онр╠╝°AzРЇ/|#рг╤1=нcz\р╖рcя■└▀╧iом%ъ4+■oi5t▐рпАщ+°ХBl╨ЯЁ$■Б @#оNqu╫ЯвwгшШ9>╝ cO{UЁ\жХё└Мl@№║9zpuG ╧+Ж0ГХ╓АIтЯ1ЙOUH|б$ё3LтM эJ|Q/1Ю╦ухЁ▀┼M?D╡]нСТаоНр}╖ tpлhSmюQ№┴M╩C■╦╔╓Є сТ% ║У┼Imлl╒ л▀Д┴·[╜ 1 ╜█¤q╨т жO5ЇU°З▀Н~ О╨+╪aU(┴zА~/АC 9qP№ЩН▄{:└z╨¤ А>"А"·╧s║▄ЦM<ў╥U/мqыVюЎ$о пЩь ШOФ6Їh7zшJЇ5bХ¤(HLNЮ┬b▓╗9ЇL╟ы0о╤DЗW╢▀З▐╘╚PУSЩYь7sp89╦Р┼FЬж╙Сd∙Т╜┼Нo.╢▄╫J`ЄУЇ`1░Р╧OfЛй╔уЩW╩ХdЛ╗╪-_SpdР0║В kQНИк╨Zl1А▓Р▐╬╞▄!▒▐Є,╧▄л╦№ь·╗xцB~аа╟жe~6┴2л╝|ПГ{2b▀Nк▌H▓╢┘ьLф}Ыё й0y╣У┴№9 {Рf┤я▓Шф┴(Ы╦OVИ]/─тр╡/г_&╦ўUe/У:`Y3А╝√P╓d┌QGYЙ├кЪЗщ└tсЖУx/╤┌(Qvч=√─¤tDт■Сю╝РГМhO*hgхvK├aaGU┼ЭwаУ* фИxК@Ь,=u#тYqR<Ц┌#№1■┐ЎЦХг*┴-рS5г8уQхщ▌*рб▄▀6·└сAw╘М П$+\▐#р╔aИ8╤бЪ#,┴■╣К╡гI╚ПЗk╬;z-Ьёа▌ЧpИS]OыKЁJ▐F[Пю▒`LА!Є_l+GCР ╫b╙шў>рщwyGлp2К~╞;·%`╞Г^х= t<\є╡г0K├wgР·+ьНшЄ╝6M&Ч7╫>,╬ ┘[р8╜ї58Y}┐\┌║╣cўoЇОФKя┌Ь.э▌╘О)╢ЫВ├╢┘╠ёщq╚4ХЭ▀V└о█r№ X╬р╞M■╟╣─йув[8Б╕MSNио▀╖╣tRwu▓-Э,2эь"╔[yчo░eє-я┼№ўэ┬4m╝╤э╚╤Ў_I╩╙╕/╘░sJ╬`=▒M ЄNd╞' ─n┼Р╥иэh5!╢aаз╥Г!5ш ╙╤Рў%R_яф├Т- Ж#Дъr%/╩e1r%у╤^цщM┬8TQB8ъыe╪·РX╦▒бa"ыр╨@,1ы╔ф^leЖpJ ─U▀`Pї'|Г└k√Єx¤yОd ХLТ*Ы/Ъ╓▒GЩь ╥щи/RcщTo Ц└к/"Ь:$b╤Xo:джУHЖ┌ЖHuЩКG*╚5e2Ц ∙щ╥ЙL'√ДЩ╚ ]#АА(зwМе¤║╢Т;'uХ╠Аїш1и&√bЙd0АW¤I╜СЪе╥Й┴$i╨┘.ЦNи╥`уhd Т"Н║▓cс╘!_Н ЗаС▒ъ■╨`( А│Рж2k4р-#ё5Ш* ПРfг▒"ГБ`(@VЦ▒╕+ж7ФPГa╚┴▄-Ф$л╩ЇX<е·z╙дE╫оx∙эХHи╛`0A.╙iНR#╨юЁo`g╢Y}rYc ьP&°╩░oнhЦd* hЕ╡║ОI·вС^╝Л╣:X╔ЛТdЭ╤I__Шм7т╤TРl0т№)▓╤мh╪ txжй B6щXВ╥I╝ю%ЫuцDУЗq'Ў^ $[* с¤зн║N0╟цє'╔хF╜·"м╤┬0┼жкщHWIсp"КУm·RjW√╬о▌и▐K%I[Щ▄ ╛Чр.)ВYк╡▌с╥ГЪ¤г1p@╝Йў┌/╞┼.║Ч╪vШГjаyx{геJЬFN╝ %У\^Ть4ТQЧv╒?в╞Зc ╥it№иQЩ9╜ЪКсеzr╒2,сDlА1эZТ [Х▀HТ▌:5Xш78v8.Ш┴╨]╞╓с╖ {Цф(СўЪzW<┘Ч√╔>│guт╬dT"├`иnг╘^v5Т\m╬╡гг+<рS}>h▓▀Lю╕jЧО|НЮ< ┤ЛyE╧2МF╟ЁUpъЖR┐БкЦ▓*▓iФ`E,ХaЄР/.&У ┴TС+6p╦x{о▌╥v-]ЪС├l[ЗUюьфйV>╫╢╕Km▐Z┬цщnл╩v3┘eЮ2╥О╫2╘\╘╕▄¤9\┌avo n0tи*k├h:АJ,█ko<`Гzl;├▓l╧├смe[ФлQД┤л╩ё$КТn_┼й~╤╗5t╬Ї▒Ь▀┬П╓╥НК╟))лФZZgw7┴rjq:ў КnДЕ╩^ч>чg─╦ХMOЄ `└Д═C%┼щyПУ┬^├∙eфя┬ ╔АpщUШм▓ЫIr^┼N╒LО|'╒Йкй`║pcк^м└н0Е[╢6Auj;u _╙▄▌LH]гОь tss─ГE╘╦мЇ^ CщНН╞ iвФеРъ] ╖▓СИY┘@P*!л0AHЛYc`╛╠CMu\▌d╞мй1Ч█*ь@╚Zр╓▒ол1╘k=Єa1╕1╦М▒╞Ш╪Tj.'зlо╤Y єn▒╟~'╢nЩkырjъхкР~гт╢╒╦▐╠.│и╢Fю┬Я╢у╦"█╫┬┐╞v│x щ╨г▒│╙рМЭЭ║·єж╛╩И┬L╗┌ш5═Ы╜╝╟√>?│╚nYЧ┴╥ЇД▄┐ыо│z┼ я╣√,%я}°й√╜m┤,жХ╒fЯlhБюNx╡zЎ~}оИЗч╗F ЭKh╘cи5╫╚чдщ&$·/╡Ї╧¤N╠3ьqbf╝|Ъ+(УЪИPg9.qзЫ╩2zСЫР╛%D!9т<╫тА1┐`ш│n╢иfA─pУГ▄ЬД─JН▓Ф тzє(╤Д$:ЩкI┘ф ) ╨╥m─╪шн`О!sбн╬N&їРlЁлa│╟ЁFAЩ▌═YE#r╪А─#yF╩е∙=!G (& ┬0мЄбо╨gV╣6║<▓14Ы├▓Ан<┌╚KuLЫ╓mэ╞ оh1л ;Юг2`:╡шV▌Iz=е▐с¤m= ¤√OЁ{ 7IУ╧р$Д■_g)№┐╠Я╛'█ ∙е.└N╢хччЛ№q√эЩь°ь┬─фo╚╛=WШ╕fpуJ╙DР╥ а▀c╤6Гoй8Щ╔fЛ< У>└o╦└ фЩ╧Oтz╩▐Й╔)тжйbaВЕт─lц8OOцєlя Ф0Ц╦p\.?│▌BqoКJhШ вШ|╖7 ╙%╜&є┘1T╩ZRJ█╞Y╪vб╦щ,жТKu┼ЄD}╞К3<╒═nкl╦dў│цУ)й▓hўтд7a╬MmM?Че~ЩJ▀вTЦъ=OГ╝╥Fхъ3ЄJщtЫ,┘жхfА%█WJчzv~╬#╫B┬VДЇI┘╔ЪР╝Z╢┘шY┘.╜С╩оYЖ│Ї0Ьи\7 ╪П│d=&?uX▐аI:*╦ї▓фСй═ ╥▄╟dI··SП▄ИЕРэ╢Ч=▓╥v█s▓╦F(╩&=eIЯ╙e▄ЛЇ│Вё!d┤Ї▒Eek█А<-7(!(ёr5RХGmRўgeщ└VЛмHchФа┤Z▒╛╥Ф┼╘ФmЯєX%y╡tсiBхЭ╘j~е:├╜6 ╠Nщх3╚╒яJ╡M·Д▒щ; m▓C:UФ-`1м╛┼v?"╬Ы]z╘VЄа6gБ█!}cБ╩нТcXоТPЪфlУ[!УBl┐'oDЛ╖БJw▓vРбЪВ*█юў╚ ├▌.пE▄Г└6"╦OО0Ц╒╧╩Є)yuш=З╦kчw╔)ї╦ ╥r У▒ПXмЦ Й К╨ОТ│жY8 Wб╪n└╢╜|Тємl};`keO?└┘Є╣Е >╔─Xl╖Б*Юay╒Я.#╫H▀%`p8∙* 7AЯФЫЄ└╖LА№hєЧX╦9Дd┐ь█Z└.\D√(╥╦┤ёИ│I/вЙ=А╞╓│IXj=Ъ▌&]а<ч#ЛЖS╧0еRоЕ╙0kZЛm}Х√ўoб╟ф6·╥@3ШТХ'хi╞┼3╜ пєPщ:х┤╫n∙й\3╘гZsXlяЦe *QЖХэм3Б(▐Pv██нVщБТ|╠КDщЛрvщ√фзP├├P╫)ц█PбO▄вАTє▀0 ,╧С┴░и┤В{╫╫╦uвзV▒єс]Ш╧&UЭ]О· zЦй╘╧·├╓aЩ~▄"CД╟XAЎСеc╛с╞▌°|v*3╜=││kD│╙╙Х┌Т№жХE╗=)¤М╨uыжG┌·зз█пОо[gб 4╧КЩ}+┼@╩\ЪЙ"+`!BЎщу│█Ё>гИФхЫЛЦ ╖cчЕn¤├oЎBГЭjн╢+╤2Ю¤L√<о╘╨ж═.AW╗хO.%ф┤ЖSX█╢╒"╬цЭ8AWП%шR╚M6o2Ї╗▄┐cё╗╝яФ|о╓;м>╫Ц█eЯл¤6Ы╧╒їv{пы<Х·-WЧяiW╗я╫▀_╗Z}_ry¤╧╗▄■P╦▌╦ТM·Щ╖A}ЖA╜▌╝╔╔L7я,z щ│/┌ён|Ц╧х>kё╣╝╖JYЧ√)ЯK∙+Є·S╒Ьк╜┼2А{NУ sD█ czс%╘4В√╨ NТ╜Ah╣ЧВк╣Iь╖к°8н*╛т:╬6]ЛЗd}│Щщ,~3Ч d▓є∙ф┬ё{\[{8\ЭbЯ┌-|63Ш╔│ЭзЕNьЙo▄МЪ)ж{"▄ЇO╬╩T╗n>═dпЯ╠Чфг!°nz╬╪s=▒Й)лэЖRs┌vи╥╛kуkFuп-┐▌Sзз&┤\М╨ЬU▄м╒фТ╧Ё╝i¤s ьЩUёDnl*єу╙lзпlЕ=EcЪЄЧtЪ└ЧX░Ь1▄/THЄЫ_=л=бЬ81ц╦NаЬ)yГxMApv╓№ ` i?зеk┤]у$n[ы│╓2█="¤иg.F╥е╡в>м+JK?a)щ yС|йМ╥Т,ZеOСЫ╧¤{Х╥ъ■МH|ЯЦy╡Ї/╡Эа$NEй╡%ЕJцh┤ЦPцBXДРЪR╬ФЦsE)gъbъщ%м╨┘LKo,5╧╨ы"i)I╥Тї:Chi╡╠f╢а╠·Xйfи─Y"JеUqлУСm лPЄЖF╘╒ш╥\KЪI3└{┼┘AJА+╡лр^вжФ°+ШОЪЩP#НнO│;TBKЯ.eMV*QЩМ╘WQh║2▀╡ВxgЙй┬"Д,ттrLe6MU;)РЭn&ы4─═e┬-Мpq7ЧыafБzШnй╞╢Ц├з╩ю5є╪▐Ъ0+╣я№тТ!рBйЯ[K┼╛yN~uёЮНyЯфїy5рххг▀Л┐щТ─°єZ▓▄wVЙф■х║!цЬ╔y╧Щє2deю┐_*я╥: ўя?█O[чi^t^Ь╤Шн&0 ┤и■АИ▒КєўEП■е8юЬчq╛WЬ╫╗3¤┤▒ыВ8Ыc║∙хЩг╙в┤4 Ф└g─yNЬє&9oU▐ o┐6Ў$~ёАР_┐ ~@K▀ ┐ы─ЩТV"]─ю&№Щ9╞├0ў|Щ Я┴IT!·yЙ╓АO|U╔Є<bтЧрAПm╜╧V|\╔╢╩s 9╕ж╬°Tп)~└щ╝}∙\wP|ъЄ<°$у╜Ч╨Ё9|дКъэ№mdZFgЎ3№╢ФtfKoВ╧{ы0м═╗ ї· ┼ўгш1╪Я║D-ъ!qпA├M|├эЄ╣·-°"█хyn░Ёk.e}╬ц№%,Ў░▀▀{ лBт╡eфhyo0Ф■П|QюЄТё╣═▄%x$|qюЄ№ьf<3╢е╩·╛Їo  ─] pWu^¤╪Цd?█▓м8f╨А\Eqь─%nF╢д─bdG▒х─uЎн▐[=н╜яЗ▌╒Яёд*їL╥РtuЗ╨║н╥Lж5 изMй f├дрi=4эFS\43ui:d└%=gя╜{ўю┘╖√№P╙ЭЙ╡√э┘√Э{ю╣чЮ{я╛Нцлр┐жЖ°╖QЛ?mb╫√2├ DПfЎз╒ЧycЩжQ▒5\fЭ/╙╘W╠fР╔╢└}_fw,╒╗x9k}Щl;УGўШeЫЁ╫Б ~∙Цжr3ЕвU*№Z╬ёF═ВUъ╬б▄эPNзпiз╓_+нdzДМ╓эЩ╙Ю&ЮBv┤Й·hw▐Ё °Ы╤Ш-ЫbJюu]№█  -п&3═ к└∙2_жЕ╩TШ╠И╞айбГЧиh╒∙л Л}бAXм8cT*╠L№и8V╔Э╣5тt.V  ~ВXм7░╪G┤└Y√[lZыа2▄b╢V▌b▌WHkеd│ъbКп>2Ч|м╥▌у  ъю_ЫЩR╠Жx№╢рr┴ЕЮ C ]g╢п(OЭkY,hЛKA[|■]б╓Э┤Е╩х╦Р╢P█╙Чсm1зе╖┼M┤E№╗Т╚бЭ;W&x/п╫▄rQ/"╘лSйWDЖ╫k8и╫Z╫'╗D·ИИЫфєYн║ЭЕ>є ·рё|│╨'╛чRЭ╤/т#Ы╘9ж▌╣╬ХЭЕo<п ▀ИСйHц╪ъР╤▌whдыш`▀68o╤т}┐Я&╪GwM╧p Ує╦лўSaЯ∙└>t°Ўщ╒╥█tVKПcч╡t√\╨к█G╘╜sU║п.╘рл7Wпъ╛ЪM╨П┐j·─√*_╟6Ub▌U@f#фt^Зj╒╕╖0фы_ ┴у▀бЬ╩Кш°%эєв╞Zе>√╠Ў╔P▐ю Zz╠╝дUПЩм_ їя╫кў .╙╫Ы$├╟┴NMXu?н╗_N ▒мRО'│ўhк╠╨▒сtЩ╜╗Уd<█э:vьX ╖J5q^M?о╓╨wfW,M▀Щ╫╥√╬т█и╧ВЦг№╢ш;Ж^Ь▄^}{╡TЩ┴c=щ2{;dЁЁc▌ъД8_4╝q╙qfWд╟yi├7с▀╒к╠R┘РўпYMш▄█@Є1.kщ1сЪЦ>dУь3VqL g[к█ЗЛhБМ┤X╦╥ММЙу╓X╘╥G╞ы5Xc>┴AF╘▓╘╜)бw'шГ╟╧ЪЕ>╒G╞хhШХ\╞G╢ЄТ`╫а @┬Уs/█@ж▓*<Юю[╞F)s`лН░x<ЖO%╚PлЦаN╖й╗ л╞Нз╝]j·PПЕ}ЗyT-З{╘ нЖy╩Ъф№ $iM^s°╚\╤┬Ц  ├н╤╟╩AоуZ╘├o╞ЖW\ьхЎikЎбs"aЯ╬ЖЇUИlВ}D╜▓нK╙у╡цM)эї├eBЯфёBъ№хЖ_e╝╕ое╖EgC┬Кў∙+Нв^8;Zе╩ЁЎ┌▌Р!Sьє?аHч║фИЇОхLgщ╧└S∙u8Э[О?╥в╚XpЪ╔Дe~Р∙L┤_0}Pч╤╞_%╢·yoDЖ╖┼╢а-╢Snч■└╬[h ёуFk #╤·Ыщ╒чц┘Жъ#м╨'╗D· k5мo·╨╡gб╧|В>x№ёrбOї╕Кc╫еїa ∙*z╘e ╚ВВ№' =├╚JH╤* ▓РE┘Hg[dб-ъл╥Ж▀o"є╕Ы░a%бMЕпО╘рл^рл╕Bz+СєcBТoЁХф─JЄШq╥д:} x·},R65tk╤╝ПoБ╠у╦XПijhгЕр·рn█w(hd╦э\┘$ь╝Гъ╝Dv╞уMl},i?ўApўГэГ№vl9╕╟!v6X№Q╦v■╜fag█-фr;BkЎ┴┌┼жещз▓юЭ▒:cЫ■m╨ж┐hНоєуБm·GAЫ■~l9h├м&lИ\1JA╤П,э>[ОW╫ж╟▒Ы│Oї╕:WK\M╨ПУ+Д>╔∙Ж╘∙~нZюЧ╒╥█4Ig7fk╚¤k╚%цSъ~C@{ї\bмb∙╗%A╜|ЇIМ┤Ы├єЭO2л Я├°▄F.Т┘F╛HVA~М2╖ЖС╖щщ #mРВ-╛;М▄Hяmaд╙┤ўЕ\ЮZTРУА╠╜?М|Р┘ДСз╣╛=М№)rэ єВvс?=nW█Л°F╠z┬M°╞SБo╝Ae╕o╝°╞%НE╟РМ╪kk╛Б%>B╩Є╟Э ∙┌чЮфр+ ╙│'<.Р∙g@оьЙZХХМь5V[Ю╒Ци╟5ж╧F╧7╓РUолn1]/ф╜▓б ▀Ыl▒В5▓+D9╒gЇм┐Х┴ Tu^*√poЩk·V}п?иW├▓Ём╩>vЮ┤╣Ё14є1▄┘}┐*#ЎЫД┼Ў╟zР?$°бы9%█,i┘\ї^╪''ь│Н╩pХq╧.u▀su ceS √▌M5ьчfк╫}*ч·uЯлбюsA▌▀√^ў╣ъ~бЖ║gъ╝▀"ъEkAu╓║-ъ║╗kЫГ╚.╗)Вь|╣!В▄u▀ЄсьЧыbя$ьy┬■a  a┐R√V┬~Ь░_$ь=Д¤Х║╪;√a┐@╪▀C╪ыbo#ьCД¤_}й8ъxхйЬ╓9^┴-г'ФuдНА╠)2яфL хрtYЫ/ДezV)їя~ k4kb;OЄиo╛│Я┬ч╦gГ∙r/Хя7еп╧'╠Чё╪ГЫlу╒э<Х;G╡╣qe/ЮZ Р Ў∙n∙M═M╪gоЖїДлБ}b╓m─АMщяk-ж╪ч0╓╘J_Ka2X╬;5▓ЖFъ^}ЭнЦ║▀hJ EX[s ыHыУыЮC▀8Q▌7╞НR▐6й│П>zКy╦sАdD9>ЄнЄЯ┬Ж╖jd┐Ы█p^6╠Pb├ъяP57з█░│╣Жў┘Rl°cиiчЙъ■Г╟гИ5:kр√yС7╕╕5j░╞| ╡&░F╠[Фтm▒м1ЯbН╨хzК5ZёїБЎЫоЎYнUыqЧ┤V╢k░╧╓цЇ╒╦сz▄bК}▐ПU9ЩlЯ╗A&SГ}X9╔Ў╣в-Н}:k░╧ёZ"╥Жd√┴║з╪▀pям┴>Щь│и-Н}║j░╧x Ў╔&╪g╝dёН ЩYНyу%иe(√▒%и{М╬╝ю╫╡ЇС:▒ю,п█╤&ЇёwЫтdh6╕+Agк!╒'╚EI.zНфв¤d■uОоЎ╘┼■ a┐J╪wЎ'щjO]ь √9┬~#j∙╗Ў,√y┬~Ъ░┐J╪▀$sР▌u▒╧Ў_√q║WB╪G√E┬■|]ьGщ^ a"ьч √B]ь#4g#ь¤Д¤,aб.Ўa║SC╪ўЎ╙╗╚├еМ╚├CхИ7U▐╞<\·$фсд^╗■_u▐y>╨╣zN2╘Ш*sўвMc╛фCъuS▐rЕx╦K$FuС ▀#9v}ьЧ √┬▐F╪?,┘∙пH>╙єе,│Ф?&9╜Zh╪▀^oгoр1╖:╠Е3k*°' │-a▐Н╟ч@╞KЩw_ЩWоъ_ШЩOШЫы·t┐4"╛Ц└Vъ╛ %/ЄзЄ "╬3фЧАИ}jЖм5Е?3ф=|щ┐1@vЄ╫Щ!¤А╝дФє y9╚UЩ\#╟nЖ<╛FцQН°жещ8eg1xяП╧В╠A9║]╬┴|-d╓╚╒Ж|Н╫beА\dxE╪> с╦Їjo╜хЧмO█°Eё=&єЛ5r╘cHKл№ю C▐┘╢╝Ю3з-p▀l>мсЭ ╙█"dжrо┐OtIйщ!NШ>╛ ╔ДС▀с2Т¤╙нbN-╩yРsКх┐ф?╒*чхVц╦yн5ZўЯ╖╩QЖ█ъ┤_Сi_╦╛к─,п{╢лCO▀Ka2ўмХ_у▐ИxOЖ!ПоХ3)^w@:о╙kхZC>╚│JM?│6ZЛ/rQС∙* ╫}■im╪[Кf1WЩяб л■ыZVк┤№ ,G╤зuЭ№^oўuЄW╪ d8ЁДвaГGk№н3┴urЭ\НлЎ╤МАзЖ=№▒ur■┼Р'╫E}у@┌TOX'WЁЄўывqу:Цгx]KЖ¤юF>ukЖ¤ъI>u; mJЫ~0#╓[D╜╥╗,№╘╤МЬ├2дРС_╖рq##┐│─Р'Yг╘т│АlSd╛ШС;╬ ∙ Э-av▄пы jaМЦ∙FР╨?╩╕а┤щ╓Зї╤ї╝mы║GZьЮїZ^/3XЖШых/Є1@цTў╦щ ХГ╗"│К> ыгэї @║ВТs▄╟v+ї·■z═ўи╨x╚е {╜№ЎCVАзЬVd6ЄВRЛ.@v*2wl√╪ °у6EЯр■PЁ╘a█4С╣вXь├Ш┘Eд-Лх╝9пhX▐└ZFz┬cdЮ└РП▓U╤Ё@о(\╧"▐s`╚Ч7░6Х╚╒ 2╗Ё#дЕуrП┬ОїюQ╝N█╚Ц╚║НЭ├╛wc4·▌ HптG╣жЇJ№∙╣└оU(╢xЧX╪∙гЩўJЛ}r#SЛqсяr┼ ў;S@цМbН┐Dм╬qklМ┌ЁИ(5mВщB┐b∙   СЇ▐wгМ┬їАМ(O}Р^ефгАlWdL^r(f╢1;Kл~РE┼к▐╞Nе>╚ ┼╬▀kУя1ф'mтэa▒7█фZC6l╥° ░Рy 7ВЪ┬╕ГCтo_ Щ;@&п╘лw╦1еЖGQ,fт)╚щMс╤П'7▒▀¤Е╞ўS,"Й╚C9F╢Lx4 <╡U)∙o╔(~e√5ЬФ∙■жpщў#ъспГМж┤Ec╗\▌eH{╗xL╪ч6@║о;┌х^-C·┌хЪU#╦Я цТ¤(╚ЬU╩)╖у┐ЩРЭЯhПОD╪╬Їх9ф╞#ЦЛ╩■ї|╗x▀Oш№ЧАlW╕╛▐.▐╩2▀dA▒╞ПiVуs╗▄uх#їf╣6╚РнАь ╕╞*жЭЧ▀ю96╚z▌▒Щ═/d╗▀ ╚Eч7│_J─фмRўi@▓ rР╙╩SHЧRпч6Л7сЕ5╛╕Щї\iНo▓D╜dNбэgо┼═тW,gl╩▒щЩ╬~■>V┼1ї▄O`?йьъv╠▒КчtЛч,╧Ў▄╝SЎЇ▒▓У3У┼fJ5H╣х4)ю Q]╖КF┴╘G ╫Дб+ЎqгR╤╜ЩК Уп╚цсЪ├yх '┴ ╝ a}ЁрсС╜CCz └╛#ўыЎОь8tИ┘у,(в8нсxмe#∙ЄФeчsЖУЗЦЄЁ│▄0<МтTk╜dx╓дй╗ь>[,IВ┐╟ W╧х╝▓Cх▒═pbП5╨q21j─╦М[╢єцtотщт}╛Шкш║_ШYЪд╖¤╡н8╘ИAнXY╠-╢J"╞▓YХз┤+J:╘┴мxV╣T╡№єЯ┴wIў_▌[CWХ▌0╥╜╒лpЧЎ{1Sт╘йSjG╫їB.з;f┴rбы*`▐$p╛мьЄиaыyhpWAr>Bl┌7Є└!}hЁЁt*l: b┼)3пgt;W.M2ўЦ╛ВkкыРB∙▓╕╡ *Є'││p▌_ДЖrNтч%¤Ж└╤█╡▒█Nfи^1н;w▀е;%╧*ЪЁ8Ш╓└вж F█▌Cksш╚┴С┴·ЁсБ#¤шЗЖшc╡8╪O├F╥z@├ВШ#▄┬їО╕жsо'РБ№~`!T┼╒╕┤7ю`╜ЇУц kию 8,╘'t?чjт╢О_0А{·╘];еАС╧иК&Sх│XЖр}D:t}¤!) j bм▌бV╙я│J∙с▐.С╦}3Щу▒вю7=~у╛▓│7ЯwL╫Н╣┘WЖ6НФ40mц4Фq║╦%сГе╛ ╟1KЮ/ФkЦ&Кz╨╣lk╘1Ьў╓$│Ци└рmдч&╜╨ХЯ:╦╦)╝ЖQ╚НИP(|i!ИB`╨б┴JF)tg╚╗-╫1№h,штykZпФнТ╜5fЧ ЪН╤ыBШ╢єх ьВ┬f№Ў█I▌_f╥√wьЕ╦Rф3 1║■СЙ28ЩПУ~CВ╦Яp▄qk╠уt.√ФБе░Б═?ы;╠№Ш]ААзH=gЫF b╝ояУъT`ж Cя┤З ТIЁcA-9cq┬Ў░я░+k╟hчзХЄ╘о╨еV8Г;╦[cc№ttЗ(/ФQ='D∙╧P ]А ╗ё╕8ъП╧▌;48єo╗ЇцЪЬгЯЁ▀Y`A яЯгыVyTЫ(х4╓В╙йЯ^╣ЯМD╔╖ГаЦTD╩m┐Щ№ЭCЮMє ╜В єvйJ ┴o·В╒3&)ю·вёЩdў╘ёRgIюIv╗"cЁ▀─ХЧї╥C╗я┌╡ы╬]_У$╞а╟ДФa/G┘z┤Ос "4№{Z▌┤я▄б`P>Ф1Kk№┬Ї■╨8нTJф]:║┼Ду╘4s~├яQГn ╛╛├CжС▀7уЩ╙┌a╙;RbMХу╘}Цэ∙г>╚ЧEё!>ркеdЯ║.├9c╚p╜Ц─O <@du¤╤ЮУh)є ╢NП╤┘╚Б·╨┬<КVr!У╤╦cX F p╦ НыPЭ █╘- └ККїC╡№▓╣3i▓ВМю▌ЙQwлиOЪОЛ╛▀d╪)зэP#bй¤ж ▌уЩЖU╞Ш▄гтУ6Ў([■y╚╙ЎГж3h`┼┤їгшtY@>╟V ╣Ы┼W╦ЎеOцЭ▓JШПыvепШЄє]Тb▀T3IЬbr├┴g─v┴ !╦Щ└█гоiЭї-ь"#хЗн╝┘NЇА>▌нШ9k╠╩ЕЄ╣╘МSz╧╕iT┬N╚уГьёSC┐uq!╢Лу*o·aШнГOiС ▒h╙Jд╛&cЬСч<ПМйx╥┤=u┌Xk▓.ХОEBw+╗б~6АC&йA╥╝=2Я$ ╤IМШж@п,ФКР·кЁhС├wr╟4\$╞n╤p|хЯЪ тт▐╡ГЕЗH■,юV╫2╠И,дЎb¤Б╖dо"╙W┬╝|ё4.ишШ%`ї зi8p>n╠т=ЙЪ╢Ж.kХfBщ 7фd.g;Ш№rCЄ╢╧EКН_ aъ╞╗ЫеВjUЗ(AеЎ ]Э/║У(^(Gk┼xi ,╝═╪&^d└ГX┴яЛ°3RВТlm\л[ЕР!}ЯГ╢ВKЗ╟╦SЕwр╙Ў─u▌w╞И█#╔`░L@#Зb▓░ў$=OA`╠ЫьЗбШGxЪ├▒1W \пhТC)┐╙EZ9bI╩Кк,5ЄR°Ъ╗Ъз┼ч╡ё ЛCдP╢UJ└xUВ6Л.Dи├O8wa^яЕь!є╕ 'X┤:tFh╚Bк╚JDгu╒G┌╚H╞є═p╚Кд9~┘╪╞╨LEнZЦHUТЁсУmвkб╙ъ╦д▒ ╙RСа│·╗юСш "▓$5бW'u┬яY╪їa*Я╟9Нm\┼щВ╪Pu╓YєI╫;й]y`U╔°` юЧr~23│ся┐sТШОw╨иB6e║╩З■°LЫ▌гЦ ес■┌'и║╤YЮОмK╫░;▒u╡┤?}┴RY>Ч╜ЦїЗ   PKВ·Т╒╜РЦwPK-a▐Vicon.pngЙPNG  IHDR┬оnБъоPLTE^╚Sе9tRNS°№я &є8 цс▄B┴╦zI ╙гА*╖2ЩЮПФъ╫░╞k.p[VNи╧Ж=u╗│_SКgcм_v#ИIDATx┌ь▌ыV┌PрЭ ╫$еEnjлИўъ╝ ЛїG╗к╢DТvHNц{X af╢╨Юн^f▌Q▌,7╫CбКё╧ё╞Y╖Дкф)┬?юOЕкb╕╞ Ь╗ЖP%╘╪jYкА╙1╬ПЕмWЯ#╓MG╚rэЯ Дм╢ ёйи-d▒┴;Дu!kuF╪)рkўР└№лРХЖчH─чsa+╒║Hиy$doВ─Ь/BЦёЦH┴y▓JcНT▄B6Щ"%ўзР=fHя╗Р-Юaв/dЗШ┘┘рж╬Д╩яцжМЙХ▐ ▓{BеЎ├E&п|Ф┌УЛМ&МКЦ╪Щu┘*н#)0,lЫV)0,lЫп>R`X╪6зsд└░░mъR`X╪6э)0,lЫUД╢═`Б╢MgД╢╬╡Лф╢╨ХГд╢╥╡Гd╢╘еw└ЛP95▒├┬╗ї▒ ├┬Vk∙°├┬Ц╗Ьу3 [я4АКo ЧD=DЖЕ+б!├┬╒░Z`+ЖЕлb0ВК{ЖЕKвsГ 0,\%╟чP╤cX╕$Ж]|└░p╒╘юб"Z ХBэ0,\5▐+▐cX╕r╝1>`X╕jS╝├░pї4fP╤╝*З3иp/Л T4∙9а,·PёйpY▄A┼Tи$.аВ_Є7X─└Л бЬuFXм ЧЁЩp╬Ж=ухЦ'√w"д&■TX/Jq░'д'■TpZР┌Ш╦ДXО╝╫М?╞▄6▒o|д*■w┐UМ┌╪ХP^fx╧┐_ч╪/Щ╩═f/█=Ч~cm╝d·[╢{┐$Й б\\l▌ю9№Ц$╟cЄё│▌sЁт C╣╕r═╢{ЇЛГььа=¤tq╪┌X /Ч wbа╙c"а ,∙P█,╖¤ояHm┬╫_█ KC?]д╙х`м╢~очЮ]дq╬2└VЕ(єЖuї{s=╬h{╠┤рж\q*V█ХЫm┴Mї▐▄В!░X╣¤ч╖╠КГЬЙ-Ж#'√ВЫ┌╜╣░-дл╒T;°Э╜8pB█епvЁ;{qp╬Й`*┼-чIс▐Ь╧.╕╢vиvЁ;√╜╣&@┌p╪Г▀эИу└З╙╛╕╗Кт?VРоa√u╖╟{s+ ┌j]ь█╔▐КГ.з`bи└Є?∙~▄├┐▄Gбэ ~▌gfVуP▐c╨* ╒ю9Ф│┤МЩЛГ}б8┼╛щa~Є▌[тпНPмB_Ї°у┴ш░~ы╙6ЕА%s_╦ЁйфЫ╨6 А)ХЖ▐КГc@╢)NL│4t╞P╝┬└4KCАт(жYтыгP░dLs╨еП▄D╠sN=@ОB&:▒wЗ[i─@Е├ВBUPКв ╥Bе╓"UP▒є■/╓Ю╢ч4*Б,▓╔p┐W Lю╬DцрHВ:дщМ╩i]PuFдq.┴Uш:г╤n╩ЎPvF╧ └Вкqс! хK┘6ъ▐ИYXpе'Гї─Аy╔8Ї┤Ц$0▀ПЖР_kЮуўQКў`РGJШЯОAI`╦╨·о#╡МuяёjХ$WЇ~Ю╥ └№\P|∙I0єєУ_└Jй`~f№VK4є3eё√ щ`~NX¤╛\┬ШЯ╦▀▌└№LX юФzцз╔<└)ї╠GF тв є└0i@ёк/@9ш └x^ЛжМ'сuh └╕ЮП╛М╟└\`\АЎз3уt*░╖Ъ<:h └╕ьImfлsx!▌`=и└╕╗КЎьп╩Н┴bъ0.А.▒ШHЙ-A╗А▒#╚m'0.@║АA╞@0ш└Ю #Г■М pЛАБ ` └@0АБ `H:lYЩl╖K╝8ц▓/└`!╠$V`A $R`AьKдо Ьv ! фJвЇЕ(РЙ─И,ФvФ╪r┌╟@M╬└,е} DPД_АЕ_ FRWb3 щE"C╢Ъц1X`С┼``БЭ┼5" н%1╔n ┬ъHL└|шАWнИe╪С"u BыКнo$/░д╜Иm╛╬О ░Фї┼vcМy╔$░Ф ┼RйЪ▀n3ёFЦ╕3▒M═O% n╩▀┐-▒u █5"+FGl-є╧qM|А%m*Ць Яс╛" └rПБ╬эНa ж~mPМ▒їНе7Р@ └ 3_Є╙=Ф ]ГвЇ┼╓5пьIХЮApю1Рэа.N`4─vi▐║К ШуUП▒НЙlUFVиb[Ї╧╪h╩{`Z8╞@╢│Сl╧▄аHхЪc dkOх-0%z^=╞▐е╝Cж┬W▒=>$√╔а`b█7.х;▒АiQ╦└╕U√▓iw`ЕkИmfЦи~Ц═ЪoЬg)ы│l╥Ф(О1PАO╚FЬМ┴ЙX▓v╕]R░╝M╠J▀└TqНБ▄цШ"╬1Р█cFжЗ{ фЎ╜DжЖў╚6.А)qъ9lцУС┌╜A$Ю╓╝═s_#Sс9╧╚ЎбBж┴ы1╨Юё╫А¤bяN┤╘Д┴(', "*и╒q▀W\╟Щё╛ Л╡=зчФ╢3-┌Є╟ {ДaLрц&б╧ФИ ДКЮ╟0Є\─MДВФ[F╬В╚q[бжтsМ╕qбh1уmU─xBYл#┴ eБ╕╣PW ╕F╪-√√Y{╔0║╞И;Й4>5╕F╓1╥й╪}.АХ!К3ч\г╔═щ═М╕FТZ Фe╦HХ `Et╧┼╡Ю╗°-Пп,д┤1P▄з¤╕├0ЪИ╗ eж√╘Р\#kЧ)*нц└HK╒╢г*ТM┴К)] d7_\╙Б-│ ФсErL'┼иЄM╣жС3тvтw┌╖б.АщхО╕Е°ИY?Rpо╧ВЧЗШкx▀zsuРВ▒|:ёЄбUЙ_-▐║╥ШMЎ╝Ў[x[─m▐Ox╒M╗o╝ЁC┬qюП я╥@ ▓^ FDА8[|╙█╠-д`╟:w╛▒%тjтЛV,сUтw\° цД\Ы╖ёiXўW>юЕа3r /б╦]Ъц╚ъ0nЄдOЧЗ,╝╤╢%aдf═7\ё"o p┬√╚&P7s┬лН╘xЬЁjхУБфNx╡SWIxy╥╫OШ0с╜ёЦN=]ё'╙И^НM9с}h%|ьЁ┬ пЎЮё╛*'╝Пa°~┬╦Ы╕┼?2O.ьСTоме╢P4CLЗ^вь¤ф ёХw▌TДВ■ўДўЩ^Ъ┌╧sqЧжB(8╫ '╝D┘╖╗─/╔Яgы╢уIЯм╙╨┬╗$я┼╘_+Їё▒. мїV┐K№VЯ Їe┐╬ЁG]┴Ї╘:ZHb#ШЖJCЙd$║·щE╗жЧ╪уOДf╘Jed@═\0m╘&к$o╒╓Еy╢Р╬еЙ╜ПwpЁ *Wд╘М<3ФHKrеЧ<╖Г x;qЎ╪@▄Єбэф#юvSf d─;;+╚╩МмнГЁr╨░G╚A(MеЄ└ўЇ╡╖РЗЩ`$Еr▒М ╗Л|x№HQmЙЬЁM}Х|фф*=ю9йrИа║ГЬX|О3A7ЙЬL9 h'СУo !hk ╞ ┤3Р #тщЯв╜D№'¤IкKd7;Єa?D dUхзOWeКld╘ф 8]5Щ╠V▄ ж╠\"у┌М┤╥У~ызnГ╘Ь17 ╔;Iдф╝Ёузпх!c╚П_х ╥ЩsрлЕйtъВщ└ХH┴9єA░z░gHс╬╗╛u1Ж:Л█╛┌p (ыє╗┐6╠T╔W┴┤BХ╧+╛Y8Pё╡n:Йа╞xШЫАьvлRънГ┴║WZ╘4н╕║PуьЕ╛┌е╙mї4ю^Ч3╧2ЁcъЧюquш╘{h@IU╟щ┐╜▐п^ве/СФ╫о\-ЖД&Ф╠┤ ╠Rs3щwдcЖЇo7_BEа╔V╧rхыУў d╫╫)╫ ЫP╤а?ўЩе[╪ фi:д[Еm@AГЎд╖hЖ▌Г─_Q}в97║PР¤¤Ыюыдaсп2"К;б#$╫!9 Ч╫o├@тЯш╗ВШЦDb╜1╬t╧W  RTдДHLрL7╝H№sNHк#у#▒Э д╖Щ[°OB%IЙ╜*┌╖a У|TLРT@c`+┬ЖБ nDуп%╩▓(╝█┤w#┼@$0sСTё╡▐╣!QKGM.|0ыc3гЪРМSф аЎY(а╧э▌щbЪ@рсVDН (ввx▀вЩў▒╓ЮIjЫU9fй▀▀■h;3;;k╙яЪкёсЗ║еє]╖'┐?tD6═- н╝n#ek .@6;└ХЕO%т +С·─Ф121╚%╡╡CXBTh'ГR ЩLБ╩╦■G=аLE&%B╤мV^С'д╖ЗП╚─"xXЎ?a[d▓ xYЎ?в·╚вB Ыхi┘чш░ч"О╤61_╦>?QАM ╬╖╓▒7@╛9@ЦБ,<╚╦(ъP┌▀╗У@╖ #QВ\hД╥ЄД╡улЛ~!_н▒ЁFв.С╨ЩъРНC■╗A║k▄▀жЄB(XKHе╖P 3Q╬/@ы`с}\8X(+╢А┐(Y└жW┬╗ЩpсёzцюOBч4Вм┼∙НX╒л°╛Yb!╚╬▒9ЁsjлУц╙Бo╘D╒└Ф п╣ьt√|X╛ Рov▌Г№М│?!№▓mcd°оEfЧЎоe rUE:$EЩuDLЖ?СO▓3╧ ╨ХА,Т·wn|S~у@#0) пkf╪6Й LRхў ВZЗцglЧ╩э╡ft╛Rп╖1a№Rц(:б╗лМ?ъ╟╝DcL^~;!╬1 e нC·чF╙Фd═сВг\po(,√wTВГЗ{S"╘р эIнй ї╙▄ шж:%'ДwдТ%/gT╧╫.╙к+Н╛Бй2?■НD▀А!Н|я/vй╠ZЭl╙ЯТ3ЖПФй:S╩w╒0▀╣г;5z`·─.№Aъ!%Х▒И ■MцЛО├f#ЖkъTЪDл╬╟E┼╢в√зZх╚╧Є┼XВл║║╬Ьj╠ўЗ╥гs╢4▌<┼{┘деЭncол▐%0Э<хYЫ╩╦─ЬGn?fВ¤RK╔1/UA╒┐c╘тФ╤─<ЮъБ│╖л%╠W╪Дщ┌ШyСмЇ$ёЗBЫ-Є >!Me╠╘хЁс\ _(─L7)5°\н/`VVAГ╖я■|mдЛ╓й lЇЮАщ·s.ю╪■;О╞Ы √s nаўK°╬єс_╤A>см╖jNЗШ q╒Ярс_°╚a?kеWGЄмS аУ!╪■┘уй╩├`Ж┤ ы:F╢·ч.зЩ▐?MР░A╨Ед╘О┴X└;╚у▐╢A|Oў б ╧{┬ыBВdI▌sg г╩╪qх╤<╨ОjР┼[D▒│k_лnКГк╜┐╠┌▐ш №·HO%Ў JMЯФ7fу+sSЮи/WЇю6GbДpQ─`ЛмХЪя┌█ВX°a!rЯП6кbЙР▒3 _т.Zj$┴jЭ╨Б╔ L■╜╘%╟Дз[кhЭ ╟ьЛТW╠O╒-nХХ╣═YУ¤ <░F&╧и┐идf═Ю~ЧЕ'кМY║№Жp└aJц1╓╔╣╝Xg¤dе╗юYt7┐Р┐ЫЄ5╖┘b\Н╚=:Ъ%╥·П═dr·R┬у+xЇvєсЪ$;ИФ;█d3╚=╕y╩ПSLЪ∙АуN╖╟!ъ-иX\╟и°▀▒1√g┴ еZ`ў RеA╤J0 xf'▐гБ▀B&s╓%МXB▓здУ╜mTK╣╓"cXМoЮ╧y°]Qч═;ч<|╓Сф╘Ю┌▓CЧw╫=№Bb9√UВ╟О6GБq*┐╜Д-YЁ╟┬Y}Вz▄╬MX¤m:Ыt@РЄї┴dCJзуН`Є√нДкгАкRУ╝Ї╧╠ГеG√0ї▄бГ,[jpЦ▓дд╚╖@.д5╠яР&_╤╞A└╠учєwаС3 Es╛hDFЄLЯ ї╣Гтh┴[╝цЬ°{°EwЗЇ─ЁMTO╚л╨кxBЁjър┘╔QыюХЯЖXд|А╪AG└2Я┐Iн\┴┤┘ 4о╢ыMdЗn┴j╛?v═o<а╨·у╣ї╫▓d╞t ч╘ ╨┘НnХ'_ZВsяDОp6'╪═_r╬;Б`<m╪╢c¤ЎdR;c4L·6й├V▀Ж╔оN'tж&√▒╝ж0K├-J=╒E╡зZ├m╩.ТэьI╗gкs└└╣╨=у╓5-е_rш9╖Щ┼9;кnи╝─M+ЗъФ╥qО╡H╖@эUO+·Ўє7pD╣GЯ!3ў 3ZАз┌╜┼/*zMыЩm┐┼├а%Ф(xЄ@Н║\щPpЯ│╪й9э╙ЯАLл;ЛXРT╚$∙уo╙qюў!┘УЯАШ6C82ф╬Б,╬╜Ъp?"пр∙╨9фУ[▀^┘°vп=ю[w╗└┘ЎFr.ДЬ╨б@Ы┬Д■╬#¤o0└╘┤xоEЭlg√,ъt┤╕╥HЩt$Bwр,v█Ы°в8ч╔│$╝├┐;KФЁра┴╬╫ЙlЙAЛ║CJ(4^№┌' ФeБ1■.4N¤ХjV░'ф∙ORт*и+Р4ЯNb|NцВgДG║EЄ╫ж0╘Я╔╔Щ#Н╠3¤ уу╓с:╫tWZ┤аLg8√уjо╡}н#J∙Ч4e╖Эx┘t№y{А╥eKРN┼Eюзk▒V╫gРqх/жC~Я°щЇqS2;╖вРєРе╤Ю Тб╜┐М╝vР╩z^%їАн $jzНf║Н6$╗√▓5 S!`кuт;Q$╚№НdWЗ╗Еz^$/Ф╞╝2_ДЄ█Х№Огz|$╥ь#Г B~\iТ╟*∙┼Lв"эЁЮ╝╒╪А╓D·~вX│-╪N&╡ьSТ╤Ш ═Gє┬Ы╪√*ёcЪИВi~╔qPЬ ┘Ч$щЖ <ё┴Пm╥Ор>Pв├s▌G─8┴УгТбAvЧJ8>ЕкЮ}5d ,B:ж╓7!√@hkПЎ^╚!} HX╤0д)d√d[ "Kї`ъюfдх4 ibV*UъВ╔├B┌ёп>ХдПA@(∙QMКУK*Еў№5─├Jы'6Bы╗бiN╔╫ёУС  Ё+¤эНHЖvёЪ╠╬ЮсhOK╗б+`║ї░f0sy╜гGcэчВФнЧЯ═'U#║Гў╦у1),?v╧8┴з° фА▄вЬi╣ь■ ╖KmQ°З° └{ъpШЄsdЕ$Ы╖@Яb┼╤Aлgrър╘┘▐В&дл┼skBо╘├_gQgГд°к└RlD;ЗбylЄ┘┘¤=├R┌'┌и╧ы╔KАоьn_√Хd.Ч=Аo╧жу&Ъ)UЧ їs╞1┬$"okО1q┴ЭC~4ЭQ@3ьR36щ#∙N2,4rеPьян °─mЯд╜waп▀╞ *х╪х№Жuм╝╝yA)?Ъ[╥ ~лн4йв▐н= Д╚ н¤ёў4Ы·еЬД╛Ь8НуZ@┬╩║dи|їрЄОгБ┌чї#╥"=┐R\@█їщ}{Кўdщщ}щcа+!aSДД■A$t=Й│dО:#░з{о ═ @зЖХ'▀шlbе|г`>-Z !╙$S╛╤ЬO╚4\ЁМъ█a▀У▀╜Hc╧{Q·ъi╤и сКвщХFWЎЩR╙.JВJе║еЧ!╟СРOj"h&ovт─Sшw¤∙бЇу╨°А╗ П2 =їT╗А╡л=╝Ь,З└╘ь/═╒├ф╨ №фюм╜\N╡с╨4┘д¤╘H╡hдd'╝!Лясї┘йVЁ&∙╓,=R╪&u┬\ek▒'NB8╔ю]hЬ╚;2;ynУfд│√ K\[Гf([Pй`╞╔Вўv╡]:`7}"O║@B#√%з¤h Йc░╞k#5Ў╝имяЇ∙│─╦ёе!ъх·И|b*'▐╦┐YЯреўБuЬg*8ЧЇИ╒Sл'G%xOн╬ъЄЬн╒щy║╡7чna╤в╕7┴bЦy╬╛SxцОмRЬ;О ъ'~ Y╣0э@q7АP ╕^ ┤JзР╩:кфCЫ╨aёцe8}7mмR_7p3╧e7 ]╟fВ7╒щ°╪n>╩╣6aq╘d╣Bъ╡J¤vS7oЄсЮ╒г╕нk+ъy.0┘д~Б╜ ЯT└┬/╤2P╨цA╖H ▐y·=Ї$ ╞AL┴щ┐шжч|%цЭ╒ыЎМ"/qtхT╚$8O▓@е,░CЪхє·cxHГ О╪"K│)Цг5mVўЙ╡Wї▄╥WD~Bxя╠а╒▌╖f:/╡@¤Cъ>Hы╞КwR9╕6║vеЁ┌цK,:ЕьgнБ:НЬы:дАфу╖■ыЯ №'Оo.ўК▀цЧ'XX▀┼C=вDT_JAwe╝▌·╨zJ¤▒ 8&╥╚L▄z>╝.B ■Меcф^/0З+-1╚С1є┌#хL;Бщ▐Z├ў╨(╨FЗ▌HA4Ь'T@╓5qX[CЄk├НPЫкef0^pПN@ЕKG jРн√╔ьв°CК^9╪ПЛ-╜<М+huЩ▀ОЪЙ▓ b╝Nё└_┬x]ZpRBВєCЗ7яф╣▄hj6ўБригDЖ▀ВGGMчИ▄ЦtэПP%Ё╢┘H║╖эБH?\3B╚ХГR ┤ЯП▓'H■cCЄгжDNЁ╠ ╟ш№Ф?8WД zБГчг╫┐.н·~ RБучI?вF!Ё$tMъO┼г6╙q╙Вs▀ИX╜╣┴Р[╜лXЛФ√bnQ0Dдy,ёer_┤ЪVi{TЪ dьqT#.Дў╜гыЯQ8─▌Л¤╕АЫ▐aЇи{Зш╟┤Р~▄B;[еў▄├┌├┌╙Ж╙7ЖОм_т╝шфЮЖ;╦╒ ц.╖%К _}СХм╛╓:Qє╫0rg╒[ rБq╫hT9o╤s]L/ фJ▌╢н{▐г?0G !ЯхzЧ│╣цтuV0├п)q>``─л└╡I▒O└е_╡\А,▀┬L;╔&э ┘m╢╙Зрпр?о╢{з¤6Ч ┌M¤N_▀У┘Щ╕ХЙВ┤JЇ№ЕЄ│╗П{t3Кз$[Й Rm╗ftnQ┐] РaВ▒╔e╧╦u┘4 &о5ўн╣╩@SЛTЭQущV<╝╞╣Я`i╜ eЙ╨<╚Тїs$ч┌З╘be&┘╝8│╩╨Упр?Dявп¤_╘╗#▓г4#Фs┤Б╜╨syд^┼nБTj║HM╘ьrwо╔Ё▄жы█▒\>З*ы╛2ИmTIlтЙхВїэPъє??Dс~а[С@▐єfp╫р╢▀╠їhМш[lG▀тб╠E8▐дящk┬5a~Ao7щУ -ZЖQп√3М№▌¤ЄШ╚э│I°-xRPЁшх╦yтеГ╟╘W┬K╞l1)╨MцПp¤▀!AдяЙў у┼sЫ!g╧ЗКчЦ╞{°iП }lСZь╥nboщ╤\0Cрt─├╪в╪Oz1Ч(%╬5 °}1(╝3UvюХ&0л┴др╜B╨фчq=ЄКОе/┌щmlЁч║FН√0k┐╞q╞гW╥¤к╛Цs╗аmчс,╬¤*▄Ї.ТсhH`╫·┬по1Vp╢▓▄Ў6`A∙З^pN▓ЬыCxG╨▀Guъе-И√ЇyЁлAАю╞J∙J X╧F▐s╗▐bЄЩ;╕Gq>1u(ТёKxc}kЖaНЬ╗2 ▌2╨;A═ └∙tQЛоSс"`┬ [b87v■Ж°Л9╜Cф,}ОЄ9&aО ╜╩╛╥П╕╓k/C3┬1КTиW╓чяжым└ўa>ё∙П╨i╧7╪кЮ┤КюПкДЁ+ЎOаёфыБ,ыАAH▄╓?бО╬Жф╙9:5╬5*Е■h*peXпA2т#▀F1А╢УHgЖ╗√у╫├∙╚ЄYа/h;▄УЗмl/t6▓■о╘гЖz@s:N&Fп╖■у?ыйу╤АuGїЬы6DЭr4╛ Ши=Гї]Лї╜~л╧ю] э¤юфРё ,┴єCdРпQ|W!(▌Fфeч+жСs╜E┐╛sсєL!>°╢{-йО└Учнюр╕Ж╓╙ ·ж JSЫфw|Е kв│?ш╬╖BWХ╢рЛ╣├"uYсmBоtИ╦▌>Эў6ХйН7╖m%ю┘Прf√-аЧ@ў$╚╧┴ё╗QGъД╔zй ▄┬Dg╗StЄ▌'└Fєц├sц+[`L л8пЄ└dж╜[nёdыЪ└"┼T{/jХ,╠\m╠+с*,╞<Y╕8 єДлzR∙ХЧ╢of№{√f▀╘бЎMT?╧Ьд¤фGDї3╝■Gў[GwШk╕А№ръ■╖╜2L╫З▐Ид│ї░пЬ П▀{rtйh╙;/Ь_}jЬ}k-╕{Ў╝3} JJIlWщ░<щ и8}Ї║╤┘уCф▓'Н╠7>╟ь╘c7)▓<двg╬╤N█ї┤╙ЛщЮN#ш╚▐єA╣#">П8h╚}Сs║■ x┐ч╧a;рРм\LDЩI?K gЪ+ ╚т┤└uои╒╓v╧ЛчNЭХ{╖┘.}ЮуM√ьC╗╘╔mn╙╥PШ.*wJзў╟u°хёqm[/б ┐?╙╒Б\o°Ш┼ Ыг╕v■ s╤│┐П┘В┼гw ч┬u"╨`,3Pкїи╟■ ж} М^:sf У!x░V(ХЁпёШQ*тrя╢╪Lgfz5├▄Э╥.+7зн■0╤м└╜╗ПwJ;Q-Бъ▓в3pейI╝.z¤▒ е▀?0^╤_╝w╣╩b┌C╘XЗ╘ф°Ь{ўД╒▄─=·+\ц25їэМс\/cLгД╞>╕бэ█ V╞=p+├бжжQхm▓в╜ 4Ц│}Б№&I╒v╚d╛╧bМSЙ╫] iф\Gи░'Ф8н1ф╣├╕.Ю.Ш╧╓дйЭ┬уVC O/┴│:"Ъ2ц│Ь ┐н@{RpЎ░╬3щЬkщsfв╕ЗЁ7╘▐є1ю'╘_оuЁюN╟tЛф╝╔Є╤Июо?ДБ8Vё#∙zшr_ЧўСЫ"Ї$#SR28╟yЭГmb╪┐`;WЭ▌:ч\C▓э=n┌ы?д║║ml╫pГКd┘КKфЕныxЯHэ< вtЦ┤t8;uzожч|HО8╥<┤jГНkd>╫\╧С:ЭЗ9█щж^Ь√]jЦЪ╘zЫ ╕FAзPJЛпI╬Б╕Хoy│o▓─∙z6}А@Фпц╥p;ДVъ╫'єzx╝еуеW╞ -П├ГF?O▐Мy╪2ШЫ╕w▀╟┘ ЙъcщvO╕ц┐}Гєy└┌┬·{Ej<СИ}azщВ┬_Б}-L4"}яа Є{EїГk°B▒GАjгмюv╟pлgбQт╗&∙пEЭО╘є╬ ┌ЁTшш░┐┘Cжд:╛┼Эгў∙Г@'b8└ь+g@75сv8ўd@ └ЭЛ╬Пt#ц█▀┐┬ез░╜В&╡a■tQ~b?Uc■?ЖєгS█rЮЬ╢гz:▀пК╘N(.вCfЖ╙├∙п·ъrFйЪr.т R▀NчZ Iрv°│]CC╓Вh;єгv░ъ┐~QЎ▓Hа[▀ЧOdТЕЖ╠╬·c╕7щaJд╟М╕╧(m0т!piЧр╜З|' ─C:O,]z X]*3VJлН╡@д╒°║^сGjн.у# ¤AЁ▒H┐#:эЬ+Wg╝У&чБ▓ ВZ■┤ПмДш=┤Р┘EРXУ╩╫wуТИ╚P╔╣ыИ╛дY°Ж$V╔Н $4─mЕL├m▀Еэр>ТєLкc╖IН╚ !l]0▀>Ch∙╣ця╒╓╠а5│П'ыX▐<Р│rtъ~Ycт6u┌К ~╧╪┘у┴├T/юТkA╨Ф╢k┐▐)gLЛу╓╜CЦИ╒▄║'cшвС√WШ┤yТиВ▌dRбU▒▐x5u^ ▀┴K*n╙LVРN*є'ршо─Iє╥hЭ·8ШС:7ЪЫw!Xе╬аЪs╡aЛЮ#─Tb№ўp&┴'иuhм▄жv▄ў]ь<ур\оЛ▒·cУ>д∙╖(-█B|Д╪ЁяR ю$┐u%9?ЪвМjўЮ\f▄юз┌P╗╖╜]└vq и]IЫГ∙mZK╦хЫ┴, dг q~г▓■бкYюбO5hqЕ ╔'П@▐╤J^▐гбy[)_╥Э,ЎЦКnш/&]l░Cy┼юСW} ХьО╢yТМ!~▓9w`ЫZ╬╡ИвЭ°БЖTт0┌╤Й╨QIU~З0.╓А%ЭmшKэє╬m╝[╧"ШCv0│фQзб╒╗╬УЕ-╟03Ё#чZп┴TТh/о[kI`TЄ}еB*╨Лхя░ыWа2ГСЩv#чЪ╪M╗░╥╨1"ГеМ╘Ў╟╫-/Е_╤wP [чФ·ЧГНкЧН╘[j┐Мs9BяUСў3▒];( є╚I╩╪сg7 ═я>ўгX¤·G░·5bХ·▀/w├ўPю─YКнxVaу┐ЭгГ`┴w╚╧ эIас┘Z║QнH)Бя╩h!╬▌▌%ЕT╩· С┌А}ОАЬ√ЄM8ЯБIBПрJpdmАc R▐╞О░oывy╡X╛є t╢╧^▄^ъЕ█^¤)(w`ртr╬_ю Ц√█┐▄л8═ЧрК+╝┌ЪкИ▀═ЯCЄ▄ЕЬoг╖J· M%Д╒умh7fА,F)Р{пбS@╓}Ohе0O'3_рAzв╗┴КJ─e└{┬УЭОBcЇ<4Jt0n║Ёзq║rюПЙ╒ИкдH/═М_Oa)Ё?а Ze!Ду/P%И╦тБ чХ╘╬GX- █Ъ╩PyC╩ш(3НPF:╫cДС╓О▒сфp7Ї=ФЙЩhРuа┼┤╥D<*Ё▓B,!чЖ─я ш╬жU╫d√В*+g∙.░■ mРП░■sРX╖F5Щs═bщ$у"?√) ╩;¤a^DK¤uяйP╨ А┘мрЕС∙#ЁTЖ#╒ъБTшЛ3жё░@пв=°э╘>йTFь&яc$╕ J7%:╗_a ╗╘ошўt4ЪnДЇ\Шhk╣gPQ'ikЫiпT╩╘фlQ)={п?ЇB;°┼ы¤╘ш,JГ╚Ц д S87JфWЗ+R+∙Э¤h╬_:ME6vъЇBуj╩!ХБl1п?TНjp5╙·╔ўФXM╔щA"°√∙иCжdн+єає╠kRИGв╠ мн▀╝1ц]л┐Ч╚О+`Ы ░ъVя┤Q6Ў╕'╓ъQy╓"∙NЯBsФЧvЄц╢к{xй№oЫ$ГхЦ┘э ▒╝Ggs·56 ЦН{е╒╬Ў┌д└Юэ░∙OЁ Я╘╞K┬9<зцьfQи╠T╖X=├Ё ^╫_ИХOО┴╬ЩАТX;ЛўZA╚╪~ш{:O<я╤Г▒IЪ╪6┴╘$H`╞хЕл5Q¤ЙP╘"x-n╞гs╖Лй╕vH╛*l├СёЎА▀чH@J8eН`▐YuТЧDcR╧nх=Р╧1bЫє╕╞n■иъkТCAїQ╥эx┌ъQч√╕-╠Щ▐0>┼╓@ЬPУ┼єЖ1 =Є1┤╦ШANЮ|О(х,Є}&O%█куTL╔Рdgў╝─"МuЎГ}╘2 ї8┐╘H НВу\╓Єк╚r0x?╗Є^.Н╢,H√┴Ь▌r▒9Л|хь╫8Ў ╥&╠-№"а▐─мфУQ\I UsqБп╧Q{▄тЩ░┼Аr╨╬;╧╓ 9Ё│╝y╟┌>┘ФВїcРўўkmR+╢55╖╚gє╬O▒∙╗БїШТ╚yХ║&НE║їЬ`ЎWН│Mа>╚Пр═З▒▐╗Н \v╢*й┘ц╒мыс╚ўм▓╞} briAТЇЙ│З/W<*фе∙I■├ZЮ{╟ЄdК╘хьoяьМ;3Ч│$ъ9сВ╩┐p┌3? ¤G╫╧ЙЎ~М╝─-№ЦPЯXn!]╟Ф▄Ъ&№у├}+\=У|╝╘ОKh├√╧Мп▀┼0╜3м╥nЫ╘╔gюС3XM╗эq|}╧ ╨([ю√Ц[иН╖`╒w*pA[ ў д_у╟┤XЪцGп=^┤╦s╫ьЖ7Й?ф╨7Р╪ўнЕЫ╪Q┬]╫╦н√Y,╪┘ ╕°┐L▓░Я╨м╫Є,mR│┤▀╘Ж√ vcя═н;H&√D╦Lt2:Kl\yЇT│*▄╔=┤BM▄╦╨)╝є8xГaШи¤ч3Є╘1иЛBчз#Ме|з°єЬЁ╖╩/г╡"5Є├√"╤∙u4 ;─ИБкєСїВYxг (~║ JZ╛eФ2Р╫n ceQ┐H``r╚╧RРg лAзCFквЖ┤t═QzVЕыGxзў[@*+aЎ)=Г│<╧┐гдїk╣їЗ╤kйўЭWгз╬╫ўЯЪsЁAцЪ╠ц[тifЧ7*╬¤F 9У╗Ь╢▌G╛hс╣9яKПДy ChL┴╚╪БZЩЗ╣╪╣┌hЖ┤▌XАJa4db╒Є№ЮY ╕ ═КiРT@Ў^а3╢&чW:LЦ№Ьk K▄╘ЖIV(рнZЄ9eA╝Э■iС2схЕ╨U3ся┬Ё┤°HИе■Ц╟a┐оЫ[7v8Ж╥┌Р]сIlф ?п┘Е┌и0╘gШ,╡┬АЮ┼j8ikб╤ЮyBЁ$я═бb╨┴{sВ┬╨Ж▒ ЁZОzн%Б ▄▌<┬Й°MчВo╣{▐╝< b│ ┐─д╙┘Ф╤0Ъ╡6n▌ОФK¤*Л└q{lx▐А╥┘{;+Q▒╢Ш?с╝╧iИЁ5cm8-Cx76к9/й║К#╜■RP┌vн|╤√kЦ█ФDu╡Ь0i╡1пgLшГy?ч║c8N°РW\∙`▌АY<Жv╓Ь¤ї└к╨зО╚Р*╠гQВ╘kШ┘,,╝'№ Щ╚їFБ_:╔X'Гjє┘Qeь@e▓k!eЫ╙пVШN■вwМ снCqю╕ю>┴5,H$╠RiЮХ─y%]x --0 а9{0z┐Ф7}jСЮ∙f╓b:диXє^╬█CЗ▀└{o;яАdNїМ@Isfу p·°О|{╛ ╨А=_.x┼:╧Ъ9╫k▒ДNП▐ Eq. ^Д│9йХэ уэ╥▒\щ√╨■M@▐Я@┤чb╒°1jРs=НD2у\─бВ╛╜Ща░vxAр═│бёЧу aА&Бc"2ШBўнИ▐х}ц Y~├U0x╔ьч┴iУЯЧЎ("╘Ри%█ёd■QЭmУЎ Нл╬(ЎжBk╟Hъ.nб╦zХС№Аj║ Єф8Є9вM$Л│tУ;ёxвЬзtтд╥Поп Л Dс ╥y╣s8J▄┌чь╨dЦMъC, DEq╘ЄRмУcx╚@· Ч╒Р╕7aTCx ХьdЭRЗ╒Р7LКO#K▐yШ┘МтG`йd╦pPоИ╚+▓Ж╙╧Zе6┼Hю┘ыю9раГР LЇ ░╬nф3ъб(ЮН┼|└╤d┼нWDк╓NШrXЗЕ[wHЕoю Ж╞C/г)¤}В81Е▐ч\╧и#CiS&┴Ым╗?Ш!~G.&"B╕л/,ЦD`N┐╢╠hT~Ovиьи8╛%ю┼в╡p▄╜Й╥C;чzъ▌!|З╩эЭ─^Ъy¤░Ч;N)g!ф&-юТТsB-ВW╨У#▌vп╞Mо╬HIжF╩╤╟УI1p5╚ЛgЦHў L╬√ ▓░Ш ДH┤╦╛'єDЮ*dПP+%└ АЬ ╝L╕$└P+! °╕$─0└*└%╓3(P╟HnH l╡lЖk╠RД}%▄W▄еР&S&Ш(#<иG╢уЦя o╦$и▐uFр_зЁ4ёЪЫ┬r|hX┤Omr\ч№┼I8∙вUй╠┐К<У5╚c!@▄UК┌╚"В╓ qЫЩhs`,ЭрpцоМЪа]▀ ╥T╞яqР°pVFkт╓}C4dzх╛xG\▌!P+Э╜ДЇT|ъ╚ъOz °┘сBыФ{Ш ╣оЕsп?GK vBлС▄─#<╪KmЄАLП╟Дз├Sbр4Лw┤\bЪ |Д▀-yцдР-1`i 4Д6J└NЎI"╛`,┤bї╠O!╬┘╡g╔┴юїўСгвh╠▐9Мd■ц╠<'Е╛CзУw·1▄TuЗ·╥T╖}═@Ч[йщB+p√ЕHЧQFєщцhA-╧╥т`оF╨<▌GRШmхмMБFHСф@.ЎОо\▌Щ$}dУvё╥^ yн╣g═Z╗╖0E(:Сы╗┴цЭЄ"я<4№uїЛ╘■.""xя╨XLt╔╝ф│Щ╗╕З' є(9_оB╙вЕ,ьvuC KЬOЪy╬т╔>╟w╔Р╗ц3┴╘cєZ6Ь│HdС)╫Б{жЕ╛sm═NR ▐г,B77╔lцяVvЗЇх│л Ui6╪M▌╕<╠K┘IPсе ]?Ф▓S эy╗╘▌єЗи3╤8e▌Ю$x∙┴Ы╨цK╒e=жш√}0 В┘┐r$n"И'0√ўv'╧vр] ▀oЧц╤>оЙЇ╛│_%>═Ъё│Жл╧╕┐=аЬ│#vL░╦г}@$╞Фxє╬ ]вnЯ°ы┤єDra╚эP┼НРU╥|╦Cа*(Dж√2ЁЖЎJС^h,╜/x╡i"ЦHТаГ┤!Ш·ё¤d[╜┬г¤бЪ`┴╣а{_0№=Nлv_5нлч5W▓FV╫i}дРJМП║Зt▄O|нZ┴ko5▌С└LB░{Ё¤ht╫J┌Э┘.√БнЭgу╓╪еф8O╫Q▓╜Ур╛ {▓twU №ЄНhю]╟8з▀МшI tReВxГ╨ЪезгЖ╗@ф╛Kor{b╖р╤Рлz&┘=Мs║Л┘%═.╟n║ тMdсфcлФEi┌_┴гE>┤{╡ФR╠ЎСE╜д▀#rvУ?Я№g╘Rз└юъ╧р╬╖n2║R▐дAJVCё@np╚Б|Ж▐ЧE┐;ovо╥┼нIа7JJAc7]^└г4E°-СW{■> ∙ЇЩ╨#Ё╪:ьТ▒├&%EЭr ▐▀iо" Vеж@wвZ$ўi(Q╔0bЙ┤ ExЛ Y√╥=╣Д~╧т╤╓П&|╣m∙Ф_0э№jшЫVи└сZЩ│o▓Ч─╤Ъ2ПТ█3зwUТЖЄtО?Е°eo%Є╦цЪ┐╘╙√є╥Яdhлч]▀┴√│iBQiТPt?Р~ПM·╪|~їpй▀&} Э╖I Erf╗wьu╝yQ╖┴╧лчшфГчРn;╚-_°Q│▌ Э,jЭь╒W}~ -╚ьD▌чФ/№▓ К█erPGЎ|r╜╣)╣▐ЪЫwт 6я┤э6sАs>DH╘o7ї█ЬнЧЕЛЪГvяDRЪls█╣lY╣╟иYc7яY9╫ъБ╗┐°Щi^R }ЛwхД╠г▓x╠иЇ▄"ц^i▓│¤v╓gУ|╬цЧAС~\є╔,IsнRc═╦юГkЗЗ╫═Э=мяЩyNpЮ╘└Ї_!KuЗ╛+║п;И║ дaП╘хьV├ЬГч?лnВg·▀ЛХ╡Г╣xdY·┌юЩtпЪєNzбNв√Ъ┼ь=+╬<7 ю>▒@РN├ф+~-H╕PDх~K-л,IР═p`@n ╚Є╠ўЄлаеЎЮul ▀у╛єшHп2█ЗG▀:Аы%┼фшT,эОx│rsа2ї╜и╬УW╙Є O╥Г▓ lHВ9ў▀C■;┌┼°Щэ╫<ХсЩ~╙RBkq╝s·ЯW╞Ь█Co%lYБ"уВ∙(░ъBи╨$Ж╘КИ№L є▌}x╛PЪ▐[Д`VТ╨J■ГКЮWЕVэ■"FЩ╖П■М>шаё╟+ўyl:йЛП$╔AKО№▓?X╝+X▐╝3╝O╜smЯ\ПtU╞єib╬╘ж╕√╓МК·АDЩЭВ и /▓fO╦Ы┤╩'г6пhL▒{r~9Ю^L╩o32ўgvЄжO=1╥rdl┤{Ў╞uЁR╓9╧ч║О█╠зj╛░Km6п▌xYФ╝┌╠эф┬AС[Б╦Ў╗;y╬zBJКхеЄ$ф╛.тQЇсиF░Nн<Иk╛ящ*iК▓У,Ї╦^▐фsLГ┘╟MgD?8ЪаqGдЇ Пм_Ъ¤╒c╚ЩчqН┼3╥b╓Л=╓╦|╝│ Е4GhЛ5{V%СУ0]жV╬]H6╔Хъ╜6R╜р-Х╥3*╩~2√9ч|rЇ=╘╞хsКxМ{p"~╛9['Я9Нур#уАЯ@J╡zбh&Шdха╡зlE√/│╙&∙э▐Еn№p ^нvж(ы╗ЪсВй├УyIгC═ЪЗ▐#аtЩє0+Ш[k`╛ю╝╒Ч ж¤oQВёёjЄюsВ?а╠з╝`─Ыр┼!xЛ(?╢Ы&я╪=6Ў=Ы╣gх ╗Їе "▀▓╪Tаq)чЬ╥6┤k3яо∙▄Ж╗Ы&В Ao:Fт~d▐9дя ░аIOY%!)rшю╚}Тя;A·РшЮ▐wщ─Ў9юб√╔ў║а╢ЎЕш'╛ u╪Z│ТXjЕъК2Ё{│"№ф;Sl╥Зфh|о7┴)╡Y=№╣\яэчxюЭч╖у 5Н╬Бa▄гкхуё╣цоъBлчЎ~└w▒┤ШC┌kХ:L]]▌╥░ще╜6яэ¤`цє]ЗёЁГря6Аб_╧{n ^:╨uЬПы╢!ш╬ :ьqфDЇўa╓╠Nа╨ЭP{╕ОшlНф▐JxЫy╨┤╖KчAфbx╧Э¤]=▐[У∙оn>n┐=╬.9oB╨╬ььъЧ ,Л╥П │═ДЛ═▐б╘"№АDn"L·(Дh╙·iЧ?Рд№блo╟╙}їЗ╨V▐╦Km`/UZ3█┐│po┘┌╗dЇ°F┌K]S{╫ЧР╖NКsА%:╨╣?╚Ks╟в/c%ЦQЗ┐[╦╫&k░тw ~ЫdС82RR ▐ >j(0Nз═т╔█iбЖqU╦╨SW╥8└Нз ╖тлр5Нр%О%MЎl}/FЫ┌BюG['▀ЕЛ&╠5LшF]rS▐&5▀└ТБ%╩=сл^▓Р5╤-├Sс╖рЛ╖╪е▌╕╠ Ц:кДnx╢╩╟qs╧}ЁIk7Лэ▐─q┼╩V╨!;g▌- ╒ў╩ p╩■ашуAўсБЗў┼R┤Fўф║█mdжЕel═ЙнэФE╥иАлш°¤НрE╕я¤╬kЇ╠░*у{n Эп%^║ АUt ^ЦКФъ!▀7Bo=гаMl╚╬ЖЖrБ8exб╞)y mш`╧│а/ОЇ<9h~вд(їе}vйЩT+▀п&ф~@Mn░Q YдмлъБ│|bЧуч╬пЭSh.Ъ7GюU"Ч[$?к╓▒%їAжц╬}ИgDц <@m╖7ж!.1_Бqjf'о╒Т<╚а╩Ё&ZJ°QGП=Й/╦_Ь─{╩еПu┤┐д╗О7∙?о%c▐-?Мз=[dХ▀▄┼Kз╚▌Ц>Щ▄'¤ёlя<╖Ує└╤№Фa═ь#gкw█Бux!рd~3┼╚г)▀'цв;_(╕O8омg"ў]=!░═6╢еюБ ├╣И│Ld7 ░r╖y┤U Ё`NХ_$wXмэ░╡╢Р+░ИЕЪ1╚чбїy╦М╫ЎМ√┤Гь╒█╪}uл5╫2т-XoTХ∙NZхGфLЫ4┼╪єBдП╢VНС@чI╢ч7%НJСї7ъюЦё┬NШв╜I6┴X#░t^├√t╡R!├D▌┐▄&м╙о─дHyБ,8╝КД67Wq[GAF∙i]Щ,xo╦P│R│LY╧Г№їAjЗI√э&Яря╫Ф·ЁкпаЧ_Ж ъoKaъ│,┬_QэёГ█Ы|йЎlбЎъЛRВkГA(6 єЩЪ YMщA╥рmzТ=@ Л$m▄XJ ■Sцгe╩<з└Щ №╣G/ЛЮпВй'KФ∙LБя+p╗_Vр_°и╫(░\Бў(p╢oQ`║F`ро?║B:и№|d1╤┐P:3ф7lH╝ў?ФZБjH|hX▐мъЫAWбЁ7<ъ╜oярЎ║W О3ў╙╕^БН 4(░ў■!∙Зрп щ7°'ЧХUj*к╩ЦN╕╘√ю╤Y бЮ№╒)pC═Я╒√Я╩╤▀╝Є{╦+j╩ ┼UU°▀XЄU╦+К╦E├╥КЕеJ║!═2'Ч╖═61╠ЬХ┼U%e5Жк┬Єe┼б╫sю░╬ЭiЯ3▀─фVЙеЕeЖ▓КъjCEЙб║tYyiIiQayQ▒!-╧>'?▀ДэTИ?Ъл Ь Є-/6TW;╩DCi╡Aми0Tп(,+Г∙ПMЛ+с%а[╝╘Р6o╢%ДE╕╒ех╦eЕUет*CZ╛m╓lеZf╤КBq9`Яf║┘РZН ;jjuZъ▓ЙЖ╘e&Г!нкX\YX6" аmГлсIВgАЯ┴УсnАчс ╠$ГЯ ╧rNДз┬3с▒NА┐Бз╓Gсл╔xя╘ pЮFмg4╕╔Ё<сJАысyq°8<╧C°)АЗчEo°<АЕcf ЦX ╧·<╨f ├┤aаЮnмр<ЯBx1└i╦/l рГЁ|Н╕ax9├|ПaД°▒o3<е є<:o╕тWр│C╕`√╜@WwьX<╨Lсчх0ююШQm6S°C%├,┼:яГ:к`!lhкЖ▒├<YН╦GP!<П@╕рfx!№Ф,║·Оe6└єц°√└єАg╢Е Э7<bА{с∙q╕oМ#Жс9З∙яЗ╛┬г┘Б{0 s╞wр■ ├мГ'aю╔р> Мї ╧┬3┬╠ П╦╝#Д}w┬У╢у ЦR√щў_¤сЮлaM╢Чфt ╟Оbt▒Лc*╡yЯк#N╔╙(╥2;@яЬDї ┬бяП@┌iх=┬pб6у57─лcЦи2╪BсD▐к└╣ \м└*>xdp╗O(ёН lQрз №ZБ¤ М∙JiWБi Ьж└Щ ,Pр= №ХEоQр├ №н7(Ё9╛м└- Ї)pЧ;°ЙП(Ё[ЮS`╠Q ї ╝\Б?W`ЖoVрLЖ~?НЕ S╟ч ╓R\V,чTХКеEЕe∙╩ЩМм╡\,оЪ╠мT═*эЕ╒вХЦ9Жё|▒░JtT┌╩K*xf╡┌V^Кч_Jя┐и╓╟╒╢jKvN╛╜╕piЎ*▒╪  ~5─V^ФХI╨ф:╩─R╠VP1┐tiq╬Є┬*жJЫ_,╬+_^X╛┤мxй╡╢и╕│╧,-lЩ╡∙e┼┼Х╠│┌В▓j@ьО┬2G1єбvЁ9Ё2┤╤'N└CИ 5PPnХЩ╩,ZФ│и║▓╕╧х,вmVсnювEЛ╩КсУ╩┬e┼ЛJхELжоX▓и╚Q╡hEa-MdцBъ▓b╧V-лfЄ!ОЗ К╦W2оXвф╝Л┴J+╩WТў SёъbqQaeх"qU%°ОE4┼Q]\еЬ▄■gнXZV╬мВ╨КъeЛКk▒┤ЗYTDCПCиb┼ └Хa╢3ЛаT9°}Я2ЛJh┌8Ц4ф[┴8┘EeEў2&╒вКrR|ЧjСгЬд=м.\RQ%2V├(A ├<пж-╝н.йм*-KШэrИEL│║дкъюPЧ╘└╕BшМП╬Фc┴│SпPъИ╒м(^QT╣ нwAў└┐╓рYи┬2Р>M╡Xе╦║├e┼°9Ж╩ЛVT2EЪХбжЩ_kjКк╔{ж√ ь╣═:w╢╒~¤фЇеee(I▌ │Ю╒+Лк─v √~Y#▓.Що╫╙Ї╞9:╕ё?Ю№щў╙яз▀ ┤▀D&tЖ[Gy┐L√яЄ{Mб№Хй4 фй,╔ V8 O┐ Y? FFCB:v╓ьyЖ│∙┐╡QgШ┤т╞)ЁGtФO_V\^\UZ╤┬квх╙kз▐8 _.3LЪ3┘0йZ\:}Y╣ШTR2л У&UVоШ^]]9iЙгдд╕jюЭ>ЕIHO┐&]|КkЛ╙ЛШыЦ8J╦Ц.-нвБы▓ч┘ьЦыVДО@OZ95=#=#*KУмЛjJ╦oЬrIюV▒1Eh▌к▒╒E"гMЫx ╔║╪▓КЄeЄ╟QОVQёRШ;ЁFyГ j№нл░p)мо┴*1╛,х^Иkю└U▒╒╦┴КRЫFлАp}ZЭ │kbЗdМ╜.м.'╜╨ъЎA┘ШE╓9╓╝█Ь┘ЛцZsц╠╡0Oи KZв6▄s╨U2,ёТ#Т>│ммeїA·Bг╗Jй?6бj╓E▓)G╦їg├┼аmьl╟К%┼Uy8Ьр╓T┴л╧i)СRшиа Н~Ж·Лa#▓т╞└─щЖ!nё°Gл√#№MXФ3gvБuA╙б╤лЯЙI▌ ї─цe +щgcЧт  Ы7Щ&d─ц╓цTЯ╝HуSbєЛЧх└√ЧbЖ}ёй╖@№e┐уVИ┐Bу╙0>тi№М╧В°л4ЮЕё|И┐Fу┘▒VБ╫iГЦXKUг~Гb)@,УQ┐IcyЫ╠и7╤╪И]╧и7╙╪bИ▌╚и╖╨╪rИ▌─и╖╥Xeь▄┬ZF╜Н╞jcчAь-лЛЭ╗bo╙XCь▄%{З╞cчVW2ъэ4Ў╝Г╪╗4Ў╝+e╘>{jБШЯ╞6╞╬Э╩иЫhdKь\3гnж_ь▄Lш▌kГЇn'Нu@ z╫Bc√!╜kе▒nИMa╘m4&CьF▌Nc╜▒sKп]4╓Яxdюw│├яG┤вjnё▓╥jЇ\╒_╞─ПЛ╟WjО╛Bик(c╘GФ.i8Kё╟▓p·WJч4·у┘UЕхE╦ *HkGХЮF┐ЪYU▒В╝<жЇЬ╛ ЕRTVH1фm╕t@!ОЖQ╧╖═╬Ю3╟╬─мMмGЕУ}gБХЙё\Ж7"ичг└╟2яО96 гf┘(я#s~.г╟ъQэН─╥Мz<Ы╘└"F╬L╦╦Зъ╘yl ■7w#~╢┼ne╘┐W*└"┤╪q6┐ 9/Т╘├╥Fг4тЬy╢┘P╛Ie╥─2╠(ь╥ХHB ЧД║,щw*%╪^вфNХсЦXD/YТхfNЮ╩Гпд╛WЫ&Bzм╜вЖQЧiGь#JJ(]╢ЬQп╨ъwаКbF╙ьъrmм2ы╟`¤ясO b╦╨ДчB s╓жP|гVЦ`Ж╤M╛мН`Є>№╜Ь ОN│┤┬▒дмШQщ5d╩PвZ▌╖Рч ноДP6HК=╞во]РЫ╗(Я┐├║ИЯkхпcNеWпПYш(L?┐вj)гnд╩ЙЙ═' ACU▒Е╦h╩ocЖ!╩Ъ╪╣┼╒┼U+ЛЧВ0 Ожic╔Є╒Ь╩"2¤ЦM;Кэ°УжvR'mуZОУ║IЪ8Я:vЫ:ЙS╗Йу╪ЙТжОг─о_У╛ЧжyНч%q▀I▄{gfБ▌E9=щ;}=┼сrч~ц╬Э;wю╠ь╬юОЯ&╥yЫR.ч7l єЪЗkS└ЯD─ НАЯBj¤-ЯGT√[┐К0Д╨№Ъ `>╛-`ЯААф%Бp3DїяD+C@d┐ э Б╤¤╗╙├1ацў&╬1аш╦sМc@╒W&╟1аь▀ ╠нъ╛*0ўR╤{0╓│▐B╔jЇцп┌ъ1╞п ╧Уc'└ёЮ╖5б{╗╫░х╕ої▌°_Hjs I═ ┤IЙЇ#Ы cDsG_Н├e3|т%╜ъ░┐HMqDР■▐▒цv'ЎBФаЯ┤┼c('С$nщО·є@х│░_:Ъп├7╛hSФ─ф8ыoo8ШЪ И║╬k╔юn№д╓ Сw√╬jАr∙╔DктРiЪ╪Б ы╙ычЦlюzф\ "║~O5/тW╝з╗q ЕЎЙЛ│R╡╗├ш:эjнT├╚╝┌▌x?2З30E─N 1▐н`Д]7─ #Rл[aSQЫ:ШRS?щТЪ▌ы;kЇУ╙(t0"нt╖▒`┐▐?VА╞[хf╙PЕувЩ╣ 0╢╕┼▄4╣pЯ╔▓i┴:╬┤&f│SDZяnBU┌┴XУ:бг┤┴mgp\Clt7й┴V▌[ГuЙ °zCj0ЦT√B╛`(Azд'ЫъЯsБЎУъ▄╪tfжUM╒<мNку╟gqf┼Dр╘КГVє│Рс)О░1·X~fЇ¤"╟)(6Ухyе┐тH+ыФ@>═С╒А─ №3t!Е¤5▌(╗░0/ОиNC╛╠┴zFЗйЬЭc┌}Ег╝АЪ?СЭЗ)GммИЇ╒жj4@ 2L╬e└ГЯчV ╨9n╧▒сkM╒\╪"миь$ ▓_oк╛йЫ4#+RYOФ8№# о"uэ Эo▓П╒`╦-Ej^│█pL╫ЖсH4дq╘KWxы Xьcу3Щ,8рХ^╤И|ЫўSа╛█╝в9SЩ╣IЁ■IЁ╤90eЫЧп▒ь┬щRє╔╙s╟чgSc8`K█9Y)KdT╪╬)╒Ў$мZcS1╓7╞f╡ёbЗW4!▐W╔╨m2╪ZЬRз┘C_'iз╫╛qЕ╬g})ЯМ@4H┼#DСf╝ї╫║бВтNiШёК5$jCдыDнJ67╩Соў┌▄хbb,∙вЪпJє▐·С:fZ╓;nЖU~ д╝╖чхЭ╪╬I╩?!н(JV▐@┌В0ЯЄB'Д╔Фп│:З▄Jц;┼бz;ЖТ╪ПOз9╥л|YnфPЛrб3jU└░|З6(Ч!t3WwЛЄQД9t╣Є/▌┬б+|ЭЙt+З┌№жАЇ6╡+я┴╬rиC∙;ф|;/бS┴ p╥mъRV эvu+е;8╘г▄К┤wp)Aeб;9VЁ[╥]Ь│Oy є▌═биВo╔ТюсP\9Г╨;9ФR■е№ЗЖХBят╨иЄiФЄ╗▐l╣cд%SWЪ┬jЭ╠╘╪8є╣╫█zOЎ╡Ы.ю░zxMz╪[д╛ь4╕┼З nё╟╖x─рbpЛ▄т#╖°иp юъeєy/ўАП<руx╘рЯ0x└' Ё)Г|┌рfЁА╟ ЁГ2у╪YwG(2~Ь8:┘zИlЮ═iыт╕╩∙╟8\p▓p}q>G╗╩ иTжCЪc7Cx7OЬ&О.&дАт╪├А Ha├Иc/ClA*GьcИ+С#0┐Р-трV Оn~}∙Їшл∙e:@Г3╠·К┼|ц°B─ьgД.$░ lОkв{є╔ф╠№╔CЩьм▐=№кT╢╝╓t°°е9]нщп■5Ж╤═3╔тD$Ы[(Gа?pgи╪BСсВ 7╠p|З#─P╟Иd░│#,_╓H Hт8*бщ╖╟ж░6Ид№╛dИ╪нЮр╝▀ї┐А╢╡LP╥╤T$╒Ч@O┼g¤/Вeц`z@фиж[a%dJйбБxjД'╙╤(бШКt ;C7└sвУX┘╣Л╚xМЮad-0х╟+4 ├EТq_*╨GкШ°D"Ц ╞ВмЬШm"╛┴йF =╪?;4HjXцP:SФ╕Xщ;ИЫq@вЦ':HOtcщ"ї╤E─6r дЪXix╡╔Л)0H,CЪ└+T+1СЇЕC╛D┬7BV▒║ёt Т %Вбpdмx"°Хи╒Й█фФGш $─¤_qяЧ>╨╛ЖР▌l ¤]Еv░ ZWХ`╛z !{hBzЭBX▄;▒РЫ═МГ\5Ч+└Ф" ·G┤Ж╛$эG`Ц╡oьж;0juПЭї╬╤*Їгю бQЄtg ¤╟^▌ ПPЗГ┼▓¤у3Уу╫л┬}Tц?╫RКyhU+d╠cI1Не╟hГuтт! 5F╢6 j0┼Q░╬в╟i .╚╩HШф╥q┌r~YцUe;%ЙФ╪RJшYБўКнaЫ$═hWnАq`6W╕1с|Пў═9▒oЖ╨bш┴║НйД■╙Кў├ E║я№bO&d╖#.╠C└д?vтН]|ЕюЗрЁaQ▀XПт!`кl'#¤)╗-ьг╪ @Щ┬+Иш█п3№├А{ё┘╔Bв5¤~╟Kp°?╣ЙРgD,Z┬н9└ыkВk H[╩LV3УЇ┬║Hp p\┼═└┌└}Р°]╢u&№╛═Д╝!2╤ЗЁ▀ ё▐ bГ?┬у└є~O√e╛Й pЇ> щCя█шсKЙ4▌№T╛gd< \°й╟7Q╩р:``├/OРВDБ°6╪У,Ё8$>-сKВ8OА┤╨▌№3` ╟и▒а)Аy╨S)ЕЕюК·B-┴+╪ Й]м`7┴╤╡(2'X'╢рH√ ф ╗жp яFМгл╦Д╝ н╤ В╙т╒\TK85▌ъh═3и╪█АыГPЇрш╜═╒l nРЎЄ:▐[?Ф╚└h'№+G╥Ў=Ї э=i;щ─З!W4+АGh Д╬╜M ? ╚}ыЩИ-b щ┐KР┐ф■ЁM▐/кў _└kX╬VQн_pIc$┌+╨Онр╠╝°AzРЇ/|#рг╤1=нcz\р╖рcя■└▀╧iом%ъ4+■oi5t▐рпАщ+°ХBl╨ЯЁ$■Б @#оNqu╫ЯвwгшШ9>╝ cO{UЁ\жХё└Мl@№║9zpuG ╧+Ж0ГХ╓АIтЯ1ЙOUH|б$ё3LтM эJ|Q/1Ю╦ухЁ▀┼M?D╡]нСТаоНр}╖ tpлhSmюQ№┴M╩C■╦╔╓Є сТ% ║У┼Imлl╒ л▀Д┴·[╜ 1 ╜█¤q╨т жO5ЇU°З▀Н~ О╨+╪aU(┴zА~/АC 9qP№ЩН▄{:└z╨¤ А>"А"·╧s║▄ЦM<ў╥U/мqыVюЎ$о пЩь ШOФ6Їh7zшJЇ5bХ¤(HLNЮ┬b▓╗9ЇL╟ы0о╤DЗW╢▀З▐╘╚PУSЩYь7sp89╦Р┼FЬж╙Сd∙Т╜┼Нo.╢▄╫J`ЄУЇ`1░Р╧OfЛй╔уЩW╩ХdЛ╗╪-_SpdР0║В kQНИк╨Zl1А▓Р▐╬╞▄!▒▐Є,╧▄л╦№ь·╗xцB~аа╟жe~6┴2л╝|ПГ{2b▀Nк▌H▓╢┘ьLф}Ыё й0y╣У┴№9 {Рf┤я▓Шф┴(Ы╦OVИ]/─тр╡/г_&╦ўUe/У:`Y3А╝√P╓d┌QGYЙ├кЪЗщ└tсЖУx/╤┌(Qvч=√─¤tDт■Сю╝РГМhO*hgхvK├aaGU┼ЭwаУ* фИxК@Ь,=u#тYqR<Ц┌#№1■┐ЎЦХг*┴-рS5г8уQхщ▌*рб▄▀6·└сAw╘М П$+\▐#р╔aИ8╤бЪ#,┴■╣К╡гI╚ПЗk╬;z-Ьёа▌ЧpИS]OыKЁJ▐F[Пю▒`LА!Є_l+GCР ╫b╙шў>рщwyGлp2К~╞;·%`╞Г^х= t<\є╡г0K├wgР·+ьНшЄ╝6M&Ч7╫>,╬ ┘[р8╜ї58Y}┐\┌║╣cўoЇОФKя┌Ь.э▌╘О)╢ЫВ├╢┘╠ёщq╚4ХЭ▀V└о█r№ X╬р╞M■╟╣─йув[8Б╕MSNио▀╖╣tRwu▓-Э,2эь"╔[yчo░eє-я┼№ўэ┬4m╝╤э╚╤Ў_I╩╙╕/╘░sJ╬`=▒M ЄNd╞' ─n┼Р╥иэh5!╢aаз╥Г!5ш ╙╤Рў%R_яф├Т- Ж#Дъr%/╩e1r%у╤^цщM┬8TQB8ъыe╪·РX╦▒бa"ыр╨@,1ы╔ф^leЖpJ ─U▀`Pї'|Г└k√Єx¤yОd ХLТ*Ы/Ъ╓▒GЩь ╥щи/RcщTo Ц└к/"Ь:$b╤Xo:джУHЖ┌ЖHuЩКG*╚5e2Ц ∙щ╥ЙL'√ДЩ╚ ]#АА(зwМе¤║╢Т;'uХ╠Аїш1и&√bЙd0АW¤I╜СЪе╥Й┴$i╨┘.ЦNи╥`уhd Т"Н║▓cс╘!_Н ЗаС▒ъ■╨`( А│Рж2k4р-#ё5Ш* ПРfг▒"ГБ`(@VЦ▒╕+ж7ФPГa╚┴▄-Ф$л╩ЇX<е·z╙дE╫оx∙эХHи╛`0A.╙iНR#╨юЁo`g╢Y}rYc ьP&°╩░oнhЦd* hЕ╡║ОI·вС^╝Л╣:X╔ЛТdЭ╤I__Шм7т╤TРl0т№)▓╤мh╪ txжй B6щXВ╥I╝ю%ЫuцDУЗq'Ў^ $[* с¤зн║N0╟цє'╔хF╜·"м╤┬0┼жкщHWIсp"КУm·RjW√╬о▌и▐K%I[Щ▄ ╛Чр.)ВYк╡▌с╥ГЪ¤г1p@╝Йў┌/╞┼.║Ч╪vШГjаyx{геJЬFN╝ %У\^Ть4ТQЧv╒?в╞Зc ╥it№иQЩ9╜ЪКсеzr╒2,сDlА1эZТ [Х▀HТ▌:5Xш78v8.Ш┴╨]╞╓с╖ {Цф(СўЪzW<┘Ч√╔>│guт╬dT"├`иnг╘^v5Т\m╬╡гг+<рS}>h▓▀Lю╕jЧО|НЮ< ┤ЛyE╧2МF╟ЁUpъЖR┐БкЦ▓*▓iФ`E,ХaЄР/.&У ┴TС+6p╦x{о▌╥v-]ЪС├l[ЗUюьфйV>╫╢╕Km▐Z┬цщnл╩v3┘eЮ2╥О╫2╘\╘╕▄¤9\┌avo n0tи*k├h:АJ,█ko<`Гzl;├▓l╧├смe[ФлQД┤л╩ё$КТn_┼й~╤╗5t╬Ї▒Ь▀┬П╓╥НК╟))лФZZgw7┴rjq:ў КnДЕ╩^ч>чg─╦ХMOЄ `└Д═C%┼щyПУ┬^├∙eфя┬ ╔АpщUШм▓ЫIr^┼N╒LО|'╒Йкй`║pcк^м└н0Е[╢6Auj;u _╙▄▌LH]гОь tss─ГE╘╦мЇ^ CщНН╞ iвФеРъ] ╖▓СИY┘@P*!л0AHЛYc`╛╠CMu\▌d╞мй1Ч█*ь@╚Zр╓▒ол1╘k=Єa1╕1╦М▒╞Ш╪Tj.'зlо╤Y єn▒╟~'╢nЩkырjъхкР~гт╢╒╦▐╠.│и╢Fю┬Я╢у╦"█╫┬┐╞v│x щ╨г▒│╙рМЭЭ║·єж╛╩И┬L╗┌ш5═Ы╜╝╟√>?│╚nYЧ┴╥ЇД▄┐ыо│z┼ я╣√,%я}°й√╜m┤,жХ╒fЯlhБюNx╡zЎ~}оИЗч╗F ЭKh╘cи5╫╚чдщ&$·/╡Ї╧¤N╠3ьqbf╝|Ъ+(УЪИPg9.qзЫ╩2zСЫР╛%D!9т<╫тА1┐`ш│n╢иfA─pУГ▄ЬД─JН▓Ф тzє(╤Д$:ЩкI┘ф ) ╨╥m─╪шн`О!sбн╬N&їРlЁлa│╟ЁFAЩ▌═YE#r╪А─#yF╩е∙=!G (& ┬0мЄбо╨gV╣6║<▓14Ы├▓Ан<┌╚KuLЫ╓mэ╞ оh1л ;Юг2`:╡шV▌Iz=е▐с¤m= ¤√OЁ{ 7IУ╧р$Д■_g)№┐╠Я╛'█ ∙е.└N╢хччЛ№q√эЩь°ь┬─фo╚╛=WШ╕fpуJ╙DР╥ а▀c╤6Гoй8Щ╔fЛ< У>└o╦└ фЩ╧Oтz╩▐Й╔)тжйbaВЕт─lц8OOцєlя Ф0Ц╦p\.?│▌BqoКJhШ вШ|╖7 ╙%╜&є┘1T╩ZRJ█╞Y╪vб╦щ,жТKu┼ЄD}╞К3<╒═nкl╦dў│цУ)й▓hўтд7a╬MmM?Че~ЩJ▀вTЦъ=OГ╝╥Fхъ3ЄJщtЫ,┘жхfА%█WJчzv~╬#╫B┬VДЇI┘╔ЪР╝Z╢┘шY┘.╜С╩оYЖ│Ї0Ьи\7 ╪П│d=&?uX▐аI:*╦ї▓фСй═ ╥▄╟dI··SП▄ИЕРэ╢Ч=▓╥v█s▓╦F(╩&=eIЯ╙e▄ЛЇ│Вё!d┤Ї▒Eek█А<-7(!(ёr5RХGmRўgeщ└VЛмHchФа┤Z▒╛╥Ф┼╘ФmЯєX%y╡tсiBхЭ╘j~е:├╜6 ╠Nщх3╚╒яJ╡M·Д▒щ; m▓C:UФ-`1м╛┼v?"╬Ы]z╘VЄа6gБ█!}cБ╩нТcXоТPЪфlУ[!УBl┐'oDЛ╖БJw▓vРбЪВ*█юў╚ ├▌.пE▄Г└6"╦OО0Ц╒╧╩Є)yuш=З╦kчw╔)ї╦ ╥r У▒ПXмЦ Й К╨ОТ│жY8 Wб╪n└╢╜|Тємl};`keO?└┘Є╣Е >╔─Xl╖Б*Юay╒Я.#╫H▀%`p8∙* 7AЯФЫЄ└╖LА№hєЧX╦9Дd┐ь█Z└.\D√(╥╦┤ёИ│I/вЙ=А╞╓│IXj=Ъ▌&]а<ч#ЛЖS╧0еRоЕ╙0kZЛm}Х√ўoб╟ф6·╥@3ШТХ'хi╞┼3╜ пєPщ:х┤╫n∙й\3╘гZsXlяЦe *QЖХэм3Б(▐Pv██нVщБТ|╠КDщЛрvщ√фзP├├P╫)ц█PбO▄вАTє▀0 ,╧С┴░и┤В{╫╫╦uвзV▒єс]Ш╧&UЭ]О· zЦй╘╧·├╓aЩ~▄"CД╟XAЎСеc╛с╞▌°|v*3╜=││kD│╙╙Х┌Т№жХE╗=)¤М╨uыжG┌·зз█пОо[gб 4╧КЩ}+┼@╩\ЪЙ"+`!BЎщу│█Ё>гИФхЫЛЦ ╖cчЕn¤├oЎBГЭjн╢+╤2Ю¤L√<о╘╨ж═.AW╗хO.%ф┤ЖSX█╢╒"╬цЭ8AWП%шR╚M6o2Ї╗▄┐cё╗╝яФ|о╓;м>╫Ц█eЯл¤6Ы╧╒їv{пы<Х·-WЧяiW╗я╫▀_╗Z}_ry¤╧╗▄■P╦▌╦ТM·Щ╖A}ЖA╜▌╝╔╔L7я,z щ│/┌ён|Ц╧х>kё╣╝╖JYЧ√)ЯK∙+Є·S╒Ьк╜┼2А{NУ sD█ czс%╘4В√╨ NТ╜Ah╣ЧВк╣Iь╖к°8н*╛т:╬6]ЛЗd}│Щщ,~3Ч d▓є∙ф┬ё{\[{8\ЭbЯ┌-|63Ш╔│ЭзЕNьЙo▄МЪ)ж{"▄ЇO╬╩T╗n>═dпЯ╠Чфг!°nz╬╪s=▒Й)лэЖRs┌vи╥╛kуkFuп-┐▌Sзз&┤\М╨ЬU▄м╒фТ╧Ё╝i¤s ьЩUёDnl*єу╙lзпlЕ=EcЪЄЧtЪ└ЧX░Ь1▄/THЄЫ_=л=бЬ81ц╦NаЬ)yГxMApv╓№ ` i?зеk┤]у$n[ы│╓2█="¤иg.F╥е╡в>м+JK?a)щ yС|йМ╥Т,ZеOСЫ╧¤{Х╥ъ■МH|ЯЦy╡Ї/╡Эа$NEй╡%ЕJцh┤ЦPцBXДРЪR╬ФЦsE)gъbъщ%м╨┘LKo,5╧╨ы"i)I╥Тї:Chi╡╠f╢а╠·Xйfи─Y"JеUqлУСm лPЄЖF╘╒ш╥\KЪI3└{┼┘AJА+╡лр^вжФ°+ШОЪЩP#НнO│;TBKЯ.eMV*QЩМ╘WQh║2▀╡ВxgЙй┬"Д,ттrLe6MU;)РЭn&ы4─═e┬-Мpq7ЧыafБzШnй╞╢Ц├з╩ю5є╪▐Ъ0+╣я№тТ!рBйЯ[K┼╛yN~uёЮНyЯфїy5рххг▀Л┐щТ─°єZ▓▄wVЙф■х║!цЬ╔y╧Щє2deю┐_*я╥: ўя?█O[чi^t^Ь╤Шн&0 ┤и■АИ▒КєўEП■е8юЬчq╛WЬ╫╗3¤┤▒ыВ8Ыc║∙хЩг╙в┤4 Ф└g─yNЬє&9oU▐ o┐6Ў$~ёАР_┐ ~@K▀ ┐ы─ЩТV"]─ю&№Щ9╞├0ў|Щ Я┴IT!·yЙ╓АO|U╔Є<bтЧрAПm╜╧V|\╔╢╩s 9╕ж╬°Tп)~└щ╝}∙\wP|ъЄ<°$у╜Ч╨Ё9|дКъэ№mdZFgЎ3№╢ФtfKoВ╧{ы0м═╗ ї· ┼ўгш1╪Я║D-ъ!qпA├M|├эЄ╣·-°"█хyn░Ёk.e}╬ц№%,Ў░▀▀{ лBт╡eфhyo0Ф■П|QюЄТё╣═▄%x$|qюЄ№ьf<3╢е╩·╛Їo  ─] pWu^¤╪Цd?█▓м8f╨А\Eqь─%nF╢д─bdG▒х─uЎн▐[=н╜яЗ▌╒Яёд*їL╥РtuЗ╨║н╥Lж5 изMй f├дрi=4эFS\43ui:d└%=gя╜{ўю┘╖√№P╙ЭЙ╡√э┘√Э{ю╣чЮ{я╛Нцлр┐жЖ°╖QЛ?mb╫√2├ DПfЎз╒ЧycЩжQ▒5\fЭ/╙╘W╠fР╔╢└}_fw,╒╗x9k}Щl;УGўШeЫЁ╫Б ~∙Цжr3ЕвU*№Z╬ёF═ВUъ╬б▄эPNзпiз╓_+нdzДМ╓эЩ╙Ю&ЮBv┤Й·hw▐Ё °Ы╤Ш-ЫbJюu]№█  -п&3═ к└∙2_жЕ╩TШ╠И╞айбГЧиh╒∙л Л}бAXм8cT*╠L№и8V╔Э╣5тt.V  ~ВXм7░╪G┤└Y√[lZыа2▄b╢V▌b▌WHkеd│ъbКп>2Ч|м╥▌у  ъю_ЫЩR╠Жx№╢рr┴ЕЮ C ]g╢п(OЭkY,hЛKA[|■]б╓Э┤Е╩х╦Р╢P█╙Чсm1зе╖┼M┤E№╗Т╚бЭ;W&x/п╫▄rQ/"╘лSйWDЖ╫k8и╫Z╫'╗D·ИИЫфєYн║ЭЕ>є ·рё|│╨'╛чRЭ╤/т#Ы╘9ж▌╣╬ХЭЕo<п ▀ИСйHц╪ъР╤▌whдыш`▀68o╤т}┐Я&╪GwM╧p Ує╦лўSaЯ∙└>t°Ўщ╒╥█tVKПcч╡t√\╨к█G╘╜sU║п.╘рл7Wпъ╛ЪM╨П┐j·─√*_╟6Ub▌U@f#фt^Зj╒╕╖0фы_ ┴у▀бЬ╩Кш°%эєв╞Zе>√╠Ў╔P▐ю Zz╠╝дUПЩм_ їя╫кў .╙╫Ы$├╟┴NMXu?н╗_N ▒мRО'│ўhк╠╨▒сtЩ╜╗Уd<█э:vьX ╖J5q^M?о╓╨wfW,M▀Щ╫╥√╬т█и╧ВЦг№╢ш;Ж^Ь▄^}{╡TЩ┴c=щ2{;dЁЁc▌ъД8_4╝q╙qfWд╟yi├7с▀╒к╠R┘РўпYMш▄█@Є1.kщ1сЪЦ>dУь3VqL g[к█ЗЛhБМ┤X╦╥ММЙу╓X╘╥G╞ы5Xc>┴AF╘▓╘╜)бw'шГ╟╧ЪЕ>╒G╞хhШХ\╞G╢ЄТ`╫а @┬Уs/█@ж▓*<Юю[╞F)s`лН░x<ЖO%╚PлЦаN╖й╗ л╞Нз╝]j·PПЕ}ЗyT-З{╘ нЖy╩Ъф№ $iM^s°╚\╤┬Ц  ├н╤╟╩AоуZ╘├o╞ЖW\ьхЎikЎбs"aЯ╬ЖЇUИlВ}D╜▓нK╙у╡цM)эї├eBЯфёBъ№хЖ_e╝╕ое╖EgC┬Кў∙+Нв^8;Zе╩ЁЎ┌▌Р!Sьє?аHч║фИЇОхLgщ╧└S∙u8Э[О?╥в╚XpЪ╔Дe~Р∙L┤_0}Pч╤╞_%╢·yoDЖ╖┼╢а-╢Snч■└╬[h ёуFk #╤·Ыщ╒чц┘Жъ#м╨'╗D· k5мo·╨╡gб╧|В>x№ёrбOї╕Кc╫еїa ∙*z╘e ╚ВВ№' =├╚JH╤* ▓РE┘Hg[dб-ъл╥Ж▀o"є╕Ы░a%бMЕпО╘рл^рл╕Bz+СєcBТoЁХф─JЄШq╥д:} x·},R65tk╤╝ПoБ╠у╦XПijhгЕр·рn█w(hd╦э\┘$ь╝Гъ╝Dv╞уMl},i?ўApўГэГ№vl9╕╟!v6X№Q╦v■╜fag█-фr;BkЎ┴┌┼жещз▓юЭ▒:cЫ■m╨ж┐hНоєуБm·GAЫ■~l9h├м&lИ\1JA╤П,э>[ОW╫ж╟▒Ы│Oї╕:WK\M╨ПУ+Д>╔∙Ж╘∙~нZюЧ╒╥█4Ig7fk╚¤k╚%цSъ~C@{ї\bмb∙╗%A╜|ЇIМ┤Ы├єЭO2л Я├°▄F.Т┘F╛HVA~М2╖ЖС╖щщ #mРВ-╛;М▄Hяmaд╙┤ўЕ\ЮZTРУА╠╜?М|Р┘ДСз╣╛=М№)rэ єВvс?=nW█Л°F╠z┬M°╞SБo╝Ae╕o╝°╞%НE╟РМ╪kk╛Б%>B╩Є╟Э ∙┌чЮфр+ ╙│'<.Р∙g@оьЙZХХМь5V[Ю╒Ци╟5ж╧F╧7╓РUолn1]/ф╜▓б ▀Ыl▒В5▓+D9╒gЇм┐Х┴ Tu^*√poЩk·V}п?иW├▓Ём╩>vЮ┤╣Ё14є1▄┘}┐*#ЎЫД┼Ў╟zР?$°бы9%█,i┘\ї^╪''ь│Н╩pХq╧.u▀su ceS √▌M5ьчfк╫}*ч·uЯлбюsA▌▀√^ў╣ъ~бЖ║gъ╝▀"ъEkAu╓║-ъ║╗kЫГ╚.╗)Вь|╣!В▄u▀ЄсьЧыbя$ьy┬■a  a┐R√V┬~Ь░_$ь=Д¤Х║╪;√a┐@╪▀C╪ыbo#ьCД¤_}й8ъxхйЬ╓9^┴-г'ФuдНА╠)2яфL хрtYЫ/ДezV)їя~ k4kb;OЄиo╛│Я┬ч╦gГ∙r/Хя7еп╧'╠Чё╪ГЫlу╒э<Х;G╡╣qe/ЮZ Р Ў∙n∙M═M╪gоЖїДлБ}b╓m─АMщяk-ж╪ч0╓╘J_Ka2X╬;5▓ЖFъ^}ЭнЦ║▀hJ EX[s ыHыУыЮC▀8Q▌7╞НR▐6й│П>zКy╦sАdD9>ЄнЄЯ┬Ж╖jd┐Ы█p^6╠Pb├ъяP57з█░│╣Жў┘Rl°cиiчЙъ■Г╟гИ5:kр√yС7╕╕5j░╞| ╡&░F╠[Фтm▒м1ЯbН╨хzК5ZёїБЎЫоЎYнUыqЧ┤V╢k░╧╓цЇ╒╦сz▄bК}▐ПU9ЩlЯ╗A&SГ}X9╔Ў╣в-Н}:k░╧ёZ"╥Жd√┴║з╪▀pям┴>Щь│и-Н}║j░╧x Ў╔&╪g╝dёН ЩYНyу%иe(√▒%и{М╬╝ю╫╡ЇС:▒ю,п█╤&ЇёwЫтdh6╕+Agк!╒'╚EI.zНфв¤d■uОоЎ╘┼■ a┐J╪wЎ'щjO]ь √9┬~#j∙╗Ў,√y┬~Ъ░┐J╪▀$sР▌u▒╧Ў_√q║WB╪G√E┬■|]ьGщ^ a"ьч √B]ь#4g#ь¤Д¤,aб.Ўa║SC╪ўЎ╙╗╚├еМ╚├CхИ7U▐╞<\·$фсд^╗■_u▐y>╨╣zN2╘Ш*sўвMc╛фCъuS▐rЕx╦K$FuС ▀#9v}ьЧ √┬▐F╪?,┘∙пH>╙єе,│Ф?&9╜Zh╪▀^oгoр1╖:╠Е3k*°' │-a▐Н╟ч@╞KЩw_ЩWоъ_ШЩOШЫы·t┐4"╛Ц└Vъ╛ %/ЄзЄ "╬3фЧАИ}jЖм5Е?3ф=|щ┐1@vЄ╫Щ!¤А╝дФє y9╚UЩ\#╟nЖ<╛FцQН°жещ8eg1xяП╧В╠A9║]╬┴|-d╓╚╒Ж|Н╫beА\dxE╪> с╦Їjo╜хЧмO█°Eё=&єЛ5r╘cHKл№ю C▐┘╢╝Ю3з-p▀l>мсЭ ╙█"dжrо┐OtIйщ!NШ>╛ ╔ДС▀с2Т¤╙нbN-╩yРsКх┐ф?╒*чхVц╦yн5ZўЯ╖╩QЖ█ъ┤_Сi_╦╛к─,п{╢лCO▀Ka2ўмХ_у▐ИxOЖ!ПоХ3)^w@:о╙kхZC>╚│JM?│6ZЛ/rQС∙* ╫}■im╪[Кf1WЩяб л■ыZVк┤№ ,G╤зuЭ№^oўuЄW╪ d8ЁДвaГGk№н3┴urЭ\НлЎ╤МАзЖ=№▒ur■┼Р'╫E}у@┌TOX'WЁЄўывqу:Цгx]KЖ¤юF>ukЖ¤ъI>u; mJЫ~0#╓[D╜╥╗,№╘╤МЬ├2дРС_╖рq##┐│─Р'Yг╘т│АlSd╛ШС;╬ ∙ Э-av▄пы jaМЦ∙FР╨?╩╕а┤щ╓Зї╤ї╝mы║GZьЮїZ^/3XЖШых/Є1@цTў╦щ ХГ╗"│К> ыгэї @║ВТs▄╟v+ї·■z═ўи╨x╚е {╜№ЎCVАзЬVd6ЄВRЛ.@v*2wl√╪ °у6EЯр■PЁ╘a█4С╣вXь├Ш┘Eд-Лх╝9пhX▐└ZFz┬cdЮ└РП▓U╤Ё@о(\╧"▐s`╚Ч7░6Х╚╒ 2╗Ё#дЕуrП┬ОїюQ╝N█╚Ц╚║НЭ├╛wc4·▌ HптG╣жЇJ№∙╣└оU(╢xЧX╪∙гЩўJЛ}r#SЛqсяr┼ ў;S@цМbН┐Dм╬qklМ┌ЁИ(5mВщB┐b∙   СЇ▐wгМ┬їАМ(O}Р^ефгАlWdL^r(f╢1;Kл~РE┼к▐╞Nе>╚ ┼╬▀kУя1ф'mтэa▒7█фZC6l╥° ░Рy 7ВЪ┬╕ГCтo_ Щ;@&п╘лw╦1еЖGQ,fт)╚щMс╤П'7▒▀¤Е╞ўS,"Й╚C9F╢Lx4 <╡U)∙o╔(~e√5ЬФ∙■жpщў#ъспГМж┤Ec╗\▌eH{╗xL╪ч6@║о;┌х^-C·┌хЪU#╦Я цТ¤(╚ЬU╩)╖у┐ЩРЭЯhПОD╪╬Їх9ф╞#ЦЛ╩■ї|╗x▀Oш№ЧАlW╕╛▐.▐╩2▀dA▒╞ПiVуs╗▄uх#їf╣6╚РнАь ╕╞*жЭЧ▀ю96╚z▌▒Щ═/d╗▀ ╚Eч7│_J─фмRўi@▓ rР╙╩SHЧRпч6Л7сЕ5╛╕Щї\iНo▓D╜dNбэgо┼═тW,gl╩▒щЩ╬~■>V┼1ї▄O`?йьъv╠▒КчtЛч,╧Ў▄╝SЎЇ▒▓У3У┼fJ5H╣х4)ю Q]╖КF┴╘G ╫Дб+ЎqгR╤╜ЩК Уп╚цсЪ├yх '┴ ╝ a}ЁрсС╜CCz └╛#ўыЎОь8tИ┘у,(в8нсxмe#∙ЄФeчsЖУЗЦЄЁ│▄0<МтTk╜dx╓дй╗ь>[,IВ┐╟ W╧х╝▓Cх▒═pbП5╨q21j─╦М[╢єцtотщт}╛Шкш║_ШYЪд╖¤╡н8╘ИAнXY╠-╢J"╞▓YХз┤+J:╘┴мxV╣T╡№єЯ┴wIў_▌[CWХ▌0╥╜╒лpЧЎ{1Sт╘йSjG╫їB.з;f┴rбы*`▐$p╛мьЄиaыyhpWAr>Bl┌7Є└!}hЁЁt*l: b┼)3пgt;W.M2ўЦ╛ВkкыРB∙▓╕╡ *Є'││p▌_ДЖrNтч%¤Ж└╤█╡▒█Nfи^1н;w▀е;%╧*ЪЁ8Ш╓└вж F█▌Cksш╚┴С┴·ЁсБ#¤шЗЖшc╡8╪O├F╥z@├ВШ#▄┬їО╕жsо'РБ№~`!T┼╒╕┤7ю`╜ЇУц kию 8,╘'t?чjт╢О_0А{·╘];еАС╧иК&Sх│XЖр}D:t}¤!) j bм▌бV╙я│J∙с▐.С╦}3Щу▒вю7=~у╛▓│7ЯwL╫Н╣┘WЖ6НФ40mц4Фq║╦%сГе╛ ╟1KЮ/ФkЦ&Кz╨╣lk╘1Ьў╓$│Ци└рmдч&╜╨ХЯ:╦╦)╝ЖQ╚НИP(|i!ИB`╨б┴JF)tg╚╗-╫1№h,штykZпФнТ╜5fЧ ЪН╤ыBШ╢єх ьВ┬f№Ў█I▌_f╥√wьЕ╦Rф3 1║■СЙ28ЩПУ~CВ╦Яp▄qk╠уt.√ФБе░Б═?ы;╠№Ш]ААзH=gЫF b╝ояУъT`ж Cя┤З ТIЁcA-9cq┬Ў░я░+k╟hчзХЄ╘о╨еV8Г;╦[cc№ttЗ(/ФQ='D∙╧P ]А ╗ё╕8ъП╧▌;48єo╗ЇцЪЬгЯЁ▀Y`A яЯгыVyTЫ(х4╓В╙йЯ^╣ЯМD╔╖ГаЦTD╩m┐Щ№ЭCЮMє ╜В єvйJ ┴o·В╒3&)ю·вёЩdў╘ёRgIюIv╗"cЁ▀─ХЧї╥C╗я┌╡ы╬]_У$╞а╟ДФa/G┘z┤Ос "4№{Z▌┤я▄б`P>Ф1Kk№┬Ї■╨8нTJф]:║┼Ду╘4s~├яQГn ╛╛├CжС▀7уЩ╙┌a╙;RbMХу╘}Цэ∙г>╚ЧEё!>ркеdЯ║.├9c╚p╜Ц─O <@du¤╤ЮУh)є ╢NП╤┘╚Б·╨┬<КVr!У╤╦cX F p╦ НыPЭ █╘- └ККїC╡№▓╣3i▓ВМю▌ЙQwлиOЪОЛ╛▀d╪)зэP#bй¤ж ▌уЩЖU╞Ш▄гтУ6Ў([■y╚╙ЎГж3h`┼┤їгшtY@>╟V ╣Ы┼W╦ЎеOцЭ▓JШПыvепШЄє]Тb▀T3IЬbr├┴g─v┴ !╦Щ└█гоiЭї-ь"#хЗн╝┘NЇА>▌нШ9k╠╩ЕЄ╣╘МSz╧╕iT┬N╚уГьёSC┐uq!╢Лу*o·aШнГOiС ▒h╙Jд╛&cЬСч<ПМйx╥┤=u┌Xk▓.ХОEBw+╗б~6АC&йA╥╝=2Я$ ╤IМШж@п,ФКР·кЁhС├wr╟4\$╞n╤p|хЯЪ тт▐╡ГЕЗH■,юV╫2╠И,дЎb¤Б╖dо"╙W┬╝|ё4.ишШ%`ї зi8p>n╠т=ЙЪ╢Ж.kХfBщ 7фd.g;Ш№rCЄ╢╧EКН_ aъ╞╗ЫеВjUЗ(AеЎ ]Э/║У(^(Gk┼xi ,╝═╪&^d└ГX┴яЛ°3RВТlm\л[ЕР!}ЯГ╢ВKЗ╟╦SЕwр╙Ў─u▌w╞И█#╔`░L@#Зb▓░ў$=OA`╠ЫьЗбШGxЪ├▒1W \пhТC)┐╙EZ9bI╩Кк,5ЄR°Ъ╗Ъз┼ч╡ё ЛCдP╢UJ└xUВ6Л.Dи├O8wa^яЕь!є╕ 'X┤:tFh╚Bк╚JDгu╒G┌╚H╞є═p╚Кд9~┘╪╞╨LEнZЦHUТЁсУmвkб╙ъ╦д▒ ╙RСа│·╗юСш "▓$5бW'u┬яY╪їa*Я╟9Нm\┼щВ╪Pu╓YєI╫;й]y`U╔°` юЧr~23│ся┐sТШОw╨иB6e║╩З■°LЫ▌гЦ ес■┌'и║╤YЮОмK╫░;▒u╡┤?}┴RY>Ч╜ЦїЗ   PKВ·Т╒╜РЦwPK-/_▐Vicon.pngЙPNG  IHDR┬оnБъоPLTE^╚Sе9tRNS°№я &є8 цс▄B┴╦zI ╙гА*╖2ЩЮПФъ╫░╞k.p[VNи╧Ж=u╗│_SКgcм_v#ИIDATx┌ь▌ыV┌PрЭ ╫$еEnjлИўъ╝ ЛїG╗к╢DТvHNц{X af╢╨Юн^f▌Q▌,7╫CбКё╧ё╞Y╖Дкф)┬?юOЕкb╕╞ Ь╗ЖP%╘╪jYкА╙1╬ПЕмWЯ#╓MG╚rэЯ Дм╢ ёйи-d▒┴;Дu!kuF╪)рkўР└№лРХЖчH─чsa+╒║Hиy$doВ─Ь/BЦёЦH┴y▓JcНT▄B6Щ"%ўзР=fHя╗Р-Юaв/dЗШ┘┘рж╬Д╩яцжМЙХ▐ ▓{BеЎ├E&п|Ф┌УЛМ&МКЦ╪Щu┘*н#)0,lЫV)0,lЫп>R`X╪6зsд└░░mъR`X╪6э)0,lЫUД╢═`Б╢MgД╢╬╡Лф╢╨ХГд╢╥╡Гd╢╘еw└ЛP95▒├┬╗ї▒ ├┬Vk∙°├┬Ц╗Ьу3 [я4АКo ЧD=DЖЕ+б!├┬╒░Z`+ЖЕлb0ВК{ЖЕKвsГ 0,\%╟чP╤cX╕$Ж]|└░p╒╘юб"Z ХBэ0,\5▐+▐cX╕r╝1>`X╕jS╝├░pї4fP╤╝*З3иp/Л T4∙9а,·PёйpY▄A┼Tи$.аВ_Є7X─└Л бЬuFXм ЧЁЩp╬Ж=ухЦ'√w"д&■TX/Jq░'д'■TpZР┌Ш╦ДXО╝╫М?╞▄6▒o|д*■w┐UМ┌╪ХP^fx╧┐_ч╪/Щ╩═f/█=Ч~cm╝d·[╢{┐$Й б\\l▌ю9№Ц$╟cЄё│▌sЁт C╣╕r═╢{ЇЛГььа=¤tq╪┌X /Ч wbа╙c"а ,∙P█,╖¤ояHm┬╫_█ KC?]д╙х`м╢~очЮ]дq╬2└VЕ(єЖuї{s=╬h{╠┤рж\q*V█ХЫm┴Mї▐▄В!░X╣¤ч╖╠КГЬЙ-Ж#'√ВЫ┌╜╣░-дл╒T;°Э╜8pB█епvЁ;{qp╬Й`*┼-чIс▐Ь╧.╕╢vиvЁ;√╜╣&@┌p╪Г▀эИу└З╙╛╕╗Кт?VРоa√u╖╟{s+ ┌j]ь█╔▐КГ.з`bи└Є?∙~▄├┐▄Gбэ ~▌gfVуP▐c╨* ╒ю9Ф│┤МЩЛГ}б8┼╛щa~Є▌[тпНPмB_Ї°у┴ш░~ы╙6ЕА%s_╦ЁйфЫ╨6 А)ХЖ▐КГc@╢)NL│4t╞P╝┬└4KCАт(жYтыгP░dLs╨еП▄D╠sN=@ОB&:▒wЗ[i─@Е├ВBUPКв ╥Bе╓"UP▒є■/╓Ю╢ч4*Б,▓╔p┐W Lю╬DцрHВ:дщМ╩i]PuFдq.┴Uш:г╤n╩ЎPvF╧ └Вкqс! хK┘6ъ▐ИYXpе'Гї─Аy╔8Ї┤Ц$0▀ПЖР_kЮуўQКў`РGJШЯОAI`╦╨·о#╡МuяёjХ$WЇ~Ю╥ └№\P|∙I0єєУ_└Jй`~f№VK4є3eё√ щ`~NX¤╛\┬ШЯ╦▀▌└№LX юФzцз╔<└)ї╠GF тв є└0i@ёк/@9ш └x^ЛжМ'сuh └╕ЮП╛М╟└\`\АЎз3уt*░╖Ъ<:h └╕ьImfлsx!▌`=и└╕╗КЎьп╩Н┴bъ0.А.▒ШHЙ-A╗А▒#╚m'0.@║АA╞@0ш└Ю #Г■М pЛАБ ` └@0АБ `H:lYЩl╖K╝8ц▓/└`!╠$V`A $R`AьKдо Ьv ! фJвЇЕ(РЙ─И,ФvФ╪r┌╟@M╬└,е} DPД_АЕ_ FRWb3 щE"C╢Ъц1X`С┼``БЭ┼5" н%1╔n ┬ъHL└|шАWнИe╪С"u BыКнo$/░д╜Иm╛╬О ░Фї┼vcМy╔$░Ф ┼RйЪ▀n3ёFЦ╕3▒M═O% n╩▀┐-▒u █5"+FGl-є╧qM|А%m*Ць Яс╛" └rПБ╬эНa ж~mPМ▒їНе7Р@ └ 3_Є╙=Ф ]ГвЇ┼╓5пьIХЮApю1Рэа.N`4─vi▐║К ШуUП▒НЙlUFVиb[Ї╧╪h╩{`Z8╞@╢│Сl╧▄аHхЪc dkOх-0%z^=╞▐е╝Cж┬W▒=>$√╔а`b█7.х;▒АiQ╦└╕U√▓iw`ЕkИmfЦи~Ц═ЪoЬg)ы│l╥Ф(О1PАO╚FЬМ┴ЙX▓v╕]R░╝M╠J▀└TqНБ▄цШ"╬1Р█cFжЗ{ фЎ╜DжЖў╚6.А)qъ9lцУС┌╜A$Ю╓╝═s_#Sс9╧╚ЎбBж┴ы1╨Юё╫А¤bяN┤╘Д┴(', "*и╒q▀W\╟Щё╛ Л╡=зчФ╢3-┌Є╟ {ДaLрц&б╧ФИ ДКЮ╟0Є\─MДВФ[F╬В╚q[бжтsМ╕qбh1уmU─xBYл#┴ eБ╕╣PW ╕F╪-√√Y{╔0║╞И;Й4>5╕F╓1╥й╪}.АХ!К3ч\г╔═щ═М╕FТZ Фe╦HХ `Et╧┼╡Ю╗°-Пп,д┤1P▄з¤╕├0ЪИ╗ eж√╘Р\#kЧ)*нц└HK╒╢г*ТM┴К)] d7_\╙Б-│ ФсErL'┼иЄM╣жС3тvтw┌╖б.АщхО╕Е°ИY?Rpо╧ВЧЗШкx▀zsuРВ▒|:ёЄбUЙ_-▐║╥ШMЎ╝Ў[x[─m▐Ox╒M╗o╝ЁC┬qюП я╥@ ▓^ FDА8[|╙█╠-д`╟:w╛▒%тjтЛV,сUтw\° цД\Ы╖ёiXўW>юЕа3r /б╦]Ъц╚ъ0nЄдOЧЗ,╝╤╢%aдf═7\ё"o p┬√╚&P7s┬лН╘xЬЁjхУБфNx╡SWIxy╥╫OШ0с╜ёЦN=]ё'╙И^НM9с}h%|ьЁ┬ пЎЮё╛*'╝Пa°~┬╦Ы╕┼?2O.ьСTоме╢P4CLЗ^вь¤ф ёХw▌TДВ■ўДўЩ^Ъ┌╧sqЧжB(8╫ '╝D┘╖╗─/╔Яgы╢уIЯм╙╨┬╗$я┼╘_+Їё▒. мїV┐K№VЯ Їe┐╬ЁG]┴Ї╘:ZHb#ШЖJCЙd$║·щE╗жЧ╪уOДf╘Jed@═\0m╘&к$o╒╓Еy╢Р╬еЙ╜ПwpЁ *Wд╘М<3ФHKrеЧ<╖Г x;qЎ╪@▄Єбэф#юvSf d─;;+╚╩МмнГЁr╨░G╚A(MеЄ└ўЇ╡╖РЗЩ`$Еr▒М ╗Л|x№HQmЙЬЁM}Х|фф*=ю9йrИа║ГЬX|О3A7ЙЬL9 h'СУo !hk ╞ ┤3Р #тщЯв╜D№'¤IкKd7;Єa?D dUхзOWeКld╘ф 8]5Щ╠V▄ ж╠\"у┌М┤╥У~ызnГ╘Ь17 ╔;Iдф╝Ёузпх!c╚П_х ╥ЩsрлЕйtъВщ└ХH┴9єA░z░gHс╬╗╛u1Ж:Л█╛┌p (ыє╗┐6╠T╔W┴┤BХ╧+╛Y8Pё╡n:Йа╞xШЫАьvлRънГ┴║WZ╘4н╕║PуьЕ╛┌е╙mї4ю^Ч3╧2ЁcъЧюquш╘{h@IU╟щ┐╜▐п^ве/СФ╫о\-ЖД&Ф╠┤ ╠Rs3щwдcЖЇo7_BEа╔V╧rхыУў d╫╫)╫ ЫP╤а?ўЩе[╪ фi:д[Еm@AГЎд╖hЖ▌Г─_Q}в97║PР¤¤Ыюыдaсп2"К;б#$╫!9 Ч╫o├@тЯш╗ВШЦDb╜1╬t╧W  RTдДHLрL7╝H№sNHк#у#▒Э д╖Щ[°OB%IЙ╜*┌╖a У|TLРT@c`+┬ЖБ nDуп%╩▓(╝█┤w#┼@$0sСTё╡▐╣!QKGM.|0ыc3гЪРМSф аЎY(а╧э▌щbЪ@рсVDН (ввx▀вЩў▒╓ЮIjЫU9fй▀▀■h;3;;k╙яЪкёсЗ║еє]╖'┐?tD6═- н╝n#ek .@6;└ХЕO%т +С·─Ф121╚%╡╡CXBTh'ГR ЩLБ╩╦■G=аLE&%B╤мV^С'д╖ЗП╚─"xXЎ?a[d▓ xYЎ?в·╚вB Ыхi┘чш░ч"О╤61_╦>?QАM ╬╖╓▒7@╛9@ЦБ,<╚╦(ъP┌▀╗У@╖ #QВ\hД╥ЄД╡улЛ~!_н▒ЁFв.С╨ЩъРНC■╗A║k▄▀жЄB(XKHе╖P 3Q╬/@ы`с}\8X(+╢А┐(Y└жW┬╗ЩpсёzцюOBч4Вм┼∙НX╒л°╛Yb!╚╬▒9ЁsjлУц╙Бo╘D╒└Ф п╣ьt√|X╛ Рov▌Г№М│?!№▓mcd°оEfЧЎоe rUE:$EЩuDLЖ?СO▓3╧ ╨ХА,Т·wn|S~у@#0) пkf╪6Й LRхў ВZЗцglЧ╩э╡ft╛Rп╖1a№Rц(:б╗лМ?ъ╟╝DcL^~;!╬1 e нC·чF╙Фd═сВг\po(,√wTВГЗ{S"╘р эIнй ї╙▄ шж:%'ДwдТ%/gT╧╫.╙к+Н╛Бй2?■НD▀А!Н|я/vй╠ZЭl╙ЯТ3ЖПФй:S╩w╒0▀╣г;5z`·─.№Aъ!%Х▒И ■MцЛО├f#ЖkъTЪDл╬╟E┼╢в√зZх╚╧Є┼XВл║║╬Ьj╠ўЗ╥гs╢4▌<┼{┘деЭncол▐%0Э<хYЫ╩╦─ЬGn?fВ¤RK╔1/UA╒┐c╘тФ╤─<ЮъБ│╖л%╠W╪Дщ┌ШyСмЇ$ёЗBЫ-Є >!Me╠╘хЁс\ _(─L7)5°\н/`VVAГ╖я■|mдЛ╓й lЇЮАщ·s.ю╪■;О╞Ы √s nаўK°╬єс_╤A>см╖jNЗШ q╒Ярс_°╚a?kеWGЄмS аУ!╪■┘уй╩├`Ж┤ ы:F╢·ч.зЩ▐?MР░A╨Ед╘О┴X└;╚у▐╢A|Oў б ╧{┬ыBВdI▌sg г╩╪qх╤<╨ОjР┼[D▒│k_лnКГк╜┐╠┌▐ш №·HO%Ў JMЯФ7fу+sSЮи/WЇю6GbДpQ─`ЛмХЪя┌█ВX°a!rЯП6кbЙР▒3 _т.Zj$┴jЭ╨Б╔ L■╜╘%╟Дз[кhЭ ╟ьЛТW╠O╒-nХХ╣═YУ¤ <░F&╧и┐идf═Ю~ЧЕ'кМY║№Жp└aJц1╓╔╣╝Xg¤dе╗юYt7┐Р┐ЫЄ5╖┘b\Н╚=:Ъ%╥·П═dr·R┬у+xЇvєсЪ$;ИФ;█d3╚=╕y╩ПSLЪ∙АуN╖╟!ъ-иX\╟и°▀▒1√g┴ еZ`ў RеA╤J0 xf'▐гБ▀B&s╓%МXB▓здУ╜mTK╣╓"cXМoЮ╧y°]Qч═;ч<|╓Сф╘Ю┌▓CЧw╫=№Bb9√UВ╟О6GБq*┐╜Д-YЁ╟┬Y}Вz▄╬MX¤m:Ыt@РЄї┴dCJзуН`Є√нДкгАкRУ╝Ї╧╠ГеG√0ї▄бГ,[jpЦ▓дд╚╖@.д5╠яР&_╤╞A└╠учєwаС3 Es╛hDFЄLЯ ї╣Гтh┴[╝цЬ°{°EwЗЇ─ЁMTO╚л╨кxBЁjър┘╔QыюХЯЖXд|А╪AG└2Я┐Iн\┴┤┘ 4о╢ыMdЗn┴j╛?v═o<а╨·у╣ї╫▓d╞t ч╘ ╨┘НnХ'_ZВsяDОp6'╪═_r╬;Б`<m╪╢c¤ЎdR;c4L·6й├V▀Ж╔оN'tж&√▒╝ж0K├-J=╒E╡зZ├m╩.ТэьI╗gкs└└╣╨=у╓5-е_rш9╖Щ┼9;кnи╝─M+ЗъФ╥qО╡H╖@эUO+·Ўє7pD╣GЯ!3ў 3ZАз┌╜┼/*zMыЩm┐┼├а%Ф(xЄ@Н║\щPpЯ│╪й9э╙ЯАLл;ЛXРT╚$∙уo╙qюў!┘УЯАШ6C82ф╬Б,╬╜Ъp?"пр∙╨9фУ[▀^┘°vп=ю[w╗└┘ЎFr.ДЬ╨б@Ы┬Д■╬#¤o0└╘┤xоEЭlg√,ъt┤╕╥HЩt$Bwр,v█Ы°в8ч╔│$╝├┐;KФЁра┴╬╫ЙlЙAЛ║CJ(4^№┌' ФeБ1■.4N¤ХjV░'ф∙ORт*и+Р4ЯNb|NцВgДG║EЄ╫ж0╘Я╔╔Щ#Н╠3¤ уу╓с:╫tWZ┤аLg8√уjо╡}н#J∙Ч4e╖Эx┘t№y{А╥eKРN┼Eюзk▒V╫gРqх/жC~Я°щЇqS2;╖вРєРе╤Ю Тб╜┐М╝vР╩z^%їАн $jzНf║Н6$╗√▓5 S!`кuт;Q$╚№НdWЗ╗Еz^$/Ф╞╝2_ДЄ█Х№Огz|$╥ь#Г B~\iТ╟*∙┼Lв"эЁЮ╝╒╪А╓D·~вX│-╪N&╡ьSТ╤Ш ═Gє┬Ы╪√*ёcЪИВi~╔qPЬ ┘Ч$щЖ <ё┴Пm╥Ор>Pв├s▌G─8┴УгТбAvЧJ8>ЕкЮ}5d ,B:ж╓7!√@hkПЎ^╚!} HX╤0д)d√d[ "Kї`ъюfдх4 ibV*UъВ╔├B┌ёп>ХдПA@(∙QMКУK*Еў№5─├Jы'6Bы╗бiN╔╫ёУС  Ё+¤эНHЖvёЪ╠╬ЮсhOK╗б+`║ї░f0sy╜гGcэчВФнЧЯ═'U#║Гў╦у1),?v╧8┴з° фА▄вЬi╣ь■ ╖KmQ°З° └{ъpШЄsdЕ$Ы╖@Яb┼╤Aлgrър╘┘▐В&дл┼skBо╘├_gQgГд°к└RlD;ЗбylЄ┘┘¤=├R┌'┌и╧ы╔KАоьn_√Хd.Ч=Аo╧жу&Ъ)UЧ їs╞1┬$"okО1q┴ЭC~4ЭQ@3ьR36щ#∙N2,4rеPьян °─mЯд╜waп▀╞ *х╪х№Жuм╝╝yA)?Ъ[╥ ~лн4йв▐н= Д╚ н¤ёў4Ы·еЬД╛Ь8НуZ@┬╩║dи|їрЄОгБ┌чї#╥"=┐R\@█їщ}{Кўdщщ}щcа+!aSДД■A$t=Й│dО:#░з{о ═ @зЖХ'▀шlbе|г`>-Z !╙$S╛╤ЬO╚4\ЁМъ█a▀У▀╜Hc╧{Q·ъi╤и сКвщХFWЎЩR╙.JВJе║еЧ!╟СРOj"h&ovт─Sшw¤∙бЇу╨°А╗ П2 =їT╗А╡л=╝Ь,З└╘ь/═╒├ф╨ №фюм╜\N╡с╨4┘д¤╘H╡hдd'╝!Лясї┘йVЁ&∙╓,=R╪&u┬\ek▒'NB8╔ю]hЬ╚;2;ynУfд│√ K\[Гf([Pй`╞╔Вўv╡]:`7}"O║@B#√%з¤h Йc░╞k#5Ў╝имяЇ∙│─╦ёе!ъх·И|b*'▐╦┐YЯреўБuЬg*8ЧЇИ╒Sл'G%xOн╬ъЄЬн╒щy║╡7чna╤в╕7┴bЦy╬╛SxцОмRЬ;О ъ'~ Y╣0э@q7АP ╕^ ┤JзР╩:кфCЫ╨aёцe8}7mмR_7p3╧e7 ]╟fВ7╒щ°╪n>╩╣6aq╘d╣Bъ╡J¤vS7oЄсЮ╒г╕нk+ъy.0┘д~Б╜ ЯT└┬/╤2P╨цA╖H ▐y·=Ї$ ╞AL┴щ┐шжч|%цЭ╒ыЎМ"/qtхT╚$8O▓@е,░CЪхє·cxHГ О╪"K│)Цг5mVўЙ╡Wї▄╥WD~Bxя╠а╒▌╖f:/╡@¤Cъ>Hы╞КwR9╕6║vеЁ┌цK,:ЕьgнБ:НЬы:дАфу╖■ыЯ №'Оo.ўК▀цЧ'XX▀┼C=вDT_JAwe╝▌·╨zJ¤▒ 8&╥╚L▄z>╝.B ■Меcф^/0З+-1╚С1є┌#хL;Бщ▐Z├ў╨(╨FЗ▌HA4Ь'T@╓5qX[CЄk├НPЫкef0^pПN@ЕKG jРн√╔ьв°CК^9╪ПЛ-╜<М+huЩ▀ОЪЙ▓ b╝Nё└_┬x]ZpRBВєCЗ7яф╣▄hj6ўБригDЖ▀ВGGMчИ▄ЦtэПP%Ё╢┘H║╖эБH?\3B╚ХГR ┤ЯП▓'H■cCЄгжDNЁ╠ ╟ш№Ф?8WД zБГчг╫┐.н·~ RБучI?вF!Ё$tMъO┼г6╙q╙Вs▀ИX╜╣┴Р[╜лXЛФ√bnQ0Dдy,ёer_┤ЪVi{TЪ dьqT#.Дў╜гыЯQ8─▌Л¤╕АЫ▐aЇи{Зш╟┤Р~▄B;[еў▄├┌├┌╙Ж╙7ЖОм_т╝шфЮЖ;╦╒ ц.╖%К _}СХм╛╓:Qє╫0rg╒[ rБq╫hT9o╤s]L/ фJ▌╢н{▐г?0G !ЯхzЧ│╣цтuV0├п)q>``─л└╡I▒O└е_╡\А,▀┬L;╔&э ┘m╢╙Зрпр?о╢{з¤6Ч ┌M¤N_▀У┘Щ╕ХЙВ┤JЇ№ЕЄ│╗П{t3Кз$[Й Rm╗ftnQ┐] РaВ▒╔e╧╦u┘4 &о5ўн╣╩@SЛTЭQущV<╝╞╣Я`i╜ eЙ╨<╚Тїs$ч┌З╘be&┘╝8│╩╨Упр?Dявп¤_╘╗#▓г4#Фs┤Б╜╨syд^┼nБTj║HM╘ьrwо╔Ё▄жы█▒\>З*ы╛2ИmTIlтЙхВїэPъє??Dс~а[С@▐єfp╫р╢▀╠їhМш[lG▀тб╠E8▐дящk┬5a~Ao7щУ -ZЖQп√3М№▌¤ЄШ╚э│I°-xRPЁшх╦yтеГ╟╘W┬K╞l1)╨MцПp¤▀!AдяЙў у┼sЫ!g╧ЗКчЦ╞{°iП }lСZь╥nboщ╤\0Cрt─├╪в╪Oz1Ч(%╬5 °}1(╝3UvюХ&0л┴др╜B╨фчq=ЄКОе/┌щmlЁч║FН√0k┐╞q╞гW╥¤к╛Цs╗аmчс,╬¤*▄Ї.ТсhH`╫·┬по1Vp╢▓▄Ў6`A∙З^pN▓ЬыCxG╨▀Guъе-И√ЇyЁлAАю╞J∙J X╧F▐s╗▐bЄЩ;╕Gq>1u(ТёKxc}kЖaНЬ╗2 ▌2╨;A═ └∙tQЛоSс"`┬ [b87v■Ж°Л9╜Cф,}ОЄ9&aО ╜╩╛╥П╕╓k/C3┬1КTиW╓чяжым└ўa>ё∙П╨i╧7╪кЮ┤КюПкДЁ+ЎOаёфыБ,ыАAH▄╓?бО╬Жф╙9:5╬5*Е■h*peXпA2т#▀F1А╢УHgЖ╗√у╫├∙╚ЄYа/h;▄УЗмl/t6▓■о╘гЖz@s:N&Fп╖■у?ыйу╤АuGїЬы6DЭr4╛ Ши=Гї]Лї╜~л╧ю] э¤юфРё ,┴єCdРпQ|W!(▌Fфeч+жСs╜E┐╛sсєL!>°╢{-йО└Учнюр╕Ж╓╙ ·ж JSЫфw|Е kв│?ш╬╖BWХ╢рЛ╣├"uYсmBоtИ╦▌>Эў6ХйН7╖m%ю┘Прf√-аЧ@ў$╚╧┴ё╗QGъД╔zй ▄┬Dg╗StЄ▌'└Fєц├sц+[`L л8пЄ└dж╜[nёdыЪ└"┼T{/jХ,╠\m╠+с*,╞<Y╕8 єДлzR∙ХЧ╢of№{√f▀╘бЎMT?╧Ьд¤фGDї3╝■Gў[GwШk╕А№ръ■╖╜2L╫З▐Ид│ї░пЬ П▀{rtйh╙;/Ь_}jЬ}k-╕{Ў╝3} JJIlWщ░<щ и8}Ї║╤┘уCф▓'Н╠7>╟ь╘c7)▓<двg╬╤N█ї┤╙ЛщЮN#ш╚▐єA╣#">П8h╚}Сs║■ x┐ч╧a;рРм\LDЩI?K gЪ+ ╚т┤└uои╒╓v╧ЛчNЭХ{╖┘.}ЮуM√ьC╗╘╔mn╙╥PШ.*wJзў╟u°хёqm[/б ┐?╙╒Б\o°Ш┼ Ыг╕v■ s╤│┐П┘В┼гw ч┬u"╨`,3Pкїи╟■ ж} М^:sf У!x░V(ХЁпёШQ*тrя╢╪Lgfz5├▄Э╥.+7зн■0╤м└╜╗ПwJ;Q-Бъ▓в3pейI╝.z¤▒ е▀?0^╤_╝w╣╩b┌C╘XЗ╘ф°Ь{ўД╒▄─=·+\ц25їэМс\/cLгД╞>╕бэ█ V╞=p+├бжжQхm▓в╜ 4Ц│}Б№&I╒v╚d╛╧bМSЙ╫] iф\Gи░'Ф8н1ф╣├╕.Ю.Ш╧╓дйЭ┬уVC O/┴│:"Ъ2ц│Ь ┐н@{RpЎ░╬3щЬkщsfв╕ЗЁ7╘▐є1ю'╘_оuЁюN╟tЛф╝╔Є╤Июо?ДБ8Vё#∙zшr_ЧўСЫ"Ї$#SR28╟yЭГmb╪┐`;WЭ▌:ч\C▓э=n┌ы?д║║ml╫pГКd┘КKфЕныxЯHэ< вtЦ┤t8;uzожч|HО8╥<┤jГНkd>╫\╧С:ЭЗ9█щж^Ь√]jЦЪ╘zЫ ╕FAзPJЛпI╬Б╕Хoy│o▓─∙z6}А@Фпц╥p;ДVъ╫'єzx╝еуеW╞ -П├ГF?O▐Мy╪2ШЫ╕w▀╟┘ ЙъcщvO╕ц┐}Гєy└┌┬·{Ej<СИ}azщВ┬_Б}-L4"}яа Є{EїГk°B▒GАjгмюv╟pлgбQт╗&∙пEЭО╘є╬ ┌ЁTшш░┐┘Cжд:╛┼Эгў∙Г@'b8└ь+g@75сv8ўd@ └ЭЛ╬Пt#ц█▀┐┬ез░╜В&╡a■tQ~b?Uc■?ЖєгS█rЮЬ╢гz:▀пК╘N(.вCfЖ╙├∙п·ъrFйЪr.т R▀NчZ Iрv°│]CC╓Вh;єгv░ъ┐~QЎ▓Hа[▀ЧOdТЕЖ╠╬·c╕7щaJд╟М╕╧(m0т!piЧр╜З|' ─C:O,]z X]*3VJлН╡@д╒°║^сGjн.у# ¤AЁ▒H┐#:эЬ+Wg╝У&чБ▓ ВZ■┤ПмДш=┤Р┘EРXУ╩╫wуТИ╚P╔╣ыИ╛дY°Ж$V╔Н $4─mЕL├m▀Еэр>ТєLкc╖IН╚ !l]0▀>Ch∙╣ця╒╓╠а5│П'ыX▐<Р│rtъ~Ycт6u┌К ~╧╪┘у┴├T/юТkA╨Ф╢k┐▐)gLЛу╓╜CЦИ╒▄║'cшвС√WШ┤yТиВ▌dRбU▒▐x5u^ ▀┴K*n╙LVРN*є'ршо─Iє╥hЭ·8ШС:7ЪЫw!Xе╬аЪs╡aЛЮ#─Tb№ўp&┴'иuhм▄жv▄ў]ь<ур\оЛ▒·cУ>д∙╖(-█B|Д╪ЁяR ю$┐u%9?ЪвМjўЮ\f▄юз┌P╗╖╜]└vq и]IЫГ∙mZK╦хЫ┴, dг q~г▓■бкYюбO5hqЕ ╔'П@▐╤J^▐гбy[)_╥Э,ЎЦКnш/&]l░Cy┼юСW} ХьО╢yТМ!~▓9w`ЫZ╬╡ИвЭ°БЖTт0┌╤Й╨QIU~З0.╓А%ЭmшKэє╬m╝[╧"ШCv0│фQзб╒╗╬УЕ-╟03Ё#чZп┴TТh/о[kI`TЄ}еB*╨Лхя░ыWа2ГСЩv#чЪ╪M╗░╥╨1"ГеМ╘Ў╟╫-/Е_╤wP [чФ·ЧГНкЧН╘[j┐Мs9BяUСў3▒];( є╚I╩╪сg7 ═я>ўгX¤·G░·5bХ·▀/w├ўPю─YКнxVaу┐ЭгГ`┴w╚╧ эIас┘Z║QнH)Бя╩h!╬▌▌%ЕT╩· С┌А}ОАЬ√ЄM8ЯБIBПрJpdmАc R▐╞О░oывy╡X╛є t╢╧^▄^ъЕ█^¤)(w`ртr╬_ю Ц√█┐▄л8═ЧрК+╝┌ЪкИ▀═ЯCЄ▄ЕЬoг╖J· M%Д╒умh7fА,F)Р{пбS@╓}Ohе0O'3_рAzв╗┴КJ─e└{┬УЭОBcЇ<4Jt0n║Ёзq║rюПЙ╒ИкдH/═М_Oa)Ё?а Ze!Ду/P%И╦тБ чХ╘╬GX- █Ъ╩PyC╩ш(3НPF:╫cДС╓О▒сфp7Ї=ФЙЩhРuа┼┤╥D<*Ё▓B,!чЖ─я ш╬жU╫d√В*+g∙.░■ mРП░■sРX╖F5Щs═bщ$у"?√) ╩;¤a^DK¤uяйP╨ А┘мрЕС∙#ЁTЖ#╒ъБTшЛ3жё░@пв=°э╘>йTFь&яc$╕ J7%:╗_a ╗╘ошўt4ЪnДЇ\Шhk╣gPQ'ikЫiпT╩╘фlQ)={п?ЇB;°┼ы¤╘ш,JГ╚Ц д S87JфWЗ+R+∙Э¤h╬_:ME6vъЇBуj╩!ХБl1п?TНjp5╙·╔ўФXM╔щA"°√∙иCжdн+єає╠kRИGв╠ мн▀╝1ц]л┐Ч╚О+`Ы ░ъVя┤Q6Ў╕'╓ъQy╓"∙NЯBsФЧvЄц╢к{xй№oЫ$ГхЦ┘э ▒╝Ggs·56 ЦН{е╒╬Ў┌д└Юэ░∙OЁ Я╘╞K┬9<зцьfQи╠T╖X=├Ё ^╫_ИХOО┴╬ЩАТX;ЛўZA╚╪~ш{:O<я╤Г▒IЪ╪6┴╘$H`╞хЕл5Q¤ЙP╘"x-n╞гs╖Лй╕vH╛*l├СёЎА▀чH@J8eН`▐YuТЧDcR╧nх=Р╧1bЫє╕╞n■иъkТCAїQ╥эx┌ъQч√╕-╠Щ▐0>┼╓@ЬPУ┼єЖ1 =Є1┤╦ШANЮ|О(х,Є}&O%█куTL╔Рdgў╝─"МuЎГ}╘2 ї8┐╘H НВу\╓Єк╚r0x?╗Є^.Н╢,H√┴Ь▌r▒9Л|хь╫8Ў ╥&╠-№"а▐─мфУQ\I UsqБп╧Q{▄тЩ░┼Аr╨╬;╧╓ 9Ё│╝y╟┌>┘ФВїcРўўkmR+╢55╖╚gє╬O▒∙╗БїШТ╚yХ║&НE║їЬ`ЎWН│Mа>╚Пр═З▒▐╗Н \v╢*й┘ц╒мыс╚ўм▓╞} briAТЇЙ│З/W<*фе∙I■├ZЮ{╟ЄdК╘хьoяьМ;3Ч│$ъ9сВ╩┐p┌3? ¤G╫╧ЙЎ~М╝─-№ЦPЯXn!]╟Ф▄Ъ&№у├}+\=У|╝╘ОKh├√╧Мп▀┼0╜3м╥nЫ╘╔gюС3XM╗эq|}╧ ╨([ю√Ц[иН╖`╒w*pA[ ў д_у╟┤XЪцGп=^┤╦s╫ьЖ7Й?ф╨7Р╪ўнЕЫ╪Q┬]╫╦н√Y,╪┘ ╕°┐L▓░Я╨м╫Є,mR│┤▀╘Ж√ vcя═н;H&√D╦Lt2:Kl\yЇT│*▄╔=┤BM▄╦╨)╝є8xГaШи¤ч3Є╘1иЛBчз#Ме|з°єЬЁ╖╩/г╡"5Є├√"╤∙u4 ;─ИБкєСїВYxг (~║ JZ╛eФ2Р╫n ceQ┐H``r╚╧RРg лAзCFквЖ┤t═QzVЕыGxзў[@*+aЎ)=Г│<╧┐гдїk╣їЗ╤kйўЭWгз╬╫ўЯЪsЁAцЪ╠ц[тifЧ7*╬¤F 9У╗Ь╢▌G╛hс╣9яKПДy ChL┴╚╪БZЩЗ╣╪╣┌hЖ┤▌XАJa4db╒Є№ЮY ╕ ═КiРT@Ў^а3╢&чW:LЦ№Ьk K▄╘ЖIV(рнZЄ9eA╝Э■iС2схЕ╨U3ся┬Ё┤°HИе■Ц╟a┐оЫ[7v8Ж╥┌Р]сIlф ?п┘Е┌и0╘gШ,╡┬АЮ┼j8ikб╤ЮyBЁ$я═бb╨┴{sВ┬╨Ж▒ ЁZОzн%Б ▄▌<┬Й°MчВo╣{▐╝< b│ ┐─д╙┘Ф╤0Ъ╡6n▌ОФK¤*Л└q{lx▐А╥┘{;+Q▒╢Ш?с╝╧iИЁ5cm8-Cx76к9/й║К#╜■RP┌vн|╤√kЦ█ФDu╡Ь0i╡1пgLшГy?ч║c8N°РW\∙`▌АY<Жv╓Ь¤ї└к╨зО╚Р*╠гQВ╘kШ┘,,╝'№ Щ╚їFБ_:╔X'Гjє┘Qeь@e▓k!eЫ╙пVШN■вwМ снCqю╕ю>┴5,H$╠RiЮХ─y%]x --0 а9{0z┐Ф7}jСЮ∙f╓b:диXє^╬█CЗ▀└{o;яАdNїМ@Isfу p·°О|{╛ ╨А=_.x┼:╧Ъ9╫k▒ДNП▐ Eq. ^Д│9йХэ уэ╥▒\щ√╨■M@▐Я@┤чb╒°1jРs=НD2у\─бВ╛╜Ща░vxAр═│бёЧу aА&Бc"2ШBўнИ▐х}ц Y~├U0x╔ьч┴iУЯЧЎ("╘Ри%█ёd■QЭmУЎ Нл╬(ЎжBk╟Hъ.nб╦zХС№Аj║ Єф8Є9вM$Л│tУ;ёxвЬзtтд╥Поп Л Dс ╥y╣s8J▄┌чь╨dЦMъC, DEq╘ЄRмУcx╚@· Ч╒Р╕7aTCx ХьdЭRЗ╒Р7LКO#K▐yШ┘МтG`йd╦pPоИ╚+▓Ж╙╧Zе6┼Hю┘ыю9раГР LЇ ░╬nф3ъб(ЮН┼|└╤d┼нWDк╓NШrXЗЕ[wHЕoю Ж╞C/г)¤}В81Е▐ч\╧и#CiS&┴Ым╗?Ш!~G.&"B╕л/,ЦD`N┐╢╠hT~Ovиьи8╛%ю┼в╡p▄╜Й╥C;чzъ▌!|З╩эЭ─^Ъy¤░Ч;N)g!ф&-юТТsB-ВW╨У#▌vп╞Mо╬HIжF╩╤╟УI1p5╚ЛgЦHў L╬√ ▓░Ш ДH┤╦╛'єDЮ*dПP+%└ АЬ ╝L╕$└P+! °╕$─0└*└%╓3(P╟HnH l╡lЖk╠RД}%▄W▄еР&S&Ш(#<иG╢уЦя o╦$и▐uFр_зЁ4ёЪЫ┬r|hX┤Omr\ч№┼I8∙вUй╠┐К<У5╚c!@▄UК┌╚"В╓ qЫЩhs`,ЭрpцоМЪа]▀ ╥T╞яqР°pVFkт╓}C4dzх╛xG\▌!P+Э╜ДЇT|ъ╚ъOz °┘сBыФ{Ш ╣оЕsп?GK vBлС▄─#<╪KmЄАLП╟Дз├Sbр4Лw┤\bЪ |Д▀-yцдР-1`i 4Д6J└NЎI"╛`,┤bї╠O!╬┘╡g╔┴юїўСгвh╠▐9Мd■ц╠<'Е╛CзУw·1▄TuЗ·╥T╖}═@Ч[йщB+p√ЕHЧQFєщцhA-╧╥т`оF╨<▌GRШmхмMБFHСф@.ЎОо\▌Щ$}dУvё╥^ yн╣g═Z╗╖0E(:Сы╗┴цЭЄ"я<4№uїЛ╘■.""xя╨XLt╔╝ф│Щ╗╕З' є(9_оB╙вЕ,ьvuC KЬOЪy╬т╔>╟w╔Р╗ц3┴╘cєZ6Ь│HdС)╫Б{жЕ╛sm═NR ▐г,B77╔lцяVvЗЇх│л Ui6╪M▌╕<╠K┘IPсе ]?Ф▓S эy╗╘▌єЗи3╤8e▌Ю$x∙┴Ы╨цK╒e=жш√}0 В┘┐r$n"И'0√ўv'╧vр] ▀oЧц╤>оЙЇ╛│_%>═Ъё│Жл╧╕┐=аЬ│#vL░╦г}@$╞Фxє╬ ]вnЯ°ы┤єDra╚эP┼НРU╥|╦Cа*(Dж√2ЁЖЎJС^h,╜/x╡i"ЦHТаГ┤!Ш·ё¤d[╜┬г¤бЪ`┴╣а{_0№=Nлv_5нлч5W▓FV╫i}дРJМП║Зt▄O|нZ┴ko5▌С└LB░{Ё¤ht╫J┌Э┘.√БнЭgу╓╪еф8O╫Q▓╜Ур╛ {▓twU №ЄНhю]╟8з▀МшI tReВxГ╨ЪезгЖ╗@ф╛Kor{b╖р╤Рлz&┘=Мs║Л┘%═.╟n║ тMdсфcлФEi┌_┴гE>┤{╡ФR╠ЎСE╜д▀#rvУ?Я№g╘Rз└юъ╧р╬╖n2║R▐дAJVCё@np╚Б|Ж▐ЧE┐;ovо╥┼нIа7JJAc7]^└г4E°-СW{■> ∙ЇЩ╨#Ё╪:ьТ▒├&%EЭr ▐▀iо" Vеж@wвZ$ўi(Q╔0bЙ┤ ExЛ Y√╥=╣Д~╧т╤╓П&|╣m∙Ф_0э№jшЫVи└сZЩ│o▓Ч─╤Ъ2ПТ█3зwUТЖЄtО?Е°eo%Є╦цЪ┐╘╙√є╥Яdhлч]▀┴√│iBQiТPt?Р~ПM·╪|~їpй▀&} Э╖I Erf╗wьu╝yQ╖┴╧лчшфГчРn;╚-_°Q│▌ Э,jЭь╒W}~ -╚ьD▌чФ/№▓ К█erPGЎ|r╜╣)╣▐ЪЫwт 6я┤э6sАs>DH╘o7ї█ЬнЧЕЛЪГvяDRЪls█╣lY╣╟иYc7яY9╫ъБ╗┐°Щi^R }ЛwхД╠г▓x╠иЇ▄"ц^i▓│¤v╓gУ|╬цЧAС~\є╔,IsнRc═╦юГkЗЗ╫═Э=мяЩyNpЮ╘└Ї_!KuЗ╛+║п;И║ дaП╘хьV├ЬГч?лnВg·▀ЛХ╡Г╣xdY·┌юЩtпЪєNzбNв√Ъ┼ь=+╬<7 ю>▒@РN├ф+~-H╕PDх~K-л,IР═p`@n ╚Є╠ўЄлаеЎЮul ▀у╛єшHп2█ЗG▀:Аы%┼фшT,эОx│rsа2ї╜и╬УW╙Є O╥Г▓ lHВ9ў▀C■;┌┼°Щэ╫<ХсЩ~╙RBkq╝s·ЯW╞Ь█Co%lYБ"уВ∙(░ъBи╨$Ж╘КИ№L є▌}x╛PЪ▐[Д`VТ╨J■ГКЮWЕVэ■"FЩ╖П■М>шаё╟+ўyl:йЛП$╔AKО№▓?X╝+X▐╝3╝O╜smЯ\ПtU╞єib╬╘ж╕√╓МК·АDЩЭВ и /▓fO╦Ы┤╩'г6пhL▒{r~9Ю^L╩o32ўgvЄжO=1╥rdl┤{Ў╞uЁR╓9╧ч║О█╠зj╛░Km6п▌xYФ╝┌╠эф┬AС[Б╦Ў╗;y╬zBJКхеЄ$ф╛.тQЇсиF░Nн<Иk╛ящ*iК▓У,Ї╦^▐фsLГ┘╟MgD?8ЪаqGдЇ Пм_Ъ¤╒c╚ЩчqН┼3╥b╓Л=╓╦|╝│ Е4GhЛ5{V%СУ0]жV╬]H6╔Хъ╜6R╜р-Х╥3*╩~2√9ч|rЇ=╘╞хsКxМ{p"~╛9['Я9Нур#уАЯ@J╡zбh&Шdха╡зlE√/│╙&∙э▐Еn№p ^нvж(ы╗ЪсВй├УyIгC═ЪЗ▐#аtЩє0+Ш[k`╛ю╝╒Ч ж¤oQВёёjЄюsВ?а╠з╝`─Ыр┼!xЛ(?╢Ы&я╪=6Ў=Ы╣gх ╗Їе "▀▓╪Tаq)чЬ╥6┤k3яо∙▄Ж╗Ы&В Ao:Fт~d▐9дя ░аIOY%!)rшю╚}Тя;A·РшЮ▐wщ─Ў9юб√╔ў║а╢ЎЕш'╛ u╪Z│ТXjЕъК2Ё{│"№ф;Sl╥Зфh|о7┴)╡Y=№╣\яэчxюЭч╖у 5Н╬Бa▄гкхуё╣цоъBлчЎ~└w▒┤ШC┌kХ:L]]▌╥░ще╜6яэ¤`цє]ЗёЁГря6Аб_╧{n ^:╨uЬПы╢!ш╬ :ьqфDЇўa╓╠Nа╨ЭP{╕ОшlНф▐JxЫy╨┤╖KчAфbx╧Э¤]=▐[У∙оn>n┐=╬.9oB╨╬ььъЧ ,Л╥П │═ДЛ═▐б╘"№АDn"L·(Дh╙·iЧ?Рд№блo╟╙}їЗ╨V▐╦Km`/UZ3█┐│po┘┌╗dЇ°F┌K]S{╫ЧР╖NКsА%:╨╣?╚Ks╟в/c%ЦQЗ┐[╦╫&k░тw ~ЫdС82RR ▐ >j(0Nз═т╔█iбЖqU╦╨SW╥8└Нз ╖тлр5Нр%О%MЎl}/FЫ┌BюG['▀ЕЛ&╠5LшF]rS▐&5▀└ТБ%╩=сл^▓Р5╤-├Sс╖рЛ╖╪е▌╕╠ Ц:кДnx╢╩╟qs╧}ЁIk7Лэ▐─q┼╩V╨!;g▌- ╒ў╩ p╩■ашуAўсБЗў┼R┤Fўф║█mdжЕel═ЙнэФE╥иАлш°¤НрE╕я¤╬kЇ╠░*у{n Эп%^║ АUt ^ЦКФъ!▀7Bo=гаMl╚╬ЖЖrБ8exб╞)y mш`╧│а/ОЇ<9h~вд(їе}vйЩT+▀п&ф~@Mn░Q YдмлъБ│|bЧуч╬пЭSh.Ъ7GюU"Ч[$?к╓▒%їAжц╬}ИgDц <@m╖7ж!.1_Бqjf'о╒Т<╚а╩Ё&ZJ°QGП=Й/╦_Ь─{╩еПu┤┐д╗О7∙?о%c▐-?Мз=[dХ▀▄┼Kз╚▌Ц>Щ▄'¤ёlя<╖Ує└╤№Фa═ь#gкw█Бux!рd~3┼╚г)▀'цв;_(╕O8омg"ў]=!░═6╢еюБ ├╣И│Ld7 ░r╖y┤U Ё`NХ_$wXмэ░╡╢Р+░ИЕЪ1╚чбїy╦М╫ЎМ√┤Гь╒█╪}uл5╫2т-XoTХ∙NZхGфLЫ4┼╪єBдП╢VНС@чI╢ч7%НJСї7ъюЦё┬NШв╜I6┴X#░t^├√t╡R!├D▌┐▄&м╙о─дHyБ,8╝КД67Wq[GAF∙i]Щ,xo╦P│R│LY╧Г№їAjЗI√э&Яря╫Ф·ЁкпаЧ_Ж ъoKaъ│,┬_QэёГ█Ы|йЎlбЎъЛRВkГA(6 єЩЪ YMщA╥рmzТ=@ Л$m▄XJ ■Sцгe╩<з└Щ №╣G/ЛЮпВй'KФ∙LБя+p╗_Vр_°и╫(░\Бў(p╢oQ`║F`ро?║B:и№|d1╤┐P:3ф7lH╝ў?ФZБjH|hX▐мъЫAWбЁ7<ъ╜oярЎ║W О3ў╙╕^БН 4(░ў■!∙Зрп щ7°'ЧХUj*к╩ЦN╕╘√ю╤Y бЮ№╒)pC═Я╒√Я╩╤▀╝Є{╦+j╩ ┼UU°▀XЄU╦+К╦E├╥КЕеJ║!═2'Ч╖═61╠ЬХ┼U%e5Жк┬Єe┼б╫sю░╬ЭiЯ3▀─фVЙеЕeЖ▓КъjCEЙб║tYyiIiQayQ▒!-╧>'?▀ДэTИ?Ъл Ь Є-/6TW;╩DCi╡Aми0Tп(,+Г∙ПMЛ+с%а[╝╘Р6o╢%ДE╕╒ех╦eЕUет*CZ╛m╓lеZf╤КBq9`Яf║┘РZН ;jjuZъ▓ЙЖ╘e&Г!нкX\YX6" аmГлсIВgАЯ┴УсnАчс ╠$ГЯ ╧rNДз┬3с▒NА┐Бз╓Gсл╔xя╘ pЮFмg4╕╔Ё<сJАысyq°8<╧C°)АЗчEo°<АЕcf ЦX ╧·<╨f ├┤aаЮnмр<ЯBx1└i╦/l рГЁ|Н╕ax9├|ПaД°▒o3<е є<:o╕тWр│C╕`√╜@WwьX<╨Lсчх0ююШQm6S°C%├,┼:яГ:к`!lhкЖ▒├<YН╦GP!<П@╕рfx!№Ф,║·Оe6└єц°√└єАg╢Е Э7<bА{с∙q╕oМ#Жс9З∙яЗ╛┬г┘Б{0 s╞wр■ ├мГ'aю╔р> Мї ╧┬3┬╠ П╦╝#Д}w┬У╢у ЦR√щў_¤сЮлaM╢Чфt ╟Оbt▒Лc*╡yЯк#N╔╙(╥2;@яЬDї ┬бяП@┌iх=┬pб6у57─лcЦи2╪BсD▐к└╣ \м└*>xdp╗O(ёН lQрз №ZБ¤ М∙JiWБi Ьж└Щ ,Pр= №ХEоQр├ №н7(Ё9╛м└- Ї)pЧ;°ЙП(Ё[ЮS`╠Q ї ╝\Б?W`ЖoVрLЖ~?НЕ S╟ч ╓R\V,чTХКеEЕe∙╩ЩМм╡\,оЪ╠мT═*эЕ╒вХЦ9Жё|▒░JtT┌╩K*xf╡┌V^Кч_Jя┐и╓╟╒╢jKvN╛╜╕piЎ*▒╪  ~5─V^ФХI╨ф:╩─R╠VP1┐tiq╬Є┬*жJЫ_,╬+_^X╛┤мxй╡╢и╕│╧,-lЩ╡∙e┼┼Х╠│┌В▓j@ьО┬2G1єбvЁ9Ё2┤╤'N└CИ 5PPnХЩ╩,ZФ│и║▓╕╧х,вmVсnювEЛ╩КсУ╩┬e┼ЛJхELжоX▓и╚Q╡hEa-MdцBъ▓b╧V-лfЄ!ОЗ К╦W2оXвф╝Л┴J+╩WТў SёъbqQaeх"qU%°ОE4┼Q]\еЬ▄■gнXZV╬мВ╨КъeЛКk▒┤ЗYTDCПCиb┼ └Хa╢3ЛаT9°}Я2ЛJh┌8Ц4ф[┴8┘EeEў2&╒вКrR|ЧjСгЬд=м.\RQ%2V├(A ├<пж-╝н.йм*-KШэrИEL│║дкъюPЧ╘└╕BшМП╬Фc┴│SпPъИ╒м(^QT╣ нwAў└┐╓рYи┬2Р>M╡Xе╦║├e┼°9Ж╩ЛVT2EЪХбжЩ_kjКк╔{ж√ ь╣═:w╢╒~¤фЇеee(I▌ │Ю╒+Лк─v √~Y#▓.Що╫╙Ї╞9:╕ё?Ю№щў╙яз▀ ┤▀D&tЖ[Gy┐L√яЄ{Mб№Хй4 фй,╔ V8 O┐ Y? FFCB:v╓ьyЖ│∙┐╡QgШ┤т╞)ЁGtФO_V\^\UZ╤┬квх╙kз▐8 _.3LЪ3┘0йZ\:}Y╣ШTR2л У&UVоШ^]]9iЙгдд╕jюЭ>ЕIHO┐&]|КkЛ╙ЛШыЦ8J╦Ц.-нвБы▓ч┘ьЦыVДО@OZ95=#=#*KУмЛjJ╦oЬrIюV▒1Eh▌к▒╒E"гMЫx ╔║╪▓КЄeЄ╟QОVQёRШ;ЁFyГ j№нл░p)мо┴*1╛,х^Иkю└U▒╒╦┴КRЫFлАp}ZЭ │kbЗdМ╜.м.'╜╨ъЎA┘ШE╓9╓╝█Ь┘ЛцZsц╠╡0Oи KZв6▄s╨U2,ёТ#Т>│ммeїA·Bг╗Jй?6бj╓E▓)G╦їg├┼аmьl╟К%┼Uy8Ьр╓T┴л╧i)СRшиа Н~Ж·Лa#▓т╞└─щЖ!nё°Gл√#№MXФ3gvБuA╙б╤лЯЙI▌ ї─цe +щgcЧт  Ы7Щ&d─ц╓цTЯ╝HуSbєЛЧх└√ЧbЖ}ёй╖@№e┐уVИ┐Bу╙0>тi№М╧В°л4ЮЕё|И┐Fу┘▒VБ╫iГЦXKUг~Гb)@,УQ┐IcyЫ╠и7╤╪И]╧и7╙╪bИ▌╚и╖╨╪rИ▌─и╖╥Xeь▄┬ZF╜Н╞jcчAь-лЛЭ╗bo╙XCь▄%{З╞cчVW2ъэ4Ў╝Г╪╗4Ў╝+e╘>{jБШЯ╞6╞╬Э╩иЫhdKь\3гnж_ь▄Lш▌kГЇn'Нu@ z╫Bc√!╜kе▒nИMa╘m4&CьF▌Nc╜▒sKп]4╓Яxdюw│├яG┤вjnё▓╥jЇ\╒_╞─ПЛ╟WjО╛Bик(c╘GФ.i8Kё╟▓p·WJч4·у┘UЕхE╦ *HkGХЮF┐ЪYU▒В╝<жЇЬ╛ ЕRTVH1фm╕t@!ОЖQ╧╖═╬Ю3╟╬─мMмGЕУ}gБХЙё\Ж7"ичг└╟2яО96 гf┘(я#s~.г╟ъQэН─╥Мz<Ы╘└"F╬L╦╦Зъ╘yl ■7w#~╢┼ne╘┐W*└"┤╪q6┐ 9/Т╘├╥Fг4тЬy╢┘P╛Ie╥─2╠(ь╥ХHB ЧД║,щw*%╪^вфNХсЦXD/YТхfNЮ╩Гпд╛WЫ&Bzм╜вЖQЧiGь#JJ(]╢ЬQп╨ъwаКbF╙ьъrmм2ы╟`¤ясO b╦╨ДчB s╓жP|гVЦ`Ж╤M╛мН`Є>№╜Ь ОN│┤┬▒дмШQщ5d╩PвZ▌╖Рч ноДP6HК=╞во]РЫ╗(Я┐├║ИЯkхпcNеWпПYш(L?┐вj)гnд╩ЙЙ═' ACU▒Е╦h╩ocЖ!╩Ъ╪╣┼╒┼U+ЛЧВ0 Ожic╔Є╒Ь╩"2¤ЦM;Кэ°УжvR'mуZОУ║IЪ8Я:vЫ:ЙS╗Йу╪ЙТжОг─о_У╛ЧжyНч%q▀I▄{gfБ▌E9=щ;}=┼сrч~ц╬Э;wю╠ь╬юОЯ&╥yЫR.ч7l єЪЗkS└ЯD─ НАЯBj¤-ЯGT√[┐К0Д╨№Ъ `>╛-`ЯААф%Бp3DїяD+C@d┐ э Б╤¤╗╙├1ацў&╬1аш╦sМc@╒W&╟1аь▀ ╠нъ╛*0ўR╤{0╓│▐B╔jЇцп┌ъ1╞п ╧Уc'└ёЮ╖5б{╗╫░х╕ої▌°_Hjs I═ ┤IЙЇ#Ы cDsG_Н├e3|т%╜ъ░┐HMqDР■▐▒цv'ЎBФаЯ┤┼c('С$nщО·є@х│░_:Ъп├7╛hSФ─ф8ыoo8ШЪ И║╬k╔юn№д╓ Сw√╬jАr∙╔DктРiЪ╪Б ы╙ычЦlюzф\ "║~O5/тW╝з╗q ЕЎЙЛ│R╡╗├ш:эjнT├╚╝┌▌x?2З30E─N 1▐н`Д]7─ #Rл[aSQЫ:ШRS?щТЪ▌ы;kЇУ╙(t0"нt╖▒`┐▐?VА╞[хf╙PЕувЩ╣ 0╢╕┼▄4╣pЯ╔▓i┴:╬┤&f│SDZяnBU┌┴XУ:бг┤┴mgp\Clt7й┴V▌[ГuЙ °zCj0ЦT√B╛`(Azд'ЫъЯsБЎУъ▄╪tfжUM╒<мNку╟gqf┼Dр╘КГVє│Рс)О░1·X~fЇ¤"╟)(6Ухyе┐тH+ыФ@>═С╒А─ №3t!Е¤5▌(╗░0/ОиNC╛╠┴zFЗйЬЭc┌}Ег╝АЪ?СЭЗ)GммИЇ╒жj4@ 2L╬e└ГЯчV ╨9n╧▒сkM╒\╪"миь$ ▓_oк╛йЫ4#+RYOФ8№# о"uэ Эo▓П╒`╦-Ej^│█pL╫ЖсH4дq╘KWxы Xьcу3Щ,8рХ^╤И|ЫўSа╛█╝в9SЩ╣IЁ■IЁ╤90eЫЧп▒ь┬щRє╔╙s╟чgSc8`K█9Y)KdT╪╬)╒Ў$мZcS1╓7╞f╡ёbЗW4!▐W╔╨m2╪ZЬRз┘C_'iз╫╛qЕ╬g})ЯМ@4H┼#DСf╝ї╫║бВтNiШёК5$jCдыDнJ67╩Соў┌▄хbb,∙вЪпJє▐·С:fZ╓;nЖU~ д╝╖чхЭ╪╬I╩?!н(JV▐@┌В0ЯЄB'Д╔Фп│:З▄Jц;┼бz;ЖТ╪ПOз9╥л|YnфPЛrб3jU└░|З6(Ч!t3WwЛЄQД9t╣Є/▌┬б+|ЭЙt+З┌№жАЇ6╡+я┴╬rиC∙;ф|;/бS┴ p╥mъRV эvu+е;8╘г▄К┤wp)Aeб;9VЁ[╥]Ь│Oy є▌═биВo╔ТюсP\9Г╨;9ФR■е№ЗЖХBят╨иЄiФЄ╗▐l╣cд%SWЪ┬jЭ╠╘╪8є╣╫█zOЎ╡Ы.ю░zxMz╪[д╛ь4╕┼З nё╟╖x─рbpЛ▄т#╖°иp юъeєy/ўАП<руx╘рЯ0x└' Ё)Г|┌рfЁА╟ ЁГ2у╪YwG(2~Ь8:┘zИlЮ═iыт╕╩∙╟8\p▓p}q>G╗╩ иTжCЪc7Cx7OЬ&О.&дАт╪├А Ha├Иc/ClA*GьcИ+С#0┐Р-трV Оn~}∙Їшл∙e:@Г3╠·К┼|ц°B─ьgД.$░ lОkв{є╔ф╠№╔CЩьм▐=№кT╢╝╓t°°е9]нщп■5Ж╤═3╔тD$Ы[(Gа?pgи╪BСсВ 7╠p|З#─P╟Иd░│#,_╓H Hт8*бщ╖╟ж░6Ид№╛dИ╪нЮр╝▀ї┐А╢╡LP╥╤T$╒Ч@O┼g¤/Вeц`z@фиж[a%dJйбБxjД'╙╤(бШКt ;C7└sвУX┘╣Л╚xМЮad-0х╟+4 ├EТq_*╨GкШ°D"Ц ╞ВмЬШm"╛┴йF =╪?;4HjXцP:SФ╕Xщ;ИЫq@вЦ':HOtcщ"ї╤E─6r дЪXix╡╔Л)0H,CЪ└+T+1СЇЕC╛D┬7BV▒║ёt Т %Вбpdмx"°Хи╒Й█фФGш $─¤_qяЧ>╨╛ЖР▌l ¤]Еv░ ZWХ`╛z !{hBzЭBX▄;▒РЫ═МГ\5Ч+└Ф" ·G┤Ж╛$эG`Ц╡oьж;0juПЭї╬╤*Їгю бQЄtg ¤╟^▌ ПPЗГ┼▓¤у3Уу╫л┬}Tц?╫RКyhU+d╠cI1Не╟hГuтт! 5F╢6 j0┼Q░╬в╟i .╚╩HШф╥q┌r~YцUe;%ЙФ╪RJшYБўКнaЫ$═hWnАq`6W╕1с|Пў═9▒oЖ╨bш┴║НйД■╙Кў├ E║я№bO&d╖#.╠C└д?vтН]|ЕюЗрЁaQ▀XПт!`кl'#¤)╗-ьг╪ @Щ┬+Иш█п3№├А{ё┘╔Bв5¤~╟Kp°?╣ЙРgD,Z┬н9└ыkВk H[╩LV3УЇ┬║Hp p\┼═└┌└}Р°]╢u&№╛═Д╝!2╤ЗЁ▀ ё▐ bГ?┬у└є~O√e╛Й pЇ> щCя█шсKЙ4▌№T╛gd< \°й╟7Q╩р:``├/OРВDБ°6╪У,Ё8$>-сKВ8OА┤╨▌№3` ╟и▒а)Аy╨S)ЕЕюК·B-┴+╪ Й]м`7┴╤╡(2'X'╢рH√ ф ╗жp яFМгл╦Д╝ н╤ В╙т╒\TK85▌ъh═3и╪█АыГPЇрш╜═╒l nРЎЄ:▐[?Ф╚└h'№+G╥Ў=Ї э=i;щ─З!W4+АGh Д╬╜M ? ╚}ыЩИ-b щ┐KР┐ф■ЁM▐/кў _└kX╬VQн_pIc$┌+╨Онр╠╝°AzРЇ/|#рг╤1=нcz\р╖рcя■└▀╧iом%ъ4+■oi5t▐рпАщ+°ХBl╨ЯЁ$■Б @#оNqu╫ЯвwгшШ9>╝ cO{UЁ\жХё└Мl@№║9zpuG ╧+Ж0ГХ╓АIтЯ1ЙOUH|б$ё3LтM эJ|Q/1Ю╦ухЁ▀┼M?D╡]нСТаоНр}╖ tpлhSmюQ№┴M╩C■╦╔╓Є сТ% ║У┼Imлl╒ л▀Д┴·[╜ 1 ╜█¤q╨т жO5ЇU°З▀Н~ О╨+╪aU(┴zА~/АC 9qP№ЩН▄{:└z╨¤ А>"А"·╧s║▄ЦM<ў╥U/мqыVюЎ$о пЩь ШOФ6Їh7zшJЇ5bХ¤(HLNЮ┬b▓╗9ЇL╟ы0о╤DЗW╢▀З▐╘╚PУSЩYь7sp89╦Р┼FЬж╙Сd∙Т╜┼Нo.╢▄╫J`ЄУЇ`1░Р╧OfЛй╔уЩW╩ХdЛ╗╪-_SpdР0║В kQНИк╨Zl1А▓Р▐╬╞▄!▒▐Є,╧▄л╦№ь·╗xцB~аа╟жe~6┴2л╝|ПГ{2b▀Nк▌H▓╢┘ьLф}Ыё й0y╣У┴№9 {Рf┤я▓Шф┴(Ы╦OVИ]/─тр╡/г_&╦ўUe/У:`Y3А╝√P╓d┌QGYЙ├кЪЗщ└tсЖУx/╤┌(Qvч=√─¤tDт■Сю╝РГМhO*hgхvK├aaGU┼ЭwаУ* фИxК@Ь,=u#тYqR<Ц┌#№1■┐ЎЦХг*┴-рS5г8уQхщ▌*рб▄▀6·└сAw╘М П$+\▐#р╔aИ8╤бЪ#,┴■╣К╡гI╚ПЗk╬;z-Ьёа▌ЧpИS]OыKЁJ▐F[Пю▒`LА!Є_l+GCР ╫b╙шў>рщwyGлp2К~╞;·%`╞Г^х= t<\є╡г0K├wgР·+ьНшЄ╝6M&Ч7╫>,╬ ┘[р8╜ї58Y}┐\┌║╣cўoЇОФKя┌Ь.э▌╘О)╢ЫВ├╢┘╠ёщq╚4ХЭ▀V└о█r№ X╬р╞M■╟╣─йув[8Б╕MSNио▀╖╣tRwu▓-Э,2эь"╔[yчo░eє-я┼№ўэ┬4m╝╤э╚╤Ў_I╩╙╕/╘░sJ╬`=▒M ЄNd╞' ─n┼Р╥иэh5!╢aаз╥Г!5ш ╙╤Рў%R_яф├Т- Ж#Дъr%/╩e1r%у╤^цщM┬8TQB8ъыe╪·РX╦▒бa"ыр╨@,1ы╔ф^leЖpJ ─U▀`Pї'|Г└k√Єx¤yОd ХLТ*Ы/Ъ╓▒GЩь ╥щи/RcщTo Ц└к/"Ь:$b╤Xo:джУHЖ┌ЖHuЩКG*╚5e2Ц ∙щ╥ЙL'√ДЩ╚ ]#АА(зwМе¤║╢Т;'uХ╠Аїш1и&√bЙd0АW¤I╜СЪе╥Й┴$i╨┘.ЦNи╥`уhd Т"Н║▓cс╘!_Н ЗаС▒ъ■╨`( А│Рж2k4р-#ё5Ш* ПРfг▒"ГБ`(@VЦ▒╕+ж7ФPГa╚┴▄-Ф$л╩ЇX<е·z╙дE╫оx∙эХHи╛`0A.╙iНR#╨юЁo`g╢Y}rYc ьP&°╩░oнhЦd* hЕ╡║ОI·вС^╝Л╣:X╔ЛТdЭ╤I__Шм7т╤TРl0т№)▓╤мh╪ txжй B6щXВ╥I╝ю%ЫuцDУЗq'Ў^ $[* с¤зн║N0╟цє'╔хF╜·"м╤┬0┼жкщHWIсp"КУm·RjW√╬о▌и▐K%I[Щ▄ ╛Чр.)ВYк╡▌с╥ГЪ¤г1p@╝Йў┌/╞┼.║Ч╪vШГjаyx{геJЬFN╝ %У\^Ть4ТQЧv╒?в╞Зc ╥it№иQЩ9╜ЪКсеzr╒2,сDlА1эZТ [Х▀HТ▌:5Xш78v8.Ш┴╨]╞╓с╖ {Цф(СўЪzW<┘Ч√╔>│guт╬dT"├`иnг╘^v5Т\m╬╡гг+<рS}>h▓▀Lю╕jЧО|НЮ< ┤ЛyE╧2МF╟ЁUpъЖR┐БкЦ▓*▓iФ`E,ХaЄР/.&У ┴TС+6p╦x{о▌╥v-]ЪС├l[ЗUюьфйV>╫╢╕Km▐Z┬цщnл╩v3┘eЮ2╥О╫2╘\╘╕▄¤9\┌avo n0tи*k├h:АJ,█ko<`Гzl;├▓l╧├смe[ФлQД┤л╩ё$КТn_┼й~╤╗5t╬Ї▒Ь▀┬П╓╥НК╟))лФZZgw7┴rjq:ў КnДЕ╩^ч>чg─╦ХMOЄ `└Д═C%┼щyПУ┬^├∙eфя┬ ╔АpщUШм▓ЫIr^┼N╒LО|'╒Йкй`║pcк^м└н0Е[╢6Auj;u _╙▄▌LH]гОь tss─ГE╘╦мЇ^ CщНН╞ iвФеРъ] ╖▓СИY┘@P*!л0AHЛYc`╛╠CMu\▌d╞мй1Ч█*ь@╚Zр╓▒ол1╘k=Єa1╕1╦М▒╞Ш╪Tj.'зlо╤Y єn▒╟~'╢nЩkырjъхкР~гт╢╒╦▐╠.│и╢Fю┬Я╢у╦"█╫┬┐╞v│x щ╨г▒│╙рМЭЭ║·єж╛╩И┬L╗┌ш5═Ы╜╝╟√>?│╚nYЧ┴╥ЇД▄┐ыо│z┼ я╣√,%я}°й√╜m┤,жХ╒fЯlhБюNx╡zЎ~}оИЗч╗F ЭKh╘cи5╫╚чдщ&$·/╡Ї╧¤N╠3ьqbf╝|Ъ+(УЪИPg9.qзЫ╩2zСЫР╛%D!9т<╫тА1┐`ш│n╢иfA─pУГ▄ЬД─JН▓Ф тzє(╤Д$:ЩкI┘ф ) ╨╥m─╪шн`О!sбн╬N&їРlЁлa│╟ЁFAЩ▌═YE#r╪А─#yF╩е∙=!G (& ┬0мЄбо╨gV╣6║<▓14Ы├▓Ан<┌╚KuLЫ╓mэ╞ оh1л ;Юг2`:╡шV▌Iz=е▐с¤m= ¤√OЁ{ 7IУ╧р$Д■_g)№┐╠Я╛'█ ∙е.└N╢хччЛ№q√эЩь°ь┬─фo╚╛=WШ╕fpуJ╙DР╥ а▀c╤6Гoй8Щ╔fЛ< У>└o╦└ фЩ╧Oтz╩▐Й╔)тжйbaВЕт─lц8OOцєlя Ф0Ц╦p\.?│▌BqoКJhШ вШ|╖7 ╙%╜&є┘1T╩ZRJ█╞Y╪vб╦щ,жТKu┼ЄD}╞К3<╒═nкl╦dў│цУ)й▓hўтд7a╬MmM?Че~ЩJ▀вTЦъ=OГ╝╥Fхъ3ЄJщtЫ,┘жхfА%█WJчzv~╬#╫B┬VДЇI┘╔ЪР╝Z╢┘шY┘.╜С╩оYЖ│Ї0Ьи\7 ╪П│d=&?uX▐аI:*╦ї▓фСй═ ╥▄╟dI··SП▄ИЕРэ╢Ч=▓╥v█s▓╦F(╩&=eIЯ╙e▄ЛЇ│Вё!d┤Ї▒Eek█А<-7(!(ёr5RХGmRўgeщ└VЛмHchФа┤Z▒╛╥Ф┼╘ФmЯєX%y╡tсiBхЭ╘j~е:├╜6 ╠Nщх3╚╒яJ╡M·Д▒щ; m▓C:UФ-`1м╛┼v?"╬Ы]z╘VЄа6gБ█!}cБ╩нТcXоТPЪфlУ[!УBl┐'oDЛ╖БJw▓vРбЪВ*█юў╚ ├▌.пE▄Г└6"╦OО0Ц╒╧╩Є)yuш=З╦kчw╔)ї╦ ╥r У▒ПXмЦ Й К╨ОТ│жY8 Wб╪n└╢╜|Тємl};`keO?└┘Є╣Е >╔─Xl╖Б*Юay╒Я.#╫H▀%`p8∙* 7AЯФЫЄ└╖LА№hєЧX╦9Дd┐ь█Z└.\D√(╥╦┤ёИ│I/вЙ=А╞╓│IXj=Ъ▌&]а<ч#ЛЖS╧0еRоЕ╙0kZЛm}Х√ўoб╟ф6·╥@3ШТХ'хi╞┼3╜ пєPщ:х┤╫n∙й\3╘гZsXlяЦe *QЖХэм3Б(▐Pv██нVщБТ|╠КDщЛрvщ√фзP├├P╫)ц█PбO▄вАTє▀0 ,╧С┴░и┤В{╫╫╦uвзV▒єс]Ш╧&UЭ]О· zЦй╘╧·├╓aЩ~▄"CД╟XAЎСеc╛с╞▌°|v*3╜=││kD│╙╙Х┌Т№жХE╗=)¤М╨uыжG┌·зз█пОо[gб 4╧КЩ}+┼@╩\ЪЙ"+`!BЎщу│█Ё>гИФхЫЛЦ ╖cчЕn¤├oЎBГЭjн╢+╤2Ю¤L√<о╘╨ж═.AW╗хO.%ф┤ЖSX█╢╒"╬цЭ8AWП%шR╚M6o2Ї╗▄┐cё╗╝яФ|о╓;м>╫Ц█eЯл¤6Ы╧╒їv{пы<Х·-WЧяiW╗я╫▀_╗Z}_ry¤╧╗▄■P╦▌╦ТM·Щ╖A}ЖA╜▌╝╔╔L7я,z щ│/┌ён|Ц╧х>kё╣╝╖JYЧ√)ЯK∙+Є·S╒Ьк╜┼2А{NУ sD█ czс%╘4В√╨ NТ╜Ah╣ЧВк╣Iь╖к°8н*╛т:╬6]ЛЗd}│Щщ,~3Ч d▓є∙ф┬ё{\[{8\ЭbЯ┌-|63Ш╔│ЭзЕNьЙo▄МЪ)ж{"▄ЇO╬╩T╗n>═dпЯ╠Чфг!°nz╬╪s=▒Й)лэЖRs┌vи╥╛kуkFuп-┐▌Sзз&┤\М╨ЬU▄м╒фТ╧Ё╝i¤s ьЩUёDnl*єу╙lзпlЕ=EcЪЄЧtЪ└ЧX░Ь1▄/THЄЫ_=л=бЬ81ц╦NаЬ)yГxMApv╓№ ` i?зеk┤]у$n[ы│╓2█="¤иg.F╥е╡в>м+JK?a)щ yС|йМ╥Т,ZеOСЫ╧¤{Х╥ъ■МH|ЯЦy╡Ї/╡Эа$NEй╡%ЕJцh┤ЦPцBXДРЪR╬ФЦsE)gъbъщ%м╨┘LKo,5╧╨ы"i)I╥Тї:Chi╡╠f╢а╠·Xйfи─Y"JеUqлУСm лPЄЖF╘╒ш╥\KЪI3└{┼┘AJА+╡лр^вжФ°+ШОЪЩP#НнO│;TBKЯ.eMV*QЩМ╘WQh║2▀╡ВxgЙй┬"Д,ттrLe6MU;)РЭn&ы4─═e┬-Мpq7ЧыafБzШnй╞╢Ц├з╩ю5є╪▐Ъ0+╣я№тТ!рBйЯ[K┼╛yN~uёЮНyЯфїy5рххг▀Л┐щТ─°єZ▓▄wVЙф■х║!цЬ╔y╧Щє2deю┐_*я╥: ўя?█O[чi^t^Ь╤Шн&0 ┤и■АИ▒КєўEП■е8юЬчq╛WЬ╫╗3¤┤▒ыВ8Ыc║∙хЩг╙в┤4 Ф└g─yNЬє&9oU▐ o┐6Ў$~ёАР_┐ ~@K▀ ┐ы─ЩТV"]─ю&№Щ9╞├0ў|Щ Я┴IT!·yЙ╓АO|U╔Є<bтЧрAПm╜╧V|\╔╢╩s 9╕ж╬°Tп)~└щ╝}∙\wP|ъЄ<°$у╜Ч╨Ё9|дКъэ№mdZFgЎ3№╢ФtfKoВ╧{ы0м═╗ ї· ┼ўгш1╪Я║D-ъ!qпA├M|├эЄ╣·-°"█хyn░Ёk.e}╬ц№%,Ў░▀▀{ лBт╡eфhyo0Ф■П|QюЄТё╣═▄%x$|qюЄ№ьf<3╢е╩·╛Їo  ─] pWu^¤╪Цd?█▓м8f╨А\Eqь─%nF╢д─bdG▒х─uЎн▐[=н╜яЗ▌╒Яёд*їL╥РtuЗ╨║н╥Lж5 изMй f├дрi=4эFS\43ui:d└%=gя╜{ўю┘╖√№P╙ЭЙ╡√э┘√Э{ю╣чЮ{я╛Нцлр┐жЖ°╖QЛ?mb╫√2├ DПfЎз╒ЧycЩжQ▒5\fЭ/╙╘W╠fР╔╢└}_fw,╒╗x9k}Щl;УGўШeЫЁ╫Б ~∙Цжr3ЕвU*№Z╬ёF═ВUъ╬б▄эPNзпiз╓_+нdzДМ╓эЩ╙Ю&ЮBv┤Й·hw▐Ё °Ы╤Ш-ЫbJюu]№█  -п&3═ к└∙2_жЕ╩TШ╠И╞айбГЧиh╒∙л Л}бAXм8cT*╠L№и8V╔Э╣5тt.V  ~ВXм7░╪G┤└Y√[lZыа2▄b╢V▌b▌WHkеd│ъbКп>2Ч|м╥▌у  ъю_ЫЩR╠Жx№╢рr┴ЕЮ C ]g╢п(OЭkY,hЛKA[|■]б╓Э┤Е╩х╦Р╢P█╙Чсm1зе╖┼M┤E№╗Т╚бЭ;W&x/п╫▄rQ/"╘лSйWDЖ╫k8и╫Z╫'╗D·ИИЫфєYн║ЭЕ>є ·рё|│╨'╛чRЭ╤/т#Ы╘9ж▌╣╬ХЭЕo<п ▀ИСйHц╪ъР╤▌whдыш`▀68o╤т}┐Я&╪GwM╧p Ує╦лўSaЯ∙└>t°Ўщ╒╥█tVKПcч╡t√\╨к█G╘╜sU║п.╘рл7Wпъ╛ЪM╨П┐j·─√*_╟6Ub▌U@f#фt^Зj╒╕╖0фы_ ┴у▀бЬ╩Кш°%эєв╞Zе>√╠Ў╔P▐ю Zz╠╝дUПЩм_ їя╫кў .╙╫Ы$├╟┴NMXu?н╗_N ▒мRО'│ўhк╠╨▒сtЩ╜╗Уd<█э:vьX ╖J5q^M?о╓╨wfW,M▀Щ╫╥√╬т█и╧ВЦг№╢ш;Ж^Ь▄^}{╡TЩ┴c=щ2{;dЁЁc▌ъД8_4╝q╙qfWд╟yi├7с▀╒к╠R┘РўпYMш▄█@Є1.kщ1сЪЦ>dУь3VqL g[к█ЗЛhБМ┤X╦╥ММЙу╓X╘╥G╞ы5Xc>┴AF╘▓╘╜)бw'шГ╟╧ЪЕ>╒G╞хhШХ\╞G╢ЄТ`╫а @┬Уs/█@ж▓*<Юю[╞F)s`лН░x<ЖO%╚PлЦаN╖й╗ л╞Нз╝]j·PПЕ}ЗyT-З{╘ нЖy╩Ъф№ $iM^s°╚\╤┬Ц  ├н╤╟╩AоуZ╘├o╞ЖW\ьхЎikЎбs"aЯ╬ЖЇUИlВ}D╜▓нK╙у╡цM)эї├eBЯфёBъ№хЖ_e╝╕ое╖EgC┬Кў∙+Нв^8;Zе╩ЁЎ┌▌Р!Sьє?аHч║фИЇОхLgщ╧└S∙u8Э[О?╥в╚XpЪ╔Дe~Р∙L┤_0}Pч╤╞_%╢·yoDЖ╖┼╢а-╢Snч■└╬[h ёуFk #╤·Ыщ╒чц┘Жъ#м╨'╗D· k5мo·╨╡gб╧|В>x№ёrбOї╕Кc╫еїa ∙*z╘e ╚ВВ№' =├╚JH╤* ▓РE┘Hg[dб-ъл╥Ж▀o"є╕Ы░a%бMЕпО╘рл^рл╕Bz+СєcBТoЁХф─JЄШq╥д:} x·},R65tk╤╝ПoБ╠у╦XПijhгЕр·рn█w(hd╦э\┘$ь╝Гъ╝Dv╞уMl},i?ўApўГэГ№vl9╕╟!v6X№Q╦v■╜fag█-фr;BkЎ┴┌┼жещз▓юЭ▒:cЫ■m╨ж┐hНоєуБm·GAЫ■~l9h├м&lИ\1JA╤П,э>[ОW╫ж╟▒Ы│Oї╕:WK\M╨ПУ+Д>╔∙Ж╘∙~нZюЧ╒╥█4Ig7fk╚¤k╚%цSъ~C@{ї\bмb∙╗%A╜|ЇIМ┤Ы├єЭO2л Я├°▄F.Т┘F╛HVA~М2╖ЖС╖щщ #mРВ-╛;М▄Hяmaд╙┤ўЕ\ЮZTРУА╠╜?М|Р┘ДСз╣╛=М№)rэ єВvс?=nW█Л°F╠z┬M°╞SБo╝Ae╕o╝°╞%НE╟РМ╪kk╛Б%>B╩Є╟Э ∙┌чЮфр+ ╙│'<.Р∙g@оьЙZХХМь5V[Ю╒Ци╟5ж╧F╧7╓РUолn1]/ф╜▓б ▀Ыl▒В5▓+D9╒gЇм┐Х┴ Tu^*√poЩk·V}п?иW├▓Ём╩>vЮ┤╣Ё14є1▄┘}┐*#ЎЫД┼Ў╟zР?$°бы9%█,i┘\ї^╪''ь│Н╩pХq╧.u▀su ceS √▌M5ьчfк╫}*ч·uЯлбюsA▌▀√^ў╣ъ~бЖ║gъ╝▀"ъEkAu╓║-ъ║╗kЫГ╚.╗)Вь|╣!В▄u▀ЄсьЧыbя$ьy┬■a  a┐R√V┬~Ь░_$ь=Д¤Х║╪;√a┐@╪▀C╪ыbo#ьCД¤_}й8ъxхйЬ╓9^┴-г'ФuдНА╠)2яфL хрtYЫ/ДezV)їя~ k4kb;OЄиo╛│Я┬ч╦gГ∙r/Хя7еп╧'╠Чё╪ГЫlу╒э<Х;G╡╣qe/ЮZ Р Ў∙n∙M═M╪gоЖїДлБ}b╓m─АMщяk-ж╪ч0╓╘J_Ka2X╬;5▓ЖFъ^}ЭнЦ║▀hJ EX[s ыHыУыЮC▀8Q▌7╞НR▐6й│П>zКy╦sАdD9>ЄнЄЯ┬Ж╖jd┐Ы█p^6╠Pb├ъяP57з█░│╣Жў┘Rl°cиiчЙъ■Г╟гИ5:kр√yС7╕╕5j░╞| ╡&░F╠[Фтm▒м1ЯbН╨хzК5ZёїБЎЫоЎYнUыqЧ┤V╢k░╧╓цЇ╒╦сz▄bК}▐ПU9ЩlЯ╗A&SГ}X9╔Ў╣в-Н}:k░╧ёZ"╥Жd√┴║з╪▀pям┴>Щь│и-Н}║j░╧x Ў╔&╪g╝dёН ЩYНyу%иe(√▒%и{М╬╝ю╫╡ЇС:▒ю,п█╤&ЇёwЫтdh6╕+Agк!╒'╚EI.zНфв¤d■uОоЎ╘┼■ a┐J╪wЎ'щjO]ь √9┬~#j∙╗Ў,√y┬~Ъ░┐J╪▀$sР▌u▒╧Ў_√q║WB╪G√E┬■|]ьGщ^ a"ьч √B]ь#4g#ь¤Д¤,aб.Ўa║SC╪ўЎ╙╗╚├еМ╚├CхИ7U▐╞<\·$фсд^╗■_u▐y>╨╣zN2╘Ш*sўвMc╛фCъuS▐rЕx╦K$FuС ▀#9v}ьЧ √┬▐F╪?,┘∙пH>╙єе,│Ф?&9╜Zh╪▀^oгoр1╖:╠Е3k*°' │-a▐Н╟ч@╞KЩw_ЩWоъ_ШЩOШЫы·t┐4"╛Ц└Vъ╛ %/ЄзЄ "╬3фЧАИ}jЖм5Е?3ф=|щ┐1@vЄ╫Щ!¤А╝дФє y9╚UЩ\#╟nЖ<╛FцQН°жещ8eg1xяП╧В╠A9║]╬┴|-d╓╚╒Ж|Н╫beА\dxE╪> с╦Їjo╜хЧмO█°Eё=&єЛ5r╘cHKл№ю C▐┘╢╝Ю3з-p▀l>мсЭ ╙█"dжrо┐OtIйщ!NШ>╛ ╔ДС▀с2Т¤╙нbN-╩yРsКх┐ф?╒*чхVц╦yн5ZўЯ╖╩QЖ█ъ┤_Сi_╦╛к─,п{╢лCO▀Ka2ўмХ_у▐ИxOЖ!ПоХ3)^w@:о╙kхZC>╚│JM?│6ZЛ/rQС∙* ╫}■im╪[Кf1WЩяб л■ыZVк┤№ ,G╤зuЭ№^oўuЄW╪ d8ЁДвaГGk№н3┴urЭ\НлЎ╤МАзЖ=№▒ur■┼Р'╫E}у@┌TOX'WЁЄўывqу:Цгx]KЖ¤юF>ukЖ¤ъI>u; mJЫ~0#╓[D╜╥╗,№╘╤МЬ├2дРС_╖рq##┐│─Р'Yг╘т│АlSd╛ШС;╬ ∙ Э-av▄пы jaМЦ∙FР╨?╩╕а┤щ╓Зї╤ї╝mы║GZьЮїZ^/3XЖШых/Є1@цTў╦щ ХГ╗"│К> ыгэї @║ВТs▄╟v+ї·■z═ўи╨x╚е {╜№ЎCVАзЬVd6ЄВRЛ.@v*2wl√╪ °у6EЯр■PЁ╘a█4С╣вXь├Ш┘Eд-Лх╝9пhX▐└ZFz┬cdЮ└РП▓U╤Ё@о(\╧"▐s`╚Ч7░6Х╚╒ 2╗Ё#дЕуrП┬ОїюQ╝N█╚Ц╚║НЭ├╛wc4·▌ HптG╣жЇJ№∙╣└оU(╢xЧX╪∙гЩўJЛ}r#SЛqсяr┼ ў;S@цМbН┐Dм╬qklМ┌ЁИ(5mВщB┐b∙   СЇ▐wгМ┬їАМ(O}Р^ефгАlWdL^r(f╢1;Kл~РE┼к▐╞Nе>╚ ┼╬▀kУя1ф'mтэa▒7█фZC6l╥° ░Рy 7ВЪ┬╕ГCтo_ Щ;@&п╘лw╦1еЖGQ,fт)╚щMс╤П'7▒▀¤Е╞ўS,"Й╚C9F╢Lx4 <╡U)∙o╔(~e√5ЬФ∙■жpщў#ъспГМж┤Ec╗\▌eH{╗xL╪ч6@║о;┌х^-C·┌хЪU#╦Я цТ¤(╚ЬU╩)╖у┐ЩРЭЯhПОD╪╬Їх9ф╞#ЦЛ╩■ї|╗x▀Oш№ЧАlW╕╛▐.▐╩2▀dA▒╞ПiVуs╗▄uх#їf╣6╚РнАь ╕╞*жЭЧ▀ю96╚z▌▒Щ═/d╗▀ ╚Eч7│_J─фмRўi@▓ rР╙╩SHЧRпч6Л7сЕ5╛╕Щї\iНo▓D╜dNбэgо┼═тW,gl╩▒щЩ╬~■>V┼1ї▄O`?йьъv╠▒КчtЛч,╧Ў▄╝SЎЇ▒▓У3У┼fJ5H╣х4)ю Q]╖КF┴╘G ╫Дб+ЎqгR╤╜ЩК Уп╚цсЪ├yх '┴ ╝ a}ЁрсС╜CCz └╛#ўыЎОь8tИ┘у,(в8нсxмe#∙ЄФeчsЖУЗЦЄЁ│▄0<МтTk╜dx╓дй╗ь>[,IВ┐╟ W╧х╝▓Cх▒═pbП5╨q21j─╦М[╢єцtотщт}╛Шкш║_ШYЪд╖¤╡н8╘ИAнXY╠-╢J"╞▓YХз┤+J:╘┴мxV╣T╡№єЯ┴wIў_▌[CWХ▌0╥╜╒лpЧЎ{1Sт╘йSjG╫їB.з;f┴rбы*`▐$p╛мьЄиaыyhpWAr>Bl┌7Є└!}hЁЁt*l: b┼)3пgt;W.M2ўЦ╛ВkкыРB∙▓╕╡ *Є'││p▌_ДЖrNтч%¤Ж└╤█╡▒█Nfи^1н;w▀е;%╧*ЪЁ8Ш╓└вж F█▌Cksш╚┴С┴·ЁсБ#¤шЗЖшc╡8╪O├F╥z@├ВШ#▄┬їО╕жsо'РБ№~`!T┼╒╕┤7ю`╜ЇУц kию 8,╘'t?чjт╢О_0А{·╘];еАС╧иК&Sх│XЖр}D:t}¤!) j bм▌бV╙я│J∙с▐.С╦}3Щу▒вю7=~у╛▓│7ЯwL╫Н╣┘WЖ6НФ40mц4Фq║╦%сГе╛ ╟1KЮ/ФkЦ&Кz╨╣lk╘1Ьў╓$│Ци└рmдч&╜╨ХЯ:╦╦)╝ЖQ╚НИP(|i!ИB`╨б┴JF)tg╚╗-╫1№h,штykZпФнТ╜5fЧ ЪН╤ыBШ╢єх ьВ┬f№Ў█I▌_f╥√wьЕ╦Rф3 1║■СЙ28ЩПУ~CВ╦Яp▄qk╠уt.√ФБе░Б═?ы;╠№Ш]ААзH=gЫF b╝ояУъT`ж Cя┤З ТIЁcA-9cq┬Ў░я░+k╟hчзХЄ╘о╨еV8Г;╦[cc№ttЗ(/ФQ='D∙╧P ]А ╗ё╕8ъП╧▌;48єo╗ЇцЪЬгЯЁ▀Y`A яЯгыVyTЫ(х4╓В╙йЯ^╣ЯМD╔╖ГаЦTD╩m┐Щ№ЭCЮMє ╜В єvйJ ┴o·В╒3&)ю·вёЩdў╘ёRgIюIv╗"cЁ▀─ХЧї╥C╗я┌╡ы╬]_У$╞а╟ДФa/G┘z┤Ос "4№{Z▌┤я▄б`P>Ф1Kk№┬Ї■╨8нTJф]:║┼Ду╘4s~├яQГn ╛╛├CжС▀7уЩ╙┌a╙;RbMХу╘}Цэ∙г>╚ЧEё!>ркеdЯ║.├9c╚p╜Ц─O <@du¤╤ЮУh)є ╢NП╤┘╚Б·╨┬<КVr!У╤╦cX F p╦ НыPЭ █╘- └ККїC╡№▓╣3i▓ВМю▌ЙQwлиOЪОЛ╛▀d╪)зэP#bй¤ж ▌уЩЖU╞Ш▄гтУ6Ў([■y╚╙ЎГж3h`┼┤їгшtY@>╟V ╣Ы┼W╦ЎеOцЭ▓JШПыvепШЄє]Тb▀T3IЬbr├┴g─v┴ !╦Щ└█гоiЭї-ь"#хЗн╝┘NЇА>▌нШ9k╠╩ЕЄ╣╘МSz╧╕iT┬N╚уГьёSC┐uq!╢Лу*o·aШнГOiС ▒h╙Jд╛&cЬСч<ПМйx╥┤=u┌Xk▓.ХОEBw+╗б~6АC&йA╥╝=2Я$ ╤IМШж@п,ФКР·кЁhС├wr╟4\$╞n╤p|хЯЪ тт▐╡ГЕЗH■,юV╫2╠И,дЎb¤Б╖dо"╙W┬╝|ё4.ишШ%`ї зi8p>n╠т=ЙЪ╢Ж.kХfBщ 7фd.g;Ш№rCЄ╢╧EКН_ aъ╞╗ЫеВjUЗ(AеЎ ]Э/║У(^(Gk┼xi ,╝═╪&^d└ГX┴яЛ°3RВТlm\л[ЕР!}ЯГ╢ВKЗ╟╦SЕwр╙Ў─u▌w╞И█#╔`░L@#Зb▓░ў$=OA`╠ЫьЗбШGxЪ├▒1W \пhТC)┐╙EZ9bI╩Кк,5ЄR°Ъ╗Ъз┼ч╡ё ЛCдP╢UJ└xUВ6Л.Dи├O8wa^яЕь!є╕ 'X┤:tFh╚Bк╚JDгu╒G┌╚H╞є═p╚Кд9~┘╪╞╨LEнZЦHUТЁсУmвkб╙ъ╦д▒ ╙RСа│·╗юСш "▓$5бW'u┬яY╪їa*Я╟9Нm\┼щВ╪Pu╓YєI╫;й]y`U╔°` юЧr~23│ся┐sТШОw╨иB6e║╩З■°LЫ▌гЦ ес■┌'и║╤YЮОмK╫░;▒u╡┤?}┴RY>Ч╜ЦїЗ   PKВ·Т╒╜РЦwPK-Нh▌Vicon.pngЙPNG  IHDR┬оnБъоPLTE^╚Sе9tRNS°№я &є8 цс▄B┴╦zI ╙гА*╖2ЩЮПФъ╫░╞k.p[VNи╧Ж=u╗│_SКgcм_v#ИIDATx┌ь▌ыV┌PрЭ ╫$еEnjлИўъ╝ ЛїG╗к╢DТvHNц{X af╢╨Юн^f▌Q▌,7╫CбКё╧ё╞Y╖Дкф)┬?юOЕкb╕╞ Ь╗ЖP%╘╪jYкА╙1╬ПЕмWЯ#╓MG╚rэЯ Дм╢ ёйи-d▒┴;Дu!kuF╪)рkўР└№лРХЖчH─чsa+╒║Hиy$doВ─Ь/BЦёЦH┴y▓JcНT▄B6Щ"%ўзР=fHя╗Р-Юaв/dЗШ┘┘рж╬Д╩яцжМЙХ▐ ▓{BеЎ├E&п|Ф┌УЛМ&МКЦ╪Щu┘*н#)0,lЫV)0,lЫп>R`X╪6зsд└░░mъR`X╪6э)0,lЫUД╢═`Б╢MgД╢╬╡Лф╢╨ХГд╢╥╡Гd╢╘еw└ЛP95▒├┬╗ї▒ ├┬Vk∙°├┬Ц╗Ьу3 [я4АКo ЧD=DЖЕ+б!├┬╒░Z`+ЖЕлb0ВК{ЖЕKвsГ 0,\%╟чP╤cX╕$Ж]|└░p╒╘юб"Z ХBэ0,\5▐+▐cX╕r╝1>`X╕jS╝├░pї4fP╤╝*З3иp/Л T4∙9а,·PёйpY▄A┼Tи$.аВ_Є7X─└Л бЬuFXм ЧЁЩp╬Ж=ухЦ'√w"д&■TX/Jq░'д'■TpZР┌Ш╦ДXО╝╫М?╞▄6▒o|д*■w┐UМ┌╪ХP^fx╧┐_ч╪/Щ╩═f/█=Ч~cm╝d·[╢{┐$Й б\\l▌ю9№Ц$╟cЄё│▌sЁт C╣╕r═╢{ЇЛГььа=¤tq╪┌X /Ч wbа╙c"а ,∙P█,╖¤ояHm┬╫_█ KC?]д╙х`м╢~очЮ]дq╬2└VЕ(єЖuї{s=╬h{╠┤рж\q*V█ХЫm┴Mї▐▄В!░X╣¤ч╖╠КГЬЙ-Ж#'√ВЫ┌╜╣░-дл╒T;°Э╜8pB█епvЁ;{qp╬Й`*┼-чIс▐Ь╧.╕╢vиvЁ;√╜╣&@┌p╪Г▀эИу└З╙╛╕╗Кт?VРоa√u╖╟{s+ ┌j]ь█╔▐КГ.з`bи└Є?∙~▄├┐▄Gбэ ~▌gfVуP▐c╨* ╒ю9Ф│┤МЩЛГ}б8┼╛щa~Є▌[тпНPмB_Ї°у┴ш░~ы╙6ЕА%s_╦ЁйфЫ╨6 А)ХЖ▐КГc@╢)NL│4t╞P╝┬└4KCАт(жYтыгP░dLs╨еП▄D╠sN=@ОB&:▒wЗ[i─@Е├ВBUPКв ╥Bе╓"UP▒є■/╓Ю╢ч4*Б,▓╔p┐W Lю╬DцрHВ:дщМ╩i]PuFдq.┴Uш:г╤n╩ЎPvF╧ └Вкqс! хK┘6ъ▐ИYXpе'Гї─Аy╔8Ї┤Ц$0▀ПЖР_kЮуўQКў`РGJШЯОAI`╦╨·о#╡МuяёjХ$WЇ~Ю╥ └№\P|∙I0єєУ_└Jй`~f№VK4є3eё√ щ`~NX¤╛\┬ШЯ╦▀▌└№LX юФzцз╔<└)ї╠GF тв є└0i@ёк/@9ш └x^ЛжМ'сuh └╕ЮП╛М╟└\`\АЎз3уt*░╖Ъ<:h └╕ьImfлsx!▌`=и└╕╗КЎьп╩Н┴bъ0.А.▒ШHЙ-A╗А▒#╚m'0.@║АA╞@0ш└Ю #Г■М pЛАБ ` └@0АБ `H:lYЩl╖K╝8ц▓/└`!╠$V`A $R`AьKдо Ьv ! фJвЇЕ(РЙ─И,ФvФ╪r┌╟@M╬└,е} DPД_АЕ_ FRWb3 щE"C╢Ъц1X`С┼``БЭ┼5" н%1╔n ┬ъHL└|шАWнИe╪С"u BыКнo$/░д╜Иm╛╬О ░Фї┼vcМy╔$░Ф ┼RйЪ▀n3ёFЦ╕3▒M═O% n╩▀┐-▒u █5"+FGl-є╧qM|А%m*Ць Яс╛" └rПБ╬эНa ж~mPМ▒їНе7Р@ └ 3_Є╙=Ф ]ГвЇ┼╓5пьIХЮApю1Рэа.N`4─vi▐║К ШуUП▒НЙlUFVиb[Ї╧╪h╩{`Z8╞@╢│Сl╧▄аHхЪc dkOх-0%z^=╞▐е╝Cж┬W▒=>$√╔а`b█7.х;▒АiQ╦└╕U√▓iw`ЕkИmfЦи~Ц═ЪoЬg)ы│l╥Ф(О1PАO╚FЬМ┴ЙX▓v╕]R░╝M╠J▀└TqНБ▄цШ"╬1Р█cFжЗ{ фЎ╜DжЖў╚6.А)qъ9lцУС┌╜A$Ю╓╝═s_#Sс9╧╚ЎбBж┴ы1╨Юё╫А¤bяN┤╘Д┴(', "*и╒q▀W\╟Щё╛ Л╡=зчФ╢3-┌Є╟ {ДaLрц&б╧ФИ ДКЮ╟0Є\─MДВФ[F╬В╚q[бжтsМ╕qбh1уmU─xBYл#┴ eБ╕╣PW ╕F╪-√√Y{╔0║╞И;Й4>5╕F╓1╥й╪}.АХ!К3ч\г╔═щ═М╕FТZ Фe╦HХ `Et╧┼╡Ю╗°-Пп,д┤1P▄з¤╕├0ЪИ╗ eж√╘Р\#kЧ)*нц└HK╒╢г*ТM┴К)] d7_\╙Б-│ ФсErL'┼иЄM╣жС3тvтw┌╖б.АщхО╕Е°ИY?Rpо╧ВЧЗШкx▀zsuРВ▒|:ёЄбUЙ_-▐║╥ШMЎ╝Ў[x[─m▐Ox╒M╗o╝ЁC┬qюП я╥@ ▓^ FDА8[|╙█╠-д`╟:w╛▒%тjтЛV,сUтw\° цД\Ы╖ёiXўW>юЕа3r /б╦]Ъц╚ъ0nЄдOЧЗ,╝╤╢%aдf═7\ё"o p┬√╚&P7s┬лН╘xЬЁjхУБфNx╡SWIxy╥╫OШ0с╜ёЦN=]ё'╙И^НM9с}h%|ьЁ┬ пЎЮё╛*'╝Пa°~┬╦Ы╕┼?2O.ьСTоме╢P4CLЗ^вь¤ф ёХw▌TДВ■ўДўЩ^Ъ┌╧sqЧжB(8╫ '╝D┘╖╗─/╔Яgы╢уIЯм╙╨┬╗$я┼╘_+Їё▒. мїV┐K№VЯ Їe┐╬ЁG]┴Ї╘:ZHb#ШЖJCЙd$║·щE╗жЧ╪уOДf╘Jed@═\0m╘&к$o╒╓Еy╢Р╬еЙ╜ПwpЁ *Wд╘М<3ФHKrеЧ<╖Г x;qЎ╪@▄Єбэф#юvSf d─;;+╚╩МмнГЁr╨░G╚A(MеЄ└ўЇ╡╖РЗЩ`$Еr▒М ╗Л|x№HQmЙЬЁM}Х|фф*=ю9йrИа║ГЬX|О3A7ЙЬL9 h'СУo !hk ╞ ┤3Р #тщЯв╜D№'¤IкKd7;Єa?D dUхзOWeКld╘ф 8]5Щ╠V▄ ж╠\"у┌М┤╥У~ызnГ╘Ь17 ╔;Iдф╝Ёузпх!c╚П_х ╥ЩsрлЕйtъВщ└ХH┴9єA░z░gHс╬╗╛u1Ж:Л█╛┌p (ыє╗┐6╠T╔W┴┤BХ╧+╛Y8Pё╡n:Йа╞xШЫАьvлRънГ┴║WZ╘4н╕║PуьЕ╛┌е╙mї4ю^Ч3╧2ЁcъЧюquш╘{h@IU╟щ┐╜▐п^ве/СФ╫о\-ЖД&Ф╠┤ ╠Rs3щwдcЖЇo7_BEа╔V╧rхыУў d╫╫)╫ ЫP╤а?ўЩе[╪ фi:д[Еm@AГЎд╖hЖ▌Г─_Q}в97║PР¤¤Ыюыдaсп2"К;б#$╫!9 Ч╫o├@тЯш╗ВШЦDb╜1╬t╧W  RTдДHLрL7╝H№sNHк#у#▒Э д╖Щ[°OB%IЙ╜*┌╖a У|TLРT@c`+┬ЖБ nDуп%╩▓(╝█┤w#┼@$0sСTё╡▐╣!QKGM.|0ыc3гЪРМSф аЎY(а╧э▌щbЪ@рсVDН (ввx▀вЩў▒╓ЮIjЫU9fй▀▀■h;3;;k╙яЪкёсЗ║еє]╖'┐?tD6═- н╝n#ek .@6;└ХЕO%т +С·─Ф121╚%╡╡CXBTh'ГR ЩLБ╩╦■G=аLE&%B╤мV^С'д╖ЗП╚─"xXЎ?a[d▓ xYЎ?в·╚вB Ыхi┘чш░ч"О╤61_╦>?QАM ╬╖╓▒7@╛9@ЦБ,<╚╦(ъP┌▀╗У@╖ #QВ\hД╥ЄД╡улЛ~!_н▒ЁFв.С╨ЩъРНC■╗A║k▄▀жЄB(XKHе╖P 3Q╬/@ы`с}\8X(+╢А┐(Y└жW┬╗ЩpсёzцюOBч4Вм┼∙НX╒л°╛Yb!╚╬▒9ЁsjлУц╙Бo╘D╒└Ф п╣ьt√|X╛ Рov▌Г№М│?!№▓mcd°оEfЧЎоe rUE:$EЩuDLЖ?СO▓3╧ ╨ХА,Т·wn|S~у@#0) пkf╪6Й LRхў ВZЗцglЧ╩э╡ft╛Rп╖1a№Rц(:б╗лМ?ъ╟╝DcL^~;!╬1 e нC·чF╙Фd═сВг\po(,√wTВГЗ{S"╘р эIнй ї╙▄ шж:%'ДwдТ%/gT╧╫.╙к+Н╛Бй2?■НD▀А!Н|я/vй╠ZЭl╙ЯТ3ЖПФй:S╩w╒0▀╣г;5z`·─.№Aъ!%Х▒И ■MцЛО├f#ЖkъTЪDл╬╟E┼╢в√зZх╚╧Є┼XВл║║╬Ьj╠ўЗ╥гs╢4▌<┼{┘деЭncол▐%0Э<хYЫ╩╦─ЬGn?fВ¤RK╔1/UA╒┐c╘тФ╤─<ЮъБ│╖л%╠W╪Дщ┌ШyСмЇ$ёЗBЫ-Є >!Me╠╘хЁс\ _(─L7)5°\н/`VVAГ╖я■|mдЛ╓й lЇЮАщ·s.ю╪■;О╞Ы √s nаўK°╬єс_╤A>см╖jNЗШ q╒Ярс_°╚a?kеWGЄмS аУ!╪■┘уй╩├`Ж┤ ы:F╢·ч.зЩ▐?MР░A╨Ед╘О┴X└;╚у▐╢A|Oў б ╧{┬ыBВdI▌sg г╩╪qх╤<╨ОjР┼[D▒│k_лnКГк╜┐╠┌▐ш №·HO%Ў JMЯФ7fу+sSЮи/WЇю6GbДpQ─`ЛмХЪя┌█ВX°a!rЯП6кbЙР▒3 _т.Zj$┴jЭ╨Б╔ L■╜╘%╟Дз[кhЭ ╟ьЛТW╠O╒-nХХ╣═YУ¤ <░F&╧и┐идf═Ю~ЧЕ'кМY║pc∙╦Р▄ж ■G?KNЦJа7OЧєР╙h╓jsa─F:╬$█LbJ╪оМиC:░┘оЪфR┌║ф█PU╢╪^╘u┬·ж}╨бЦуш\W5W█Д╜ыoёq>F╓б█Yя│Ї√╨╣.t&ЕVQнКДэ>gvL:∙ V{#%t▀d╬UсQ∙)uъmW3;:АМjP8Qё┌Д;n pЧЁ,\ёJЦ█v╠{}DHЎ╔щЪТЕTЗYПq╨╤8>O┬&.x╙zюPJ░ъ№_FУ│рo╣╝═Юф=╣╡tЎЪЮ<у╒Х/╦;унг-▐█у О░ ZB"^╧DоС╪n╬Ф╠▐ё╟б╜ RГUM╨3!3х╠vйеr)m╖$Zw╔{АtЯ│рОNяеї╝ЬХPс╞╪АC╚w№&ь\оKНыЁ)ЮД ╙ЬЇЇhС└+Ш_╡╤ЩI░▀эo╧ `[╝ГFR┌iц╒╟M┐q▓╢м╟~▀├уЦб▐Ў?╨ь/  PKJХ╟╪ЕqPK-Нh▌VAppxBlockMap.xmllТ]oв@Жя7┘ `╪K│╠ атж┤ёЫВийаЦ╗С╧Шб ф╫╗qcЫ╜<'чЭўЩўЬЗз:K;чарДQM@":їШOhд О= н ^bъуФ╤@(Ю■xз╠K,ЬwZ=хЪЧe■ю┼AЖ╣Шп`ЬЕеш▒ р<пБ╟л,├╣╨╤1ПнаМЩ O\UХX╔"+вv"╨╛▐т№т1ю!Ix|ШУ4шмp╓Т╝SN"°bPBgKЪ╢7ьг^√Гe нХлцї╙Oв┌╔ЁЭlx&Л┼3{уЖd5г4┐d║|yы├05'ыН3<ОVЗххxм▐Т^щN еN═!tцj┼│·нЄЮ-l7Сж▌d╒Б╛ЪzI=єнЄ╬г╦Аўнє╤)╙рАHQ1:ЯїВ8┌йЛ]Ъ╝╓7Ў╛l╢юb|Jз {_ЬўТэао▌xй√║Х┤0ч╥Эi╪WоЮрЪ╬ЧМИ╟иШ╙ш6┘ыї╒╗xdї[<╦хВe:ъцfQ╩┤4)█░ ЗЇ╕/ыї&ФГ╥%■ЛLдщk9│Ю╖|д╧|yр;°`╔Жб╘зhг{cl^║╧/Щ1jI K7j╧┬┬ФД/┼v╙7J$х√%Ў┐Qт*Ў▄┬А ^└ эНW║е$n╖{Сьa▒╗wЪ┌XЪxIю*sХТgОМЙ╛у╡i7;;tЗе║N╙<╟цЦ╘щсш.OE╛╖S№  PK$╙ыd5-PK-Нh▌V[Content_Types].xmlНР═N─0 Д_%╩5)BmW№▐°9,`R╖mтDIX┬█уv%hЕ8z<єНхnS╜L┘ъх╣jе@2a┤4ўЄm√╪\╔═╨m┐"f┴V╩╜▄Хп╡╬fЗ▓ Й7SH Пi╓╠f╘m{йMаВTЪ▓0ф╨▌уоИЗ╩Є▒+JqwЇ-U╜ДЭ5Pxнkує>╔е╨' Сц_ыЧ V¤tДo■гЇ@гЄ╣aй*d'╠хlН0эЕЦьИтRy╧Y}├╬[╠■ в·?√}ЙxИ?l╜■z°PKI<█тЩPK--Нh▌VВ·Т╒             unsigned.exeЦw╜РPK--Нh▌V.Щд            icon.png└└ РPK--Нh▌VJХ╟╪            AppxManifest.xmlqЕ¤жPK--Нh▌V$╙ыd            AppxBlockMap.xml-5╚йPK--Нh▌VI<█            [Content_Types].xmlЩтCмPK,--╣nнPK'пPK                PK·Gэ/ЙпЙпPK-/_▐Vunsigned/AppxManifest.xmlЬT▀O█0~жЕх╜Ц╕Y5UI EBjY5<ўЪZ$vцРюп▀╣MJК╪S%╣;ў▌▌wI╬Ык$╧`м╘*еуhD (бWR)їn}·ХЮgГd╔┼/`@╞+Ы╥НsїФ1+6PqURmї┌EBWМ╫u├*офмckэ╒К;L└^дZщ;╤iъy¤!4М ╠xЇ @мПe└К▓zпFЖ8╬Hс`Еp№QЦ╥I░4├D╔ї ФУnЛяД▄Ё Rкн-н,BўБNю╗б|О╛D#╠рdщKi7`R:K√с▀асU]B`6$∙MЪГqr-w0$?~е∙эЯGgЖdЮ>pc∙╦Р▄ж ■G?KNЦJа7OЧєР╙h╓jsa─F:╬$█LbJ╪оМиC:░┘оЪфR┌║ф█PU╢╪^╘u┬·ж}╨бЦуш\W5W█Д╜ыoёq>F╓б█Yя│Ї√╨╣.t&ЕVQнКДэ>gvL:∙ V{#%t▀d╬UсQ∙)uъmW3;:АМjP8Qё┌Д;n pЧЁ,\ёJЦ█v╠{}DHЎ╔щЪТЕTЗYПq╨╤8>O┬&.x╙zюPJ░ъ№_FУ│рo╣╝═Юф=╣╡tЎЪЮ<у╒Х/╦;унг-▐█у О░ ZB"^╧DоС╪n╬Ф╠▐ё╟б╜ RГUM╨3!3х╠vйеr)m╖$Zw╔{АtЯ│рОNяеї╝ЬХPс╞╪АC╚w№&ь\оKНыЁ)ЮД ╙ЬЇЇhС└+Ш_╡╤ЩI░▀эo╧ `[╝ГFR┌iц╒╟M┐q▓╢м╟~▀├уЦб▐Ў?╨ь/  PKJХ╟╪ЕqPK-/_▐Vunsigned/icon.pngЙPNG  IHDR┬оnБъоPLTE^╚Sе9tRNS°№я &є8 цс▄B┴╦zI ╙гА*╖2ЩЮПФъ╫░╞k.p[VNи╧Ж=u╗│_SКgcм_v#ИIDATx┌ь▌ыV┌PрЭ ╫$еEnjлИўъ╝ ЛїG╗к╢DТvHNц{X af╢╨Юн^f▌Q▌,7╫CбКё╧ё╞Y╖Дкф)┬?юOЕкb╕╞ Ь╗ЖP%╘╪jYкА╙1╬ПЕмWЯ#╓MG╚rэЯ Дм╢ ёйи-d▒┴;Дu!kuF╪)рkўР└№лРХЖчH─чsa+╒║Hиy$doВ─Ь/BЦёЦH┴y▓JcНT▄B6Щ"%ўзР=fHя╗Р-Юaв/dЗШ┘┘рж╬Д╩яцжМЙХ▐ ▓{BеЎ├E&п|Ф┌УЛМ&МКЦ╪Щu┘*н#)0,lЫV)0,lЫп>R`X╪6зsд└░░mъR`X╪6э)0,lЫUД╢═`Б╢MgД╢╬╡Лф╢╨ХГд╢╥╡Гd╢╘еw└ЛP95▒├┬╗ї▒ ├┬Vk∙°├┬Ц╗Ьу3 [я4АКo ЧD=DЖЕ+б!├┬╒░Z`+ЖЕлb0ВК{ЖЕKвsГ 0,\%╟чP╤cX╕$Ж]|└░p╒╘юб"Z ХBэ0,\5▐+▐cX╕r╝1>`X╕jS╝├░pї4fP╤╝*З3иp/Л T4∙9а,·PёйpY▄A┼Tи$.аВ_Є7X─└Л бЬuFXм ЧЁЩp╬Ж=ухЦ'√w"д&■TX/Jq░'д'■TpZР┌Ш╦ДXО╝╫М?╞▄6▒o|д*■w┐UМ┌╪ХP^fx╧┐_ч╪/Щ╩═f/█=Ч~cm╝d·[╢{┐$Й б\\l▌ю9№Ц$╟cЄё│▌sЁт C╣╕r═╢{ЇЛГььа=¤tq╪┌X /Ч wbа╙c"а ,∙P█,╖¤ояHm┬╫_█ KC?]д╙х`м╢~очЮ]дq╬2└VЕ(єЖuї{s=╬h{╠┤рж\q*V█ХЫm┴Mї▐▄В!░X╣¤ч╖╠КГЬЙ-Ж#'√ВЫ┌╜╣░-дл╒T;°Э╜8pB█епvЁ;{qp╬Й`*┼-чIс▐Ь╧.╕╢vиvЁ;√╜╣&@┌p╪Г▀эИу└З╙╛╕╗Кт?VРоa√u╖╟{s+ ┌j]ь█╔▐КГ.з`bи└Є?∙~▄├┐▄Gбэ ~▌gfVуP▐c╨* ╒ю9Ф│┤МЩЛГ}б8┼╛щa~Є▌[тпНPмB_Ї°у┴ш░~ы╙6ЕА%s_╦ЁйфЫ╨6 А)ХЖ▐КГc@╢)NL│4t╞P╝┬└4KCАт(жYтыгP░dLs╨еП▄D╠sN=@ОB&:▒wЗ[i─@Е├ВBUPКв ╥Bе╓"UP▒є■/╓Ю╢ч4*Б,▓╔p┐W Lю╬DцрHВ:дщМ╩i]PuFдq.┴Uш:г╤n╩ЎPvF╧ └Вкqс! хK┘6ъ▐ИYXpе'Гї─Аy╔8Ї┤Ц$0▀ПЖР_kЮуўQКў`РGJШЯОAI`╦╨·о#╡МuяёjХ$WЇ~Ю╥ └№\P|∙I0єєУ_└Jй`~f№VK4є3eё√ щ`~NX¤╛\┬ШЯ╦▀▌└№LX юФzцз╔<└)ї╠GF тв є└0i@ёк/@9ш └x^ЛжМ'сuh └╕ЮП╛М╟└\`\АЎз3уt*░╖Ъ<:h └╕ьImfлsx!▌`=и└╕╗КЎьп╩Н┴bъ0.А.▒ШHЙ-A╗А▒#╚m'0.@║АA╞@0ш└Ю #Г■М pЛАБ ` └@0АБ `H:lYЩl╖K╝8ц▓/└`!╠$V`A $R`AьKдо Ьv ! фJвЇЕ(РЙ─И,ФvФ╪r┌╟@M╬└,е} DPД_АЕ_ FRWb3 щE"C╢Ъц1X`С┼``БЭ┼5" н%1╔n ┬ъHL└|шАWнИe╪С"u BыКнo$/░д╜Иm╛╬О ░Фї┼vcМy╔$░Ф ┼RйЪ▀n3ёFЦ╕3▒M═O% n╩▀┐-▒u █5"+FGl-є╧qM|А%m*Ць Яс╛" └rПБ╬эНa ж~mPМ▒їНе7Р@ └ 3_Є╙=Ф ]ГвЇ┼╓5пьIХЮApю1Рэа.N`4─vi▐║К ШуUП▒НЙlUFVиb[Ї╧╪h╩{`Z8╞@╢│Сl╧▄аHхЪc dkOх-0%z^=╞▐е╝Cж┬W▒=>$√╔а`b█7.х;▒АiQ╦└╕U√▓iw`ЕkИmfЦи~Ц═ЪoЬg)ы│l╥Ф(О1PАO╚FЬМ┴ЙX▓v╕]R░╝M╠J▀└TqНБ▄цШ"╬1Р█cFжЗ{ фЎ╜DжЖў╚6.А)qъ9lцУС┌╜A$Ю╓╝═s_#Sс9╧╚ЎбBж┴ы1╨Юё╫А¤bяN┤╘Д┴(', "*и╒q▀W\╟Щё╛ Л╡=зчФ╢3-┌Є╟ {ДaLрц&б╧ФИ ДКЮ╟0Є\─MДВФ[F╬В╚q[бжтsМ╕qбh1уmU─xBYл#┴ eБ╕╣PW ╕F╪-√√Y{╔0║╞И;Й4>5╕F╓1╥й╪}.АХ!К3ч\г╔═щ═М╕FТZ Фe╦HХ `Et╧┼╡Ю╗°-Пп,д┤1P▄з¤╕├0ЪИ╗ eж√╘Р\#kЧ)*нц└HK╒╢г*ТM┴К)] d7_\╙Б-│ ФсErL'┼иЄM╣жС3тvтw┌╖б.АщхО╕Е°ИY?Rpо╧ВЧЗШкx▀zsuРВ▒|:ёЄбUЙ_-▐║╥ШMЎ╝Ў[x[─m▐Ox╒M╗o╝ЁC┬qюП я╥@ ▓^ FDА8[|╙█╠-д`╟:w╛▒%тjтЛV,сUтw\° цД\Ы╖ёiXўW>юЕа3r /б╦]Ъц╚ъ0nЄдOЧЗ,╝╤╢%aдf═7\ё"o p┬√╚&P7s┬лН╘xЬЁjхУБфNx╡SWIxy╥╫OШ0с╜ёЦN=]ё'╙И^НM9с}h%|ьЁ┬ пЎЮё╛*'╝Пa°~┬╦Ы╕┼?2O.ьСTоме╢P4CLЗ^вь¤ф ёХw▌TДВ■ўДўЩ^Ъ┌╧sqЧжB(8╫ '╝D┘╖╗─/╔Яgы╢уIЯм╙╨┬╗$я┼╘_+Їё▒. мїV┐K№VЯ Їe┐╬ЁG]┴Ї╘:ZHb#ШЖJCЙd$║·щE╗жЧ╪уOДf╘Jed@═\0m╘&к$o╒╓Еy╢Р╬еЙ╜ПwpЁ *Wд╘М<3ФHKrеЧ<╖Г x;qЎ╪@▄Єбэф#юvSf d─;;+╚╩МмнГЁr╨░G╚A(MеЄ└ўЇ╡╖РЗЩ`$Еr▒М ╗Л|x№HQmЙЬЁM}Х|фф*=ю9йrИа║ГЬX|О3A7ЙЬL9 h'СУo !hk ╞ ┤3Р #тщЯв╜D№'¤IкKd7;Єa?D dUхзOWeКld╘ф 8]5Щ╠V▄ ж╠\"у┌М┤╥У~ызnГ╘Ь17 ╔;Iдф╝Ёузпх!c╚П_х ╥ЩsрлЕйtъВщ└ХH┴9єA░z░gHс╬╗╛u1Ж:Л█╛┌p (ыє╗┐6╠T╔W┴┤BХ╧+╛Y8Pё╡n:Йа╞xШЫАьvлRънГ┴║WZ╘4н╕║PуьЕ╛┌е╙mї4ю^Ч3╧2ЁcъЧюquш╘{h@IU╟щ┐╜▐п^ве/СФ╫о\-ЖД&Ф╠┤ ╠Rs3щwдcЖЇo7_BEа╔V╧rхыУў d╫╫)╫ ЫP╤а?ўЩе[╪ фi:д[Еm@AГЎд╖hЖ▌Г─_Q}в97║PР¤¤Ыюыдaсп2"К;б#$╫!9 Ч╫o├@тЯш╗ВШЦDb╜1╬t╧W  RTдДHLрL7╝H№sNHк#у#▒Э д╖Щ[°OB%IЙ╜*┌╖a У|TLРT@c`+┬ЖБ nDуп%╩▓(╝█┤w#┼@$0sСTё╡▐╣!QKGM.|0ыc3гЪРМSф аЎY(а╧э▌щbЪ@рсVDН (ввx▀вЩў▒╓ЮIjЫU9fй▀▀■h;3;;k╙яЪкёсЗ║еє]╖'┐?tD6═- н╝n#ek .@6;└ХЕO%т +С·─Ф121╚%╡╡CXBTh'ГR ЩLБ╩╦■G=аLE&%B╤мV^С'д╖ЗП╚─"xXЎ?a[d▓ xYЎ?в·╚вB Ыхi┘чш░ч"О╤61_╦>?QАM ╬╖╓▒7@╛9@ЦБ,<╚╦(ъP┌▀╗У@╖ #QВ\hД╥ЄД╡улЛ~!_н▒ЁFв.С╨ЩъРНC■╗A║k▄▀жЄB(XKHе╖P 3Q╬/@ы`с}\8X(+╢А┐(Y└жW┬╗ЩpсёzцюOBч4Вм┼∙НX╒л°╛Yb!╚╬▒9ЁsjлУц╙Бo╘D╒└Ф п╣ьt√|X╛ Рov▌Г№М│?!№▓mcd°оEfЧЎоe rUE:$EЩuDLЖ?СO▓3╧ ╨ХА,Т·wn|S~у@#0) пkf╪6Й LRхў ВZЗцglЧ╩э╡ft╛Rп╖1a№Rц(:б╗лМ?ъ╟╝DcL^~;!╬1 e нC·чF╙Фd═сВг\po(,√wTВГЗ{S"╘р эIнй ї╙▄ шж:%'ДwдТ%/gT╧╫.╙к+Н╛Бй2?■НD▀А!Н|я/vй╠ZЭl╙ЯТ3ЖПФй:S╩w╒0▀╣г;5z`·─.№Aъ!%Х▒И ■MцЛО├f#ЖkъTЪDл╬╟E┼╢в√зZх╚╧Є┼XВл║║╬Ьj╠ўЗ╥гs╢4▌<┼{┘деЭncол▐%0Э<хYЫ╩╦─ЬGn?fВ¤RK╔1/UA╒┐c╘тФ╤─<ЮъБ│╖л%╠W╪Дщ┌ШyСмЇ$ёЗBЫ-Є >!Me╠╘хЁс\ _(─L7)5°\н/`VVAГ╖я■|mдЛ╓й lЇЮАщ·s.ю╪■;О╞Ы √s nаўK°╬єс_╤A>см╖jNЗШ q╒Ярс_°╚a?kеWGЄмS аУ!╪■┘уй╩├`Ж┤ ы:F╢·ч.зЩ▐?MР░A╨Ед╘О┴X└;╚у▐╢A|Oў б ╧{┬ыBВdI▌sg г╩╪qх╤<╨ОjР┼[D▒│k_лnКГк╜┐╠┌▐ш №·HO%Ў JMЯФ7fу+sSЮи/WЇю6GbДpQ─`ЛмХЪя┌█ВX°a!rЯП6кbЙР▒3 _т.Zj$┴jЭ╨Б╔ L■╜╘%╟Дз[кhЭ ╟ьЛТW╠O╒-nХХ╣═YУ¤ <░F&╧и┐идf═Ю~ЧЕ'кМY║№Жp└aJц1╓╔╣╝Xg¤dе╗юYt7┐Р┐ЫЄ5╖┘b\Н╚=:Ъ%╥·П═dr·R┬у+xЇvєсЪ$;ИФ;█d3╚=╕y╩ПSLЪ∙АуN╖╟!ъ-иX\╟и°▀▒1√g┴ еZ`ў RеA╤J0 xf'▐гБ▀B&s╓%МXB▓здУ╜mTK╣╓"cXМoЮ╧y°]Qч═;ч<|╓Сф╘Ю┌▓CЧw╫=№Bb9√UВ╟О6GБq*┐╜Д-YЁ╟┬Y}Вz▄╬MX¤m:Ыt@РЄї┴dCJзуН`Є√нДкгАкRУ╝Ї╧╠ГеG√0ї▄бГ,[jpЦ▓дд╚╖@.д5╠яР&_╤╞A└╠учєwаС3 Es╛hDFЄLЯ ї╣Гтh┴[╝цЬ°{°EwЗЇ─ЁMTO╚л╨кxBЁjър┘╔QыюХЯЖXд|А╪AG└2Я┐Iн\┴┤┘ 4о╢ыMdЗn┴j╛?v═o<а╨·у╣ї╫▓d╞t ч╘ ╨┘НnХ'_ZВsяDОp6'╪═_r╬;Б`<m╪╢c¤ЎdR;c4L·6й├V▀Ж╔оN'tж&√▒╝ж0K├-J=╒E╡зZ├m╩.ТэьI╗gкs└└╣╨=у╓5-е_rш9╖Щ┼9;кnи╝─M+ЗъФ╥qО╡H╖@эUO+·Ўє7pD╣GЯ!3ў 3ZАз┌╜┼/*zMыЩm┐┼├а%Ф(xЄ@Н║\щPpЯ│╪й9э╙ЯАLл;ЛXРT╚$∙уo╙qюў!┘УЯАШ6C82ф╬Б,╬╜Ъp?"пр∙╨9фУ[▀^┘°vп=ю[w╗└┘ЎFr.ДЬ╨б@Ы┬Д■╬#¤o0└╘┤xоEЭlg√,ъt┤╕╥HЩt$Bwр,v█Ы°в8ч╔│$╝├┐;KФЁра┴╬╫ЙlЙAЛ║CJ(4^№┌' ФeБ1■.4N¤ХjV░'ф∙ORт*и+Р4ЯNb|NцВgДG║EЄ╫ж0╘Я╔╔Щ#Н╠3¤ уу╓с:╫tWZ┤аLg8√уjо╡}н#J∙Ч4e╖Эx┘t№y{А╥eKРN┼Eюзk▒V╫gРqх/жC~Я°щЇqS2;╖вРєРе╤Ю Тб╜┐М╝vР╩z^%їАн $jzНf║Н6$╗√▓5 S!`кuт;Q$╚№НdWЗ╗Еz^$/Ф╞╝2_ДЄ█Х№Огz|$╥ь#Г B~\iТ╟*∙┼Lв"эЁЮ╝╒╪А╓D·~вX│-╪N&╡ьSТ╤Ш ═Gє┬Ы╪√*ёcЪИВi~╔qPЬ ┘Ч$щЖ <ё┴Пm╥Ор>Pв├s▌G─8┴УгТбAvЧJ8>ЕкЮ}5d ,B:ж╓7!√@hkПЎ^╚!} HX╤0д)d√d[ "Kї`ъюfдх4 ibV*UъВ╔├B┌ёп>ХдПA@(∙QMКУK*Еў№5─├Jы'6Bы╗бiN╔╫ёУС  Ё+¤эНHЖvёЪ╠╬ЮсhOK╗б+`║ї░f0sy╜гGcэчВФнЧЯ═'U#║Гў╦у1),?v╧8┴з° фА▄вЬi╣ь■ ╖KmQ°З° └{ъpШЄsdЕ$Ы╖@Яb┼╤Aлgrър╘┘▐В&дл┼skBо╘├_gQgГд°к└RlD;ЗбylЄ┘┘¤=├R┌'┌и╧ы╔KАоьn_√Хd.Ч=Аo╧жу&Ъ)UЧ їs╞1┬$"okО1q┴ЭC~4ЭQ@3ьR36щ#∙N2,4rеPьян °─mЯд╜waп▀╞ *х╪х№Жuм╝╝yA)?Ъ[╥ ~лн4йв▐н= Д╚ н¤ёў4Ы·еЬД╛Ь8НуZ@┬╩║dи|їрЄОгБ┌чї#╥"=┐R\@█їщ}{Кўdщщ}щcа+!aSДД■A$t=Й│dО:#░з{о ═ @зЖХ'▀шlbе|г`>-Z !╙$S╛╤ЬO╚4\ЁМъ█a▀У▀╜Hc╧{Q·ъi╤и сКвщХFWЎЩR╙.JВJе║еЧ!╟СРOj"h&ovт─Sшw¤∙бЇу╨°А╗ П2 =їT╗А╡л=╝Ь,З└╘ь/═╒├ф╨ №фюм╜\N╡с╨4┘д¤╘H╡hдd'╝!Лясї┘йVЁ&∙╓,=R╪&u┬\ek▒'NB8╔ю]hЬ╚;2;ynУfд│√ K\[Гf([Pй`╞╔Вўv╡]:`7}"O║@B#√%з¤h Йc░╞k#5Ў╝имяЇ∙│─╦ёе!ъх·И|b*'▐╦┐YЯреўБuЬg*8ЧЇИ╒Sл'G%xOн╬ъЄЬн╒щy║╡7чna╤в╕7┴bЦy╬╛SxцОмRЬ;О ъ'~ Y╣0э@q7АP ╕^ ┤JзР╩:кфCЫ╨aёцe8}7mмR_7p3╧e7 ]╟fВ7╒щ°╪n>╩╣6aq╘d╣Bъ╡J¤vS7oЄсЮ╒г╕нk+ъy.0┘д~Б╜ ЯT└┬/╤2P╨цA╖H ▐y·=Ї$ ╞AL┴щ┐шжч|%цЭ╒ыЎМ"/qtхT╚$8O▓@е,░CЪхє·cxHГ О╪"K│)Цг5mVўЙ╡Wї▄╥WD~Bxя╠а╒▌╖f:/╡@¤Cъ>Hы╞КwR9╕6║vеЁ┌цK,:ЕьgнБ:НЬы:дАфу╖■ыЯ №'Оo.ўК▀цЧ'XX▀┼C=вDT_JAwe╝▌·╨zJ¤▒ 8&╥╚L▄z>╝.B ■Меcф^/0З+-1╚С1є┌#хL;Бщ▐Z├ў╨(╨FЗ▌HA4Ь'T@╓5qX[CЄk├НPЫкef0^pПN@ЕKG jРн√╔ьв°CК^9╪ПЛ-╜<М+huЩ▀ОЪЙ▓ b╝Nё└_┬x]ZpRBВєCЗ7яф╣▄hj6ўБригDЖ▀ВGGMчИ▄ЦtэПP%Ё╢┘H║╖эБH?\3B╚ХГR ┤ЯП▓'H■cCЄгжDNЁ╠ ╟ш№Ф?8WД zБГчг╫┐.н·~ RБучI?вF!Ё$tMъO┼г6╙q╙Вs▀ИX╜╣┴Р[╜лXЛФ√bnQ0Dдy,ёer_┤ЪVi{TЪ dьqT#.Дў╜гыЯQ8─▌Л¤╕АЫ▐aЇи{Зш╟┤Р~▄B;[еў▄├┌├┌╙Ж╙7ЖОм_т╝шфЮЖ;╦╒ ц.╖%К _}СХм╛╓:Qє╫0rg╒[ rБq╫hT9o╤s]L/ фJ▌╢н{▐г?0G !ЯхzЧ│╣цтuV0├п)q>``─л└╡I▒O└е_╡\А,▀┬L;╔&э ┘m╢╙Зрпр?о╢{з¤6Ч ┌M¤N_▀У┘Щ╕ХЙВ┤JЇ№ЕЄ│╗П{t3Кз$[Й Rm╗ftnQ┐] РaВ▒╔e╧╦u┘4 &о5ўн╣╩@SЛTЭQущV<╝╞╣Я`i╜ eЙ╨<╚Тїs$ч┌З╘be&┘╝8│╩╨Упр?Dявп¤_╘╗#▓г4#Фs┤Б╜╨syд^┼nБTj║HM╘ьrwо╔Ё▄жы█▒\>З*ы╛2ИmTIlтЙхВїэPъє??Dс~а[С@▐єfp╫р╢▀╠їhМш[lG▀тб╠E8▐дящk┬5a~Ao7щУ -ZЖQп√3М№▌¤ЄШ╚э│I°-xRPЁшх╦yтеГ╟╘W┬K╞l1)╨MцПp¤▀!AдяЙў у┼sЫ!g╧ЗКчЦ╞{°iП }lСZь╥nboщ╤\0Cрt─├╪в╪Oz1Ч(%╬5 °}1(╝3UvюХ&0л┴др╜B╨фчq=ЄКОе/┌щmlЁч║FН√0k┐╞q╞гW╥¤к╛Цs╗аmчс,╬¤*▄Ї.ТсhH`╫·┬по1Vp╢▓▄Ў6`A∙З^pN▓ЬыCxG╨▀Guъе-И√ЇyЁлAАю╞J∙J X╧F▐s╗▐bЄЩ;╕Gq>1u(ТёKxc}kЖaНЬ╗2 ▌2╨;A═ └∙tQЛоSс"`┬ [b87v■Ж°Л9╜Cф,}ОЄ9&aО ╜╩╛╥П╕╓k/C3┬1КTиW╓чяжым└ўa>ё∙П╨i╧7╪кЮ┤КюПкДЁ+ЎOаёфыБ,ыАAH▄╓?бО╬Жф╙9:5╬5*Е■h*peXпA2т#▀F1А╢УHgЖ╗√у╫├∙╚ЄYа/h;▄УЗмl/t6▓■о╘гЖz@s:N&Fп╖■у?ыйу╤АuGїЬы6DЭr4╛ Ши=Гї]Лї╜~л╧ю] э¤юфРё ,┴єCdРпQ|W!(▌Fфeч+жСs╜E┐╛sсєL!>°╢{-йО└Учнюр╕Ж╓╙ ·ж JSЫфw|Е kв│?ш╬╖BWХ╢рЛ╣├"uYсmBоtИ╦▌>Эў6ХйН7╖m%ю┘Прf√-аЧ@ў$╚╧┴ё╗QGъД╔zй ▄┬Dg╗StЄ▌'└Fєц├sц+[`L л8пЄ└dж╜[nёdыЪ└"┼T{/jХ,╠\m╠+с*,╞<Y╕8 єДлzR∙ХЧ╢of№{√f▀╘бЎMT?╧Ьд¤фGDї3╝■Gў[GwШk╕А№ръ■╖╜2L╫З▐Ид│ї░пЬ П▀{rtйh╙;/Ь_}jЬ}k-╕{Ў╝3} JJIlWщ░<щ и8}Ї║╤┘уCф▓'Н╠7>╟ь╘c7)▓<двg╬╤N█ї┤╙ЛщЮN#ш╚▐єA╣#">П8h╚}Сs║■ x┐ч╧a;рРм\LDЩI?K gЪ+ ╚т┤└uои╒╓v╧ЛчNЭХ{╖┘.}ЮуM√ьC╗╘╔mn╙╥PШ.*wJзў╟u°хёqm[/б ┐?╙╒Б\o°Ш┼ Ыг╕v■ s╤│┐П┘В┼гw ч┬u"╨`,3Pкїи╟■ ж} М^:sf У!x░V(ХЁпёШQ*тrя╢╪Lgfz5├▄Э╥.+7зн■0╤м└╜╗ПwJ;Q-Бъ▓в3pейI╝.z¤▒ е▀?0^╤_╝w╣╩b┌C╘XЗ╘ф°Ь{ўД╒▄─=·+\ц25їэМс\/cLгД╞>╕бэ█ V╞=p+├бжжQхm▓в╜ 4Ц│}Б№&I╒v╚d╛╧bМSЙ╫] iф\Gи░'Ф8н1ф╣├╕.Ю.Ш╧╓дйЭ┬уVC O/┴│:"Ъ2ц│Ь ┐н@{RpЎ░╬3щЬkщsfв╕ЗЁ7╘▐є1ю'╘_оuЁюN╟tЛф╝╔Є╤Июо?ДБ8Vё#∙zшr_ЧўСЫ"Ї$#SR28╟yЭГmb╪┐`;WЭ▌:ч\C▓э=n┌ы?д║║ml╫pГКd┘КKфЕныxЯHэ< вtЦ┤t8;uzожч|HО8╥<┤jГНkd>╫\╧С:ЭЗ9█щж^Ь√]jЦЪ╘zЫ ╕FAзPJЛпI╬Б╕Хoy│o▓─∙z6}А@Фпц╥p;ДVъ╫'єzx╝еуеW╞ -П├ГF?O▐Мy╪2ШЫ╕w▀╟┘ ЙъcщvO╕ц┐}Гєy└┌┬·{Ej<СИ}azщВ┬_Б}-L4"}яа Є{EїГk°B▒GАjгмюv╟pлgбQт╗&∙пEЭО╘є╬ ┌ЁTшш░┐┘Cжд:╛┼Эгў∙Г@'b8└ь+g@75сv8ўd@ └ЭЛ╬Пt#ц█▀┐┬ез░╜В&╡a■tQ~b?Uc■?ЖєгS█rЮЬ╢гz:▀пК╘N(.вCfЖ╙├∙п·ъrFйЪr.т R▀NчZ Iрv°│]CC╓Вh;єгv░ъ┐~QЎ▓Hа[▀ЧOdТЕЖ╠╬·c╕7щaJд╟М╕╧(m0т!piЧр╜З|' ─C:O,]z X]*3VJлН╡@д╒°║^сGjн.у# ¤AЁ▒H┐#:эЬ+Wg╝У&чБ▓ ВZ■┤ПмДш=┤Р┘EРXУ╩╫wуТИ╚P╔╣ыИ╛дY°Ж$V╔Н $4─mЕL├m▀Еэр>ТєLкc╖IН╚ !l]0▀>Ch∙╣ця╒╓╠а5│П'ыX▐<Р│rtъ~Ycт6u┌К ~╧╪┘у┴├T/юТkA╨Ф╢k┐▐)gLЛу╓╜CЦИ╒▄║'cшвС√WШ┤yТиВ▌dRбU▒▐x5u^ ▀┴K*n╙LVРN*є'ршо─Iє╥hЭ·8ШС:7ЪЫw!Xе╬аЪs╡aЛЮ#─Tb№ўp&┴'иuhм▄жv▄ў]ь<ур\оЛ▒·cУ>д∙╖(-█B|Д╪ЁяR ю$┐u%9?ЪвМjўЮ\f▄юз┌P╗╖╜]└vq и]IЫГ∙mZK╦хЫ┴, dг q~г▓■бкYюбO5hqЕ ╔'П@▐╤J^▐гбy[)_╥Э,ЎЦКnш/&]l░Cy┼юСW} ХьО╢yТМ!~▓9w`ЫZ╬╡ИвЭ°БЖTт0┌╤Й╨QIU~З0.╓А%ЭmшKэє╬m╝[╧"ШCv0│фQзб╒╗╬УЕ-╟03Ё#чZп┴TТh/о[kI`TЄ}еB*╨Лхя░ыWа2ГСЩv#чЪ╪M╗░╥╨1"ГеМ╘Ў╟╫-/Е_╤wP [чФ·ЧГНкЧН╘[j┐Мs9BяUСў3▒];( є╚I╩╪сg7 ═я>ўгX¤·G░·5bХ·▀/w├ўPю─YКнxVaу┐ЭгГ`┴w╚╧ эIас┘Z║QнH)Бя╩h!╬▌▌%ЕT╩· С┌А}ОАЬ√ЄM8ЯБIBПрJpdmАc R▐╞О░oывy╡X╛є t╢╧^▄^ъЕ█^¤)(w`ртr╬_ю Ц√█┐▄л8═ЧрК+╝┌ЪкИ▀═ЯCЄ▄ЕЬoг╖J· M%Д╒умh7fА,F)Р{пбS@╓}Ohе0O'3_рAzв╗┴КJ─e└{┬УЭОBcЇ<4Jt0n║Ёзq║rюПЙ╒ИкдH/═М_Oa)Ё?а Ze!Ду/P%И╦тБ чХ╘╬GX- █Ъ╩PyC╩ш(3НPF:╫cДС╓О▒сфp7Ї=ФЙЩhРuа┼┤╥D<*Ё▓B,!чЖ─я ш╬жU╫d√В*+g∙.░■ mРП░■sРX╖F5Щs═bщ$у"?√) ╩;¤a^DK¤uяйP╨ А┘мрЕС∙#ЁTЖ#╒ъБTшЛ3жё░@пв=°э╘>йTFь&яc$╕ J7%:╗_a ╗╘ошўt4ЪnДЇ\Шhk╣gPQ'ikЫiпT╩╘фlQ)={п?ЇB;°┼ы¤╘ш,JГ╚Ц д S87JфWЗ+R+∙Э¤h╬_:ME6vъЇBуj╩!ХБl1п?TНjp5╙·╔ўФXM╔щA"°√∙иCжdн+єає╠kRИGв╠ мн▀╝1ц]л┐Ч╚О+`Ы ░ъVя┤Q6Ў╕'╓ъQy╓"∙NЯBsФЧvЄц╢к{xй№oЫ$ГхЦ┘э ▒╝Ggs·56 ЦН{е╒╬Ў┌д└Юэ░∙OЁ Я╘╞K┬9<зцьfQи╠T╖X=├Ё ^╫_ИХOО┴╬ЩАТX;ЛўZA╚╪~ш{:O<я╤Г▒IЪ╪6┴╘$H`╞хЕл5Q¤ЙP╘"x-n╞гs╖Лй╕vH╛*l├СёЎА▀чH@J8eН`▐YuТЧDcR╧nх=Р╧1bЫє╕╞n■иъkТCAїQ╥эx┌ъQч√╕-╠Щ▐0>┼╓@ЬPУ┼єЖ1 =Є1┤╦ШANЮ|О(х,Є}&O%█куTL╔Рdgў╝─"МuЎГ}╘2 ї8┐╘H НВу\╓Єк╚r0x?╗Є^.Н╢,H√┴Ь▌r▒9Л|хь╫8Ў ╥&╠-№"а▐─мфУQ\I UsqБп╧Q{▄тЩ░┼Аr╨╬;╧╓ 9Ё│╝y╟┌>┘ФВїcРўўkmR+╢55╖╚gє╬O▒∙╗БїШТ╚yХ║&НE║їЬ`ЎWН│Mа>╚Пр═З▒▐╗Н \v╢*й┘ц╒мыс╚ўм▓╞} briAТЇЙ│З/W<*фе∙I■├ZЮ{╟ЄdК╘хьoяьМ;3Ч│$ъ9сВ╩┐p┌3? ¤G╫╧ЙЎ~М╝─-№ЦPЯXn!]╟Ф▄Ъ&№у├}+\=У|╝╘ОKh├√╧Мп▀┼0╜3м╥nЫ╘╔gюС3XM╗эq|}╧ ╨([ю√Ц[иН╖`╒w*pA[ ў д_у╟┤XЪцGп=^┤╦s╫ьЖ7Й?ф╨7Р╪ўнЕЫ╪Q┬]╫╦н√Y,╪┘ ╕°┐L▓░Я╨м╫Є,mR│┤▀╘Ж√ vcя═н;H&√D╦Lt2:Kl\yЇT│*▄╔=┤BM▄╦╨)╝є8xГaШи¤ч3Є╘1иЛBчз#Ме|з°єЬЁ╖╩/г╡"5Є├√"╤∙u4 ;─ИБкєСїВYxг (~║ JZ╛eФ2Р╫n ceQ┐H``r╚╧RРg лAзCFквЖ┤t═QzVЕыGxзў[@*+aЎ)=Г│<╧┐гдїk╣їЗ╤kйўЭWгз╬╫ўЯЪsЁAцЪ╠ц[тifЧ7*╬¤F 9У╗Ь╢▌G╛hс╣9яKПДy ChL┴╚╪БZЩЗ╣╪╣┌hЖ┤▌XАJa4db╒Є№ЮY ╕ ═КiРT@Ў^а3╢&чW:LЦ№Ьk K▄╘ЖIV(рнZЄ9eA╝Э■iС2схЕ╨U3ся┬Ё┤°HИе■Ц╟a┐оЫ[7v8Ж╥┌Р]сIlф ?п┘Е┌и0╘gШ,╡┬АЮ┼j8ikб╤ЮyBЁ$я═бb╨┴{sВ┬╨Ж▒ ЁZОzн%Б ▄▌<┬Й°MчВo╣{▐╝< b│ ┐─д╙┘Ф╤0Ъ╡6n▌ОФK¤*Л└q{lx▐А╥┘{;+Q▒╢Ш?с╝╧iИЁ5cm8-Cx76к9/й║К#╜■RP┌vн|╤√kЦ█ФDu╡Ь0i╡1пgLшГy?ч║c8N°РW\∙`▌АY<Жv╓Ь¤ї└к╨зО╚Р*╠гQВ╘kШ┘,,╝'№ Щ╚їFБ_:╔X'Гjє┘Qeь@e▓k!eЫ╙пVШN■вwМ снCqю╕ю>┴5,H$╠RiЮХ─y%]x --0 а9{0z┐Ф7}jСЮ∙f╓b:диXє^╬█CЗ▀└{o;яАdNїМ@Isfу p·°О|{╛ ╨А=_.x┼:╧Ъ9╫k▒ДNП▐ Eq. ^Д│9йХэ уэ╥▒\щ√╨■M@▐Я@┤чb╒°1jРs=НD2у\─бВ╛╜Ща░vxAр═│бёЧу aА&Бc"2ШBўнИ▐х}ц Y~├U0x╔ьч┴iУЯЧЎ("╘Ри%█ёd■QЭmУЎ Нл╬(ЎжBk╟Hъ.nб╦zХС№Аj║ Єф8Є9вM$Л│tУ;ёxвЬзtтд╥Поп Л Dс ╥y╣s8J▄┌чь╨dЦMъC, DEq╘ЄRмУcx╚@· Ч╒Р╕7aTCx ХьdЭRЗ╒Р7LКO#K▐yШ┘МтG`йd╦pPоИ╚+▓Ж╙╧Zе6┼Hю┘ыю9раГР LЇ ░╬nф3ъб(ЮН┼|└╤d┼нWDк╓NШrXЗЕ[wHЕoю Ж╞C/г)¤}В81Е▐ч\╧и#CiS&┴Ым╗?Ш!~G.&"B╕л/,ЦD`N┐╢╠hT~Ovиьи8╛%ю┼в╡p▄╜Й╥C;чzъ▌!|З╩эЭ─^Ъy¤░Ч;N)g!ф&-юТТsB-ВW╨У#▌vп╞Mо╬HIжF╩╤╟УI1p5╚ЛgЦHў L╬√ ▓░Ш ДH┤╦╛'єDЮ*dПP+%└ АЬ ╝L╕$└P+! °╕$─0└*└%╓3(P╟HnH l╡lЖk╠RД}%▄W▄еР&S&Ш(#<иG╢уЦя o╦$и▐uFр_зЁ4ёЪЫ┬r|hX┤Omr\ч№┼I8∙вUй╠┐К<У5╚c!@▄UК┌╚"В╓ qЫЩhs`,ЭрpцоМЪа]▀ ╥T╞яqР°pVFkт╓}C4dzх╛xG\▌!P+Э╜ДЇT|ъ╚ъOz °┘сBыФ{Ш ╣оЕsп?GK vBлС▄─#<╪KmЄАLП╟Дз├Sbр4Лw┤\bЪ |Д▀-yцдР-1`i 4Д6J└NЎI"╛`,┤bї╠O!╬┘╡g╔┴юїўСгвh╠▐9Мd■ц╠<'Е╛CзУw·1▄TuЗ·╥T╖}═@Ч[йщB+p√ЕHЧQFєщцhA-╧╥т`оF╨<▌GRШmхмMБFHСф@.ЎОо\▌Щ$}dУvё╥^ yн╣g═Z╗╖0E(:Сы╗┴цЭЄ"я<4№uїЛ╘■.""xя╨XLt╔╝ф│Щ╗╕З' є(9_оB╙вЕ,ьvuC KЬOЪy╬т╔>╟w╔Р╗ц3┴╘cєZ6Ь│HdС)╫Б{жЕ╛sm═NR ▐г,B77╔lцяVvЗЇх│л Ui6╪M▌╕<╠K┘IPсе ]?Ф▓S эy╗╘▌єЗи3╤8e▌Ю$x∙┴Ы╨цK╒e=жш√}0 В┘┐r$n"И'0√ўv'╧vр] ▀oЧц╤>оЙЇ╛│_%>═Ъё│Жл╧╕┐=аЬ│#vL░╦г}@$╞Фxє╬ ]вnЯ°ы┤єDra╚эP┼НРU╥|╦Cа*(Dж√2ЁЖЎJС^h,╜/x╡i"ЦHТаГ┤!Ш·ё¤d[╜┬г¤бЪ`┴╣а{_0№=Nлv_5нлч5W▓FV╫i}дРJМП║Зt▄O|нZ┴ko5▌С└LB░{Ё¤ht╫J┌Э┘.√БнЭgу╓╪еф8O╫Q▓╜Ур╛ {▓twU №ЄНhю]╟8з▀МшI tReВxГ╨ЪезгЖ╗@ф╛Kor{b╖р╤Рлz&┘=Мs║Л┘%═.╟n║ тMdсфcлФEi┌_┴гE>┤{╡ФR╠ЎСE╜д▀#rvУ?Я№g╘Rз└юъ╧р╬╖n2║R▐дAJVCё@np╚Б|Ж▐ЧE┐;ovо╥┼нIа7JJAc7]^└г4E°-СW{■> ∙ЇЩ╨#Ё╪:ьТ▒├&%EЭr ▐▀iо" Vеж@wвZ$ўi(Q╔0bЙ┤ ExЛ Y√╥=╣Д~╧т╤╓П&|╣m∙Ф_0э№jшЫVи└сZЩ│o▓Ч─╤Ъ2ПТ█3зwUТЖЄtО?Е°eo%Є╦цЪ┐╘╙√є╥Яdhлч]▀┴√│iBQiТPt?Р~ПM·╪|~їpй▀&} Э╖I Erf╗wьu╝yQ╖┴╧лчшфГчРn;╚-_°Q│▌ Э,jЭь╒W}~ -╚ьD▌чФ/№▓ К█erPGЎ|r╜╣)╣▐ЪЫwт 6я┤э6sАs>DH╘o7ї█ЬнЧЕЛЪГvяDRЪls█╣lY╣╟иYc7яY9╫ъБ╗┐°Щi^R }ЛwхД╠г▓x╠иЇ▄"ц^i▓│¤v╓gУ|╬цЧAС~\є╔,IsнRc═╦юГkЗЗ╫═Э=мяЩyNpЮ╘└Ї_!KuЗ╛+║п;И║ дaП╘хьV├ЬГч?лnВg·▀ЛХ╡Г╣xdY·┌юЩtпЪєNzбNв√Ъ┼ь=+╬<7 ю>▒@РN├ф+~-H╕PDх~K-л,IР═p`@n ╚Є╠ўЄлаеЎЮul ▀у╛єшHп2█ЗG▀:Аы%┼фшT,эОx│rsа2ї╜и╬УW╙Є O╥Г▓ lHВ9ў▀C■;┌┼°Щэ╫<ХсЩ~╙RBkq╝s·ЯW╞Ь█Co%lYБ"уВ∙(░ъBи╨$Ж╘КИ№L є▌}x╛PЪ▐[Д`VТ╨J■ГКЮWЕVэ■"FЩ╖П■М>шаё╟+ўyl:йЛП$╔AKО№▓?X╝+X▐╝3╝O╜smЯ\ПtU╞єib╬╘ж╕√╓МК·АDЩЭВ и /▓fO╦Ы┤╩'г6пhL▒{r~9Ю^L╩o32ўgvЄжO=1╥rdl┤{Ў╞uЁR╓9╧ч║О█╠зj╛░Km6п▌xYФ╝┌╠эф┬AС[Б╦Ў╗;y╬zBJКхеЄ$ф╛.тQЇсиF░Nн<Иk╛ящ*iК▓У,Ї╦^▐фsLГ┘╟MgD?8ЪаqGдЇ Пм_Ъ¤╒c╚ЩчqН┼3╥b╓Л=╓╦|╝│ Е4GhЛ5{V%СУ0]жV╬]H6╔Хъ╜6R╜р-Х╥3*╩~2√9ч|rЇ=╘╞хsКxМ{p"~╛9['Я9Нур#уАЯ@J╡zбh&Шdха╡зlE√/│╙&∙э▐Еn№p ^нvж(ы╗ЪсВй├УyIгC═ЪЗ▐#аtЩє0+Ш[k`╛ю╝╒Ч ж¤oQВёёjЄюsВ?а╠з╝`─Ыр┼!xЛ(?╢Ы&я╪=6Ў=Ы╣gх ╗Їе "▀▓╪Tаq)чЬ╥6┤k3яо∙▄Ж╗Ы&В Ao:Fт~d▐9дя ░аIOY%!)rшю╚}Тя;A·РшЮ▐wщ─Ў9юб√╔ў║а╢ЎЕш'╛ u╪Z│ТXjЕъК2Ё{│"№ф;Sl╥Зфh|о7┴)╡Y=№╣\яэчxюЭч╖у 5Н╬Бa▄гкхуё╣цоъBлчЎ~└w▒┤ШC┌kХ:L]]▌╥░ще╜6яэ¤`цє]ЗёЁГря6Аб_╧{n ^:╨uЬПы╢!ш╬ :ьqфDЇўa╓╠Nа╨ЭP{╕ОшlНф▐JxЫy╨┤╖KчAфbx╧Э¤]=▐[У∙оn>n┐=╬.9oB╨╬ььъЧ ,Л╥П │═ДЛ═▐б╘"№АDn"L·(Дh╙·iЧ?Рд№блo╟╙}їЗ╨V▐╦Km`/UZ3█┐│po┘┌╗dЇ°F┌K]S{╫ЧР╖NКsА%:╨╣?╚Ks╟в/c%ЦQЗ┐[╦╫&k░тw ~ЫdС82RR ▐ >j(0Nз═т╔█iбЖqU╦╨SW╥8└Нз ╖тлр5Нр%О%MЎl}/FЫ┌BюG['▀ЕЛ&╠5LшF]rS▐&5▀└ТБ%╩=сл^▓Р5╤-├Sс╖рЛ╖╪е▌╕╠ Ц:кДnx╢╩╟qs╧}ЁIk7Лэ▐─q┼╩V╨!;g▌- ╒ў╩ p╩■ашуAўсБЗў┼R┤Fўф║█mdжЕel═ЙнэФE╥иАлш°¤НрE╕я¤╬kЇ╠░*у{n Эп%^║ АUt ^ЦКФъ!▀7Bo=гаMl╚╬ЖЖrБ8exб╞)y mш`╧│а/ОЇ<9h~вд(їе}vйЩT+▀п&ф~@Mn░Q YдмлъБ│|bЧуч╬пЭSh.Ъ7GюU"Ч[$?к╓▒%їAжц╬}ИgDц <@m╖7ж!.1_Бqjf'о╒Т<╚а╩Ё&ZJ°QGП=Й/╦_Ь─{╩еПu┤┐д╗О7∙?о%c▐-?Мз=[dХ▀▄┼Kз╚▌Ц>Щ▄'¤ёlя<╖Ує└╤№Фa═ь#gкw█Бux!рd~3┼╚г)▀'цв;_(╕O8омg"ў]=!░═6╢еюБ ├╣И│Ld7 ░r╖y┤U Ё`NХ_$wXмэ░╡╢Р+░ИЕЪ1╚чбїy╦М╫ЎМ√┤Гь╒█╪}uл5╫2т-XoTХ∙NZхGфLЫ4┼╪єBдП╢VНС@чI╢ч7%НJСї7ъюЦё┬NШв╜I6┴X#░t^├√t╡R!├D▌┐▄&м╙о─дHyБ,8╝КД67Wq[GAF∙i]Щ,xo╦P│R│LY╧Г№їAjЗI√э&Яря╫Ф·ЁкпаЧ_Ж ъoKaъ│,┬_QэёГ█Ы|йЎlбЎъЛRВkГA(6 єЩЪ YMщA╥рmzТ=@ Л$m▄XJ ■Sцгe╩<з└Щ №╣G/ЛЮпВй'KФ∙LБя+p╗_Vр_°и╫(░\Бў(p╢oQ`║F`ро?║B:и№|d1╤┐P:3ф7lH╝ў?ФZБjH|hX▐мъЫAWбЁ7<ъ╜oярЎ║W О3ў╙╕^БН 4(░ў■!∙Зрп щ7°'ЧХUj*к╩ЦN╕╘√ю╤Y бЮ№╒)pC═Я╒√Я╩╤▀╝Є{╦+j╩ ┼UU°▀XЄU╦+К╦E├╥КЕеJ║!═2'Ч╖═61╠ЬХ┼U%e5Жк┬Єe┼б╫sю░╬ЭiЯ3▀─фVЙеЕeЖ▓КъjCEЙб║tYyiIiQayQ▒!-╧>'?▀ДэTИ?Ъл Ь Є-/6TW;╩DCi╡Aми0Tп(,+Г∙ПMЛ+с%а[╝╘Р6o╢%ДE╕╒ех╦eЕUет*CZ╛m╓lеZf╤КBq9`Яf║┘РZН ;jjuZъ▓ЙЖ╘e&Г!нкX\YX6" аmГлсIВgАЯ┴УсnАчс ╠$ГЯ ╧rNДз┬3с▒NА┐Бз╓Gсл╔xя╘ pЮFмg4╕╔Ё<сJАысyq°8<╧C°)АЗчEo°<АЕcf ЦX ╧·<╨f ├┤aаЮnмр<ЯBx1└i╦/l рГЁ|Н╕ax9├|ПaД°▒o3<е є<:o╕тWр│C╕`√╜@WwьX<╨Lсчх0ююШQm6S°C%├,┼:яГ:к`!lhкЖ▒├<YН╦GP!<П@╕рfx!№Ф,║·Оe6└єц°√└єАg╢Е Э7<bА{с∙q╕oМ#Жс9З∙яЗ╛┬г┘Б{0 s╞wр■ ├мГ'aю╔р> Мї ╧┬3┬╠ П╦╝#Д}w┬У╢у ЦR√щў_¤сЮлaM╢Чфt ╟Оbt▒Лc*╡yЯк#N╔╙(╥2;@яЬDї ┬бяП@┌iх=┬pб6у57─лcЦи2╪BсD▐к└╣ \м└*>xdp╗O(ёН lQрз №ZБ¤ М∙JiWБi Ьж└Щ ,Pр= №ХEоQр├ №н7(Ё9╛м└- Ї)pЧ;°ЙП(Ё[ЮS`╠Q ї ╝\Б?W`ЖoVрLЖ~?НЕ S╟ч ╓R\V,чTХКеEЕe∙╩ЩМм╡\,оЪ╠мT═*эЕ╒вХЦ9Жё|▒░JtT┌╩K*xf╡┌V^Кч_Jя┐и╓╟╒╢jKvN╛╜╕piЎ*▒╪  ~5─V^ФХI╨ф:╩─R╠VP1┐tiq╬Є┬*жJЫ_,╬+_^X╛┤мxй╡╢и╕│╧,-lЩ╡∙e┼┼Х╠│┌В▓j@ьО┬2G1єбvЁ9Ё2┤╤'N└CИ 5PPnХЩ╩,ZФ│и║▓╕╧х,вmVсnювEЛ╩КсУ╩┬e┼ЛJхELжоX▓и╚Q╡hEa-MdцBъ▓b╧V-лfЄ!ОЗ К╦W2оXвф╝Л┴J+╩WТў SёъbqQaeх"qU%°ОE4┼Q]\еЬ▄■gнXZV╬мВ╨КъeЛКk▒┤ЗYTDCПCиb┼ └Хa╢3ЛаT9°}Я2ЛJh┌8Ц4ф[┴8┘EeEў2&╒вКrR|ЧjСгЬд=м.\RQ%2V├(A ├<пж-╝н.йм*-KШэrИEL│║дкъюPЧ╘└╕BшМП╬Фc┴│SпPъИ╒м(^QT╣ нwAў└┐╓рYи┬2Р>M╡Xе╦║├e┼°9Ж╩ЛVT2EЪХбжЩ_kjКк╔{ж√ ь╣═:w╢╒~¤фЇеee(I▌ │Ю╒+Лк─v √~Y#▓.Що╫╙Ї╞9:╕ё?Ю№щў╙яз▀ ┤▀D&tЖ[Gy┐L√яЄ{Mб№Хй4 фй,╔ V8 O┐ Y? FFCB:v╓ьyЖ│∙┐╡QgШ┤т╞)ЁGtФO_V\^\UZ╤┬квх╙kз▐8 _.3LЪ3┘0йZ\:}Y╣ШTR2л У&UVоШ^]]9iЙгдд╕jюЭ>ЕIHO┐&]|КkЛ╙ЛШыЦ8J╦Ц.-нвБы▓ч┘ьЦыVДО@OZ95=#=#*KУмЛjJ╦oЬrIюV▒1Eh▌к▒╒E"гMЫx ╔║╪▓КЄeЄ╟QОVQёRШ;ЁFyГ j№нл░p)мо┴*1╛,х^Иkю└U▒╒╦┴КRЫFлАp}ZЭ │kbЗdМ╜.м.'╜╨ъЎA┘ШE╓9╓╝█Ь┘ЛцZsц╠╡0Oи KZв6▄s╨U2,ёТ#Т>│ммeїA·Bг╗Jй?6бj╓E▓)G╦їg├┼аmьl╟К%┼Uy8Ьр╓T┴л╧i)СRшиа Н~Ж·Лa#▓т╞└─щЖ!nё°Gл√#№MXФ3gvБuA╙б╤лЯЙI▌ ї─цe +щgcЧт  Ы7Щ&d─ц╓цTЯ╝HуSbєЛЧх└√ЧbЖ}ёй╖@№e┐уVИ┐Bу╙0>тi№М╧В°л4ЮЕё|И┐Fу┘▒VБ╫iГЦXKUг~Гb)@,УQ┐IcyЫ╠и7╤╪И]╧и7╙╪bИ▌╚и╖╨╪rИ▌─и╖╥Xeь▄┬ZF╜Н╞jcчAь-лЛЭ╗bo╙XCь▄%{З╞cчVW2ъэ4Ў╝Г╪╗4Ў╝+e╘>{jБШЯ╞6╞╬Э╩иЫhdKь\3гnж_ь▄Lш▌kГЇn'Нu@ z╫Bc√!╜kе▒nИMa╘m4&CьF▌Nc╜▒sKп]4╓Яxdюw│├яG┤вjnё▓╥jЇ\╒_╞─ПЛ╟WjО╛Bик(c╘GФ.i8Kё╟▓p·WJч4·у┘UЕхE╦ *HkGХЮF┐ЪYU▒В╝<жЇЬ╛ ЕRTVH1фm╕t@!ОЖQ╧╖═╬Ю3╟╬─мMмGЕУ}gБХЙё\Ж7"ичг└╟2яО96 гf┘(я#s~.г╟ъQэН─╥Мz<Ы╘└"F╬L╦╦Зъ╘yl ■7w#~╢┼ne╘┐W*└"┤╪q6┐ 9/Т╘├╥Fг4тЬy╢┘P╛Ie╥─2╠(ь╥ХHB ЧД║,щw*%╪^вфNХсЦXD/YТхfNЮ╩Гпд╛WЫ&Bzм╜вЖQЧiGь#JJ(]╢ЬQп╨ъwаКbF╙ьъrmм2ы╟`¤ясO b╦╨ДчB s╓жP|гVЦ`Ж╤M╛мН`Є>№╜Ь ОN│┤┬▒дмШQщ5d╩PвZ▌╖Рч ноДP6HК=╞во]РЫ╗(Я┐├║ИЯkхпcNеWпПYш(L?┐вj)гnд╩ЙЙ═' ACU▒Е╦h╩ocЖ!╩Ъ╪╣┼╒┼U+ЛЧВ0 Ожic╔Є╒Ь╩"2¤ЦM;Кэ°УжvR'mуZОУ║IЪ8Я:vЫ:ЙS╗Йу╪ЙТжОг─о_У╛ЧжyНч%q▀I▄{gfБ▌E9=щ;}=┼сrч~ц╬Э;wю╠ь╬юОЯ&╥yЫR.ч7l єЪЗkS└ЯD─ НАЯBj¤-ЯGT√[┐К0Д╨№Ъ `>╛-`ЯААф%Бp3DїяD+C@d┐ э Б╤¤╗╙├1ацў&╬1аш╦sМc@╒W&╟1аь▀ ╠нъ╛*0ўR╤{0╓│▐B╔jЇцп┌ъ1╞п ╧Уc'└ёЮ╖5б{╗╫░х╕ої▌°_Hjs I═ ┤IЙЇ#Ы cDsG_Н├e3|т%╜ъ░┐HMqDР■▐▒цv'ЎBФаЯ┤┼c('С$nщО·є@х│░_:Ъп├7╛hSФ─ф8ыoo8ШЪ И║╬k╔юn№д╓ Сw√╬jАr∙╔DктРiЪ╪Б ы╙ычЦlюzф\ "║~O5/тW╝з╗q ЕЎЙЛ│R╡╗├ш:эjнT├╚╝┌▌x?2З30E─N 1▐н`Д]7─ #Rл[aSQЫ:ШRS?щТЪ▌ы;kЇУ╙(t0"нt╖▒`┐▐?VА╞[хf╙PЕувЩ╣ 0╢╕┼▄4╣pЯ╔▓i┴:╬┤&f│SDZяnBU┌┴XУ:бг┤┴mgp\Clt7й┴V▌[ГuЙ °zCj0ЦT√B╛`(Azд'ЫъЯsБЎУъ▄╪tfжUM╒<мNку╟gqf┼Dр╘КГVє│Рс)О░1·X~fЇ¤"╟)(6Ухyе┐тH+ыФ@>═С╒А─ №3t!Е¤5▌(╗░0/ОиNC╛╠┴zFЗйЬЭc┌}Ег╝АЪ?СЭЗ)GммИЇ╒жj4@ 2L╬e└ГЯчV ╨9n╧▒сkM╒\╪"миь$ ▓_oк╛йЫ4#+RYOФ8№# о"uэ Эo▓П╒`╦-Ej^│█pL╫ЖсH4дq╘KWxы Xьcу3Щ,8рХ^╤И|ЫўSа╛█╝в9SЩ╣IЁ■IЁ╤90eЫЧп▒ь┬щRє╔╙s╟чgSc8`K█9Y)KdT╪╬)╒Ў$мZcS1╓7╞f╡ёbЗW4!▐W╔╨m2╪ZЬRз┘C_'iз╫╛qЕ╬g})ЯМ@4H┼#DСf╝ї╫║бВтNiШёК5$jCдыDнJ67╩Соў┌▄хbb,∙вЪпJє▐·С:fZ╓;nЖU~ д╝╖чхЭ╪╬I╩?!н(JV▐@┌В0ЯЄB'Д╔Фп│:З▄Jц;┼бz;ЖТ╪ПOз9╥л|YnфPЛrб3jU└░|З6(Ч!t3WwЛЄQД9t╣Є/▌┬б+|ЭЙt+З┌№жАЇ6╡+я┴╬rиC∙;ф|;/бS┴ p╥mъRV эvu+е;8╘г▄К┤wp)Aeб;9VЁ[╥]Ь│Oy є▌═биВo╔ТюсP\9Г╨;9ФR■е№ЗЖХBят╨иЄiФЄ╗▐l╣cд%SWЪ┬jЭ╠╘╪8є╣╫█zOЎ╡Ы.ю░zxMz╪[д╛ь4╕┼З nё╟╖x─рbpЛ▄т#╖°иp юъeєy/ўАП<руx╘рЯ0x└' Ё)Г|┌рfЁА╟ ЁГ2у╪YwG(2~Ь8:┘zИlЮ═iыт╕╩∙╟8\p▓p}q>G╗╩ иTжCЪc7Cx7OЬ&О.&дАт╪├А Ha├Иc/ClA*GьcИ+С#0┐Р-трV Оn~}∙Їшл∙e:@Г3╠·К┼|ц°B─ьgД.$░ lОkв{є╔ф╠№╔CЩьм▐=№кT╢╝╓t°°е9]нщп■5Ж╤═3╔тD$Ы[(Gа?pgи╪BСсВ 7╠p|З#─P╟Иd░│#,_╓H Hт8*бщ╖╟ж░6Ид№╛dИ╪нЮр╝▀ї┐А╢╡LP╥╤T$╒Ч@O┼g¤/Вeц`z@фиж[a%dJйбБxjД'╙╤(бШКt ;C7└sвУX┘╣Л╚xМЮad-0х╟+4 ├EТq_*╨GкШ°D"Ц ╞ВмЬШm"╛┴йF =╪?;4HjXцP:SФ╕Xщ;ИЫq@вЦ':HOtcщ"ї╤E─6r дЪXix╡╔Л)0H,CЪ└+T+1СЇЕC╛D┬7BV▒║ёt Т %Вбpdмx"°Хи╒Й█фФGш $─¤_qяЧ>╨╛ЖР▌l ¤]Еv░ ZWХ`╛z !{hBzЭBX▄;▒РЫ═МГ\5Ч+└Ф" ·G┤Ж╛$эG`Ц╡oьж;0juПЭї╬╤*Їгю бQЄtg ¤╟^▌ ПPЗГ┼▓¤у3Уу╫л┬}Tц?╫RКyhU+d╠cI1Не╟hГuтт! 5F╢6 j0┼Q░╬в╟i .╚╩HШф╥q┌r~YцUe;%ЙФ╪RJшYБўКнaЫ$═hWnАq`6W╕1с|Пў═9▒oЖ╨bш┴║НйД■╙Кў├ E║я№bO&d╖#.╠C└д?vтН]|ЕюЗрЁaQ▀XПт!`кl'#¤)╗-ьг╪ @Щ┬+Иш█п3№├А{ё┘╔Bв5¤~╟Kp°?╣ЙРgD,Z┬н9└ыkВk H[╩LV3УЇ┬║Hp p\┼═└┌└}Р°]╢u&№╛═Д╝!2╤ЗЁ▀ ё▐ bГ?┬у└є~O√e╛Й pЇ> щCя█шсKЙ4▌№T╛gd< \°й╟7Q╩р:``├/OРВDБ°6╪У,Ё8$>-сKВ8OА┤╨▌№3` ╟и▒а)Аy╨S)ЕЕюК·B-┴+╪ Й]м`7┴╤╡(2'X'╢рH√ ф ╗жp яFМгл╦Д╝ н╤ В╙т╒\TK85▌ъh═3и╪█АыГPЇрш╜═╒l nРЎЄ:▐[?Ф╚└h'№+G╥Ў=Ї э=i;щ─З!W4+АGh Д╬╜M ? ╚}ыЩИ-b щ┐KР┐ф■ЁM▐/кў _└kX╬VQн_pIc$┌+╨Онр╠╝°AzРЇ/|#рг╤1=нcz\р╖рcя■└▀╧iом%ъ4+■oi5t▐рпАщ+°ХBl╨ЯЁ$■Б @#оNqu╫ЯвwгшШ9>╝ cO{UЁ\жХё└Мl@№║9zpuG ╧+Ж0ГХ╓АIтЯ1ЙOUH|б$ё3LтM эJ|Q/1Ю╦ухЁ▀┼M?D╡]нСТаоНр}╖ tpлhSmюQ№┴M╩C■╦╔╓Є сТ% ║У┼Imлl╒ л▀Д┴·[╜ 1 ╜█¤q╨т жO5ЇU°З▀Н~ О╨+╪aU(┴zА~/АC 9qP№ЩН▄{:└z╨¤ А>"А"·╧s║▄ЦM<ў╥U/мqыVюЎ$о пЩь ШOФ6Їh7zшJЇ5bХ¤(HLNЮ┬b▓╗9ЇL╟ы0о╤DЗW╢▀З▐╘╚PУSЩYь7sp89╦Р┼FЬж╙Сd∙Т╜┼Нo.╢▄╫J`ЄУЇ`1░Р╧OfЛй╔уЩW╩ХdЛ╗╪-_SpdР0║В kQНИк╨Zl1А▓Р▐╬╞▄!▒▐Є,╧▄л╦№ь·╗xцB~аа╟жe~6┴2л╝|ПГ{2b▀Nк▌H▓╢┘ьLф}Ыё й0y╣У┴№9 {Рf┤я▓Шф┴(Ы╦OVИ]/─тр╡/г_&╦ўUe/У:`Y3А╝√P╓d┌QGYЙ├кЪЗщ└tсЖУx/╤┌(Qvч=√─¤tDт■Сю╝РГМhO*hgхvK├aaGU┼ЭwаУ* фИxК@Ь,=u#тYqR<Ц┌#№1■┐ЎЦХг*┴-рS5г8уQхщ▌*рб▄▀6·└сAw╘М П$+\▐#р╔aИ8╤бЪ#,┴■╣К╡гI╚ПЗk╬;z-Ьёа▌ЧpИS]OыKЁJ▐F[Пю▒`LА!Є_l+GCР ╫b╙шў>рщwyGлp2К~╞;·%`╞Г^х= t<\є╡г0K├wgР·+ьНшЄ╝6M&Ч7╫>,╬ ┘[р8╜ї58Y}┐\┌║╣cўoЇОФKя┌Ь.э▌╘О)╢ЫВ├╢┘╠ёщq╚4ХЭ▀V└о█r№ X╬р╞M■╟╣─йув[8Б╕MSNио▀╖╣tRwu▓-Э,2эь"╔[yчo░eє-я┼№ўэ┬4m╝╤э╚╤Ў_I╩╙╕/╘░sJ╬`=▒M ЄNd╞' ─n┼Р╥иэh5!╢aаз╥Г!5ш ╙╤Рў%R_яф├Т- Ж#Дъr%/╩e1r%у╤^цщM┬8TQB8ъыe╪·РX╦▒бa"ыр╨@,1ы╔ф^leЖpJ ─U▀`Pї'|Г└k√Єx¤yОd ХLТ*Ы/Ъ╓▒GЩь ╥щи/RcщTo Ц└к/"Ь:$b╤Xo:джУHЖ┌ЖHuЩКG*╚5e2Ц ∙щ╥ЙL'√ДЩ╚ ]#АА(зwМе¤║╢Т;'uХ╠Аїш1и&√bЙd0АW¤I╜СЪе╥Й┴$i╨┘.ЦNи╥`уhd Т"Н║▓cс╘!_Н ЗаС▒ъ■╨`( А│Рж2k4р-#ё5Ш* ПРfг▒"ГБ`(@VЦ▒╕+ж7ФPГa╚┴▄-Ф$л╩ЇX<е·z╙дE╫оx∙эХHи╛`0A.╙iНR#╨юЁo`g╢Y}rYc ьP&°╩░oнhЦd* hЕ╡║ОI·вС^╝Л╣:X╔ЛТdЭ╤I__Шм7т╤TРl0т№)▓╤мh╪ txжй B6щXВ╥I╝ю%ЫuцDУЗq'Ў^ $[* с¤зн║N0╟цє'╔хF╜·"м╤┬0┼жкщHWIсp"КУm·RjW√╬о▌и▐K%I[Щ▄ ╛Чр.)ВYк╡▌с╥ГЪ¤г1p@╝Йў┌/╞┼.║Ч╪vШГjаyx{геJЬFN╝ %У\^Ть4ТQЧv╒?в╞Зc ╥it№иQЩ9╜ЪКсеzr╒2,сDlА1эZТ [Х▀HТ▌:5Xш78v8.Ш┴╨]╞╓с╖ {Цф(СўЪzW<┘Ч√╔>│guт╬dT"├`иnг╘^v5Т\m╬╡гг+<рS}>h▓▀Lю╕jЧО|НЮ< ┤ЛyE╧2МF╟ЁUpъЖR┐БкЦ▓*▓iФ`E,ХaЄР/.&У ┴TС+6p╦x{о▌╥v-]ЪС├l[ЗUюьфйV>╫╢╕Km▐Z┬цщnл╩v3┘eЮ2╥О╫2╘\╘╕▄¤9\┌avo n0tи*k├h:АJ,█ko<`Гzl;├▓l╧├смe[ФлQД┤л╩ё$КТn_┼й~╤╗5t╬Ї▒Ь▀┬П╓╥НК╟))лФZZgw7┴rjq:ў КnДЕ╩^ч>чg─╦ХMOЄ `└Д═C%┼щyПУ┬^├∙eфя┬ ╔АpщUШм▓ЫIr^┼N╒LО|'╒Йкй`║pcк^м└н0Е[╢6Auj;u _╙▄▌LH]гОь tss─ГE╘╦мЇ^ CщНН╞ iвФеРъ] ╖▓СИY┘@P*!л0AHЛYc`╛╠CMu\▌d╞мй1Ч█*ь@╚Zр╓▒ол1╘k=Єa1╕1╦М▒╞Ш╪Tj.'зlо╤Y єn▒╟~'╢nЩkырjъхкР~гт╢╒╦▐╠.│и╢Fю┬Я╢у╦"█╫┬┐╞v│x щ╨г▒│╙рМЭЭ║·єж╛╩И┬L╗┌ш5═Ы╜╝╟√>?│╚nYЧ┴╥ЇД▄┐ыо│z┼ я╣√,%я}°й√╜m┤,жХ╒fЯlhБюNx╡zЎ~}оИЗч╗F ЭKh╘cи5╫╚чдщ&$·/╡Ї╧¤N╠3ьqbf╝|Ъ+(УЪИPg9.qзЫ╩2zСЫР╛%D!9т<╫тА1┐`ш│n╢иfA─pУГ▄ЬД─JН▓Ф тzє(╤Д$:ЩкI┘ф ) ╨╥m─╪шн`О!sбн╬N&їРlЁлa│╟ЁFAЩ▌═YE#r╪А─#yF╩е∙=!G (& ┬0мЄбо╨gV╣6║<▓14Ы├▓Ан<┌╚KuLЫ╓mэ╞ оh1л ;Юг2`:╡шV▌Iz=е▐с¤m= ¤√OЁ{ 7IУ╧р$Д■_g)№┐╠Я╛'█ ∙е.└N╢хччЛ№q√эЩь°ь┬─фo╚╛=WШ╕fpуJ╙DР╥ а▀c╤6Гoй8Щ╔fЛ< У>└o╦└ фЩ╧Oтz╩▐Й╔)тжйbaВЕт─lц8OOцєlя Ф0Ц╦p\.?│▌BqoКJhШ вШ|╖7 ╙%╜&є┘1T╩ZRJ█╞Y╪vб╦щ,жТKu┼ЄD}╞К3<╒═nкl╦dў│цУ)й▓hўтд7a╬MmM?Че~ЩJ▀вTЦъ=OГ╝╥Fхъ3ЄJщtЫ,┘жхfА%█WJчzv~╬#╫B┬VДЇI┘╔ЪР╝Z╢┘шY┘.╜С╩оYЖ│Ї0Ьи\7 ╪П│d=&?uX▐аI:*╦ї▓фСй═ ╥▄╟dI··SП▄ИЕРэ╢Ч=▓╥v█s▓╦F(╩&=eIЯ╙e▄ЛЇ│Вё!d┤Ї▒Eek█А<-7(!(ёr5RХGmRўgeщ└VЛмHchФа┤Z▒╛╥Ф┼╘ФmЯєX%y╡tсiBхЭ╘j~е:├╜6 ╠Nщх3╚╒яJ╡M·Д▒щ; m▓C:UФ-`1м╛┼v?"╬Ы]z╘VЄа6gБ█!}cБ╩нТcXоТPЪфlУ[!УBl┐'oDЛ╖БJw▓vРбЪВ*█юў╚ ├▌.пE▄Г└6"╦OО0Ц╒╧╩Є)yuш=З╦kчw╔)ї╦ ╥r У▒ПXмЦ Й К╨ОТ│жY8 Wб╪n└╢╜|Тємl};`keO?└┘Є╣Е >╔─Xl╖Б*Юay╒Я.#╫H▀%`p8∙* 7AЯФЫЄ└╖LА№hєЧX╦9Дd┐ь█Z└.\D√(╥╦┤ёИ│I/вЙ=А╞╓│IXj=Ъ▌&]а<ч#ЛЖS╧0еRоЕ╙0kZЛm}Х√ўoб╟ф6·╥@3ШТХ'хi╞┼3╜ пєPщ:х┤╫n∙й\3╘гZsXlяЦe *QЖХэм3Б(▐Pv██нVщБТ|╠КDщЛрvщ√фзP├├P╫)ц█PбO▄вАTє▀0 ,╧С┴░и┤В{╫╫╦uвзV▒єс]Ш╧&UЭ]О· zЦй╘╧·├╓aЩ~▄"CД╟XAЎСеc╛с╞▌°|v*3╜=││kD│╙╙Х┌Т№жХE╗=)¤М╨uыжG┌·зз█пОо[gб 4╧КЩ}+┼@╩\ЪЙ"+`!BЎщу│█Ё>гИФхЫЛЦ ╖cчЕn¤├oЎBГЭjн╢+╤2Ю¤L√<о╘╨ж═.AW╗хO.%ф┤ЖSX█╢╒"╬цЭ8AWП%шR╚M6o2Ї╗▄┐cё╗╝яФ|о╓;м>╫Ц█eЯл¤6Ы╧╒їv{пы<Х·-WЧяiW╗я╫▀_╗Z}_ry¤╧╗▄■P╦▌╦ТM·Щ╖A}ЖA╜▌╝╔╔L7я,z щ│/┌ён|Ц╧х>kё╣╝╖JYЧ√)ЯK∙+Є·S╒Ьк╜┼2А{NУ sD█ czс%╘4В√╨ NТ╜Ah╣ЧВк╣Iь╖к°8н*╛т:╬6]ЛЗd}│Щщ,~3Ч d▓є∙ф┬ё{\[{8\ЭbЯ┌-|63Ш╔│ЭзЕNьЙo▄МЪ)ж{"▄ЇO╬╩T╗n>═dпЯ╠Чфг!°nz╬╪s=▒Й)лэЖRs┌vи╥╛kуkFuп-┐▌Sзз&┤\М╨ЬU▄м╒фТ╧Ё╝i¤s ьЩUёDnl*єу╙lзпlЕ=EcЪЄЧtЪ└ЧX░Ь1▄/THЄЫ_=л=бЬ81ц╦NаЬ)yГxMApv╓№ ` i?зеk┤]у$n[ы│╓2█="¤иg.F╥е╡в>м+JK?a)щ yС|йМ╥Т,ZеOСЫ╧¤{Х╥ъ■МH|ЯЦy╡Ї/╡Эа$NEй╡%ЕJцh┤ЦPцBXДРЪR╬ФЦsE)gъbъщ%м╨┘LKo,5╧╨ы"i)I╥Тї:Chi╡╠f╢а╠·Xйfи─Y"JеUqлУСm лPЄЖF╘╒ш╥\KЪI3└{┼┘AJА+╡лр^вжФ°+ШОЪЩP#НнO│;TBKЯ.eMV*QЩМ╘WQh║2▀╡ВxgЙй┬"Д,ттrLe6MU;)РЭn&ы4─═e┬-Мpq7ЧыafБzШnй╞╢Ц├з╩ю5є╪▐Ъ0+╣я№тТ!рBйЯ[K┼╛yN~uёЮНyЯфїy5рххг▀Л┐щТ─°єZ▓▄wVЙф■х║!цЬ╔y╧Щє2deю┐_*я╥: ўя?█O[чi^t^Ь╤Шн&0 ┤и■АИ▒КєўEП■е8юЬчq╛WЬ╫╗3¤┤▒ыВ8Ыc║∙хЩг╙в┤4 Ф└g─yNЬє&9oU▐ o┐6Ў$~ёАР_┐ ~@K▀ ┐ы─ЩТV"]─ю&№Щ9╞├0ў|Щ Я┴IT!·yЙ╓АO|U╔Є<bтЧрAПm╜╧V|\╔╢╩s 9╕ж╬°Tп)~└щ╝}∙\wP|ъЄ<°$у╜Ч╨Ё9|дКъэ№mdZFgЎ3№╢ФtfKoВ╧{ы0м═╗ ї· ┼ўгш1╪Я║D-ъ!qпA├M|├эЄ╣·-°"█хyn░Ёk.e}╬ц№%,Ў░▀▀{ лBт╡eфhyo0Ф■П|QюЄТё╣═▄%x$|qюЄ№ьf<3╢е╩·╛Їo  ─] pWu^¤╪Цd?█▓м8f╨А\Eqь─%nF╢д─bdG▒х─uЎн▐[=н╜яЗ▌╒Яёд*їL╥РtuЗ╨║н╥Lж5 изMй f├дрi=4эFS\43ui:d└%=gя╜{ўю┘╖√№P╙ЭЙ╡√э┘√Э{ю╣чЮ{я╛Нцлр┐жЖ°╖QЛ?mb╫√2├ DПfЎз╒ЧycЩжQ▒5\fЭ/╙╘W╠fР╔╢└}_fw,╒╗x9k}Щl;УGўШeЫЁ╫Б ~∙Цжr3ЕвU*№Z╬ёF═ВUъ╬б▄эPNзпiз╓_+нdzДМ╓эЩ╙Ю&ЮBv┤Й·hw▐Ё °Ы╤Ш-ЫbJюu]№█  -п&3═ к└∙2_жЕ╩TШ╠И╞айбГЧиh╒∙л Л}бAXм8cT*╠L№и8V╔Э╣5тt.V  ~ВXм7░╪G┤└Y√[lZыа2▄b╢V▌b▌WHkеd│ъbКп>2Ч|м╥▌у  ъю_ЫЩR╠Жx№╢рr┴ЕЮ C ]g╢п(OЭkY,hЛKA[|■]б╓Э┤Е╩х╦Р╢P█╙Чсm1зе╖┼M┤E№╗Т╚бЭ;W&x/п╫▄rQ/"╘лSйWDЖ╫k8и╫Z╫'╗D·ИИЫфєYн║ЭЕ>є ·рё|│╨'╛чRЭ╤/т#Ы╘9ж▌╣╬ХЭЕo<п ▀ИСйHц╪ъР╤▌whдыш`▀68o╤т}┐Я&╪GwM╧p Ує╦лўSaЯ∙└>t°Ўщ╒╥█tVKПcч╡t√\╨к█G╘╜sU║п.╘рл7Wпъ╛ЪM╨П┐j·─√*_╟6Ub▌U@f#фt^Зj╒╕╖0фы_ ┴у▀бЬ╩Кш°%эєв╞Zе>√╠Ў╔P▐ю Zz╠╝дUПЩм_ їя╫кў .╙╫Ы$├╟┴NMXu?н╗_N ▒мRО'│ўhк╠╨▒сtЩ╜╗Уd<█э:vьX ╖J5q^M?о╓╨wfW,M▀Щ╫╥√╬т█и╧ВЦг№╢ш;Ж^Ь▄^}{╡TЩ┴c=щ2{;dЁЁc▌ъД8_4╝q╙qfWд╟yi├7с▀╒к╠R┘РўпYMш▄█@Є1.kщ1сЪЦ>dУь3VqL g[к█ЗЛhБМ┤X╦╥ММЙу╓X╘╥G╞ы5Xc>┴AF╘▓╘╜)бw'шГ╟╧ЪЕ>╒G╞хhШХ\╞G╢ЄТ`╫а @┬Уs/█@ж▓*<Юю[╞F)s`лН░x<ЖO%╚PлЦаN╖й╗ л╞Нз╝]j·PПЕ}ЗyT-З{╘ нЖy╩Ъф№ $iM^s°╚\╤┬Ц  ├н╤╟╩AоуZ╘├o╞ЖW\ьхЎikЎбs"aЯ╬ЖЇUИlВ}D╜▓нK╙у╡цM)эї├eBЯфёBъ№хЖ_e╝╕ое╖EgC┬Кў∙+Нв^8;Zе╩ЁЎ┌▌Р!Sьє?аHч║фИЇОхLgщ╧└S∙u8Э[О?╥в╚XpЪ╔Дe~Р∙L┤_0}Pч╤╞_%╢·yoDЖ╖┼╢а-╢Snч■└╬[h ёуFk #╤·Ыщ╒чц┘Жъ#м╨'╗D· k5мo·╨╡gб╧|В>x№ёrбOї╕Кc╫еїa ∙*z╘e ╚ВВ№' =├╚JH╤* ▓РE┘Hg[dб-ъл╥Ж▀o"є╕Ы░a%бMЕпО╘рл^рл╕Bz+СєcBТoЁХф─JЄШq╥д:} x·},R65tk╤╝ПoБ╠у╦XПijhгЕр·рn█w(hd╦э\┘$ь╝Гъ╝Dv╞уMl},i?ўApўГэГ№vl9╕╟!v6X№Q╦v■╜fag█-фr;BkЎ┴┌┼жещз▓юЭ▒:cЫ■m╨ж┐hНоєуБm·GAЫ■~l9h├м&lИ\1JA╤П,э>[ОW╫ж╟▒Ы│Oї╕:WK\M╨ПУ+Д>╔∙Ж╘∙~нZюЧ╒╥█4Ig7fk╚¤k╚%цSъ~C@{ї\bмb∙╗%A╜|ЇIМ┤Ы├єЭO2л Я├°▄F.Т┘F╛HVA~М2╖ЖС╖щщ #mРВ-╛;М▄Hяmaд╙┤ўЕ\ЮZTРУА╠╜?М|Р┘ДСз╣╛=М№)rэ єВvс?=nW█Л°F╠z┬M°╞SБo╝Ae╕o╝°╞%НE╟РМ╪kk╛Б%>B╩Є╟Э ∙┌чЮфр+ ╙│'<.Р∙g@оьЙZХХМь5V[Ю╒Ци╟5ж╧F╧7╓РUолn1]/ф╜▓б ▀Ыl▒В5▓+D9╒gЇм┐Х┴ Tu^*√poЩk·V}п?иW├▓Ём╩>vЮ┤╣Ё14є1▄┘}┐*#ЎЫД┼Ў╟zР?$°бы9%█,i┘\ї^╪''ь│Н╩pХq╧.u▀su ceS √▌M5ьчfк╫}*ч·uЯлбюsA▌▀√^ў╣ъ~бЖ║gъ╝▀"ъEkAu╓║-ъ║╗kЫГ╚.╗)Вь|╣!В▄u▀ЄсьЧыbя$ьy┬■a  a┐R√V┬~Ь░_$ь=Д¤Х║╪;√a┐@╪▀C╪ыbo#ьCД¤_}й8ъxхйЬ╓9^┴-г'ФuдНА╠)2яфL хрtYЫ/ДezV)їя~ k4kb;OЄиo╛│Я┬ч╦gГ∙r/Хя7еп╧'╠Чё╪ГЫlу╒э<Х;G╡╣qe/ЮZ Р Ў∙n∙M═M╪gоЖїДлБ}b╓m─АMщяk-ж╪ч0╓╘J_Ka2X╬;5▓ЖFъ^}ЭнЦ║▀hJ EX[s ыHыУыЮC▀8Q▌7╞НR▐6й│П>zКy╦sАdD9>ЄнЄЯ┬Ж╖jd┐Ы█p^6╠Pb├ъяP57з█░│╣Жў┘Rl°cиiчЙъ■Г╟гИ5:kр√yС7╕╕5j░╞| ╡&░F╠[Фтm▒м1ЯbН╨хzК5ZёїБЎЫоЎYнUыqЧ┤V╢k░╧╓цЇ╒╦сz▄bК}▐ПU9ЩlЯ╗A&SГ}X9╔Ў╣в-Н}:k░╧ёZ"╥Жd√┴║з╪▀pям┴>Щь│и-Н}║j░╧x Ў╔&╪g╝dёН ЩYНyу%иe(√▒%и{М╬╝ю╫╡ЇС:▒ю,п█╤&ЇёwЫтdh6╕+Agк!╒'╚EI.zНфв¤d■uОоЎ╘┼■ a┐J╪wЎ'щjO]ь √9┬~#j∙╗Ў,√y┬~Ъ░┐J╪▀$sР▌u▒╧Ў_√q║WB╪G√E┬■|]ьGщ^ a"ьч √B]ь#4g#ь¤Д¤,aб.Ўa║SC╪ўЎ╙╗╚├еМ╚├CхИ7U▐╞<\·$фсд^╗■_u▐y>╨╣zN2╘Ш*sўвMc╛фCъuS▐rЕx╦K$FuС ▀#9v}ьЧ √┬▐F╪?,┘∙пH>╙єе,│Ф?&9╜Zh╪▀^oгoр1╖:╠Е3k*°' │-a▐Н╟ч@╞KЩw_ЩWоъ_ШЩOШЫы·t┐4"╛Ц└Vъ╛ %/ЄзЄ "╬3фЧАИ}jЖм5Е?3ф=|щ┐1@vЄ╫Щ!¤А╝дФє y9╚UЩ\#╟nЖ<╛FцQН°жещ8eg1xяП╧В╠A9║]╬┴|-d╓╚╒Ж|Н╫beА\dxE╪> с╦Їjo╜хЧмO█°Eё=&єЛ5r╘cHKл№ю C▐┘╢╝Ю3з-p▀l>мсЭ ╙█"dжrо┐OtIйщ!NШ>╛ ╔ДС▀с2Т¤╙нbN-╩yРsКх┐ф?╒*чхVц╦yн5ZўЯ╖╩QЖ█ъ┤_Сi_╦╛к─,п{╢лCO▀Ka2ўмХ_у▐ИxOЖ!ПоХ3)^w@:о╙kхZC>╚│JM?│6ZЛ/rQС∙* ╫}■im╪[Кf1WЩяб л■ыZVк┤№ ,G╤зuЭ№^oўuЄW╪ d8ЁДвaГGk№н3┴urЭ\НлЎ╤МАзЖ=№▒ur■┼Р'╫E}у@┌TOX'WЁЄўывqу:Цгx]KЖ¤юF>ukЖ¤ъI>u; mJЫ~0#╓[D╜╥╗,№╘╤МЬ├2дРС_╖рq##┐│─Р'Yг╘т│АlSd╛ШС;╬ ∙ Э-av▄пы jaМЦ∙FР╨?╩╕а┤щ╓Зї╤ї╝mы║GZьЮїZ^/3XЖШых/Є1@цTў╦щ ХГ╗"│К> ыгэї @║ВТs▄╟v+ї·■z═ўи╨x╚е {╜№ЎCVАзЬVd6ЄВRЛ.@v*2wl√╪ °у6EЯр■PЁ╘a█4С╣вXь├Ш┘Eд-Лх╝9пhX▐└ZFz┬cdЮ└РП▓U╤Ё@о(\╧"▐s`╚Ч7░6Х╚╒ 2╗Ё#дЕуrП┬ОїюQ╝N█╚Ц╚║НЭ├╛wc4·▌ HптG╣жЇJ№∙╣└оU(╢xЧX╪∙гЩўJЛ}r#SЛqсяr┼ ў;S@цМbН┐Dм╬qklМ┌ЁИ(5mВщB┐b∙   СЇ▐wгМ┬їАМ(O}Р^ефгАlWdL^r(f╢1;Kл~РE┼к▐╞Nе>╚ ┼╬▀kУя1ф'mтэa▒7█фZC6l╥° ░Рy 7ВЪ┬╕ГCтo_ Щ;@&п╘лw╦1еЖGQ,fт)╚щMс╤П'7▒▀¤Е╞ўS,"Й╚C9F╢Lx4 <╡U)∙o╔(~e√5ЬФ∙■жpщў#ъспГМж┤Ec╗\▌eH{╗xL╪ч6@║о;┌х^-C·┌хЪU#╦Я цТ¤(╚ЬU╩)╖у┐ЩРЭЯhПОD╪╬Їх9ф╞#ЦЛ╩■ї|╗x▀Oш№ЧАlW╕╛▐.▐╩2▀dA▒╞ПiVуs╗▄uх#їf╣6╚РнАь ╕╞*жЭЧ▀ю96╚z▌▒Щ═/d╗▀ ╚Eч7│_J─фмRўi@▓ rР╙╩SHЧRпч6Л7сЕ5╛╕Щї\iНo▓D╜dNбэgо┼═тW,gl╩▒щЩ╬~■>V┼1ї▄O`?йьъv╠▒КчtЛч,╧Ў▄╝SЎЇ▒▓У3У┼fJ5H╣х4)ю Q]╖КF┴╘G ╫Дб+ЎqгR╤╜ЩК Уп╚цсЪ├yх '┴ ╝ a}ЁрсС╜CCz └╛#ўыЎОь8tИ┘у,(в8нсxмe#∙ЄФeчsЖУЗЦЄЁ│▄0<МтTk╜dx╓дй╗ь>[,IВ┐╟ W╧х╝▓Cх▒═pbП5╨q21j─╦М[╢єцtотщт}╛Шкш║_ШYЪд╖¤╡н8╘ИAнXY╠-╢J"╞▓YХз┤+J:╘┴мxV╣T╡№єЯ┴wIў_▌[CWХ▌0╥╜╒лpЧЎ{1Sт╘йSjG╫їB.з;f┴rбы*`▐$p╛мьЄиaыyhpWAr>Bl┌7Є└!}hЁЁt*l: b┼)3пgt;W.M2ўЦ╛ВkкыРB∙▓╕╡ *Є'││p▌_ДЖrNтч%¤Ж└╤█╡▒█Nfи^1н;w▀е;%╧*ЪЁ8Ш╓└вж F█▌Cksш╚┴С┴·ЁсБ#¤шЗЖшc╡8╪O├F╥z@├ВШ#▄┬їО╕жsо'РБ№~`!T┼╒╕┤7ю`╜ЇУц kию 8,╘'t?чjт╢О_0А{·╘];еАС╧иК&Sх│XЖр}D:t}¤!) j bм▌бV╙я│J∙с▐.С╦}3Щу▒вю7=~у╛▓│7ЯwL╫Н╣┘WЖ6НФ40mц4Фq║╦%сГе╛ ╟1KЮ/ФkЦ&Кz╨╣lk╘1Ьў╓$│Ци└рmдч&╜╨ХЯ:╦╦)╝ЖQ╚НИP(|i!ИB`╨б┴JF)tg╚╗-╫1№h,штykZпФнТ╜5fЧ ЪН╤ыBШ╢єх ьВ┬f№Ў█I▌_f╥√wьЕ╦Rф3 1║■СЙ28ЩПУ~CВ╦Яp▄qk╠уt.√ФБе░Б═?ы;╠№Ш]ААзH=gЫF b╝ояУъT`ж Cя┤З ТIЁcA-9cq┬Ў░я░+k╟hчзХЄ╘о╨еV8Г;╦[cc№ttЗ(/ФQ='D∙╧P ]А ╗ё╕8ъП╧▌;48єo╗ЇцЪЬгЯЁ▀Y`A яЯгыVyTЫ(х4╓В╙йЯ^╣ЯМD╔╖ГаЦTD╩m┐Щ№ЭCЮMє ╜В єvйJ ┴o·В╒3&)ю·вёЩdў╘ёRgIюIv╗"cЁ▀─ХЧї╥C╗я┌╡ы╬]_У$╞а╟ДФa/G┘z┤Ос "4№{Z▌┤я▄б`P>Ф1Kk№┬Ї■╨8нTJф]:║┼Ду╘4s~├яQГn ╛╛├CжС▀7уЩ╙┌a╙;RbMХу╘}Цэ∙г>╚ЧEё!>ркеdЯ║.├9c╚p╜Ц─O <@du¤╤ЮУh)є ╢NП╤┘╚Б·╨┬<КVr!У╤╦cX F p╦ НыPЭ █╘- └ККїC╡№▓╣3i▓ВМю▌ЙQwлиOЪОЛ╛▀d╪)зэP#bй¤ж ▌уЩЖU╞Ш▄гтУ6Ў([■y╚╙ЎГж3h`┼┤їгшtY@>╟V ╣Ы┼W╦ЎеOцЭ▓JШПыvепШЄє]Тb▀T3IЬbr├┴g─v┴ !╦Щ└█гоiЭї-ь"#хЗн╝┘NЇА>▌нШ9k╠╩ЕЄ╣╘МSz╧╕iT┬N╚уГьёSC┐uq!╢Лу*o·aШнГOiС ▒h╙Jд╛&cЬСч<ПМйx╥┤=u┌Xk▓.ХОEBw+╗б~6АC&йA╥╝=2Я$ ╤IМШж@п,ФКР·кЁhС├wr╟4\$╞n╤p|хЯЪ тт▐╡ГЕЗH■,юV╫2╠И,дЎb¤Б╖dо"╙W┬╝|ё4.ишШ%`ї зi8p>n╠т=ЙЪ╢Ж.kХfBщ 7фd.g;Ш№rCЄ╢╧EКН_ aъ╞╗ЫеВjUЗ(AеЎ ]Э/║У(^(Gk┼xi ,╝═╪&^d└ГX┴яЛ°3RВТlm\л[ЕР!}ЯГ╢ВKЗ╟╦SЕwр╙Ў─u▌w╞И█#╔`░L@#Зb▓░ў$=OA`╠ЫьЗбШGxЪ├▒1W \пhТC)┐╙EZ9bI╩Кк,5ЄR°Ъ╗Ъз┼ч╡ё ЛCдP╢UJ└xUВ6Л.Dи├O8wa^яЕь!є╕ 'X┤:tFh╚Bк╚JDгu╒G┌╚H╞є═p╚Кд9~┘╪╞╨LEнZЦHUТЁсУmвkб╙ъ╦д▒ ╙RСа│·╗юСш "▓$5бW'u┬яY╪їa*Я╟9Нm\┼щВ╪Pu╓YєI╫;й]y`U╔°` юЧr~23│ся┐sТШОw╨иB6e║╩З■°LЫ▌гЦ ес■┌'и║╤YЮОмK╫░;▒u╡┤?}┴RY>Ч╜ЦїЗ   PKВ·Т╒╜РЦwPK-/_▐V unsigned/%5BContent_Types%5D.xmlМР═N─0 Д_%╩5)BmW№▐°9,`R╖mтDIX┬█уv%hЕ8z<єНхnS╜L┘ъх╣jе@2a┤4ўЄm√╪\╔═╨m┐"f┴V╩╜▄Хп╡╬fЗ▓ Й7SH Пi╓╠f╘m{йMаВTЪ▓0ф╨▌уоИЗ╩Є▒+JqwЇ-U╜ДЭ5Pxнkує>╔е╨' Сц_ыЧ V¤tДo■гЇ@гЄ╣aй*d'╠хlН0эЕЦьИтRy╧Y}├╬[╠■ в·?√}ЙxИ?l╜■z°  PKI<█шЩPK-/_▐Vunsigned/AppxBlockMap.xmllТ]oв@Жя7┘ `╪K│╠ атж┤ёЫВийаЦ╗С╧Шб ф╫╗qcЫ╜<'чЭўЩўЬЗз:K;чарДQM@":їШOhд О= н ^bъуФ╤@(Ю■xз╠K,ЬwZ=хЪЧe■ю┼AЖ╣Шп`ЬЕеш▒ р<пБ╟л,├╣╨╤1ПнаМЩ O\UХX╔"+вv"╨╛▐т№т1ю!Ix|ШУ4шмp╓Т╝SN"°bPBgKЪ╢7ьг^√Гe нХлцї╙Oв┌╔ЁЭlx&Л┼3{уЖd5г4┐d║|yы├05'ыН3<ОVЗххxм▐Т^щN еN═!tцj┼│·нЄЮ-l7Сж▌d╒Б╛ЪzI=єнЄ╬г╦Аўнє╤)╙рАHQ1:ЯїВ8┌йЛ]Ъ╝╓7Ў╛l╢юb|Jз {_ЬўТэао▌xй√║Х┤0ч╥Эi╪WоЮрЪ╬ЧМИ╟иШ╙ш6┘ыї╒╗xdї[<╦хВe:ъцfQ╩┤4)█░ ЗЇ╕/ыї&ФГ╥%■ЛLдщk9│Ю╖|д╧|yр;°`╔Жб╘зhг{cl^║╧/Щ1jI K7j╧┬┬ФД/┼v╙7J$х√%Ў┐Qт*Ў▄┬А ^└ эНW║е$n╖{Сьa▒╗wЪ┌XЪxIю*sХТgОМЙ╛у╡i7;;tЗе║N╙<╟цЦ╘щсш.OE╛╖S№  PK$╙ыd5-PK-/_▐VAppxManifest.xmlЬT▀O█0~жЕх╜Ц╕Y5UI EBjY5<ўЪZ$vцРюп▀╣MJК╪S%╣;ў▌▌wI╬Ык$╧`м╘*еуhD (бWR)їn}·ХЮgГd╔┼/`@╞+Ы╥НsїФ1+6PqURmї┌EBWМ╫u├*офмckэ╒К;L└^дZщ;╤iъy¤!4М ╠xЇ @мПe└К▓zпFЖ8╬Hс`Еp№QЦ╥I░4├D╔ї ФУnЛяД▄Ё Rкн-н,BўБNю╗б|О╛D#╠рdщKi7`R:K√с▀асU]B`6$∙MЪГqr-w0$?~е∙эЯGgЖdЮ>pc∙╦Р▄ж ■G?KNЦJа7OЧєР╙h╓jsa─F:╬$█LbJ╪оМиC:░┘оЪфR┌║ф█PU╢╪^╘u┬·ж}╨бЦуш\W5W█Д╜ыoёq>F╓б█Yя│Ї√╨╣.t&ЕVQнКДэ>gvL:∙ V{#%t▀d╬UсQ∙)uъmW3;:АМjP8Qё┌Д;n pЧЁ,\ёJЦ█v╠{}DHЎ╔щЪТЕTЗYПq╨╤8>O┬&.x╙zюPJ░ъ№_FУ│рo╣╝═Юф=╣╡tЎЪЮ<у╒Х/╦;унг-▐█у О░ ZB"^╧DоС╪n╬Ф╠▐ё╟б╜ RГUM╨3!3х╠vйеr)m╖$Zw╔{АtЯ│рОNяеї╝ЬХPс╞╪АC╚w№&ь\оKНыЁ)ЮД ╙ЬЇЇhС└+Ш_╡╤ЩI░▀эo╧ `[╝ГFR┌iц╒╟M┐q▓╢м╟~▀├уЦб▐Ў?╨ь/  PKJХ╟╪ЕqPK-/_▐VAppxBlockMap.xml╘T[sЪ@}яL CЭrбУA-▐/%MзГ╦+░аЛ@ЄыГщhМ╙&yh·╕╠~чЄЭ├^\Хq─фhKqBЪм╚ ,ГL\L№&√═4>л,C3З╕NФ╘dI┬^]~№p╤КОЭФйц m▓AЦе_xЮ┬┼хb ╖ M╝МГI╠;iZЄuA°╒~,vRЦщ94г,H▄уpQ\!q╔╓п. "/╚|Е^╔∙DзЎЄ┬└bоЭ╕R▓#√╣*╦╠ёCїMSDP9y┴п│\пfЮд>ё5Y┼65нUWы*ьЇ╞b▒ Бс┤ghBи]мь~^│l0SЫPI╘╦┐Тrc▀Ш╦]г#A c╖wЯєx╨ъ/@9\зэPшЦЮж-П@Кж╚{~ятЕ ┬е─?▄@QOlHъЩНpыЗ3╦_-oЛиРж#╦╔║S·Э \оfЖРХ;D█жN╦п═▀3╖╖╧ц@+╦Ъ╘8]Яt╞[Sъ∙э4═jЕэB├ўы·lR^╦╤X)юш8R7ыб.n{■╝wz┼;vЎ═╕*цГQ╥д ЬI░M4єW╠Ыл▌._╩└ ?З]{.╡G·ЄF1)нЄ\╖Ц·єт+#плy#╣ё╧╕{OПБ°Ї°hъ{;!"┘Oє>EЇ╟i└▓аЭ8S╬ ╨а3╖ч%юж·┌ kГЮх9ўtиЩ=-╒ &5U_lМp╨ПВъТЁО╢ЮмS1к°j┘╘╝▐ж}┤╬mRb,Еmk╤╦}╚╗33╠╙аИ╟У\[┼ф╣l@∙C┘▐┘xY∙ыНч╓/  PK{vDХuЁPK/_▐V=3ъ4т[Content_Types].xmlФТ╧N1Зя&╛C╙л┘=и1,DQиЙ°c;, █?i\▐▐Їzь╠|▀пЭ┤?ьl╦ЦУёоцчв╟:х╡qM═▀'П╒5gЙ└ih╜├Ъп0ёсрЇд?YL,╙.╒|FnдLjЖТЁ]юL}┤@∙@═бAy╤ы]JхбгККГ·ў8ЕEKьб╦х═M░C╬FЫ╣Usб5 (╖eW┘д¤зk=h.ў Вk╢╞Ц Ф·~"t2ЧN Ыкї╘~A~ЄO╪С,х ╝ф-GгС╜Bдg░╣-o│l ╬L1С╪┼ЙЎ9;в╛k╜ЪП!№C¤Q сШ·═4hQДл?nMдцр:Р@БyНO┘┌DC+Сu╟S┬▄$Te4╚ї|  PK/_▐VcЎ$┤о AppxMetadata/CodeIntegrity.cat╠V{4Ф[▀w^3╠┼%╣$фТ$╔фТ╖У[╣* &&ўq╠й├╩ЧK$Э2Ж▄вє╫SжЖш&кГ\║8╔ С∙B║83╒*з╒Yg}k}gня} ╪k?√┘{ Ўє№~{?АE$`E╓е╪д╠С`┬a▐aБa▓ aE|Rl`*E`!░iмИ&FaЦц░▀ДD,■гС├иxз║╞∙║Щ╒О9ю∙uP╥T│ IGшы2`гЮ;]тОм зБ─гиТ╓zжс·D┐ТНЛ╩vLк╝юл'Ц║╗q╙Т вєоЄr <┴РС|ў╔В└(┘╪┘%1А╟ BZ,Ё%qЮ┐▀Є ╫:tyВЎn└щъРз▓Ь▐S еG╖zMСЧ}╩с╦╤z@gЙFWE"фэА╠б(■OGPqВQв┤ ╥З6@:qX╕b└┬Ьс╙!ЧГA`Yю%Г iЮ╗░р╞q*Лoнюъл ╙Ьє#╙`?є╗╚ В┼╕вXI─iY H :x"1,228ТъцO%+EБЩ@Ф▒д╥гh{h~Ф(ZXиТytT`ЭGчsКяБ!т╢ЗЕE)YЪE┘РXч°Я;ЯГ·K║└ч┤│,Р■░│ШmhХBїзQви,Xeщq∙i┼░`1█ё ЖбБ╦ Нж7мб▄+Л╤═╝3░s▌НЮ╖─Fbи√;ЙГSl-┐л< ▒ХЕ√bn┼С'ЁШ▒~q╞9ЪE└~хр╬ФйNvO,╓,л∙╘Ш)╧╕н╚М^:P~╧g╧°JN▀H┌ч╕1СIЎИбГєv¤╓п=╣c╛?j╒W╛&еtЯ,╨ЦkUОТЙs▐¤zkОOrМ╨m╞щ5оНЪ7д_9╢[/-ё]ь1oJ╕пCХзУТ№эёЗcg╡взбx▌в;╤&юЭmEr7}║$М┘Zм╤їpaвєqъ═Ь╩aЬ┤Л,UєRфd╞¤ Эо ╪ў╥х▄м│║╠╢фpF┬ў`2УЙ`°,:╡°Гe№*H┬Ё"* ░№Б!а ░Йв╥шЄG ═ЗУEЬ▀зУ╪Гw}в╨ `Х`XхG?a∙оCС╣G╛с=P╟Сd┐VAжўя∙а &Xх╙1х тa ╨ШCG,рMjурlokf╙*Ксw^BЬ╥PZ2ъ╟kM{█v│YНfLЦИx6У√,=Pг^цш^sЫ9█>ЬX▄EU╢q█L┬-╪№БЫзюjЁ=Й!ФщК° ░~╡Zк)o<▄4М╦nоЭQSъ▌j_:4юA┐?Wё╠5╔n╥Цс╤лТ!У ╡|╙фb▌▌ksmиIj╛┤уў Кф6+ї▀Єb4ЖвлОXЇЬm ╔║&,ХвтЮСЫъPF┴-T╕dяeЮЯ:V{йUнF╗b┌█э╒╜|▌d=}╥jЯ8rIsд▀═sЖy┘∙3ў╦TYSьntNЯo╝╞HTМиgє║°zЭфы╡яг^╡В╒▀!Ы/К.r▒UКfГeWой╫^5_╤нYGўУn ■ aРtДЙтЎФ°░E╔Й╬oB¤ия_/■ОИ▌IбGRЧЁрb,w8СЧ┐з#с3x*Yи}КД,-╗t3j,%$<Ш║┴/,фoU▀tю┤Б▒Єvy╡с▌╗?и╒>yъK╜t┐се╧еe$и╝■╖═б∙ъWw▌2░PЪuж°eфЩ┌┼+ф:7n╔a╡сmё┘t\yДNОЮcЯИўф╕╝p╗зmIглM`jbтёD█7ФшuєК^ ╒Ь*q╤╦Ё┬ФО№j*╬^┘╩ъ┘с╩Нг╩NЯr│п HРцnПNёМOw╦NЪИ*iуmЭ╜Х╝Е╤╡°№aМ7AqбТqмлr$ш`№7╡│iL/{ щ░+o║Yu╒аF{Rў]╚СЮ┼cХП/'vt@НФ{<юКOйлSЫ1С╫╫r5М|ЕчL╘▐Y╡и╜╬∙аz_рє>Й Т(ЦК▌uDx=w╦Ё╦║╤j╠┴р▐┼╜иiЇЯ─■╒█@РV5TРHa■╦%$Д├`╛жx╞ъЭUЭ ?;╩╔╘IIф╢пS6*z4Щб>╬ЧT>я╚УK3]ў╨ИЇZ╠21╖╧ющў/Rt■╖╠бгb┘▀.▐╢є!m^fТNf!J|┼╦єk;√╧Л∙пяФ%╡З╣д A`"Y@┘╧b├Р KJN ┐─Ч@]Rz"░╨■<%лаJЗ▀ЎI─╛h╤nXc3d╤ ZVч4╥vAy[BO~!UФCa╝¤/rцi цCk╦+ЙЇФМ╤4нИ╬█|ьў)[ОЫ╩eё`═ёў┤>їcjО;їтR=]2╙█╧ .nЖj╝,тп┌&:╓ov┼нbЕ░╡╡мj>95p╩ж╫╩└$╦6щyE sЩуїгH▌nfрJ<}eх}я┬1n▌╜bыЧЖ╖ЙТ│сч┤j|фv,║3w'ш▓j-Ф:їЛ[ ХдM'ЄF j*74▓∙L╘}d^vє/л╕лЗO~╗,┬╤м█·НфC▌YЎhcє+ёО╫Я╜ў┌Ю_├√Я<╙HлН ╚▌√╢╛┘├&юЯшП┌╕`"№@N&R╧ж║p▓╞у`■  PK`▐VМЭё▀├ AppxSignature.p7x┤Цy<Ф█└╜3/├,Ц[МДkI╢ф╞B$Kc_# Жж┴0Ц▒toЩDхЧ¤в[╢Т5ў╫┬%k ┼══%E*5Y▓Dqgъ~nnЯючў╧я╛я√∙Ь╧єЬєЮєЬчy╛чЙ ┬^ИИє!U∙`ш└░РЁst д╡I+ )┬@рсЕн╟█СИЮзД┌yж^aA/ р┘№Aё]_-╞╫Щ╪┘╣Щ╕┘Щf┘ў№╕uаГть└ьlx▌р▀9Fё╛░лъ·Уgjю!&nжfЧз╓F[Цr═dэ$yй╦2╖хШ*5wXОHu1Dj┼КgМпбгь[SЯnd╙aЇpё▐ ЎфиГJa9│gХФ№▌rM▄ЎКrЁБ9учYw│OїГМЪЎ03ж7хlр]*bйьU gK^ЁW╟╬ЧenG╦gЯ·зЮk6u█i&╓рк║ u[цX!q b└пB XV!└`[╜░ЁрЦх╞UЧB╗Т╪╢k╜C7й▄  щk┼ёи Ё┴ЭA╛-0╗Г8Qh W@в╤╘ЁЁаpr`И╒ЯДУБд╣jkJвEР╚~─25D╞$2тХFОИ┴ CВ▄p4┬БJНР15Бд▒Ь.Ду╝ЯЮCXМЖЎ&Є∙?н,Й}^Y╚2$ВD &∙УЙ$о @nєv9ёЕ3!n!a NЖ░┐+╨Ы█╜У8ZеЩ·ИхкЄА╒ф-вЕ9t╩Jф╠l╛Ъ_GУИ╨ЎВвzbp3╚2°Лaa zy_рП▓AgцDєз╡\~!Е╔╓Vxз╖hC|ЪЫ┐р+в;ўрф╢Zёq8П(l╥е▌6┐цY ┬7%Ёg╡ъК5LR^▀┼яя&lГ░\Б-L ╞Rг╚D;з ё#}:┐9]4Я+СNд У╣h∙┘\╕йгnызtфШЖ·b< з)№х @L|є╞дhbphi╖5°R▀\WоАвoя/╜ж;2r\с╞л╫╛╤д;Пk5ЪЬZз(е╒┐Дф*v╕їшьУY▓'ы°еdSМмbе▓l╬ы╖ц╬Ыя■xйЎ QжСЙ╖Ёf┐ФфяЄ┤,╛хlqд44Їx EjКё}MЧ╞╧4bо_Ю(v┬зx┴пL¤f$Ь┐╜Н1рш\CЯ╗ьBи Lлw JЇМM╢}С~r&вШ┘d╜╘У░Я▐╗ёЎIФ7Jz╡ВЦS═'ЧA9╗ў╞╥щ8/Bv▀к┤╣╗▓Cч║:[s=8c`#зb·n№¤√з@=┘ПсYEE╥F <╝Sй^Y╧Ч┘Pa▌╝UО▓Ц∙Щz_╚чSе╢А0h3ь╬S№╗ъўO.▐|~ ~&hpу(h∙7╪┐yp├*еr╔╧╣Йyyp°╖Изя°Oн№·пнЎжиHVЧК┐^╤3Ўщ╪╞ъ_LщКmУ─iг╒Ч╩с^iЖ&ДЇБсP "i√╔_░g│Нh&ozХА▒]РЭ╬IoTгУ%k$·═─о];▒4ь{╕WbyїАбюOВ╜WuЄWЇaTYoRЬt(ЕъZG╨y╫4╩Cж▓─ц30▓IU├!,яєКK фYeЛжl╜╘9гЇмP@╜^iЯuоЯ■)idRR^МхДb∙·ГУ^╚xя╠Лў┬¤П3нї╖+╫яЕvуН├╦Л└Ц#9 п╕opїЬeaH╧н╨╬З╦ис╠╪.скыЄ ЦM├1`▓те8╒ ¤я├№╧g╩жвзЁ$╝й~Bу╕ ▒э lpzs╤InТP8Ahsп(д■хG'╩$╦fс∙c($>ЛЎAЦЗэ░Учsp┴жC╔z>мъС╓a╗пX|"ЛФj┘╦·х¤▒#`╛hб4_1Я~s╟ЁS(│▄Ї┘oег3╬M*o╘Ъ┌гR╠\CниЫл'╪▓▄С╢uq2К(:▐╦е╧[╬},Й╜_╡%▀кА1>┬оr═Ї╖Vў╪тх╓ПЁ.z╛Яп;ЬУdf`▐пг▓¤^+-╧iO*АЯ$з╙щ╤Ўs■├Сfэ3C=щlmВМnОzbV/єъ{Ww╒iў ╥#и4Йїы╥И╙┘iеВГ╝я5Ю┐kч░ Y█*▐EКVрд" R┬╦║ЕW┴╚Х*╩┤┴юШЙpbўХЖ}TпЫ╛+@░iiИКB;\┤°ynщU╠З3  PK--/_▐VВ·Т╒╜РЦw unsigned.exePK--/_▐V.Щд└└ Рicon.pngPK--/_▐V·Gэ/ЙпЙп ¤жunsigned.appxPK--/_▐VJХ╟╪Еq╔Vunsigned/AppxManifest.xmlPK--/_▐V.Щд└└ЭYunsigned/icon.pngPK--/_▐VВ·Т╒╜РЦwдounsigned/unsigned.exePK--/_▐VI<█шЩ мunsigned/%5BContent_Types%5D.xmlPK--/_▐V$╙ыd5-ъunsigned/AppxBlockMap.xmlPK--/_▐VJХ╟╪ЕqnAppxManifest.xmlPK--/_▐V{vDХuЁ9AppxBlockMap.xmlPK-/_▐V=3ъ4тЇ [Content_Types].xmlPK-/_▐VcЎ$┤о Y AppxMetadata/CodeIntegrity.catPK-`▐VМЭё▀├ CAppxSignature.p7xPK,-- Q5PKЖ PK            PKЭ╨│ш ш PK-a▐Vunsigned_sha256.appxPK-ў`▐V unsigned.exeь╜ xE╓0▄=ЧdBzАв┬2шd═(─Q$Э╠@ПN Т ╕вBYCУФЕ─ЩС┤уHv╫]▌]vu]uu╫ ▐╕й8У@. E/zИ`ЁB╕╠NU╧%w▀ў√Яяy▐я}Ю╬йко╦йSчЬ:зк║╚¤e#гfFO0╚0[·╦b■єпЮсу╖ g▐И█3a k▀3б`yi╡б▓кbYUс CQayyЕhXRlиrФJ╦ Ц9∙ЖKЛ╙ЗХ:Єм │Їб╠№йч ЩЖqiжЧ╣ЪЙWйоd╩ ├ЯрI`Шю$А·(╠0мвxуOЛ№∙XЖЙaШ мКЇЛa С№╤Бp|PbШ)▒QёН╨O є_■e52L┌%╥?=─0O▒?^.],оЎ▀л Д}ПЬg1У╖8}iбX╚ Н:╪эк!80y╛Ї*Ъ▒{$$N ╥OЪoqVz%═G·╕Qi│ah╛МмЇZЪo"цє)∙╜D╛%╒╒~*■t\║пu╠b_z)нП╨║<П]TЯ/=gnЖЧ3Jз▒┐Жц╦ЄеЛeд]:Ц,═ў╫Лє]7%ДfVЄ=54_^ЎuЩf▐t№1@╛йЯЪOЯ}▌їЩ$ЬОЇX╠╥~|rЙ|Sn с╜ШпR╔w°∙n╕ЙДЯG^йSЁ;~Q?▓п╗)ГД]╚фН,Дп/Q▀TК▀rlў)е▌▐Kф3O&с№Жp└aJц1╓╔╣╝Xg¤dе╗юYt7┐Р┐ЫЄ5╖┘b\Н╚=:Ъ%╥·П═dr·R┬у+xЇvєсЪ$;ИФ;█d3╚=╕y╩ПSLЪ∙АуN╖╟!ъ-иX\╟и°▀▒1√g┴ еZ`ў RеA╤J0 xf'▐гБ▀B&s╓%МXB▓здУ╜mTK╣╓"cXМoЮ╧y°]Qч═;ч<|╓Сф╘Ю┌▓CЧw╫=№Bb9√UВ╟О6GБq*┐╜Д-YЁ╟┬Y}Вz▄╬MX¤m:Ыt@РЄї┴dCJзуН`Є√нДкгАкRУ╝Ї╧╠ГеG√0ї▄бГ,[jpЦ▓дд╚╖@.д5╠яР&_╤╞A└╠учєwаС3 Es╛hDFЄLЯ ї╣Гтh┴[╝цЬ°{°EwЗЇ─ЁMTO╚л╨кxBЁjър┘╔QыюХЯЖXд|А╪AG└2Я┐Iн\┴┤┘ 4о╢ыMdЗn┴j╛?v═o<а╨·у╣ї╫▓d╞t ч╘ ╨┘НnХ'_ZВsяDОp6'╪═_r╬;Б`<m╪╢c¤ЎdR;c4L·6й├V▀Ж╔оN'tж&√▒╝ж0K├-J=╒E╡зZ├m╩.ТэьI╗gкs└└╣╨=у╓5-е_rш9╖Щ┼9;кnи╝─M+ЗъФ╥qО╡H╖@эUO+·Ўє7pD╣GЯ!3ў 3ZАз┌╜┼/*zMыЩm┐┼├а%Ф(xЄ@Н║\щPpЯ│╪й9э╙ЯАLл;ЛXРT╚$∙уo╙qюў!┘УЯАШ6C82ф╬Б,╬╜Ъp?"пр∙╨9фУ[▀^┘°vп=ю[w╗└┘ЎFr.ДЬ╨б@Ы┬Д■╬#¤o0└╘┤xоEЭlg√,ъt┤╕╥HЩt$Bwр,v█Ы°в8ч╔│$╝├┐;KФЁра┴╬╫ЙlЙAЛ║CJ(4^№┌' ФeБ1■.4N¤ХjV░'ф∙ORт*и+Р4ЯNb|NцВgДG║EЄ╫ж0╘Я╔╔Щ#Н╠3¤ уу╓с:╫tWZ┤аLg8√уjо╡}н#J∙Ч4e╖Эx┘t№y{А╥eKРN┼Eюзk▒V╫gРqх/жC~Я°щЇqS2;╖вРєРе╤Ю Тб╜┐М╝vР╩z^%їАн $jzНf║Н6$╗√▓5 S!`кuт;Q$╚№НdWЗ╗Еz^$/Ф╞╝2_ДЄ█Х№Огz|$╥ь#Г B~\iТ╟*∙┼Lв"эЁЮ╝╒╪А╓D·~вX│-╪N&╡ьSТ╤Ш ═Gє┬Ы╪√*ёcЪИВi~╔qPЬ ┘Ч$щЖ <ё┴Пm╥Ор>Pв├s▌G─8┴УгТбAvЧJ8>ЕкЮ}5d ,B:ж╓7!√@hkПЎ^╚!} HX╤0д)d√d[ "Kї`ъюfдх4 ibV*UъВ╔├B┌ёп>ХдПA@(∙QMКУK*Еў№5─├Jы'6Bы╗бiN╔╫ёУС  Ё+¤эНHЖvёЪ╠╬ЮсhOK╗б+`║ї░f0sy╜гGcэчВФнЧЯ═'U#║Гў╦у1),?v╧8┴з° фА▄вЬi╣ь■ ╖KmQ°З° └{ъpШЄsdЕ$Ы╖@Яb┼╤Aлgrър╘┘▐В&дл┼skBо╘├_gQgГд°к└RlD;ЗбylЄ┘┘¤=├R┌'┌и╧ы╔KАоьn_√Хd.Ч=Аo╧жу&Ъ)UЧ їs╞1┬$"okО1q┴ЭC~4ЭQ@3ьR36щ#∙N2,4rеPьян °─mЯд╜waп▀╞ *х╪х№Жuм╝╝yA)?Ъ[╥ ~лн4йв▐н= Д╚ н¤ёў4Ы·еЬД╛Ь8НуZ@┬╩║dи|їрЄОгБ┌чї#╥"=┐R\@█їщ}{Кўdщщ}щcа+!aSДД■A$t=Й│dО:#░з{о ═ @зЖХ'▀шlbе|г`>-Z !╙$S╛╤ЬO╚4\ЁМъ█a▀У▀╜Hc╧{Q·ъi╤и сКвщХFWЎЩR╙.JВJе║еЧ!╟СРOj"h&ovт─Sшw¤∙бЇу╨°А╗ П2 =їT╗А╡л=╝Ь,З└╘ь/═╒├ф╨ №фюм╜\N╡с╨4┘д¤╘H╡hдd'╝!Лясї┘йVЁ&∙╓,=R╪&u┬\ek▒'NB8╔ю]hЬ╚;2;ynУfд│√ K\[Гf([Pй`╞╔Вўv╡]:`7}"O║@B#√%з¤h Йc░╞k#5Ў╝имяЇ∙│─╦ёе!ъх·И|b*'▐╦┐YЯреўБuЬg*8ЧЇИ╒Sл'G%xOн╬ъЄЬн╒щy║╡7чna╤в╕7┴bЦy╬╛SxцОмRЬ;О ъ'~ Y╣0э@q7АP ╕^ ┤JзР╩:кфCЫ╨aёцe8}7mмR_7p3╧e7 ]╟fВ7╒щ°╪n>╩╣6aq╘d╣Bъ╡J¤vS7oЄсЮ╒г╕нk+ъy.0┘д~Б╜ ЯT└┬/╤2P╨цA╖H ▐y·=Ї$ ╞AL┴щ┐шжч|%цЭ╒ыЎМ"/qtхT╚$8O▓@е,░CЪхє·cxHГ О╪"K│)Цг5mVўЙ╡Wї▄╥WD~Bxя╠а╒▌╖f:/╡@¤Cъ>Hы╞КwR9╕6║vеЁ┌цK,:ЕьgнБ:НЬы:дАфу╖■ыЯ №'Оo.ўК▀цЧ'XX▀┼C=вDT_JAwe╝▌·╨zJ¤▒ 8&╥╚L▄z>╝.B ■Меcф^/0З+-1╚С1є┌#хL;Бщ▐Z├ў╨(╨FЗ▌HA4Ь'T@╓5qX[CЄk├НPЫкef0^pПN@ЕKG jРн√╔ьв°CК^9╪ПЛ-╜<М+huЩ▀ОЪЙ▓ b╝Nё└_┬x]ZpRBВєCЗ7яф╣▄hj6ўБригDЖ▀ВGGMчИ▄ЦtэПP%Ё╢┘H║╖эБH?\3B╚ХГR ┤ЯП▓'H■cCЄгжDNЁ╠ ╟ш№Ф?8WД zБГчг╫┐.н·~ RБучI?вF!Ё$tMъO┼г6╙q╙Вs▀ИX╜╣┴Р[╜лXЛФ√bnQ0Dдy,ёer_┤ЪVi{TЪ dьqT#.Дў╜гыЯQ8─▌Л¤╕АЫ▐aЇи{Зш╟┤Р~▄B;[еў▄├┌├┌╙Ж╙7ЖОм_т╝шфЮЖ;╦╒ ц.╖%К _}СХм╛╓:Qє╫0rg╒[ rБq╫hT9o╤s]L/ фJ▌╢н{▐г?0G !ЯхzЧ│╣цтuV0├п)q>``─л└╡I▒O└е_╡\А,▀┬L;╔&э ┘m╢╙Зрпр?о╢{з¤6Ч ┌M¤N_▀У┘Щ╕ХЙВ┤JЇ№ЕЄ│╗П{t3Кз$[Й Rm╗ftnQ┐] РaВ▒╔e╧╦u┘4 &о5ўн╣╩@SЛTЭQущV<╝╞╣Я`i╜ eЙ╨<╚Тїs$ч┌З╘be&┘╝8│╩╨Упр?Dявп¤_╘╗#▓г4#Фs┤Б╜╨syд^┼nБTj║HM╘ьrwо╔Ё▄жы█▒\>З*ы╛2ИmTIlтЙхВїэPъє??Dс~а[С@▐єfp╫р╢▀╠їhМш[lG▀тб╠E8▐дящk┬5a~Ao7щУ -ZЖQп√3М№▌¤ЄШ╚э│I°-xRPЁшх╦yтеГ╟╘W┬K╞l1)╨MцПp¤▀!AдяЙў у┼sЫ!g╧ЗКчЦ╞{°iП }lСZь╥nboщ╤\0Cрt─├╪в╪Oz1Ч(%╬5 °}1(╝3UvюХ&0л┴др╜B╨фчq=ЄКОе/┌щmlЁч║FН√0k┐╞q╞гW╥¤к╛Цs╗аmчс,╬¤*▄Ї.ТсhH`╫·┬по1Vp╢▓▄Ў6`A∙З^pN▓ЬыCxG╨▀Guъе-И√ЇyЁлAАю╞J∙J X╧F▐s╗▐bЄЩ;╕Gq>1u(ТёKxc}kЖaНЬ╗2 ▌2╨;A═ └∙tQЛоSс"`┬ [b87v■Ж°Л9╜Cф,}ОЄ9&aО ╜╩╛╥П╕╓k/C3┬1КTиW╓чяжым└ўa>ё∙П╨i╧7╪кЮ┤КюПкДЁ+ЎOаёфыБ,ыАAH▄╓?бО╬Жф╙9:5╬5*Е■h*peXпA2т#▀F1А╢УHgЖ╗√у╫├∙╚ЄYа/h;▄УЗмl/t6▓■о╘гЖz@s:N&Fп╖■у?ыйу╤АuGїЬы6DЭr4╛ Ши=Гї]Лї╜~л╧ю] э¤юфРё ,┴єCdРпQ|W!(▌Fфeч+жСs╜E┐╛sсєL!>°╢{-йО└Учнюр╕Ж╓╙ ·ж JSЫфw|Е kв│?ш╬╖BWХ╢рЛ╣├"uYсmBоtИ╦▌>Эў6ХйН7╖m%ю┘Прf√-аЧ@ў$╚╧┴ё╗QGъД╔zй ▄┬Dg╗StЄ▌'└Fєц├sц+[`L л8пЄ└dж╜[nёdыЪ└"┼T{/jХ,╠\m╠+с*,╞<Y╕8 єДлzR∙ХЧ╢of№{√f▀╘бЎMT?╧Ьд¤фGDї3╝■Gў[GwШk╕А№ръ■╖╜2L╫З▐Ид│ї░пЬ П▀{rtйh╙;/Ь_}jЬ}k-╕{Ў╝3} JJIlWщ░<щ и8}Ї║╤┘уCф▓'Н╠7>╟ь╘c7)▓<двg╬╤N█ї┤╙ЛщЮN#ш╚▐єA╣#">П8h╚}Сs║■ x┐ч╧a;рРм\LDЩI?K gЪ+ ╚т┤└uои╒╓v╧ЛчNЭХ{╖┘.}ЮуM√ьC╗╘╔mn╙╥PШ.*wJзў╟u°хёqm[/б ┐?╙╒Б\o°Ш┼ Ыг╕v■ s╤│┐П┘В┼гw ч┬u"╨`,3Pкїи╟■ ж} М^:sf У!x░V(ХЁпёШQ*тrя╢╪Lgfz5├▄Э╥.+7зн■0╤м└╜╗ПwJ;Q-Бъ▓в3pейI╝.z¤▒ е▀?0^╤_╝w╣╩b┌C╘XЗ╘ф°Ь{ўД╒▄─=·+\ц25їэМс\/cLгД╞>╕бэ█ V╞=p+├бжжQхm▓в╜ 4Ц│}Б№&I╒v╚d╛╧bМSЙ╫] iф\Gи░'Ф8н1ф╣├╕.Ю.Ш╧╓дйЭ┬уVC O/┴│:"Ъ2ц│Ь ┐н@{RpЎ░╬3щЬkщsfв╕ЗЁ7╘▐є1ю'╘_оuЁюN╟tЛф╝╔Є╤Июо?ДБ8Vё#∙zшr_ЧўСЫ"Ї$#SR28╟yЭГmb╪┐`;WЭ▌:ч\C▓э=n┌ы?д║║ml╫pГКd┘КKфЕныxЯHэ< вtЦ┤t8;uzожч|HО8╥<┤jГНkd>╫\╧С:ЭЗ9█щж^Ь√]jЦЪ╘zЫ ╕FAзPJЛпI╬Б╕Хoy│o▓─∙z6}А@Фпц╥p;ДVъ╫'єzx╝еуеW╞ -П├ГF?O▐Мy╪2ШЫ╕w▀╟┘ ЙъcщvO╕ц┐}Гєy└┌┬·{Ej<СИ}azщВ┬_Б}-L4"}яа Є{EїГk°B▒GАjгмюv╟pлgбQт╗&∙пEЭО╘є╬ ┌ЁTшш░┐┘Cжд:╛┼Эгў∙Г@'b8└ь+g@75сv8ўd@ └ЭЛ╬Пt#ц█▀┐┬ез░╜В&╡a■tQ~b?Uc■?ЖєгS█rЮЬ╢гz:▀пК╘N(.вCfЖ╙├∙п·ъrFйЪr.т R▀NчZ Iрv°│]CC╓Вh;єгv░ъ┐~QЎ▓Hа[▀ЧOdТЕЖ╠╬·c╕7щaJд╟М╕╧(m0т!piЧр╜З|' ─C:O,]z X]*3VJлН╡@д╒°║^сGjн.у# ¤AЁ▒H┐#:эЬ+Wg╝У&чБ▓ ВZ■┤ПмДш=┤Р┘EРXУ╩╫wуТИ╚P╔╣ыИ╛дY°Ж$V╔Н $4─mЕL├m▀Еэр>ТєLкc╖IН╚ !l]0▀>Ch∙╣ця╒╓╠а5│П'ыX▐<Р│rtъ~Ycт6u┌К ~╧╪┘у┴├T/юТkA╨Ф╢k┐▐)gLЛу╓╜CЦИ╒▄║'cшвС√WШ┤yТиВ▌dRбU▒▐x5u^ ▀┴K*n╙LVРN*є'ршо─Iє╥hЭ·8ШС:7ЪЫw!Xе╬аЪs╡aЛЮ#─Tb№ўp&┴'иuhм▄жv▄ў]ь<ур\оЛ▒·cУ>д∙╖(-█B|Д╪ЁяR ю$┐u%9?ЪвМjўЮ\f▄юз┌P╗╖╜]└vq и]IЫГ∙mZK╦хЫ┴, dг q~г▓■бкYюбO5hqЕ ╔'П@▐╤J^▐гбy[)_╥Э,ЎЦКnш/&]l░Cy┼юСW} ХьО╢yТМ!~▓9w`ЫZ╬╡ИвЭ°БЖTт0┌╤Й╨QIU~З0.╓А%ЭmшKэє╬m╝[╧"ШCv0│фQзб╒╗╬УЕ-╟03Ё#чZп┴TТh/о[kI`TЄ}еB*╨Лхя░ыWа2ГСЩv#чЪ╪M╗░╥╨1"ГеМ╘Ў╟╫-/Е_╤wP [чФ·ЧГНкЧН╘[j┐Мs9BяUСў3▒];( є╚I╩╪сg7 ═я>ўгX¤·G░·5bХ·▀/w├ўPю─YКнxVaу┐ЭгГ`┴w╚╧ эIас┘Z║QнH)Бя╩h!╬▌▌%ЕT╩· С┌А}ОАЬ√ЄM8ЯБIBПрJpdmАc R▐╞О░oывy╡X╛є t╢╧^▄^ъЕ█^¤)(w`ртr╬_ю Ц√█┐▄л8═ЧрК+╝┌ЪкИ▀═ЯCЄ▄ЕЬoг╖J· M%Д╒умh7fА,F)Р{пбS@╓}Ohе0O'3_рAzв╗┴КJ─e└{┬УЭОBcЇ<4Jt0n║Ёзq║rюПЙ╒ИкдH/═М_Oa)Ё?а Ze!Ду/P%И╦тБ чХ╘╬GX- █Ъ╩PyC╩ш(3НPF:╫cДС╓О▒сфp7Ї=ФЙЩhРuа┼┤╥D<*Ё▓B,!чЖ─я ш╬жU╫d√В*+g∙.░■ mРП░■sРX╖F5Щs═bщ$у"?√) ╩;¤a^DK¤uяйP╨ А┘мрЕС∙#ЁTЖ#╒ъБTшЛ3жё░@пв=°э╘>йTFь&яc$╕ J7%:╗_a ╗╘ошўt4ЪnДЇ\Шhk╣gPQ'ikЫiпT╩╘фlQ)={п?ЇB;°┼ы¤╘ш,JГ╚Ц д S87JфWЗ+R+∙Э¤h╬_:ME6vъЇBуj╩!ХБl1п?TНjp5╙·╔ўФXM╔щA"°√∙иCжdн+єає╠kRИGв╠ мн▀╝1ц]л┐Ч╚О+`Ы ░ъVя┤Q6Ў╕'╓ъQy╓"∙NЯBsФЧvЄц╢к{xй№oЫ$ГхЦ┘э ▒╝Ggs·56 ЦН{е╒╬Ў┌д└Юэ░∙OЁ Я╘╞K┬9<зцьfQи╠T╖X=├Ё ^╫_ИХOО┴╬ЩАТX;ЛўZA╚╪~ш{:O<я╤Г▒IЪ╪6┴╘$H`╞хЕл5Q¤ЙP╘"x-n╞гs╖Лй╕vH╛*l├СёЎА▀чH@J8eН`▐YuТЧDcR╧nх=Р╧1bЫє╕╞n■иъkТCAїQ╥эx┌ъQч√╕-╠Щ▐0>┼╓@ЬPУ┼єЖ1 =Є1┤╦ШANЮ|О(х,Є}&O%█куTL╔Рdgў╝─"МuЎГ}╘2 ї8┐╘H НВу\╓Єк╚r0x?╗Є^.Н╢,H√┴Ь▌r▒9Л|хь╫8Ў ╥&╠-№"а▐─мфУQ\I UsqБп╧Q{▄тЩ░┼Аr╨╬;╧╓ 9Ё│╝y╟┌>┘ФВїcРўўkmR+╢55╖╚gє╬O▒∙╗БїШТ╚yХ║&НE║їЬ`ЎWН│Mа>╚Пр═З▒▐╗Н \v╢*й┘ц╒мыс╚ўм▓╞} briAТЇЙ│З/W<*фе∙I■├ZЮ{╟ЄdК╘хьoяьМ;3Ч│$ъ9сВ╩┐p┌3? ¤G╫╧ЙЎ~М╝─-№ЦPЯXn!]╟Ф▄Ъ&№у├}+\=У|╝╘ОKh├√╧Мп▀┼0╜3м╥nЫ╘╔gюС3XM╗эq|}╧ ╨([ю√Ц[иН╖`╒w*pA[ ў д_у╟┤XЪцGп=^┤╦s╫ьЖ7Й?ф╨7Р╪ўнЕЫ╪Q┬]╫╦н√Y,╪┘ ╕°┐L▓░Я╨м╫Є,mR│┤▀╘Ж√ vcя═н;H&√D╦Lt2:Kl\yЇT│*▄╔=┤BM▄╦╨)╝є8xГaШи¤ч3Є╘1иЛBчз#Ме|з°єЬЁ╖╩/г╡"5Є├√"╤∙u4 ;─ИБкєСїВYxг (~║ JZ╛eФ2Р╫n ceQ┐H``r╚╧RРg лAзCFквЖ┤t═QzVЕыGxзў[@*+aЎ)=Г│<╧┐гдїk╣їЗ╤kйўЭWгз╬╫ўЯЪsЁAцЪ╠ц[тifЧ7*╬¤F 9У╗Ь╢▌G╛hс╣9яKПДy ChL┴╚╪БZЩЗ╣╪╣┌hЖ┤▌XАJa4db╒Є№ЮY ╕ ═КiРT@Ў^а3╢&чW:LЦ№Ьk K▄╘ЖIV(рнZЄ9eA╝Э■iС2схЕ╨U3ся┬Ё┤°HИе■Ц╟a┐оЫ[7v8Ж╥┌Р]сIlф ?п┘Е┌и0╘gШ,╡┬АЮ┼j8ikб╤ЮyBЁ$я═бb╨┴{sВ┬╨Ж▒ ЁZОzн%Б ▄▌<┬Й°MчВo╣{▐╝< b│ ┐─д╙┘Ф╤0Ъ╡6n▌ОФK¤*Л└q{lx▐А╥┘{;+Q▒╢Ш?с╝╧iИЁ5cm8-Cx76к9/й║К#╜■RP┌vн|╤√kЦ█ФDu╡Ь0i╡1пgLшГy?ч║c8N°РW\∙`▌АY<Жv╓Ь¤ї└к╨зО╚Р*╠гQВ╘kШ┘,,╝'№ Щ╚їFБ_:╔X'Гjє┘Qeь@e▓k!eЫ╙пVШN■вwМ снCqю╕ю>┴5,H$╠RiЮХ─y%]x --0 а9{0z┐Ф7}jСЮ∙f╓b:диXє^╬█CЗ▀└{o;яАdNїМ@Isfу p·°О|{╛ ╨А=_.x┼:╧Ъ9╫k▒ДNП▐ Eq. ^Д│9йХэ уэ╥▒\щ√╨■M@▐Я@┤чb╒°1jРs=НD2у\─бВ╛╜Ща░vxAр═│бёЧу aА&Бc"2ШBўнИ▐х}ц Y~├U0x╔ьч┴iУЯЧЎ("╘Ри%█ёd■QЭmУЎ Нл╬(ЎжBk╟Hъ.nб╦zХС№Аj║ Єф8Є9вM$Л│tУ;ёxвЬзtтд╥Поп Л Dс ╥y╣s8J▄┌чь╨dЦMъC, DEq╘ЄRмУcx╚@· Ч╒Р╕7aTCx ХьdЭRЗ╒Р7LКO#K▐yШ┘МтG`йd╦pPоИ╚+▓Ж╙╧Zе6┼Hю┘ыю9раГР LЇ ░╬nф3ъб(ЮН┼|└╤d┼нWDк╓NШrXЗЕ[wHЕoю Ж╞C/г)¤}В81Е▐ч\╧и#CiS&┴Ым╗?Ш!~G.&"B╕л/,ЦD`N┐╢╠hT~Ovиьи8╛%ю┼в╡p▄╜Й╥C;чzъ▌!|З╩эЭ─^Ъy¤░Ч;N)g!ф&-юТТsB-ВW╨У#▌vп╞Mо╬HIжF╩╤╟УI1p5╚ЛgЦHў L╬√ ▓░Ш ДH┤╦╛'єDЮ*dПP+%└ АЬ ╝L╕$└P+! °╕$─0└*└%╓3(P╟HnH l╡lЖk╠RД}%▄W▄еР&S&Ш(#<иG╢уЦя o╦$и▐uFр_зЁ4ёЪЫ┬r|hX┤Omr\ч№┼I8∙вUй╠┐К<У5╚c!@▄UК┌╚"В╓ qЫЩhs`,ЭрpцоМЪа]▀ ╥T╞яqР°pVFkт╓}C4dzх╛xG\▌!P+Э╜ДЇT|ъ╚ъOz °┘сBыФ{Ш ╣оЕsп?GK vBлС▄─#<╪KmЄАLП╟Дз├Sbр4Лw┤\bЪ |Д▀-yцдР-1`i 4Д6J└NЎI"╛`,┤bї╠O!╬┘╡g╔┴юїўСгвh╠▐9Мd■ц╠<'Е╛CзУw·1▄TuЗ·╥T╖}═@Ч[йщB+p√ЕHЧQFєщцhA-╧╥т`оF╨<▌GRШmхмMБFHСф@.ЎОо\▌Щ$}dУvё╥^ yн╣g═Z╗╖0E(:Сы╗┴цЭЄ"я<4№uїЛ╘■.""xя╨XLt╔╝ф│Щ╗╕З' є(9_оB╙вЕ,ьvuC KЬOЪy╬т╔>╟w╔Р╗ц3┴╘cєZ6Ь│HdС)╫Б{жЕ╛sm═NR ▐г,B77╔lцяVvЗЇх│л Ui6╪M▌╕<╠K┘IPсе ]?Ф▓S эy╗╘▌єЗи3╤8e▌Ю$x∙┴Ы╨цK╒e=жш√}0 В┘┐r$n"И'0√ўv'╧vр] ▀oЧц╤>оЙЇ╛│_%>═Ъё│Жл╧╕┐=аЬ│#vL░╦г}@$╞Фxє╬ ]вnЯ°ы┤єDra╚эP┼НРU╥|╦Cа*(Dж√2ЁЖЎJС^h,╜/x╡i"ЦHТаГ┤!Ш·ё¤d[╜┬г¤бЪ`┴╣а{_0№=Nлv_5нлч5W▓FV╫i}дРJМП║Зt▄O|нZ┴ko5▌С└LB░{Ё¤ht╫J┌Э┘.√БнЭgу╓╪еф8O╫Q▓╜Ур╛ {▓twU №ЄНhю]╟8з▀МшI tReВxГ╨ЪезгЖ╗@ф╛Kor{b╖р╤Рлz&┘=Мs║Л┘%═.╟n║ тMdсфcлФEi┌_┴гE>┤{╡ФR╠ЎСE╜д▀#rvУ?Я№g╘Rз└юъ╧р╬╖n2║R▐дAJVCё@np╚Б|Ж▐ЧE┐;ovо╥┼нIа7JJAc7]^└г4E°-СW{■> ∙ЇЩ╨#Ё╪:ьТ▒├&%EЭr ▐▀iо" Vеж@wвZ$ўi(Q╔0bЙ┤ ExЛ Y√╥=╣Д~╧т╤╓П&|╣m∙Ф_0э№jшЫVи└сZЩ│o▓Ч─╤Ъ2ПТ█3зwUТЖЄtО?Е°eo%Є╦цЪ┐╘╙√є╥Яdhлч]▀┴√│iBQiТPt?Р~ПM·╪|~їpй▀&} Э╖I Erf╗wьu╝yQ╖┴╧лчшфГчРn;╚-_°Q│▌ Э,jЭь╒W}~ -╚ьD▌чФ/№▓ К█erPGЎ|r╜╣)╣▐ЪЫwт 6я┤э6sАs>DH╘o7ї█ЬнЧЕЛЪГvяDRЪls█╣lY╣╟иYc7яY9╫ъБ╗┐°Щi^R }ЛwхД╠г▓x╠иЇ▄"ц^i▓│¤v╓gУ|╬цЧAС~\є╔,IsнRc═╦юГkЗЗ╫═Э=мяЩyNpЮ╘└Ї_!KuЗ╛+║п;И║ дaП╘хьV├ЬГч?лnВg·▀ЛХ╡Г╣xdY·┌юЩtпЪєNzбNв√Ъ┼ь=+╬<7 ю>▒@РN├ф+~-H╕PDх~K-л,IР═p`@n ╚Є╠ўЄлаеЎЮul ▀у╛єшHп2█ЗG▀:Аы%┼фшT,эОx│rsа2ї╜и╬УW╙Є O╥Г▓ lHВ9ў▀C■;┌┼°Щэ╫<ХсЩ~╙RBkq╝s·ЯW╞Ь█Co%lYБ"уВ∙(░ъBи╨$Ж╘КИ№L є▌}x╛PЪ▐[Д`VТ╨J■ГКЮWЕVэ■"FЩ╖П■М>шаё╟+ўyl:йЛП$╔AKО№▓?X╝+X▐╝3╝O╜smЯ\ПtU╞єib╬╘ж╕√╓МК·АDЩЭВ и /▓fO╦Ы┤╩'г6пhL▒{r~9Ю^L╩o32ўgvЄжO=1╥rdl┤{Ў╞uЁR╓9╧ч║О█╠зj╛░Km6п▌xYФ╝┌╠эф┬AС[Б╦Ў╗;y╬zBJКхеЄ$ф╛.тQЇсиF░Nн<Иk╛ящ*iК▓У,Ї╦^▐фsLГ┘╟MgD?8ЪаqGдЇ Пм_Ъ¤╒c╚ЩчqН┼3╥b╓Л=╓╦|╝│ Е4GhЛ5{V%СУ0]жV╬]H6╔Хъ╜6R╜р-Х╥3*╩~2√9ч|rЇ=╘╞хsКxМ{p"~╛9['Я9Нур#уАЯ@J╡zбh&Шdха╡зlE√/│╙&∙э▐Еn№p ^нvж(ы╗ЪсВй├УyIгC═ЪЗ▐#аtЩє0+Ш[k`╛ю╝╒Ч ж¤oQВёёjЄюsВ?а╠з╝`─Ыр┼!xЛ(?╢Ы&я╪=6Ў=Ы╣gх ╗Їе "▀▓╪Tаq)чЬ╥6┤k3яо∙▄Ж╗Ы&В Ao:Fт~d▐9дя ░аIOY%!)rшю╚}Тя;A·РшЮ▐wщ─Ў9юб√╔ў║а╢ЎЕш'╛ u╪Z│ТXjЕъК2Ё{│"№ф;Sl╥Зфh|о7┴)╡Y=№╣\яэчxюЭч╖у 5Н╬Бa▄гкхуё╣цоъBлчЎ~└w▒┤ШC┌kХ:L]]▌╥░ще╜6яэ¤`цє]ЗёЁГря6Аб_╧{n ^:╨uЬПы╢!ш╬ :ьqфDЇўa╓╠Nа╨ЭP{╕ОшlНф▐JxЫy╨┤╖KчAфbx╧Э¤]=▐[У∙оn>n┐=╬.9oB╨╬ььъЧ ,Л╥П │═ДЛ═▐б╘"№АDn"L·(Дh╙·iЧ?Рд№блo╟╙}їЗ╨V▐╦Km`/UZ3█┐│po┘┌╗dЇ°F┌K]S{╫ЧР╖NКsА%:╨╣?╚Ks╟в/c%ЦQЗ┐[╦╫&k░тw ~ЫdС82RR ▐ >j(0Nз═т╔█iбЖqU╦╨SW╥8└Нз ╖тлр5Нр%О%MЎl}/FЫ┌BюG['▀ЕЛ&╠5LшF]rS▐&5▀└ТБ%╩=сл^▓Р5╤-├Sс╖рЛ╖╪е▌╕╠ Ц:кДnx╢╩╟qs╧}ЁIk7Лэ▐─q┼╩V╨!;g▌- ╒ў╩ p╩■ашуAўсБЗў┼R┤Fўф║█mdжЕel═ЙнэФE╥иАлш°¤НрE╕я¤╬kЇ╠░*у{n Эп%^║ АUt ^ЦКФъ!▀7Bo=гаMl╚╬ЖЖrБ8exб╞)y mш`╧│а/ОЇ<9h~вд(їе}vйЩT+▀п&ф~@Mn░Q YдмлъБ│|bЧуч╬пЭSh.Ъ7GюU"Ч[$?к╓▒%їAжц╬}ИgDц <@m╖7ж!.1_Бqjf'о╒Т<╚а╩Ё&ZJ°QGП=Й/╦_Ь─{╩еПu┤┐д╗О7∙?о%c▐-?Мз=[dХ▀▄┼Kз╚▌Ц>Щ▄'¤ёlя<╖Ує└╤№Фa═ь#gкw█Бux!рd~3┼╚г)▀'цв;_(╕O8омg"ў]=!░═6╢еюБ ├╣И│Ld7 ░r╖y┤U Ё`NХ_$wXмэ░╡╢Р+░ИЕЪ1╚чбїy╦М╫ЎМ√┤Гь╒█╪}uл5╫2т-XoTХ∙NZхGфLЫ4┼╪єBдП╢VНС@чI╢ч7%НJСї7ъюЦё┬NШв╜I6┴X#░t^├√t╡R!├D▌┐▄&м╙о─дHyБ,8╝КД67Wq[GAF∙i]Щ,xo╦P│R│LY╧Г№їAjЗI√э&Яря╫Ф·ЁкпаЧ_Ж ъoKaъ│,┬_QэёГ█Ы|йЎlбЎъЛRВkГA(6 єЩЪ YMщA╥рmzТ=@ Л$m▄XJ ■Sцгe╩<з└Щ №╣G/ЛЮпВй'KФ∙LБя+p╗_Vр_°и╫(░\Бў(p╢oQ`║F`ро?║B:и№|d1╤┐P:3ф7lH╝ў?ФZБjH|hX▐мъЫAWбЁ7<ъ╜oярЎ║W О3ў╙╕^БН 4(░ў■!∙Зрп щ7°'ЧХUj*к╩ЦN╕╘√ю╤Y бЮ№╒)pC═Я╒√Я╩╤▀╝Є{╦+j╩ ┼UU°▀XЄU╦+К╦E├╥КЕеJ║!═2'Ч╖═61╠ЬХ┼U%e5Жк┬Єe┼б╫sю░╬ЭiЯ3▀─фVЙеЕeЖ▓КъjCEЙб║tYyiIiQayQ▒!-╧>'?▀ДэTИ?Ъл Ь Є-/6TW;╩DCi╡Aми0Tп(,+Г∙ПMЛ+с%а[╝╘Р6o╢%ДE╕╒ех╦eЕUет*CZ╛m╓lеZf╤КBq9`Яf║┘РZН ;jjuZъ▓ЙЖ╘e&Г!нкX\YX6" аmГлсIВgАЯ┴УсnАчс ╠$ГЯ ╧rNДз┬3с▒NА┐Бз╓Gсл╔xя╘ pЮFмg4╕╔Ё<сJАысyq°8<╧C°)АЗчEo°<АЕcf ЦX ╧·<╨f ├┤aаЮnмр<ЯBx1└i╦/l рГЁ|Н╕ax9├|ПaД°▒o3<е є<:o╕тWр│C╕`√╜@WwьX<╨Lсчх0ююШQm6S°C%├,┼:яГ:к`!lhкЖ▒├<YН╦GP!<П@╕рfx!№Ф,║·Оe6└єц°√└єАg╢Е Э7<bА{с∙q╕oМ#Жс9З∙яЗ╛┬г┘Б{0 s╞wр■ ├мГ'aю╔р> Мї ╧┬3┬╠ П╦╝#Д}w┬У╢у ЦR√щў_¤сЮлaM╢Чфt ╟Оbt▒Лc*╡yЯк#N╔╙(╥2;@яЬDї ┬бяП@┌iх=┬pб6у57─лcЦи2╪BсD▐к└╣ \м└*>xdp╗O(ёН lQрз №ZБ¤ М∙JiWБi Ьж└Щ ,Pр= №ХEоQр├ №н7(Ё9╛м└- Ї)pЧ;°ЙП(Ё[ЮS`╠Q ї ╝\Б?W`ЖoVрLЖ~?НЕ S╟ч ╓R\V,чTХКеEЕe∙╩ЩМм╡\,оЪ╠мT═*эЕ╒вХЦ9Жё|▒░JtT┌╩K*xf╡┌V^Кч_Jя┐и╓╟╒╢jKvN╛╜╕piЎ*▒╪  ~5─V^ФХI╨ф:╩─R╠VP1┐tiq╬Є┬*жJЫ_,╬+_^X╛┤мxй╡╢и╕│╧,-lЩ╡∙e┼┼Х╠│┌В▓j@ьО┬2G1єбvЁ9Ё2┤╤'N└CИ 5PPnХЩ╩,ZФ│и║▓╕╧х,вmVсnювEЛ╩КсУ╩┬e┼ЛJхELжоX▓и╚Q╡hEa-MdцBъ▓b╧V-лfЄ!ОЗ К╦W2оXвф╝Л┴J+╩WТў SёъbqQaeх"qU%°ОE4┼Q]\еЬ▄■gнXZV╬мВ╨КъeЛКk▒┤ЗYTDCПCиb┼ └Хa╢3ЛаT9°}Я2ЛJh┌8Ц4ф[┴8┘EeEў2&╒вКrR|ЧjСгЬд=м.\RQ%2V├(A ├<пж-╝н.йм*-KШэrИEL│║дкъюPЧ╘└╕BшМП╬Фc┴│SпPъИ╒м(^QT╣ нwAў└┐╓рYи┬2Р>M╡Xе╦║├e┼°9Ж╩ЛVT2EЪХбжЩ_kjКк╔{ж√ ь╣═:w╢╒~¤фЇеee(I▌ │Ю╒+Лк─v √~Y#▓.Що╫╙Ї╞9:╕ё?Ю№щў╙яз▀ ┤▀D&tЖ[Gy┐L√яЄ{Mб№Хй4 фй,╔ V8 O┐ Y? FFCB:v╓ьyЖ│∙┐╡QgШ┤т╞)ЁGtФO_V\^\UZ╤┬квх╙kз▐8 _.3LЪ3┘0йZ\:}Y╣ШTR2л У&UVоШ^]]9iЙгдд╕jюЭ>ЕIHO┐&]|КkЛ╙ЛШыЦ8J╦Ц.-нвБы▓ч┘ьЦыVДО@OZ95=#=#*KУмЛjJ╦oЬrIюV▒1Eh▌к▒╒E"гMЫx ╔║╪▓КЄeЄ╟QОVQёRШ;ЁFyГ j№нл░p)мо┴*1╛,х^Иkю└U▒╒╦┴КRЫFлАp}ZЭ │kbЗdМ╜.м.'╜╨ъЎA┘ШE╓9╓╝█Ь┘ЛцZsц╠╡0Oи KZв6▄s╨U2,ёТ#Т>│ммeїA·Bг╗Jй?6бj╓E▓)G╦їg├┼аmьl╟К%┼Uy8Ьр╓T┴л╧i)СRшиа Н~Ж·Лa#▓т╞└─щЖ!nё°Gл√#№MXФ3gvБuA╙б╤лЯЙI▌ ї─цe +щgcЧт  Ы7Щ&d─ц╓цTЯ╝HуSbєЛЧх└√ЧbЖ}ёй╖@№e┐уVИ┐Bу╙0>тi№М╧В°л4ЮЕё|И┐Fу┘▒VБ╫iГЦXKUг~Гb)@,УQ┐IcyЫ╠и7╤╪И]╧и7╙╪bИ▌╚и╖╨╪rИ▌─и╖╥Xeь▄┬ZF╜Н╞jcчAь-лЛЭ╗bo╙XCь▄%{З╞cчVW2ъэ4Ў╝Г╪╗4Ў╝+e╘>{jБШЯ╞6╞╬Э╩иЫhdKь\3гnж_ь▄Lш▌kГЇn'Нu@ z╫Bc√!╜kе▒nИMa╘m4&CьF▌Nc╜▒sKп]4╓Яxdюw│├яG┤вjnё▓╥jЇ\╒_╞─ПЛ╟WjО╛Bик(c╘GФ.i8Kё╟▓p·WJч4·у┘UЕхE╦ *HkGХЮF┐ЪYU▒В╝<жЇЬ╛ ЕRTVH1фm╕t@!ОЖQ╧╖═╬Ю3╟╬─мMмGЕУ}gБХЙё\Ж7"ичг└╟2яО96 гf┘(я#s~.г╟ъQэН─╥Мz<Ы╘└"F╬L╦╦Зъ╘yl ■7w#~╢┼ne╘┐W*└"┤╪q6┐ 9/Т╘├╥Fг4тЬy╢┘P╛Ie╥─2╠(ь╥ХHB ЧД║,щw*%╪^вфNХсЦXD/YТхfNЮ╩Гпд╛WЫ&Bzм╜вЖQЧiGь#JJ(]╢ЬQп╨ъwаКbF╙ьъrmм2ы╟`¤ясO b╦╨ДчB s╓жP|гVЦ`Ж╤M╛мН`Є>№╜Ь ОN│┤┬▒дмШQщ5d╩PвZ▌╖Рч ноДP6HК=╞во]РЫ╗(Я┐├║ИЯkхпcNеWпПYш(L?┐вj)гnд╩ЙЙ═' ACU▒Е╦h╩ocЖ!╩Ъ╪╣┼╒┼U+ЛЧВ0 Ожic╔Є╒Ь╩"2¤ЦM;Кэ°УжvR'mуZОУ║IЪ8Я:vЫ:ЙS╗Йу╪ЙТжОг─о_У╛ЧжyНч%q▀I▄{gfБ▌E9=щ;}=┼сrч~ц╬Э;wю╠ь╬юОЯ&╥yЫR.ч7l єЪЗkS└ЯD─ НАЯBj¤-ЯGT√[┐К0Д╨№Ъ `>╛-`ЯААф%Бp3DїяD+C@d┐ э Б╤¤╗╙├1ацў&╬1аш╦sМc@╒W&╟1аь▀ ╠нъ╛*0ўR╤{0╓│▐B╔jЇцп┌ъ1╞п ╧Уc'└ёЮ╖5б{╗╫░х╕ої▌°_Hjs I═ ┤IЙЇ#Ы cDsG_Н├e3|т%╜ъ░┐HMqDР■▐▒цv'ЎBФаЯ┤┼c('С$nщО·є@х│░_:Ъп├7╛hSФ─ф8ыoo8ШЪ И║╬k╔юn№д╓ Сw√╬jАr∙╔DктРiЪ╪Б ы╙ычЦlюzф\ "║~O5/тW╝з╗q ЕЎЙЛ│R╡╗├ш:эjнT├╚╝┌▌x?2З30E─N 1▐н`Д]7─ #Rл[aSQЫ:ШRS?щТЪ▌ы;kЇУ╙(t0"нt╖▒`┐▐?VА╞[хf╙PЕувЩ╣ 0╢╕┼▄4╣pЯ╔▓i┴:╬┤&f│SDZяnBU┌┴XУ:бг┤┴mgp\Clt7й┴V▌[ГuЙ °zCj0ЦT√B╛`(Azд'ЫъЯsБЎУъ▄╪tfжUM╒<мNку╟gqf┼Dр╘КГVє│Рс)О░1·X~fЇ¤"╟)(6Ухyе┐тH+ыФ@>═С╒А─ №3t!Е¤5▌(╗░0/ОиNC╛╠┴zFЗйЬЭc┌}Ег╝АЪ?СЭЗ)GммИЇ╒жj4@ 2L╬e└ГЯчV ╨9n╧▒сkM╒\╪"миь$ ▓_oк╛йЫ4#+RYOФ8№# о"uэ Эo▓П╒`╦-Ej^│█pL╫ЖсH4дq╘KWxы Xьcу3Щ,8рХ^╤И|ЫўSа╛█╝в9SЩ╣IЁ■IЁ╤90eЫЧп▒ь┬щRє╔╙s╟чgSc8`K█9Y)KdT╪╬)╒Ў$мZcS1╓7╞f╡ёbЗW4!▐W╔╨m2╪ZЬRз┘C_'iз╫╛qЕ╬g})ЯМ@4H┼#DСf╝ї╫║бВтNiШёК5$jCдыDнJ67╩Соў┌▄хbb,∙вЪпJє▐·С:fZ╓;nЖU~ д╝╖чхЭ╪╬I╩?!н(JV▐@┌В0ЯЄB'Д╔Фп│:З▄Jц;┼бz;ЖТ╪ПOз9╥л|YnфPЛrб3jU└░|З6(Ч!t3WwЛЄQД9t╣Є/▌┬б+|ЭЙt+З┌№жАЇ6╡+я┴╬rиC∙;ф|;/бS┴ p╥mъRV эvu+е;8╘г▄К┤wp)Aeб;9VЁ[╥]Ь│Oy є▌═биВo╔ТюсP\9Г╨;9ФR■е№ЗЖХBят╨иЄiФЄ╗▐l╣cд%SWЪ┬jЭ╠╘╪8є╣╫█zOЎ╡Ы.ю░zxMz╪[д╛ь4╕┼З nё╟╖x─рbpЛ▄т#╖°иp юъeєy/ўАП<руx╘рЯ0x└' Ё)Г|┌рfЁА╟ ЁГ2у╪YwG(2~Ь8:┘zИlЮ═iыт╕╩∙╟8\p▓p}q>G╗╩ иTжCЪc7Cx7OЬ&О.&дАт╪├А Ha├Иc/ClA*GьcИ+С#0┐Р-трV Оn~}∙Їшл∙e:@Г3╠·К┼|ц°B─ьgД.$░ lОkв{є╔ф╠№╔CЩьм▐=№кT╢╝╓t°°е9]нщп■5Ж╤═3╔тD$Ы[(Gа?pgи╪BСсВ 7╠p|З#─P╟Иd░│#,_╓H Hт8*бщ╖╟ж░6Ид№╛dИ╪нЮр╝▀ї┐А╢╡LP╥╤T$╒Ч@O┼g¤/Вeц`z@фиж[a%dJйбБxjД'╙╤(бШКt ;C7└sвУX┘╣Л╚xМЮad-0х╟+4 ├EТq_*╨GкШ°D"Ц ╞ВмЬШm"╛┴йF =╪?;4HjXцP:SФ╕Xщ;ИЫq@вЦ':HOtcщ"ї╤E─6r дЪXix╡╔Л)0H,CЪ└+T+1СЇЕC╛D┬7BV▒║ёt Т %Вбpdмx"°Хи╒Й█фФGш $─¤_qяЧ>╨╛ЖР▌l ¤]Еv░ ZWХ`╛z !{hBzЭBX▄;▒РЫ═МГ\5Ч+└Ф" ·G┤Ж╛$эG`Ц╡oьж;0juПЭї╬╤*Їгю бQЄtg ¤╟^▌ ПPЗГ┼▓¤у3Уу╫л┬}Tц?╫RКyhU+d╠cI1Не╟hГuтт! 5F╢6 j0┼Q░╬в╟i .╚╩HШф╥q┌r~YцUe;%ЙФ╪RJшYБўКнaЫ$═hWnАq`6W╕1с|Пў═9▒oЖ╨bш┴║НйД■╙Кў├ E║я№bO&d╖#.╠C└д?vтН]|ЕюЗрЁaQ▀XПт!`кl'#¤)╗-ьг╪ @Щ┬+Иш█п3№├А{ё┘╔Bв5¤~╟Kp°?╣ЙРgD,Z┬н9└ыkВk H[╩LV3УЇ┬║Hp p\┼═└┌└}Р°]╢u&№╛═Д╝!2╤ЗЁ▀ ё▐ bГ?┬у└є~O√e╛Й pЇ> щCя█шсKЙ4▌№T╛gd< \°й╟7Q╩р:``├/OРВDБ°6╪У,Ё8$>-сKВ8OА┤╨▌№3` ╟и▒а)Аy╨S)ЕЕюК·B-┴+╪ Й]м`7┴╤╡(2'X'╢рH√ ф ╗жp яFМгл╦Д╝ н╤ В╙т╒\TK85▌ъh═3и╪█АыГPЇрш╜═╒l nРЎЄ:▐[?Ф╚└h'№+G╥Ў=Ї э=i;щ─З!W4+АGh Д╬╜M ? ╚}ыЩИ-b щ┐KР┐ф■ЁM▐/кў _└kX╬VQн_pIc$┌+╨Онр╠╝°AzРЇ/|#рг╤1=нcz\р╖рcя■└▀╧iом%ъ4+■oi5t▐рпАщ+°ХBl╨ЯЁ$■Б @#оNqu╫ЯвwгшШ9>╝ cO{UЁ\жХё└Мl@№║9zpuG ╧+Ж0ГХ╓АIтЯ1ЙOUH|б$ё3LтM эJ|Q/1Ю╦ухЁ▀┼M?D╡]нСТаоНр}╖ tpлhSmюQ№┴M╩C■╦╔╓Є сТ% ║У┼Imлl╒ л▀Д┴·[╜ 1 ╜█¤q╨т жO5ЇU°З▀Н~ О╨+╪aU(┴zА~/АC 9qP№ЩН▄{:└z╨¤ А>"А"·╧s║▄ЦM<ў╥U/мqыVюЎ$о пЩь ШOФ6Їh7zшJЇ5bХ¤(HLNЮ┬b▓╗9ЇL╟ы0о╤DЗW╢▀З▐╘╚PУSЩYь7sp89╦Р┼FЬж╙Сd∙Т╜┼Нo.╢▄╫J`ЄУЇ`1░Р╧OfЛй╔уЩW╩ХdЛ╗╪-_SpdР0║В kQНИк╨Zl1А▓Р▐╬╞▄!▒▐Є,╧▄л╦№ь·╗xцB~аа╟жe~6┴2л╝|ПГ{2b▀Nк▌H▓╢┘ьLф}Ыё й0y╣У┴№9 {Рf┤я▓Шф┴(Ы╦OVИ]/─тр╡/г_&╦ўUe/У:`Y3А╝√P╓d┌QGYЙ├кЪЗщ└tсЖУx/╤┌(Qvч=√─¤tDт■Сю╝РГМhO*hgхvK├aaGU┼ЭwаУ* фИxК@Ь,=u#тYqR<Ц┌#№1■┐ЎЦХг*┴-рS5г8уQхщ▌*рб▄▀6·└сAw╘М П$+\▐#р╔aИ8╤бЪ#,┴■╣К╡гI╚ПЗk╬;z-Ьёа▌ЧpИS]OыKЁJ▐F[Пю▒`LА!Є_l+GCР ╫b╙шў>рщwyGлp2К~╞;·%`╞Г^х= t<\є╡г0K├wgР·+ьНшЄ╝6M&Ч7╫>,╬ ┘[р8╜ї58Y}┐\┌║╣cўoЇОФKя┌Ь.э▌╘О)╢ЫВ├╢┘╠ёщq╚4ХЭ▀V└о█r№ X╬р╞M■╟╣─йув[8Б╕MSNио▀╖╣tRwu▓-Э,2эь"╔[yчo░eє-я┼№ўэ┬4m╝╤э╚╤Ў_I╩╙╕/╘░sJ╬`=▒M ЄNd╞' ─n┼Р╥иэh5!╢aаз╥Г!5ш ╙╤Рў%R_яф├Т- Ж#Дъr%/╩e1r%у╤^цщM┬8TQB8ъыe╪·РX╦▒бa"ыр╨@,1ы╔ф^leЖpJ ─U▀`Pї'|Г└k√Єx¤yОd ХLТ*Ы/Ъ╓▒GЩь ╥щи/RcщTo Ц└к/"Ь:$b╤Xo:джУHЖ┌ЖHuЩКG*╚5e2Ц ∙щ╥ЙL'√ДЩ╚ ]#АА(зwМе¤║╢Т;'uХ╠Аїш1и&√bЙd0АW¤I╜СЪе╥Й┴$i╨┘.ЦNи╥`уhd Т"Н║▓cс╘!_Н ЗаС▒ъ■╨`( А│Рж2k4р-#ё5Ш* ПРfг▒"ГБ`(@VЦ▒╕+ж7ФPГa╚┴▄-Ф$л╩ЇX<е·z╙дE╫оx∙эХHи╛`0A.╙iНR#╨юЁo`g╢Y}rYc ьP&°╩░oнhЦd* hЕ╡║ОI·вС^╝Л╣:X╔ЛТdЭ╤I__Шм7т╤TРl0т№)▓╤мh╪ txжй B6щXВ╥I╝ю%ЫuцDУЗq'Ў^ $[* с¤зн║N0╟цє'╔хF╜·"м╤┬0┼жкщHWIсp"КУm·RjW√╬о▌и▐K%I[Щ▄ ╛Чр.)ВYк╡▌с╥ГЪ¤г1p@╝Йў┌/╞┼.║Ч╪vШГjаyx{геJЬFN╝ %У\^Ть4ТQЧv╒?в╞Зc ╥it№иQЩ9╜ЪКсеzr╒2,сDlА1эZТ [Х▀HТ▌:5Xш78v8.Ш┴╨]╞╓с╖ {Цф(СўЪzW<┘Ч√╔>│guт╬dT"├`иnг╘^v5Т\m╬╡гг+<рS}>h▓▀Lю╕jЧО|НЮ< ┤ЛyE╧2МF╟ЁUpъЖR┐БкЦ▓*▓iФ`E,ХaЄР/.&У ┴TС+6p╦x{о▌╥v-]ЪС├l[ЗUюьфйV>╫╢╕Km▐Z┬цщnл╩v3┘eЮ2╥О╫2╘\╘╕▄¤9\┌avo n0tи*k├h:АJ,█ko<`Гzl;├▓l╧├смe[ФлQД┤л╩ё$КТn_┼й~╤╗5t╬Ї▒Ь▀┬П╓╥НК╟))лФZZgw7┴rjq:ў КnДЕ╩^ч>чg─╦ХMOЄ `└Д═C%┼щyПУ┬^├∙eфя┬ ╔АpщUШм▓ЫIr^┼N╒LО|'╒Йкй`║pcк^м└н0Е[╢6Auj;u _╙▄▌LH]гОь tss─ГE╘╦мЇ^ CщНН╞ iвФеРъ] ╖▓СИY┘@P*!л0AHЛYc`╛╠CMu\▌d╞мй1Ч█*ь@╚Zр╓▒ол1╘k=Єa1╕1╦М▒╞Ш╪Tj.'зlо╤Y єn▒╟~'╢nЩkырjъхкР~гт╢╒╦▐╠.│и╢Fю┬Я╢у╦"█╫┬┐╞v│x щ╨г▒│╙рМЭЭ║·єж╛╩И┬L╗┌ш5═Ы╜╝╟√>?│╚nYЧ┴╥ЇД▄┐ыо│z┼ я╣√,%я}°й√╜m┤,жХ╒fЯlhБюNx╡zЎ~}оИЗч╗F ЭKh╘cи5╫╚чдщ&$·/╡Ї╧¤N╠3ьqbf╝|Ъ+(УЪИPg9.qзЫ╩2zСЫР╛%D!9т<╫тА1┐`ш│n╢иfA─pУГ▄ЬД─JН▓Ф тzє(╤Д$:ЩкI┘ф ) ╨╥m─╪шн`О!sбн╬N&їРlЁлa│╟ЁFAЩ▌═YE#r╪А─#yF╩е∙=!G (& ┬0мЄбо╨gV╣6║<▓14Ы├▓Ан<┌╚KuLЫ╓mэ╞ оh1л ;Юг2`:╡шV▌Iz=е▐с¤m= ¤√OЁ{ 7IУ╧р$Д■_g)№┐╠Я╛'█ ∙е.└N╢хччЛ№q√эЩь°ь┬─фo╚╛=WШ╕fpуJ╙DР╥ а▀c╤6Гoй8Щ╔fЛ< У>└o╦└ фЩ╧Oтz╩▐Й╔)тжйbaВЕт─lц8OOцєlя Ф0Ц╦p\.?│▌BqoКJhШ вШ|╖7 ╙%╜&є┘1T╩ZRJ█╞Y╪vб╦щ,жТKu┼ЄD}╞К3<╒═nкl╦dў│цУ)й▓hўтд7a╬MmM?Че~ЩJ▀вTЦъ=OГ╝╥Fхъ3ЄJщtЫ,┘жхfА%█WJчzv~╬#╫B┬VДЇI┘╔ЪР╝Z╢┘шY┘.╜С╩оYЖ│Ї0Ьи\7 ╪П│d=&?uX▐аI:*╦ї▓фСй═ ╥▄╟dI··SП▄ИЕРэ╢Ч=▓╥v█s▓╦F(╩&=eIЯ╙e▄ЛЇ│Вё!d┤Ї▒Eek█А<-7(!(ёr5RХGmRўgeщ└VЛмHchФа┤Z▒╛╥Ф┼╘ФmЯєX%y╡tсiBхЭ╘j~е:├╜6 ╠Nщх3╚╒яJ╡M·Д▒щ; m▓C:UФ-`1м╛┼v?"╬Ы]z╘VЄа6gБ█!}cБ╩нТcXоТPЪфlУ[!УBl┐'oDЛ╖БJw▓vРбЪВ*█юў╚ ├▌.пE▄Г└6"╦OО0Ц╒╧╩Є)yuш=З╦kчw╔)ї╦ ╥r У▒ПXмЦ Й К╨ОТ│жY8 Wб╪n└╢╜|Тємl};`keO?└┘Є╣Е >╔─Xl╖Б*Юay╒Я.#╫H▀%`p8∙* 7AЯФЫЄ└╖LА№hєЧX╦9Дd┐ь█Z└.\D√(╥╦┤ёИ│I/вЙ=А╞╓│IXj=Ъ▌&]а<ч#ЛЖS╧0еRоЕ╙0kZЛm}Х√ўoб╟ф6·╥@3ШТХ'хi╞┼3╜ пєPщ:х┤╫n∙й\3╘гZsXlяЦe *QЖХэм3Б(▐Pv██нVщБТ|╠КDщЛрvщ√фзP├├P╫)ц█PбO▄вАTє▀0 ,╧С┴░и┤В{╫╫╦uвзV▒єс]Ш╧&UЭ]О· zЦй╘╧·├╓aЩ~▄"CД╟XAЎСеc╛с╞▌°|v*3╜=││kD│╙╙Х┌Т№жХE╗=)¤М╨uыжG┌·зз█пОо[gб 4╧КЩ}+┼@╩\ЪЙ"+`!BЎщу│█Ё>гИФхЫЛЦ ╖cчЕn¤├oЎBГЭjн╢+╤2Ю¤L√<о╘╨ж═.AW╗хO.%ф┤ЖSX█╢╒"╬цЭ8AWП%шR╚M6o2Ї╗▄┐cё╗╝яФ|о╓;м>╫Ц█eЯл¤6Ы╧╒їv{пы<Х·-WЧяiW╗я╫▀_╗Z}_ry¤╧╗▄■P╦▌╦ТM·Щ╖A}ЖA╜▌╝╔╔L7я,z щ│/┌ён|Ц╧х>kё╣╝╖JYЧ√)ЯK∙+Є·S╒Ьк╜┼2А{NУ sD█ czс%╘4В√╨ NТ╜Ah╣ЧВк╣Iь╖к°8н*╛т:╬6]ЛЗd}│Щщ,~3Ч d▓є∙ф┬ё{\[{8\ЭbЯ┌-|63Ш╔│ЭзЕNьЙo▄МЪ)ж{"▄ЇO╬╩T╗n>═dпЯ╠Чфг!°nz╬╪s=▒Й)лэЖRs┌vи╥╛kуkFuп-┐▌Sзз&┤\М╨ЬU▄м╒фТ╧Ё╝i¤s ьЩUёDnl*єу╙lзпlЕ=EcЪЄЧtЪ└ЧX░Ь1▄/THЄЫ_=л=бЬ81ц╦NаЬ)yГxMApv╓№ ` i?зеk┤]у$n[ы│╓2█="¤иg.F╥е╡в>м+JK?a)щ yС|йМ╥Т,ZеOСЫ╧¤{Х╥ъ■МH|ЯЦy╡Ї/╡Эа$NEй╡%ЕJцh┤ЦPцBXДРЪR╬ФЦsE)gъbъщ%м╨┘LKo,5╧╨ы"i)I╥Тї:Chi╡╠f╢а╠·Xйfи─Y"JеUqлУСm лPЄЖF╘╒ш╥\KЪI3└{┼┘AJА+╡лр^вжФ°+ШОЪЩP#НнO│;TBKЯ.eMV*QЩМ╘WQh║2▀╡ВxgЙй┬"Д,ттrLe6MU;)РЭn&ы4─═e┬-Мpq7ЧыafБzШnй╞╢Ц├з╩ю5є╪▐Ъ0+╣я№тТ!рBйЯ[K┼╛yN~uёЮНyЯфїy5рххг▀Л┐щТ─°єZ▓▄wVЙф■х║!цЬ╔y╧Щє2deю┐_*я╥: ўя?█O[чi^t^Ь╤Шн&0 ┤и■АИ▒КєўEП■е8юЬчq╛WЬ╫╗3¤┤▒ыВ8Ыc║∙хЩг╙в┤4 Ф└g─yNЬє&9oU▐ o┐6Ў$~ёАР_┐ ~@K▀ ┐ы─ЩТV"]─ю&№Щ9╞├0ў|Щ Я┴IT!·yЙ╓АO|U╔Є<bтЧрAПm╜╧V|\╔╢╩s 9╕ж╬°Tп)~└щ╝}∙\wP|ъЄ<°$у╜Ч╨Ё9|дКъэ№mdZFgЎ3№╢ФtfKoВ╧{ы0м═╗ ї· ┼ўгш1╪Я║D-ъ!qпA├M|├эЄ╣·-°"█хyn░Ёk.e}╬ц№%,Ў░▀▀{ лBт╡eфhyo0Ф■П|QюЄТё╣═▄%x$|qюЄ№ьf<3╢е╩·╛Їo  ─] pWu^¤╪Цd?█▓м8f╨А\Eqь─%nF╢д─bdG▒х─uЎн▐[=н╜яЗ▌╒Яёд*їL╥РtuЗ╨║н╥Lж5 изMй f├дрi=4эFS\43ui:d└%=gя╜{ўю┘╖√№P╙ЭЙ╡√э┘√Э{ю╣чЮ{я╛Нцлр┐жЖ°╖QЛ?mb╫√2├ DПfЎз╒ЧycЩжQ▒5\fЭ/╙╘W╠fР╔╢└}_fw,╒╗x9k}Щl;УGўШeЫЁ╫Б ~∙Цжr3ЕвU*№Z╬ёF═ВUъ╬б▄эPNзпiз╓_+нdzДМ╓эЩ╙Ю&ЮBv┤Й·hw▐Ё °Ы╤Ш-ЫbJюu]№█  -п&3═ к└∙2_жЕ╩TШ╠И╞айбГЧиh╒∙л Л}бAXм8cT*╠L№и8V╔Э╣5тt.V  ~ВXм7░╪G┤└Y√[lZыа2▄b╢V▌b▌WHkеd│ъbКп>2Ч|м╥▌у  ъю_ЫЩR╠Жx№╢рr┴ЕЮ C ]g╢п(OЭkY,hЛKA[|■]б╓Э┤Е╩х╦Р╢P█╙Чсm1зе╖┼M┤E№╗Т╚бЭ;W&x/п╫▄rQ/"╘лSйWDЖ╫k8и╫Z╫'╗D·ИИЫфєYн║ЭЕ>є ·рё|│╨'╛чRЭ╤/т#Ы╘9ж▌╣╬ХЭЕo<п ▀ИСйHц╪ъР╤▌whдыш`▀68o╤т}┐Я&╪GwM╧p Ує╦лўSaЯ∙└>t°Ўщ╒╥█tVKПcч╡t√\╨к█G╘╜sU║п.╘рл7Wпъ╛ЪM╨П┐j·─√*_╟6Ub▌U@f#фt^Зj╒╕╖0фы_ ┴у▀бЬ╩Кш°%эєв╞Zе>√╠Ў╔P▐ю Zz╠╝дUПЩм_ їя╫кў .╙╫Ы$├╟┴NMXu?н╗_N ▒мRО'│ўhк╠╨▒сtЩ╜╗Уd<█э:vьX ╖J5q^M?о╓╨wfW,M▀Щ╫╥√╬т█и╧ВЦг№╢ш;Ж^Ь▄^}{╡TЩ┴c=щ2{;dЁЁc▌ъД8_4╝q╙qfWд╟yi├7с▀╒к╠R┘РўпYMш▄█@Є1.kщ1сЪЦ>dУь3VqL g[к█ЗЛhБМ┤X╦╥ММЙу╓X╘╥G╞ы5Xc>┴AF╘▓╘╜)бw'шГ╟╧ЪЕ>╒G╞хhШХ\╞G╢ЄТ`╫а @┬Уs/█@ж▓*<Юю[╞F)s`лН░x<ЖO%╚PлЦаN╖й╗ л╞Нз╝]j·PПЕ}ЗyT-З{╘ нЖy╩Ъф№ $iM^s°╚\╤┬Ц  ├н╤╟╩AоуZ╘├o╞ЖW\ьхЎikЎбs"aЯ╬ЖЇUИlВ}D╜▓нK╙у╡цM)эї├eBЯфёBъ№хЖ_e╝╕ое╖EgC┬Кў∙+Нв^8;Zе╩ЁЎ┌▌Р!Sьє?аHч║фИЇОхLgщ╧└S∙u8Э[О?╥в╚XpЪ╔Дe~Р∙L┤_0}Pч╤╞_%╢·yoDЖ╖┼╢а-╢Snч■└╬[h ёуFk #╤·Ыщ╒чц┘Жъ#м╨'╗D· k5мo·╨╡gб╧|В>x№ёrбOї╕Кc╫еїa ∙*z╘e ╚ВВ№' =├╚JH╤* ▓РE┘Hg[dб-ъл╥Ж▀o"є╕Ы░a%бMЕпО╘рл^рл╕Bz+СєcBТoЁХф─JЄШq╥д:} x·},R65tk╤╝ПoБ╠у╦XПijhгЕр·рn█w(hd╦э\┘$ь╝Гъ╝Dv╞уMl},i?ўApўГэГ№vl9╕╟!v6X№Q╦v■╜fag█-фr;BkЎ┴┌┼жещз▓юЭ▒:cЫ■m╨ж┐hНоєуБm·GAЫ■~l9h├м&lИ\1JA╤П,э>[ОW╫ж╟▒Ы│Oї╕:WK\M╨ПУ+Д>╔∙Ж╘∙~нZюЧ╒╥█4Ig7fk╚¤k╚%цSъ~C@{ї\bмb∙╗%A╜|ЇIМ┤Ы├єЭO2л Я├°▄F.Т┘F╛HVA~М2╖ЖС╖щщ #mРВ-╛;М▄Hяmaд╙┤ўЕ\ЮZTРУА╠╜?М|Р┘ДСз╣╛=М№)rэ єВvс?=nW█Л°F╠z┬M°╞SБo╝Ae╕o╝°╞%НE╟РМ╪kk╛Б%>B╩Є╟Э ∙┌чЮфр+ ╙│'<.Р∙g@оьЙZХХМь5V[Ю╒Ци╟5ж╧F╧7╓РUолn1]/ф╜▓б ▀Ыl▒В5▓+D9╒gЇм┐Х┴ Tu^*√poЩk·V}п?иW├▓Ём╩>vЮ┤╣Ё14є1▄┘}┐*#ЎЫД┼Ў╟zР?$°бы9%█,i┘\ї^╪''ь│Н╩pХq╧.u▀su ceS √▌M5ьчfк╫}*ч·uЯлбюsA▌▀√^ў╣ъ~бЖ║gъ╝▀"ъEkAu╓║-ъ║╗kЫГ╚.╗)Вь|╣!В▄u▀ЄсьЧыbя$ьy┬■a  a┐R√V┬~Ь░_$ь=Д¤Х║╪;√a┐@╪▀C╪ыbo#ьCД¤_}й8ъxхйЬ╓9^┴-г'ФuдНА╠)2яфL хрtYЫ/ДezV)їя~ k4kb;OЄиo╛│Я┬ч╦gГ∙r/Хя7еп╧'╠Чё╪ГЫlу╒э<Х;G╡╣qe/ЮZ Р Ў∙n∙M═M╪gоЖїДлБ}b╓m─АMщяk-ж╪ч0╓╘J_Ka2X╬;5▓ЖFъ^}ЭнЦ║▀hJ EX[s ыHыУыЮC▀8Q▌7╞НR▐6й│П>zКy╦sАdD9>ЄнЄЯ┬Ж╖jd┐Ы█p^6╠Pb├ъяP57з█░│╣Жў┘Rl°cиiчЙъ■Г╟гИ5:kр√yС7╕╕5j░╞| ╡&░F╠[Фтm▒м1ЯbН╨хzК5ZёїБЎЫоЎYнUыqЧ┤V╢k░╧╓цЇ╒╦сz▄bК}▐ПU9ЩlЯ╗A&SГ}X9╔Ў╣в-Н}:k░╧ёZ"╥Жd√┴║з╪▀pям┴>Щь│и-Н}║j░╧x Ў╔&╪g╝dёН ЩYНyу%иe(√▒%и{М╬╝ю╫╡ЇС:▒ю,п█╤&ЇёwЫтdh6╕+Agк!╒'╚EI.zНфв¤d■uОоЎ╘┼■ a┐J╪wЎ'щjO]ь √9┬~#j∙╗Ў,√y┬~Ъ░┐J╪▀$sР▌u▒╧Ў_√q║WB╪G√E┬■|]ьGщ^ a"ьч √B]ь#4g#ь¤Д¤,aб.Ўa║SC╪ўЎ╙╗╚├еМ╚├CхИ7U▐╞<\·$фсд^╗■_u▐y>╨╣zN2╘Ш*sўвMc╛фCъuS▐rЕx╦K$FuС ▀#9v}ьЧ √┬▐F╪?,┘∙пH>╙єе,│Ф?&9╜Zh╪▀^oгoр1╖:╠Е3k*°' │-a▐Н╟ч@╞KЩw_ЩWоъ_ШЩOШЫы·t┐4"╛Ц└Vъ╛ %/ЄзЄ "╬3фЧАИ}jЖм5Е?3ф=|щ┐1@vЄ╫Щ!¤А╝дФє y9╚UЩ\#╟nЖ<╛FцQН°жещ8eg1xяП╧В╠A9║]╬┴|-d╓╚╒Ж|Н╫beА\dxE╪> с╦Їjo╜хЧмO█°Eё=&єЛ5r╘cHKл№ю C▐┘╢╝Ю3з-p▀l>мсЭ ╙█"dжrо┐OtIйщ!NШ>╛ ╔ДС▀с2Т¤╙нbN-╩yРsКх┐ф?╒*чхVц╦yн5ZўЯ╖╩QЖ█ъ┤_Сi_╦╛к─,п{╢лCO▀Ka2ўмХ_у▐ИxOЖ!ПоХ3)^w@:о╙kхZC>╚│JM?│6ZЛ/rQС∙* ╫}■im╪[Кf1WЩяб л■ыZVк┤№ ,G╤зuЭ№^oўuЄW╪ d8ЁДвaГGk№н3┴urЭ\НлЎ╤МАзЖ=№▒ur■┼Р'╫E}у@┌TOX'WЁЄўывqу:Цгx]KЖ¤юF>ukЖ¤ъI>u; mJЫ~0#╓[D╜╥╗,№╘╤МЬ├2дРС_╖рq##┐│─Р'Yг╘т│АlSd╛ШС;╬ ∙ Э-av▄пы jaМЦ∙FР╨?╩╕а┤щ╓Зї╤ї╝mы║GZьЮїZ^/3XЖШых/Є1@цTў╦щ ХГ╗"│К> ыгэї @║ВТs▄╟v+ї·■z═ўи╨x╚е {╜№ЎCVАзЬVd6ЄВRЛ.@v*2wl√╪ °у6EЯр■PЁ╘a█4С╣вXь├Ш┘Eд-Лх╝9пhX▐└ZFz┬cdЮ└РП▓U╤Ё@о(\╧"▐s`╚Ч7░6Х╚╒ 2╗Ё#дЕуrП┬ОїюQ╝N█╚Ц╚║НЭ├╛wc4·▌ HптG╣жЇJ№∙╣└оU(╢xЧX╪∙гЩўJЛ}r#SЛqсяr┼ ў;S@цМbН┐Dм╬qklМ┌ЁИ(5mВщB┐b∙   СЇ▐wгМ┬їАМ(O}Р^ефгАlWdL^r(f╢1;Kл~РE┼к▐╞Nе>╚ ┼╬▀kУя1ф'mтэa▒7█фZC6l╥° ░Рy 7ВЪ┬╕ГCтo_ Щ;@&п╘лw╦1еЖGQ,fт)╚щMс╤П'7▒▀¤Е╞ўS,"Й╚C9F╢Lx4 <╡U)∙o╔(~e√5ЬФ∙■жpщў#ъспГМж┤Ec╗\▌eH{╗xL╪ч6@║о;┌х^-C·┌хЪU#╦Я цТ¤(╚ЬU╩)╖у┐ЩРЭЯhПОD╪╬Їх9ф╞#ЦЛ╩■ї|╗x▀Oш№ЧАlW╕╛▐.▐╩2▀dA▒╞ПiVуs╗▄uх#їf╣6╚РнАь ╕╞*жЭЧ▀ю96╚z▌▒Щ═/d╗▀ ╚Eч7│_J─фмRўi@▓ rР╙╩SHЧRпч6Л7сЕ5╛╕Щї\iНo▓D╜dNбэgо┼═тW,gl╩▒щЩ╬~■>V┼1ї▄O`?йьъv╠▒КчtЛч,╧Ў▄╝SЎЇ▒▓У3У┼fJ5H╣х4)ю Q]╖КF┴╘G ╫Дб+ЎqгR╤╜ЩК Уп╚цсЪ├yх '┴ ╝ a}ЁрсС╜CCz └╛#ўыЎОь8tИ┘у,(в8нсxмe#∙ЄФeчsЖУЗЦЄЁ│▄0<МтTk╜dx╓дй╗ь>[,IВ┐╟ W╧х╝▓Cх▒═pbП5╨q21j─╦М[╢єцtотщт}╛Шкш║_ШYЪд╖¤╡н8╘ИAнXY╠-╢J"╞▓YХз┤+J:╘┴мxV╣T╡№єЯ┴wIў_▌[CWХ▌0╥╜╒лpЧЎ{1Sт╘йSjG╫їB.з;f┴rбы*`▐$p╛мьЄиaыyhpWAr>Bl┌7Є└!}hЁЁt*l: b┼)3пgt;W.M2ўЦ╛ВkкыРB∙▓╕╡ *Є'││p▌_ДЖrNтч%¤Ж└╤█╡▒█Nfи^1н;w▀е;%╧*ЪЁ8Ш╓└вж F█▌Cksш╚┴С┴·ЁсБ#¤шЗЖшc╡8╪O├F╥z@├ВШ#▄┬їО╕жsо'РБ№~`!T┼╒╕┤7ю`╜ЇУц kию 8,╘'t?чjт╢О_0А{·╘];еАС╧иК&Sх│XЖр}D:t}¤!) j bм▌бV╙я│J∙с▐.С╦}3Щу▒вю7=~у╛▓│7ЯwL╫Н╣┘WЖ6НФ40mц4Фq║╦%сГе╛ ╟1KЮ/ФkЦ&Кz╨╣lk╘1Ьў╓$│Ци└рmдч&╜╨ХЯ:╦╦)╝ЖQ╚НИP(|i!ИB`╨б┴JF)tg╚╗-╫1№h,штykZпФнТ╜5fЧ ЪН╤ыBШ╢єх ьВ┬f№Ў█I▌_f╥√wьЕ╦Rф3 1║■СЙ28ЩПУ~CВ╦Яp▄qk╠уt.√ФБе░Б═?ы;╠№Ш]ААзH=gЫF b╝ояУъT`ж Cя┤З ТIЁcA-9cq┬Ў░я░+k╟hчзХЄ╘о╨еV8Г;╦[cc№ttЗ(/ФQ='D∙╧P ]А ╗ё╕8ъП╧▌;48єo╗ЇцЪЬгЯЁ▀Y`A яЯгыVyTЫ(х4╓В╙йЯ^╣ЯМD╔╖ГаЦTD╩m┐Щ№ЭCЮMє ╜В єvйJ ┴o·В╒3&)ю·вёЩdў╘ёRgIюIv╗"cЁ▀─ХЧї╥C╗я┌╡ы╬]_У$╞а╟ДФa/G┘z┤Ос "4№{Z▌┤я▄б`P>Ф1Kk№┬Ї■╨8нTJф]:║┼Ду╘4s~├яQГn ╛╛├CжС▀7уЩ╙┌a╙;RbMХу╘}Цэ∙г>╚ЧEё!>ркеdЯ║.├9c╚p╜Ц─O <@du¤╤ЮУh)є ╢NП╤┘╚Б·╨┬<КVr!У╤╦cX F p╦ НыPЭ █╘- └ККїC╡№▓╣3i▓ВМю▌ЙQwлиOЪОЛ╛▀d╪)зэP#bй¤ж ▌уЩЖU╞Ш▄гтУ6Ў([■y╚╙ЎГж3h`┼┤їгшtY@>╟V ╣Ы┼W╦ЎеOцЭ▓JШПыvепШЄє]Тb▀T3IЬbr├┴g─v┴ !╦Щ└█гоiЭї-ь"#хЗн╝┘NЇА>▌нШ9k╠╩ЕЄ╣╘МSz╧╕iT┬N╚уГьёSC┐uq!╢Лу*o·aШнГOiС ▒h╙Jд╛&cЬСч<ПМйx╥┤=u┌Xk▓.ХОEBw+╗б~6АC&йA╥╝=2Я$ ╤IМШж@п,ФКР·кЁhС├wr╟4\$╞n╤p|хЯЪ тт▐╡ГЕЗH■,юV╫2╠И,дЎb¤Б╖dо"╙W┬╝|ё4.ишШ%`ї зi8p>n╠т=ЙЪ╢Ж.kХfBщ 7фd.g;Ш№rCЄ╢╧EКН_ aъ╞╗ЫеВjUЗ(AеЎ ]Э/║У(^(Gk┼xi ,╝═╪&^d└ГX┴яЛ°3RВТlm\л[ЕР!}ЯГ╢ВKЗ╟╦SЕwр╙Ў─u▌w╞И█#╔`░L@#Зb▓░ў$=OA`╠ЫьЗбШGxЪ├▒1W \пhТC)┐╙EZ9bI╩Кк,5ЄR°Ъ╗Ъз┼ч╡ё ЛCдP╢UJ└xUВ6Л.Dи├O8wa^яЕь!є╕ 'X┤:tFh╚Bк╚JDгu╒G┌╚H╞є═p╚Кд9~┘╪╞╨LEнZЦHUТЁсУmвkб╙ъ╦д▒ ╙RСа│·╗юСш "▓$5бW'u┬яY╪їa*Я╟9Нm\┼щВ╪Pu╓YєI╫;й]y`U╔°` юЧr~23│ся┐sТШОw╨иB6e║╩З■°LЫ▌гЦ ес■┌'и║╤YЮОмK╫░;▒u╡┤?}┴RY>Ч╜ЦїЗ   PKВ·Т╒╜РЦwPK-ў`▐Vicon.pngЙPNG  IHDR┬оnБъоPLTE^╚Sе9tRNS°№я &є8 цс▄B┴╦zI ╙гА*╖2ЩЮПФъ╫░╞k.p[VNи╧Ж=u╗│_SКgcм_v#ИIDATx┌ь▌ыV┌PрЭ ╫$еEnjлИўъ╝ ЛїG╗к╢DТvHNц{X af╢╨Юн^f▌Q▌,7╫CбКё╧ё╞Y╖Дкф)┬?юOЕкb╕╞ Ь╗ЖP%╘╪jYкА╙1╬ПЕмWЯ#╓MG╚rэЯ Дм╢ ёйи-d▒┴;Дu!kuF╪)рkўР└№лРХЖчH─чsa+╒║Hиy$doВ─Ь/BЦёЦH┴y▓JcНT▄B6Щ"%ўзР=fHя╗Р-Юaв/dЗШ┘┘рж╬Д╩яцжМЙХ▐ ▓{BеЎ├E&п|Ф┌УЛМ&МКЦ╪Щu┘*н#)0,lЫV)0,lЫп>R`X╪6зsд└░░mъR`X╪6э)0,lЫUД╢═`Б╢MgД╢╬╡Лф╢╨ХГд╢╥╡Гd╢╘еw└ЛP95▒├┬╗ї▒ ├┬Vk∙°├┬Ц╗Ьу3 [я4АКo ЧD=DЖЕ+б!├┬╒░Z`+ЖЕлb0ВК{ЖЕKвsГ 0,\%╟чP╤cX╕$Ж]|└░p╒╘юб"Z ХBэ0,\5▐+▐cX╕r╝1>`X╕jS╝├░pї4fP╤╝*З3иp/Л T4∙9а,·PёйpY▄A┼Tи$.аВ_Є7X─└Л бЬuFXм ЧЁЩp╬Ж=ухЦ'√w"д&■TX/Jq░'д'■TpZР┌Ш╦ДXО╝╫М?╞▄6▒o|д*■w┐UМ┌╪ХP^fx╧┐_ч╪/Щ╩═f/█=Ч~cm╝d·[╢{┐$Й б\\l▌ю9№Ц$╟cЄё│▌sЁт C╣╕r═╢{ЇЛГььа=¤tq╪┌X /Ч wbа╙c"а ,∙P█,╖¤ояHm┬╫_█ KC?]д╙х`м╢~очЮ]дq╬2└VЕ(єЖuї{s=╬h{╠┤рж\q*V█ХЫm┴Mї▐▄В!░X╣¤ч╖╠КГЬЙ-Ж#'√ВЫ┌╜╣░-дл╒T;°Э╜8pB█епvЁ;{qp╬Й`*┼-чIс▐Ь╧.╕╢vиvЁ;√╜╣&@┌p╪Г▀эИу└З╙╛╕╗Кт?VРоa√u╖╟{s+ ┌j]ь█╔▐КГ.з`bи└Є?∙~▄├┐▄Gбэ ~▌gfVуP▐c╨* ╒ю9Ф│┤МЩЛГ}б8┼╛щa~Є▌[тпНPмB_Ї°у┴ш░~ы╙6ЕА%s_╦ЁйфЫ╨6 А)ХЖ▐КГc@╢)NL│4t╞P╝┬└4KCАт(жYтыгP░dLs╨еП▄D╠sN=@ОB&:▒wЗ[i─@Е├ВBUPКв ╥Bе╓"UP▒є■/╓Ю╢ч4*Б,▓╔p┐W Lю╬DцрHВ:дщМ╩i]PuFдq.┴Uш:г╤n╩ЎPvF╧ └Вкqс! хK┘6ъ▐ИYXpе'Гї─Аy╔8Ї┤Ц$0▀ПЖР_kЮуўQКў`РGJШЯОAI`╦╨·о#╡МuяёjХ$WЇ~Ю╥ └№\P|∙I0єєУ_└Jй`~f№VK4є3eё√ щ`~NX¤╛\┬ШЯ╦▀▌└№LX юФzцз╔<└)ї╠GF тв є└0i@ёк/@9ш └x^ЛжМ'сuh └╕ЮП╛М╟└\`\АЎз3уt*░╖Ъ<:h └╕ьImfлsx!▌`=и└╕╗КЎьп╩Н┴bъ0.А.▒ШHЙ-A╗А▒#╚m'0.@║АA╞@0ш└Ю #Г■М pЛАБ ` └@0АБ `H:lYЩl╖K╝8ц▓/└`!╠$V`A $R`AьKдо Ьv ! фJвЇЕ(РЙ─И,ФvФ╪r┌╟@M╬└,е} DPД_АЕ_ FRWb3 щE"C╢Ъц1X`С┼``БЭ┼5" н%1╔n ┬ъHL└|шАWнИe╪С"u BыКнo$/░д╜Иm╛╬О ░Фї┼vcМy╔$░Ф ┼RйЪ▀n3ёFЦ╕3▒M═O% n╩▀┐-▒u █5"+FGl-є╧qM|А%m*Ць Яс╛" └rПБ╬эНa ж~mPМ▒їНе7Р@ └ 3_Є╙=Ф ]ГвЇ┼╓5пьIХЮApю1Рэа.N`4─vi▐║К ШуUП▒НЙlUFVиb[Ї╧╪h╩{`Z8╞@╢│Сl╧▄аHхЪc dkOх-0%z^=╞▐е╝Cж┬W▒=>$√╔а`b█7.х;▒АiQ╦└╕U√▓iw`ЕkИmfЦи~Ц═ЪoЬg)ы│l╥Ф(О1PАO╚FЬМ┴ЙX▓v╕]R░╝M╠J▀└TqНБ▄цШ"╬1Р█cFжЗ{ фЎ╜DжЖў╚6.А)qъ9lцУС┌╜A$Ю╓╝═s_#Sс9╧╚ЎбBж┴ы1╨Юё╫А¤bяN┤╘Д┴(', "*и╒q▀W\╟Щё╛ Л╡=зчФ╢3-┌Є╟ {ДaLрц&б╧ФИ ДКЮ╟0Є\─MДВФ[F╬В╚q[бжтsМ╕qбh1уmU─xBYл#┴ eБ╕╣PW ╕F╪-√√Y{╔0║╞И;Й4>5╕F╓1╥й╪}.АХ!К3ч\г╔═щ═М╕FТZ Фe╦HХ `Et╧┼╡Ю╗°-Пп,д┤1P▄з¤╕├0ЪИ╗ eж√╘Р\#kЧ)*нц└HK╒╢г*ТM┴К)] d7_\╙Б-│ ФсErL'┼иЄM╣жС3тvтw┌╖б.АщхО╕Е°ИY?Rpо╧ВЧЗШкx▀zsuРВ▒|:ёЄбUЙ_-▐║╥ШMЎ╝Ў[x[─m▐Ox╒M╗o╝ЁC┬qюП я╥@ ▓^ FDА8[|╙█╠-д`╟:w╛▒%тjтЛV,сUтw\° цД\Ы╖ёiXўW>юЕа3r /б╦]Ъц╚ъ0nЄдOЧЗ,╝╤╢%aдf═7\ё"o p┬√╚&P7s┬лН╘xЬЁjхУБфNx╡SWIxy╥╫OШ0с╜ёЦN=]ё'╙И^НM9с}h%|ьЁ┬ пЎЮё╛*'╝Пa°~┬╦Ы╕┼?2O.ьСTоме╢P4CLЗ^вь¤ф ёХw▌TДВ■ўДўЩ^Ъ┌╧sqЧжB(8╫ '╝D┘╖╗─/╔Яgы╢уIЯм╙╨┬╗$я┼╘_+Їё▒. мїV┐K№VЯ Їe┐╬ЁG]┴Ї╘:ZHb#ШЖJCЙd$║·щE╗жЧ╪уOДf╘Jed@═\0m╘&к$o╒╓Еy╢Р╬еЙ╜ПwpЁ *Wд╘М<3ФHKrеЧ<╖Г x;qЎ╪@▄Єбэф#юvSf d─;;+╚╩МмнГЁr╨░G╚A(MеЄ└ўЇ╡╖РЗЩ`$Еr▒М ╗Л|x№HQmЙЬЁM}Х|фф*=ю9йrИа║ГЬX|О3A7ЙЬL9 h'СУo !hk ╞ ┤3Р #тщЯв╜D№'¤IкKd7;Єa?D dUхзOWeКld╘ф 8]5Щ╠V▄ ж╠\"у┌М┤╥У~ызnГ╘Ь17 ╔;Iдф╝Ёузпх!c╚П_х ╥ЩsрлЕйtъВщ└ХH┴9єA░z░gHс╬╗╛u1Ж:Л█╛┌p (ыє╗┐6╠T╔W┴┤BХ╧+╛Y8Pё╡n:Йа╞xШЫАьvлRънГ┴║WZ╘4н╕║PуьЕ╛┌е╙mї4ю^Ч3╧2ЁcъЧюquш╘{h@IU╟щ┐╜▐п^ве/СФ╫о\-ЖД&Ф╠┤ ╠Rs3щwдcЖЇo7_BEа╔V╧rхыУў d╫╫)╫ ЫP╤а?ўЩе[╪ фi:д[Еm@AГЎд╖hЖ▌Г─_Q}в97║PР¤¤Ыюыдaсп2"К;б#$╫!9 Ч╫o├@тЯш╗ВШЦDb╜1╬t╧W  RTдДHLрL7╝H№sNHк#у#▒Э д╖Щ[°OB%IЙ╜*┌╖a У|TLРT@c`+┬ЖБ nDуп%╩▓(╝█┤w#┼@$0sСTё╡▐╣!QKGM.|0ыc3гЪРМSф аЎY(а╧э▌щbЪ@рсVDН (ввx▀вЩў▒╓ЮIjЫU9fй▀▀■h;3;;k╙яЪкёсЗ║еє]╖'┐?tD6═- н╝n#ek .@6;└ХЕO%т +С·─Ф121╚%╡╡CXBTh'ГR ЩLБ╩╦■G=аLE&%B╤мV^С'д╖ЗП╚─"xXЎ?a[d▓ xYЎ?в·╚вB Ыхi┘чш░ч"О╤61_╦>?QАM ╬╖╓▒7@╛9@ЦБ,<╚╦(ъP┌▀╗У@╖ #QВ\hД╥ЄД╡улЛ~!_н▒ЁFв.С╨ЩъРНC■╗A║k▄▀жЄB(XKHе╖P 3Q╬/@ы`с}\8X(+╢А┐(Y└жW┬╗ЩpсёzцюOBч4Вм┼∙НX╒л°╛Yb!╚╬▒9ЁsjлУц╙Бo╘D╒└Ф п╣ьt√|X╛ Рov▌Г№М│?!№▓mcd°оEfЧЎоe rUE:$EЩuDLЖ?СO▓3╧ ╨ХА,Т·wn|S~у@#0) пkf╪6Й LRхў ВZЗцglЧ╩э╡ft╛Rп╖1a№Rц(:б╗лМ?ъ╟╝DcL^~;!╬1 e нC·чF╙Фd═сВг\po(,√wTВГЗ{S"╘р эIнй ї╙▄ шж:%'ДwдТ%/gT╧╫.╙к+Н╛Бй2?■НD▀А!Н|я/vй╠ZЭl╙ЯТ3ЖПФй:S╩w╒0▀╣г;5z`·─.№Aъ!%Х▒И ■MцЛО├f#ЖkъTЪDл╬╟E┼╢в√зZх╚╧Є┼XВл║║╬Ьj╠ўЗ╥гs╢4▌<┼{┘деЭncол▐%0Э<хYЫ╩╦─ЬGn?fВ¤RK╔1/UA╒┐c╘тФ╤─<ЮъБ│╖л%╠W╪Дщ┌ШyСмЇ$ёЗBЫ-Є >!Me╠╘хЁс\ _(─L7)5°\н/`VVAГ╖я■|mдЛ╓й lЇЮАщ·s.ю╪■;О╞Ы √s nаўK°╬єс_╤A>см╖jNЗШ q╒Ярс_°╚a?kеWGЄмS аУ!╪■┘уй╩├`Ж┤ ы:F╢·ч.зЩ▐?MР░A╨Ед╘О┴X└;╚у▐╢A|Oў б ╧{┬ыBВdI▌sg г╩╪qх╤<╨ОjР┼[D▒│k_лnКГк╜┐╠┌▐ш №·HO%Ў JMЯФ7fу+sSЮи/WЇю6GbДpQ─`ЛмХЪя┌█ВX°a!rЯП6кbЙР▒3 _т.Zj$┴jЭ╨Б╔ L■╜╘%╟Дз[кhЭ ╟ьЛТW╠O╒-nХХ╣═YУ¤ <░F&╧и┐идf═Ю~ЧЕ'кМY║№Жp└aJц1╓╔╣╝Xg¤dе╗юYt7┐Р┐ЫЄ5╖┘b\Н╚=:Ъ%╥·П═dr·R┬у+xЇvєсЪ$;ИФ;█d3╚=╕y╩ПSLЪ∙АуN╖╟!ъ-иX\╟и°▀▒1√g┴ еZ`ў RеA╤J0 xf'▐гБ▀B&s╓%МXB▓здУ╜mTK╣╓"cXМoЮ╧y°]Qч═;ч<|╓Сф╘Ю┌▓CЧw╫=№Bb9√UВ╟О6GБq*┐╜Д-YЁ╟┬Y}Вz▄╬MX¤m:Ыt@РЄї┴dCJзуН`Є√нДкгАкRУ╝Ї╧╠ГеG√0ї▄бГ,[jpЦ▓дд╚╖@.д5╠яР&_╤╞A└╠учєwаС3 Es╛hDFЄLЯ ї╣Гтh┴[╝цЬ°{°EwЗЇ─ЁMTO╚л╨кxBЁjър┘╔QыюХЯЖXд|А╪AG└2Я┐Iн\┴┤┘ 4о╢ыMdЗn┴j╛?v═o<а╨·у╣ї╫▓d╞t ч╘ ╨┘НnХ'_ZВsяDОp6'╪═_r╬;Б`<m╪╢c¤ЎdR;c4L·6й├V▀Ж╔оN'tж&√▒╝ж0K├-J=╒E╡зZ├m╩.ТэьI╗gкs└└╣╨=у╓5-е_rш9╖Щ┼9;кnи╝─M+ЗъФ╥qО╡H╖@эUO+·Ўє7pD╣GЯ!3ў 3ZАз┌╜┼/*zMыЩm┐┼├а%Ф(xЄ@Н║\щPpЯ│╪й9э╙ЯАLл;ЛXРT╚$∙уo╙qюў!┘УЯАШ6C82ф╬Б,╬╜Ъp?"пр∙╨9фУ[▀^┘°vп=ю[w╗└┘ЎFr.ДЬ╨б@Ы┬Д■╬#¤o0└╘┤xоEЭlg√,ъt┤╕╥HЩt$Bwр,v█Ы°в8ч╔│$╝├┐;KФЁра┴╬╫ЙlЙAЛ║CJ(4^№┌' ФeБ1■.4N¤ХjV░'ф∙ORт*и+Р4ЯNb|NцВgДG║EЄ╫ж0╘Я╔╔Щ#Н╠3¤ уу╓с:╫tWZ┤аLg8√уjо╡}н#J∙Ч4e╖Эx┘t№y{А╥eKРN┼Eюзk▒V╫gРqх/жC~Я°щЇqS2;╖вРєРе╤Ю Тб╜┐М╝vР╩z^%їАн $jzНf║Н6$╗√▓5 S!`кuт;Q$╚№НdWЗ╗Еz^$/Ф╞╝2_ДЄ█Х№Огz|$╥ь#Г B~\iТ╟*∙┼Lв"эЁЮ╝╒╪А╓D·~вX│-╪N&╡ьSТ╤Ш ═Gє┬Ы╪√*ёcЪИВi~╔qPЬ ┘Ч$щЖ <ё┴Пm╥Ор>Pв├s▌G─8┴УгТбAvЧJ8>ЕкЮ}5d ,B:ж╓7!√@hkПЎ^╚!} HX╤0д)d√d[ "Kї`ъюfдх4 ibV*UъВ╔├B┌ёп>ХдПA@(∙QMКУK*Еў№5─├Jы'6Bы╗бiN╔╫ёУС  Ё+¤эНHЖvёЪ╠╬ЮсhOK╗б+`║ї░f0sy╜гGcэчВФнЧЯ═'U#║Гў╦у1),?v╧8┴з° фА▄вЬi╣ь■ ╖KmQ°З° └{ъpШЄsdЕ$Ы╖@Яb┼╤Aлgrър╘┘▐В&дл┼skBо╘├_gQgГд°к└RlD;ЗбylЄ┘┘¤=├R┌'┌и╧ы╔KАоьn_√Хd.Ч=Аo╧жу&Ъ)UЧ їs╞1┬$"okО1q┴ЭC~4ЭQ@3ьR36щ#∙N2,4rеPьян °─mЯд╜waп▀╞ *х╪х№Жuм╝╝yA)?Ъ[╥ ~лн4йв▐н= Д╚ н¤ёў4Ы·еЬД╛Ь8НуZ@┬╩║dи|їрЄОгБ┌чї#╥"=┐R\@█їщ}{Кўdщщ}щcа+!aSДД■A$t=Й│dО:#░з{о ═ @зЖХ'▀шlbе|г`>-Z !╙$S╛╤ЬO╚4\ЁМъ█a▀У▀╜Hc╧{Q·ъi╤и сКвщХFWЎЩR╙.JВJе║еЧ!╟СРOj"h&ovт─Sшw¤∙бЇу╨°А╗ П2 =їT╗А╡л=╝Ь,З└╘ь/═╒├ф╨ №фюм╜\N╡с╨4┘д¤╘H╡hдd'╝!Лясї┘йVЁ&∙╓,=R╪&u┬\ek▒'NB8╔ю]hЬ╚;2;ynУfд│√ K\[Гf([Pй`╞╔Вўv╡]:`7}"O║@B#√%з¤h Йc░╞k#5Ў╝имяЇ∙│─╦ёе!ъх·И|b*'▐╦┐YЯреўБuЬg*8ЧЇИ╒Sл'G%xOн╬ъЄЬн╒щy║╡7чna╤в╕7┴bЦy╬╛SxцОмRЬ;О ъ'~ Y╣0э@q7АP ╕^ ┤JзР╩:кфCЫ╨aёцe8}7mмR_7p3╧e7 ]╟fВ7╒щ°╪n>╩╣6aq╘d╣Bъ╡J¤vS7oЄсЮ╒г╕нk+ъy.0┘д~Б╜ ЯT└┬/╤2P╨цA╖H ▐y·=Ї$ ╞AL┴щ┐шжч|%цЭ╒ыЎМ"/qtхT╚$8O▓@е,░CЪхє·cxHГ О╪"K│)Цг5mVўЙ╡Wї▄╥WD~Bxя╠а╒▌╖f:/╡@¤Cъ>Hы╞КwR9╕6║vеЁ┌цK,:ЕьgнБ:НЬы:дАфу╖■ыЯ №'Оo.ўК▀цЧ'XX▀┼C=вDT_JAwe╝▌·╨zJ¤▒ 8&╥╚L▄z>╝.B ■Меcф^/0З+-1╚С1є┌#хL;Бщ▐Z├ў╨(╨FЗ▌HA4Ь'T@╓5qX[CЄk├НPЫкef0^pПN@ЕKG jРн√╔ьв°CК^9╪ПЛ-╜<М+huЩ▀ОЪЙ▓ b╝Nё└_┬x]ZpRBВєCЗ7яф╣▄hj6ўБригDЖ▀ВGGMчИ▄ЦtэПP%Ё╢┘H║╖эБH?\3B╚ХГR ┤ЯП▓'H■cCЄгжDNЁ╠ ╟ш№Ф?8WД zБГчг╫┐.н·~ RБучI?вF!Ё$tMъO┼г6╙q╙Вs▀ИX╜╣┴Р[╜лXЛФ√bnQ0Dдy,ёer_┤ЪVi{TЪ dьqT#.Дў╜гыЯQ8─▌Л¤╕АЫ▐aЇи{Зш╟┤Р~▄B;[еў▄├┌├┌╙Ж╙7ЖОм_т╝шфЮЖ;╦╒ ц.╖%К _}СХм╛╓:Qє╫0rg╒[ rБq╫hT9o╤s]L/ фJ▌╢н{▐г?0G !ЯхzЧ│╣цтuV0├п)q>``─л└╡I▒O└е_╡\А,▀┬L;╔&э ┘m╢╙Зрпр?о╢{з¤6Ч ┌M¤N_▀У┘Щ╕ХЙВ┤JЇ№ЕЄ│╗П{t3Кз$[Й Rm╗ftnQ┐] РaВ▒╔e╧╦u┘4 &о5ўн╣╩@SЛTЭQущV<╝╞╣Я`i╜ eЙ╨<╚Тїs$ч┌З╘be&┘╝8│╩╨Упр?Dявп¤_╘╗#▓г4#Фs┤Б╜╨syд^┼nБTj║HM╘ьrwо╔Ё▄жы█▒\>З*ы╛2ИmTIlтЙхВїэPъє??Dс~а[С@▐єfp╫р╢▀╠їhМш[lG▀тб╠E8▐дящk┬5a~Ao7щУ -ZЖQп√3М№▌¤ЄШ╚э│I°-xRPЁшх╦yтеГ╟╘W┬K╞l1)╨MцПp¤▀!AдяЙў у┼sЫ!g╧ЗКчЦ╞{°iП }lСZь╥nboщ╤\0Cрt─├╪в╪Oz1Ч(%╬5 °}1(╝3UvюХ&0л┴др╜B╨фчq=ЄКОе/┌щmlЁч║FН√0k┐╞q╞гW╥¤к╛Цs╗аmчс,╬¤*▄Ї.ТсhH`╫·┬по1Vp╢▓▄Ў6`A∙З^pN▓ЬыCxG╨▀Guъе-И√ЇyЁлAАю╞J∙J X╧F▐s╗▐bЄЩ;╕Gq>1u(ТёKxc}kЖaНЬ╗2 ▌2╨;A═ └∙tQЛоSс"`┬ [b87v■Ж°Л9╜Cф,}ОЄ9&aО ╜╩╛╥П╕╓k/C3┬1КTиW╓чяжым└ўa>ё∙П╨i╧7╪кЮ┤КюПкДЁ+ЎOаёфыБ,ыАAH▄╓?бО╬Жф╙9:5╬5*Е■h*peXпA2т#▀F1А╢УHgЖ╗√у╫├∙╚ЄYа/h;▄УЗмl/t6▓■о╘гЖz@s:N&Fп╖■у?ыйу╤АuGїЬы6DЭr4╛ Ши=Гї]Лї╜~л╧ю] э¤юфРё ,┴єCdРпQ|W!(▌Fфeч+жСs╜E┐╛sсєL!>°╢{-йО└Учнюр╕Ж╓╙ ·ж JSЫфw|Е kв│?ш╬╖BWХ╢рЛ╣├"uYсmBоtИ╦▌>Эў6ХйН7╖m%ю┘Прf√-аЧ@ў$╚╧┴ё╗QGъД╔zй ▄┬Dg╗StЄ▌'└Fєц├sц+[`L л8пЄ└dж╜[nёdыЪ└"┼T{/jХ,╠\m╠+с*,╞<Y╕8 єДлzR∙ХЧ╢of№{√f▀╘бЎMT?╧Ьд¤фGDї3╝■Gў[GwШk╕А№ръ■╖╜2L╫З▐Ид│ї░пЬ П▀{rtйh╙;/Ь_}jЬ}k-╕{Ў╝3} JJIlWщ░<щ и8}Ї║╤┘уCф▓'Н╠7>╟ь╘c7)▓<двg╬╤N█ї┤╙ЛщЮN#ш╚▐єA╣#">П8h╚}Сs║■ x┐ч╧a;рРм\LDЩI?K gЪ+ ╚т┤└uои╒╓v╧ЛчNЭХ{╖┘.}ЮуM√ьC╗╘╔mn╙╥PШ.*wJзў╟u°хёqm[/б ┐?╙╒Б\o°Ш┼ Ыг╕v■ s╤│┐П┘В┼гw ч┬u"╨`,3Pкїи╟■ ж} М^:sf У!x░V(ХЁпёШQ*тrя╢╪Lgfz5├▄Э╥.+7зн■0╤м└╜╗ПwJ;Q-Бъ▓в3pейI╝.z¤▒ е▀?0^╤_╝w╣╩b┌C╘XЗ╘ф°Ь{ўД╒▄─=·+\ц25їэМс\/cLгД╞>╕бэ█ V╞=p+├бжжQхm▓в╜ 4Ц│}Б№&I╒v╚d╛╧bМSЙ╫] iф\Gи░'Ф8н1ф╣├╕.Ю.Ш╧╓дйЭ┬уVC O/┴│:"Ъ2ц│Ь ┐н@{RpЎ░╬3щЬkщsfв╕ЗЁ7╘▐є1ю'╘_оuЁюN╟tЛф╝╔Є╤Июо?ДБ8Vё#∙zшr_ЧўСЫ"Ї$#SR28╟yЭГmb╪┐`;WЭ▌:ч\C▓э=n┌ы?д║║ml╫pГКd┘КKфЕныxЯHэ< вtЦ┤t8;uzожч|HО8╥<┤jГНkd>╫\╧С:ЭЗ9█щж^Ь√]jЦЪ╘zЫ ╕FAзPJЛпI╬Б╕Хoy│o▓─∙z6}А@Фпц╥p;ДVъ╫'єzx╝еуеW╞ -П├ГF?O▐Мy╪2ШЫ╕w▀╟┘ ЙъcщvO╕ц┐}Гєy└┌┬·{Ej<СИ}azщВ┬_Б}-L4"}яа Є{EїГk°B▒GАjгмюv╟pлgбQт╗&∙пEЭО╘є╬ ┌ЁTшш░┐┘Cжд:╛┼Эгў∙Г@'b8└ь+g@75сv8ўd@ └ЭЛ╬Пt#ц█▀┐┬ез░╜В&╡a■tQ~b?Uc■?ЖєгS█rЮЬ╢гz:▀пК╘N(.вCfЖ╙├∙п·ъrFйЪr.т R▀NчZ Iрv°│]CC╓Вh;єгv░ъ┐~QЎ▓Hа[▀ЧOdТЕЖ╠╬·c╕7щaJд╟М╕╧(m0т!piЧр╜З|' ─C:O,]z X]*3VJлН╡@д╒°║^сGjн.у# ¤AЁ▒H┐#:эЬ+Wg╝У&чБ▓ ВZ■┤ПмДш=┤Р┘EРXУ╩╫wуТИ╚P╔╣ыИ╛дY°Ж$V╔Н $4─mЕL├m▀Еэр>ТєLкc╖IН╚ !l]0▀>Ch∙╣ця╒╓╠а5│П'ыX▐<Р│rtъ~Ycт6u┌К ~╧╪┘у┴├T/юТkA╨Ф╢k┐▐)gLЛу╓╜CЦИ╒▄║'cшвС√WШ┤yТиВ▌dRбU▒▐x5u^ ▀┴K*n╙LVРN*є'ршо─Iє╥hЭ·8ШС:7ЪЫw!Xе╬аЪs╡aЛЮ#─Tb№ўp&┴'иuhм▄жv▄ў]ь<ур\оЛ▒·cУ>д∙╖(-█B|Д╪ЁяR ю$┐u%9?ЪвМjўЮ\f▄юз┌P╗╖╜]└vq и]IЫГ∙mZK╦хЫ┴, dг q~г▓■бкYюбO5hqЕ ╔'П@▐╤J^▐гбy[)_╥Э,ЎЦКnш/&]l░Cy┼юСW} ХьО╢yТМ!~▓9w`ЫZ╬╡ИвЭ°БЖTт0┌╤Й╨QIU~З0.╓А%ЭmшKэє╬m╝[╧"ШCv0│фQзб╒╗╬УЕ-╟03Ё#чZп┴TТh/о[kI`TЄ}еB*╨Лхя░ыWа2ГСЩv#чЪ╪M╗░╥╨1"ГеМ╘Ў╟╫-/Е_╤wP [чФ·ЧГНкЧН╘[j┐Мs9BяUСў3▒];( є╚I╩╪сg7 ═я>ўгX¤·G░·5bХ·▀/w├ўPю─YКнxVaу┐ЭгГ`┴w╚╧ эIас┘Z║QнH)Бя╩h!╬▌▌%ЕT╩· С┌А}ОАЬ√ЄM8ЯБIBПрJpdmАc R▐╞О░oывy╡X╛є t╢╧^▄^ъЕ█^¤)(w`ртr╬_ю Ц√█┐▄л8═ЧрК+╝┌ЪкИ▀═ЯCЄ▄ЕЬoг╖J· M%Д╒умh7fА,F)Р{пбS@╓}Ohе0O'3_рAzв╗┴КJ─e└{┬УЭОBcЇ<4Jt0n║Ёзq║rюПЙ╒ИкдH/═М_Oa)Ё?а Ze!Ду/P%И╦тБ чХ╘╬GX- █Ъ╩PyC╩ш(3НPF:╫cДС╓О▒сфp7Ї=ФЙЩhРuа┼┤╥D<*Ё▓B,!чЖ─я ш╬жU╫d√В*+g∙.░■ mРП░■sРX╖F5Щs═bщ$у"?√) ╩;¤a^DK¤uяйP╨ А┘мрЕС∙#ЁTЖ#╒ъБTшЛ3жё░@пв=°э╘>йTFь&яc$╕ J7%:╗_a ╗╘ошўt4ЪnДЇ\Шhk╣gPQ'ikЫiпT╩╘фlQ)={п?ЇB;°┼ы¤╘ш,JГ╚Ц д S87JфWЗ+R+∙Э¤h╬_:ME6vъЇBуj╩!ХБl1п?TНjp5╙·╔ўФXM╔щA"°√∙иCжdн+єає╠kRИGв╠ мн▀╝1ц]л┐Ч╚О+`Ы ░ъVя┤Q6Ў╕'╓ъQy╓"∙NЯBsФЧvЄц╢к{xй№oЫ$ГхЦ┘э ▒╝Ggs·56 ЦН{е╒╬Ў┌д└Юэ░∙OЁ Я╘╞K┬9<зцьfQи╠T╖X=├Ё ^╫_ИХOО┴╬ЩАТX;ЛўZA╚╪~ш{:O<я╤Г▒IЪ╪6┴╘$H`╞хЕл5Q¤ЙP╘"x-n╞гs╖Лй╕vH╛*l├СёЎА▀чH@J8eН`▐YuТЧDcR╧nх=Р╧1bЫє╕╞n■иъkТCAїQ╥эx┌ъQч√╕-╠Щ▐0>┼╓@ЬPУ┼єЖ1 =Є1┤╦ШANЮ|О(х,Є}&O%█куTL╔Рdgў╝─"МuЎГ}╘2 ї8┐╘H НВу\╓Єк╚r0x?╗Є^.Н╢,H√┴Ь▌r▒9Л|хь╫8Ў ╥&╠-№"а▐─мфУQ\I UsqБп╧Q{▄тЩ░┼Аr╨╬;╧╓ 9Ё│╝y╟┌>┘ФВїcРўўkmR+╢55╖╚gє╬O▒∙╗БїШТ╚yХ║&НE║їЬ`ЎWН│Mа>╚Пр═З▒▐╗Н \v╢*й┘ц╒мыс╚ўм▓╞} briAТЇЙ│З/W<*фе∙I■├ZЮ{╟ЄdК╘хьoяьМ;3Ч│$ъ9сВ╩┐p┌3? ¤G╫╧ЙЎ~М╝─-№ЦPЯXn!]╟Ф▄Ъ&№у├}+\=У|╝╘ОKh├√╧Мп▀┼0╜3м╥nЫ╘╔gюС3XM╗эq|}╧ ╨([ю√Ц[иН╖`╒w*pA[ ў д_у╟┤XЪцGп=^┤╦s╫ьЖ7Й?ф╨7Р╪ўнЕЫ╪Q┬]╫╦н√Y,╪┘ ╕°┐L▓░Я╨м╫Є,mR│┤▀╘Ж√ vcя═н;H&√D╦Lt2:Kl\yЇT│*▄╔=┤BM▄╦╨)╝є8xГaШи¤ч3Є╘1иЛBчз#Ме|з°єЬЁ╖╩/г╡"5Є├√"╤∙u4 ;─ИБкєСїВYxг (~║ JZ╛eФ2Р╫n ceQ┐H``r╚╧RРg лAзCFквЖ┤t═QzVЕыGxзў[@*+aЎ)=Г│<╧┐гдїk╣їЗ╤kйўЭWгз╬╫ўЯЪsЁAцЪ╠ц[тifЧ7*╬¤F 9У╗Ь╢▌G╛hс╣9яKПДy ChL┴╚╪БZЩЗ╣╪╣┌hЖ┤▌XАJa4db╒Є№ЮY ╕ ═КiРT@Ў^а3╢&чW:LЦ№Ьk K▄╘ЖIV(рнZЄ9eA╝Э■iС2схЕ╨U3ся┬Ё┤°HИе■Ц╟a┐оЫ[7v8Ж╥┌Р]сIlф ?п┘Е┌и0╘gШ,╡┬АЮ┼j8ikб╤ЮyBЁ$я═бb╨┴{sВ┬╨Ж▒ ЁZОzн%Б ▄▌<┬Й°MчВo╣{▐╝< b│ ┐─д╙┘Ф╤0Ъ╡6n▌ОФK¤*Л└q{lx▐А╥┘{;+Q▒╢Ш?с╝╧iИЁ5cm8-Cx76к9/й║К#╜■RP┌vн|╤√kЦ█ФDu╡Ь0i╡1пgLшГy?ч║c8N°РW\∙`▌АY<Жv╓Ь¤ї└к╨зО╚Р*╠гQВ╘kШ┘,,╝'№ Щ╚їFБ_:╔X'Гjє┘Qeь@e▓k!eЫ╙пVШN■вwМ снCqю╕ю>┴5,H$╠RiЮХ─y%]x --0 а9{0z┐Ф7}jСЮ∙f╓b:диXє^╬█CЗ▀└{o;яАdNїМ@Isfу p·°О|{╛ ╨А=_.x┼:╧Ъ9╫k▒ДNП▐ Eq. ^Д│9йХэ уэ╥▒\щ√╨■M@▐Я@┤чb╒°1jРs=НD2у\─бВ╛╜Ща░vxAр═│бёЧу aА&Бc"2ШBўнИ▐х}ц Y~├U0x╔ьч┴iУЯЧЎ("╘Ри%█ёd■QЭmУЎ Нл╬(ЎжBk╟Hъ.nб╦zХС№Аj║ Єф8Є9вM$Л│tУ;ёxвЬзtтд╥Поп Л Dс ╥y╣s8J▄┌чь╨dЦMъC, DEq╘ЄRмУcx╚@· Ч╒Р╕7aTCx ХьdЭRЗ╒Р7LКO#K▐yШ┘МтG`йd╦pPоИ╚+▓Ж╙╧Zе6┼Hю┘ыю9раГР LЇ ░╬nф3ъб(ЮН┼|└╤d┼нWDк╓NШrXЗЕ[wHЕoю Ж╞C/г)¤}В81Е▐ч\╧и#CiS&┴Ым╗?Ш!~G.&"B╕л/,ЦD`N┐╢╠hT~Ovиьи8╛%ю┼в╡p▄╜Й╥C;чzъ▌!|З╩эЭ─^Ъy¤░Ч;N)g!ф&-юТТsB-ВW╨У#▌vп╞Mо╬HIжF╩╤╟УI1p5╚ЛgЦHў L╬√ ▓░Ш ДH┤╦╛'єDЮ*dПP+%└ АЬ ╝L╕$└P+! °╕$─0└*└%╓3(P╟HnH l╡lЖk╠RД}%▄W▄еР&S&Ш(#<иG╢уЦя o╦$и▐uFр_зЁ4ёЪЫ┬r|hX┤Omr\ч№┼I8∙вUй╠┐К<У5╚c!@▄UК┌╚"В╓ qЫЩhs`,ЭрpцоМЪа]▀ ╥T╞яqР°pVFkт╓}C4dzх╛xG\▌!P+Э╜ДЇT|ъ╚ъOz °┘сBыФ{Ш ╣оЕsп?GK vBлС▄─#<╪KmЄАLП╟Дз├Sbр4Лw┤\bЪ |Д▀-yцдР-1`i 4Д6J└NЎI"╛`,┤bї╠O!╬┘╡g╔┴юїўСгвh╠▐9Мd■ц╠<'Е╛CзУw·1▄TuЗ·╥T╖}═@Ч[йщB+p√ЕHЧQFєщцhA-╧╥т`оF╨<▌GRШmхмMБFHСф@.ЎОо\▌Щ$}dУvё╥^ yн╣g═Z╗╖0E(:Сы╗┴цЭЄ"я<4№uїЛ╘■.""xя╨XLt╔╝ф│Щ╗╕З' є(9_оB╙вЕ,ьvuC KЬOЪy╬т╔>╟w╔Р╗ц3┴╘cєZ6Ь│HdС)╫Б{жЕ╛sm═NR ▐г,B77╔lцяVvЗЇх│л Ui6╪M▌╕<╠K┘IPсе ]?Ф▓S эy╗╘▌єЗи3╤8e▌Ю$x∙┴Ы╨цK╒e=жш√}0 В┘┐r$n"И'0√ўv'╧vр] ▀oЧц╤>оЙЇ╛│_%>═Ъё│Жл╧╕┐=аЬ│#vL░╦г}@$╞Фxє╬ ]вnЯ°ы┤єDra╚эP┼НРU╥|╦Cа*(Dж√2ЁЖЎJС^h,╜/x╡i"ЦHТаГ┤!Ш·ё¤d[╜┬г¤бЪ`┴╣а{_0№=Nлv_5нлч5W▓FV╫i}дРJМП║Зt▄O|нZ┴ko5▌С└LB░{Ё¤ht╫J┌Э┘.√БнЭgу╓╪еф8O╫Q▓╜Ур╛ {▓twU №ЄНhю]╟8з▀МшI tReВxГ╨ЪезгЖ╗@ф╛Kor{b╖р╤Рлz&┘=Мs║Л┘%═.╟n║ тMdсфcлФEi┌_┴гE>┤{╡ФR╠ЎСE╜д▀#rvУ?Я№g╘Rз└юъ╧р╬╖n2║R▐дAJVCё@np╚Б|Ж▐ЧE┐;ovо╥┼нIа7JJAc7]^└г4E°-СW{■> ∙ЇЩ╨#Ё╪:ьТ▒├&%EЭr ▐▀iо" Vеж@wвZ$ўi(Q╔0bЙ┤ ExЛ Y√╥=╣Д~╧т╤╓П&|╣m∙Ф_0э№jшЫVи└сZЩ│o▓Ч─╤Ъ2ПТ█3зwUТЖЄtО?Е°eo%Є╦цЪ┐╘╙√є╥Яdhлч]▀┴√│iBQiТPt?Р~ПM·╪|~їpй▀&} Э╖I Erf╗wьu╝yQ╖┴╧лчшфГчРn;╚-_°Q│▌ Э,jЭь╒W}~ -╚ьD▌чФ/№▓ К█erPGЎ|r╜╣)╣▐ЪЫwт 6я┤э6sАs>DH╘o7ї█ЬнЧЕЛЪГvяDRЪls█╣lY╣╟иYc7яY9╫ъБ╗┐°Щi^R }ЛwхД╠г▓x╠иЇ▄"ц^i▓│¤v╓gУ|╬цЧAС~\є╔,IsнRc═╦юГkЗЗ╫═Э=мяЩyNpЮ╘└Ї_!KuЗ╛+║п;И║ дaП╘хьV├ЬГч?лnВg·▀ЛХ╡Г╣xdY·┌юЩtпЪєNzбNв√Ъ┼ь=+╬<7 ю>▒@РN├ф+~-H╕PDх~K-л,IР═p`@n ╚Є╠ўЄлаеЎЮul ▀у╛єшHп2█ЗG▀:Аы%┼фшT,эОx│rsа2ї╜и╬УW╙Є O╥Г▓ lHВ9ў▀C■;┌┼°Щэ╫<ХсЩ~╙RBkq╝s·ЯW╞Ь█Co%lYБ"уВ∙(░ъBи╨$Ж╘КИ№L є▌}x╛PЪ▐[Д`VТ╨J■ГКЮWЕVэ■"FЩ╖П■М>шаё╟+ўyl:йЛП$╔AKО№▓?X╝+X▐╝3╝O╜smЯ\ПtU╞єib╬╘ж╕√╓МК·АDЩЭВ и /▓fO╦Ы┤╩'г6пhL▒{r~9Ю^L╩o32ўgvЄжO=1╥rdl┤{Ў╞uЁR╓9╧ч║О█╠зj╛░Km6п▌xYФ╝┌╠эф┬AС[Б╦Ў╗;y╬zBJКхеЄ$ф╛.тQЇсиF░Nн<Иk╛ящ*iК▓У,Ї╦^▐фsLГ┘╟MgD?8ЪаqGдЇ Пм_Ъ¤╒c╚ЩчqН┼3╥b╓Л=╓╦|╝│ Е4GhЛ5{V%СУ0]жV╬]H6╔Хъ╜6R╜р-Х╥3*╩~2√9ч|rЇ=╘╞хsКxМ{p"~╛9['Я9Нур#уАЯ@J╡zбh&Шdха╡зlE√/│╙&∙э▐Еn№p ^нvж(ы╗ЪсВй├УyIгC═ЪЗ▐#аtЩє0+Ш[k`╛ю╝╒Ч ж¤oQВёёjЄюsВ?а╠з╝`─Ыр┼!xЛ(?╢Ы&я╪=6Ў=Ы╣gх ╗Їе "▀▓╪Tаq)чЬ╥6┤k3яо∙▄Ж╗Ы&В Ao:Fт~d▐9дя ░аIOY%!)rшю╚}Тя;A·РшЮ▐wщ─Ў9юб√╔ў║а╢ЎЕш'╛ u╪Z│ТXjЕъК2Ё{│"№ф;Sl╥Зфh|о7┴)╡Y=№╣\яэчxюЭч╖у 5Н╬Бa▄гкхуё╣цоъBлчЎ~└w▒┤ШC┌kХ:L]]▌╥░ще╜6яэ¤`цє]ЗёЁГря6Аб_╧{n ^:╨uЬПы╢!ш╬ :ьqфDЇўa╓╠Nа╨ЭP{╕ОшlНф▐JxЫy╨┤╖KчAфbx╧Э¤]=▐[У∙оn>n┐=╬.9oB╨╬ььъЧ ,Л╥П │═ДЛ═▐б╘"№АDn"L·(Дh╙·iЧ?Рд№блo╟╙}їЗ╨V▐╦Km`/UZ3█┐│po┘┌╗dЇ°F┌K]S{╫ЧР╖NКsА%:╨╣?╚Ks╟в/c%ЦQЗ┐[╦╫&k░тw ~ЫdС82RR ▐ >j(0Nз═т╔█iбЖqU╦╨SW╥8└Нз ╖тлр5Нр%О%MЎl}/FЫ┌BюG['▀ЕЛ&╠5LшF]rS▐&5▀└ТБ%╩=сл^▓Р5╤-├Sс╖рЛ╖╪е▌╕╠ Ц:кДnx╢╩╟qs╧}ЁIk7Лэ▐─q┼╩V╨!;g▌- ╒ў╩ p╩■ашуAўсБЗў┼R┤Fўф║█mdжЕel═ЙнэФE╥иАлш°¤НрE╕я¤╬kЇ╠░*у{n Эп%^║ АUt ^ЦКФъ!▀7Bo=гаMl╚╬ЖЖrБ8exб╞)y mш`╧│а/ОЇ<9h~вд(їе}vйЩT+▀п&ф~@Mn░Q YдмлъБ│|bЧуч╬пЭSh.Ъ7GюU"Ч[$?к╓▒%їAжц╬}ИgDц <@m╖7ж!.1_Бqjf'о╒Т<╚а╩Ё&ZJ°QGП=Й/╦_Ь─{╩еПu┤┐д╗О7∙?о%c▐-?Мз=[dХ▀▄┼Kз╚▌Ц>Щ▄'¤ёlя<╖Ує└╤№Фa═ь#gкw█Бux!рd~3┼╚г)▀'цв;_(╕O8омg"ў]=!░═6╢еюБ ├╣И│Ld7 ░r╖y┤U Ё`NХ_$wXмэ░╡╢Р+░ИЕЪ1╚чбїy╦М╫ЎМ√┤Гь╒█╪}uл5╫2т-XoTХ∙NZхGфLЫ4┼╪єBдП╢VНС@чI╢ч7%НJСї7ъюЦё┬NШв╜I6┴X#░t^├√t╡R!├D▌┐▄&м╙о─дHyБ,8╝КД67Wq[GAF∙i]Щ,xo╦P│R│LY╧Г№їAjЗI√э&Яря╫Ф·ЁкпаЧ_Ж ъoKaъ│,┬_QэёГ█Ы|йЎlбЎъЛRВkГA(6 єЩЪ YMщA╥рmzТ=@ Л$m▄XJ ■Sцгe╩<з└Щ №╣G/ЛЮпВй'KФ∙LБя+p╗_Vр_°и╫(░\Бў(p╢oQ`║F`ро?║B:и№|d1╤┐P:3ф7lH╝ў?ФZБjH|hX▐мъЫAWбЁ7<ъ╜oярЎ║W О3ў╙╕^БН 4(░ў■!∙Зрп щ7°'ЧХUj*к╩ЦN╕╘√ю╤Y бЮ№╒)pC═Я╒√Я╩╤▀╝Є{╦+j╩ ┼UU°▀XЄU╦+К╦E├╥КЕеJ║!═2'Ч╖═61╠ЬХ┼U%e5Жк┬Єe┼б╫sю░╬ЭiЯ3▀─фVЙеЕeЖ▓КъjCEЙб║tYyiIiQayQ▒!-╧>'?▀ДэTИ?Ъл Ь Є-/6TW;╩DCi╡Aми0Tп(,+Г∙ПMЛ+с%а[╝╘Р6o╢%ДE╕╒ех╦eЕUет*CZ╛m╓lеZf╤КBq9`Яf║┘РZН ;jjuZъ▓ЙЖ╘e&Г!нкX\YX6" аmГлсIВgАЯ┴УсnАчс ╠$ГЯ ╧rNДз┬3с▒NА┐Бз╓Gсл╔xя╘ pЮFмg4╕╔Ё<сJАысyq°8<╧C°)АЗчEo°<АЕcf ЦX ╧·<╨f ├┤aаЮnмр<ЯBx1└i╦/l рГЁ|Н╕ax9├|ПaД°▒o3<е є<:o╕тWр│C╕`√╜@WwьX<╨Lсчх0ююШQm6S°C%├,┼:яГ:к`!lhкЖ▒├<YН╦GP!<П@╕рfx!№Ф,║·Оe6└єц°√└єАg╢Е Э7<bА{с∙q╕oМ#Жс9З∙яЗ╛┬г┘Б{0 s╞wр■ ├мГ'aю╔р> Мї ╧┬3┬╠ П╦╝#Д}w┬У╢у ЦR√щў_¤сЮлaM╢Чфt ╟Оbt▒Лc*╡yЯк#N╔╙(╥2;@яЬDї ┬бяП@┌iх=┬pб6у57─лcЦи2╪BсD▐к└╣ \м└*>xdp╗O(ёН lQрз №ZБ¤ М∙JiWБi Ьж└Щ ,Pр= №ХEоQр├ №н7(Ё9╛м└- Ї)pЧ;°ЙП(Ё[ЮS`╠Q ї ╝\Б?W`ЖoVрLЖ~?НЕ S╟ч ╓R\V,чTХКеEЕe∙╩ЩМм╡\,оЪ╠мT═*эЕ╒вХЦ9Жё|▒░JtT┌╩K*xf╡┌V^Кч_Jя┐и╓╟╒╢jKvN╛╜╕piЎ*▒╪  ~5─V^ФХI╨ф:╩─R╠VP1┐tiq╬Є┬*жJЫ_,╬+_^X╛┤мxй╡╢и╕│╧,-lЩ╡∙e┼┼Х╠│┌В▓j@ьО┬2G1єбvЁ9Ё2┤╤'N└CИ 5PPnХЩ╩,ZФ│и║▓╕╧х,вmVсnювEЛ╩КсУ╩┬e┼ЛJхELжоX▓и╚Q╡hEa-MdцBъ▓b╧V-лfЄ!ОЗ К╦W2оXвф╝Л┴J+╩WТў SёъbqQaeх"qU%°ОE4┼Q]\еЬ▄■gнXZV╬мВ╨КъeЛКk▒┤ЗYTDCПCиb┼ └Хa╢3ЛаT9°}Я2ЛJh┌8Ц4ф[┴8┘EeEў2&╒вКrR|ЧjСгЬд=м.\RQ%2V├(A ├<пж-╝н.йм*-KШэrИEL│║дкъюPЧ╘└╕BшМП╬Фc┴│SпPъИ╒м(^QT╣ нwAў└┐╓рYи┬2Р>M╡Xе╦║├e┼°9Ж╩ЛVT2EЪХбжЩ_kjКк╔{ж√ ь╣═:w╢╒~¤фЇеee(I▌ │Ю╒+Лк─v √~Y#▓.Що╫╙Ї╞9:╕ё?Ю№щў╙яз▀ ┤▀D&tЖ[Gy┐L√яЄ{Mб№Хй4 фй,╔ V8 O┐ Y? FFCB:v╓ьyЖ│∙┐╡QgШ┤т╞)ЁGtФO_V\^\UZ╤┬квх╙kз▐8 _.3LЪ3┘0йZ\:}Y╣ШTR2л У&UVоШ^]]9iЙгдд╕jюЭ>ЕIHO┐&]|КkЛ╙ЛШыЦ8J╦Ц.-нвБы▓ч┘ьЦыVДО@OZ95=#=#*KУмЛjJ╦oЬrIюV▒1Eh▌к▒╒E"гMЫx ╔║╪▓КЄeЄ╟QОVQёRШ;ЁFyГ j№нл░p)мо┴*1╛,х^Иkю└U▒╒╦┴КRЫFлАp}ZЭ │kbЗdМ╜.м.'╜╨ъЎA┘ШE╓9╓╝█Ь┘ЛцZsц╠╡0Oи KZв6▄s╨U2,ёТ#Т>│ммeїA·Bг╗Jй?6бj╓E▓)G╦їg├┼аmьl╟К%┼Uy8Ьр╓T┴л╧i)СRшиа Н~Ж·Лa#▓т╞└─щЖ!nё°Gл√#№MXФ3gvБuA╙б╤лЯЙI▌ ї─цe +щgcЧт  Ы7Щ&d─ц╓цTЯ╝HуSbєЛЧх└√ЧbЖ}ёй╖@№e┐уVИ┐Bу╙0>тi№М╧В°л4ЮЕё|И┐Fу┘▒VБ╫iГЦXKUг~Гb)@,УQ┐IcyЫ╠и7╤╪И]╧и7╙╪bИ▌╚и╖╨╪rИ▌─и╖╥Xeь▄┬ZF╜Н╞jcчAь-лЛЭ╗bo╙XCь▄%{З╞cчVW2ъэ4Ў╝Г╪╗4Ў╝+e╘>{jБШЯ╞6╞╬Э╩иЫhdKь\3гnж_ь▄Lш▌kГЇn'Нu@ z╫Bc√!╜kе▒nИMa╘m4&CьF▌Nc╜▒sKп]4╓Яxdюw│├яG┤вjnё▓╥jЇ\╒_╞─ПЛ╟WjО╛Bик(c╘GФ.i8Kё╟▓p·WJч4·у┘UЕхE╦ *HkGХЮF┐ЪYU▒В╝<жЇЬ╛ ЕRTVH1фm╕t@!ОЖQ╧╖═╬Ю3╟╬─мMмGЕУ}gБХЙё\Ж7"ичг└╟2яО96 гf┘(я#s~.г╟ъQэН─╥Мz<Ы╘└"F╬L╦╦Зъ╘yl ■7w#~╢┼ne╘┐W*└"┤╪q6┐ 9/Т╘├╥Fг4тЬy╢┘P╛Ie╥─2╠(ь╥ХHB ЧД║,щw*%╪^вфNХсЦXD/YТхfNЮ╩Гпд╛WЫ&Bzм╜вЖQЧiGь#JJ(]╢ЬQп╨ъwаКbF╙ьъrmм2ы╟`¤ясO b╦╨ДчB s╓жP|гVЦ`Ж╤M╛мН`Є>№╜Ь ОN│┤┬▒дмШQщ5d╩PвZ▌╖Рч ноДP6HК=╞во]РЫ╗(Я┐├║ИЯkхпcNеWпПYш(L?┐вj)гnд╩ЙЙ═' ACU▒Е╦h╩ocЖ!╩Ъ╪╣┼╒┼U+ЛЧВ0 Ожic╔Є╒Ь╩"2¤ЦM;Кэ°УжvR'mуZОУ║IЪ8Я:vЫ:ЙS╗Йу╪ЙТжОг─о_У╛ЧжyНч%q▀I▄{gfБ▌E9=щ;}=┼сrч~ц╬Э;wю╠ь╬юОЯ&╥yЫR.ч7l єЪЗkS└ЯD─ НАЯBj¤-ЯGT√[┐К0Д╨№Ъ `>╛-`ЯААф%Бp3DїяD+C@d┐ э Б╤¤╗╙├1ацў&╬1аш╦sМc@╒W&╟1аь▀ ╠нъ╛*0ўR╤{0╓│▐B╔jЇцп┌ъ1╞п ╧Уc'└ёЮ╖5б{╗╫░х╕ої▌°_Hjs I═ ┤IЙЇ#Ы cDsG_Н├e3|т%╜ъ░┐HMqDР■▐▒цv'ЎBФаЯ┤┼c('С$nщО·є@х│░_:Ъп├7╛hSФ─ф8ыoo8ШЪ И║╬k╔юn№д╓ Сw√╬jАr∙╔DктРiЪ╪Б ы╙ычЦlюzф\ "║~O5/тW╝з╗q ЕЎЙЛ│R╡╗├ш:эjнT├╚╝┌▌x?2З30E─N 1▐н`Д]7─ #Rл[aSQЫ:ШRS?щТЪ▌ы;kЇУ╙(t0"нt╖▒`┐▐?VА╞[хf╙PЕувЩ╣ 0╢╕┼▄4╣pЯ╔▓i┴:╬┤&f│SDZяnBU┌┴XУ:бг┤┴mgp\Clt7й┴V▌[ГuЙ °zCj0ЦT√B╛`(Azд'ЫъЯsБЎУъ▄╪tfжUM╒<мNку╟gqf┼Dр╘КГVє│Рс)О░1·X~fЇ¤"╟)(6Ухyе┐тH+ыФ@>═С╒А─ №3t!Е¤5▌(╗░0/ОиNC╛╠┴zFЗйЬЭc┌}Ег╝АЪ?СЭЗ)GммИЇ╒жj4@ 2L╬e└ГЯчV ╨9n╧▒сkM╒\╪"миь$ ▓_oк╛йЫ4#+RYOФ8№# о"uэ Эo▓П╒`╦-Ej^│█pL╫ЖсH4дq╘KWxы Xьcу3Щ,8рХ^╤И|ЫўSа╛█╝в9SЩ╣IЁ■IЁ╤90eЫЧп▒ь┬щRє╔╙s╟чgSc8`K█9Y)KdT╪╬)╒Ў$мZcS1╓7╞f╡ёbЗW4!▐W╔╨m2╪ZЬRз┘C_'iз╫╛qЕ╬g})ЯМ@4H┼#DСf╝ї╫║бВтNiШёК5$jCдыDнJ67╩Соў┌▄хbb,∙вЪпJє▐·С:fZ╓;nЖU~ д╝╖чхЭ╪╬I╩?!н(JV▐@┌В0ЯЄB'Д╔Фп│:З▄Jц;┼бz;ЖТ╪ПOз9╥л|YnфPЛrб3jU└░|З6(Ч!t3WwЛЄQД9t╣Є/▌┬б+|ЭЙt+З┌№жАЇ6╡+я┴╬rиC∙;ф|;/бS┴ p╥mъRV эvu+е;8╘г▄К┤wp)Aeб;9VЁ[╥]Ь│Oy є▌═биВo╔ТюсP\9Г╨;9ФR■е№ЗЖХBят╨иЄiФЄ╗▐l╣cд%SWЪ┬jЭ╠╘╪8є╣╫█zOЎ╡Ы.ю░zxMz╪[д╛ь4╕┼З nё╟╖x─рbpЛ▄т#╖°иp юъeєy/ўАП<руx╘рЯ0x└' Ё)Г|┌рfЁА╟ ЁГ2у╪YwG(2~Ь8:┘zИlЮ═iыт╕╩∙╟8\p▓p}q>G╗╩ иTжCЪc7Cx7OЬ&О.&дАт╪├А Ha├Иc/ClA*GьcИ+С#0┐Р-трV Оn~}∙Їшл∙e:@Г3╠·К┼|ц°B─ьgД.$░ lОkв{є╔ф╠№╔CЩьм▐=№кT╢╝╓t°°е9]нщп■5Ж╤═3╔тD$Ы[(Gа?pgи╪BСсВ 7╠p|З#─P╟Иd░│#,_╓H Hт8*бщ╖╟ж░6Ид№╛dИ╪нЮр╝▀ї┐А╢╡LP╥╤T$╒Ч@O┼g¤/Вeц`z@фиж[a%dJйбБxjД'╙╤(бШКt ;C7└sвУX┘╣Л╚xМЮad-0х╟+4 ├EТq_*╨GкШ°D"Ц ╞ВмЬШm"╛┴йF =╪?;4HjXцP:SФ╕Xщ;ИЫq@вЦ':HOtcщ"ї╤E─6r дЪXix╡╔Л)0H,CЪ└+T+1СЇЕC╛D┬7BV▒║ёt Т %Вбpdмx"°Хи╒Й█фФGш $─¤_qяЧ>╨╛ЖР▌l ¤]Еv░ ZWХ`╛z !{hBzЭBX▄;▒РЫ═МГ\5Ч+└Ф" ·G┤Ж╛$эG`Ц╡oьж;0juПЭї╬╤*Їгю бQЄtg ¤╟^▌ ПPЗГ┼▓¤у3Уу╫л┬}Tц?╫RКyhU+d╠cI1Не╟hГuтт! 5F╢6 j0┼Q░╬в╟i .╚╩HШф╥q┌r~YцUe;%ЙФ╪RJшYБўКнaЫ$═hWnАq`6W╕1с|Пў═9▒oЖ╨bш┴║НйД■╙Кў├ E║я№bO&d╖#.╠C└д?vтН]|ЕюЗрЁaQ▀XПт!`кl'#¤)╗-ьг╪ @Щ┬+Иш█п3№├А{ё┘╔Bв5¤~╟Kp°?╣ЙРgD,Z┬н9└ыkВk H[╩LV3УЇ┬║Hp p\┼═└┌└}Р°]╢u&№╛═Д╝!2╤ЗЁ▀ ё▐ bГ?┬у└є~O√e╛Й pЇ> щCя█шсKЙ4▌№T╛gd< \°й╟7Q╩р:``├/OРВDБ°6╪У,Ё8$>-сKВ8OА┤╨▌№3` ╟и▒а)Аy╨S)ЕЕюК·B-┴+╪ Й]м`7┴╤╡(2'X'╢рH√ ф ╗жp яFМгл╦Д╝ н╤ В╙т╒\TK85▌ъh═3и╪█АыГPЇрш╜═╒l nРЎЄ:▐[?Ф╚└h'№+G╥Ў=Ї э=i;щ─З!W4+АGh Д╬╜M ? ╚}ыЩИ-b щ┐KР┐ф■ЁM▐/кў _└kX╬VQн_pIc$┌+╨Онр╠╝°AzРЇ/|#рг╤1=нcz\р╖рcя■└▀╧iом%ъ4+■oi5t▐рпАщ+°ХBl╨ЯЁ$■Б @#оNqu╫ЯвwгшШ9>╝ cO{UЁ\жХё└Мl@№║9zpuG ╧+Ж0ГХ╓АIтЯ1ЙOUH|б$ё3LтM эJ|Q/1Ю╦ухЁ▀┼M?D╡]нСТаоНр}╖ tpлhSmюQ№┴M╩C■╦╔╓Є сТ% ║У┼Imлl╒ л▀Д┴·[╜ 1 ╜█¤q╨т жO5ЇU°З▀Н~ О╨+╪aU(┴zА~/АC 9qP№ЩН▄{:└z╨¤ А>"А"·╧s║▄ЦM<ў╥U/мqыVюЎ$о пЩь ШOФ6Їh7zшJЇ5bХ¤(HLNЮ┬b▓╗9ЇL╟ы0о╤DЗW╢▀З▐╘╚PУSЩYь7sp89╦Р┼FЬж╙Сd∙Т╜┼Нo.╢▄╫J`ЄУЇ`1░Р╧OfЛй╔уЩW╩ХdЛ╗╪-_SpdР0║В kQНИк╨Zl1А▓Р▐╬╞▄!▒▐Є,╧▄л╦№ь·╗xцB~аа╟жe~6┴2л╝|ПГ{2b▀Nк▌H▓╢┘ьLф}Ыё й0y╣У┴№9 {Рf┤я▓Шф┴(Ы╦OVИ]/─тр╡/г_&╦ўUe/У:`Y3А╝√P╓d┌QGYЙ├кЪЗщ└tсЖУx/╤┌(Qvч=√─¤tDт■Сю╝РГМhO*hgхvK├aaGU┼ЭwаУ* фИxК@Ь,=u#тYqR<Ц┌#№1■┐ЎЦХг*┴-рS5г8уQхщ▌*рб▄▀6·└сAw╘М П$+\▐#р╔aИ8╤бЪ#,┴■╣К╡гI╚ПЗk╬;z-Ьёа▌ЧpИS]OыKЁJ▐F[Пю▒`LА!Є_l+GCР ╫b╙шў>рщwyGлp2К~╞;·%`╞Г^х= t<\є╡г0K├wgР·+ьНшЄ╝6M&Ч7╫>,╬ ┘[р8╜ї58Y}┐\┌║╣cўoЇОФKя┌Ь.э▌╘О)╢ЫВ├╢┘╠ёщq╚4ХЭ▀V└о█r№ X╬р╞M■╟╣─йув[8Б╕MSNио▀╖╣tRwu▓-Э,2эь"╔[yчo░eє-я┼№ўэ┬4m╝╤э╚╤Ў_I╩╙╕/╘░sJ╬`=▒M ЄNd╞' ─n┼Р╥иэh5!╢aаз╥Г!5ш ╙╤Рў%R_яф├Т- Ж#Дъr%/╩e1r%у╤^цщM┬8TQB8ъыe╪·РX╦▒бa"ыр╨@,1ы╔ф^leЖpJ ─U▀`Pї'|Г└k√Єx¤yОd ХLТ*Ы/Ъ╓▒GЩь ╥щи/RcщTo Ц└к/"Ь:$b╤Xo:джУHЖ┌ЖHuЩКG*╚5e2Ц ∙щ╥ЙL'√ДЩ╚ ]#АА(зwМе¤║╢Т;'uХ╠Аїш1и&√bЙd0АW¤I╜СЪе╥Й┴$i╨┘.ЦNи╥`уhd Т"Н║▓cс╘!_Н ЗаС▒ъ■╨`( А│Рж2k4р-#ё5Ш* ПРfг▒"ГБ`(@VЦ▒╕+ж7ФPГa╚┴▄-Ф$л╩ЇX<е·z╙дE╫оx∙эХHи╛`0A.╙iНR#╨юЁo`g╢Y}rYc ьP&°╩░oнhЦd* hЕ╡║ОI·вС^╝Л╣:X╔ЛТdЭ╤I__Шм7т╤TРl0т№)▓╤мh╪ txжй B6щXВ╥I╝ю%ЫuцDУЗq'Ў^ $[* с¤зн║N0╟цє'╔хF╜·"м╤┬0┼жкщHWIсp"КУm·RjW√╬о▌и▐K%I[Щ▄ ╛Чр.)ВYк╡▌с╥ГЪ¤г1p@╝Йў┌/╞┼.║Ч╪vШГjаyx{геJЬFN╝ %У\^Ть4ТQЧv╒?в╞Зc ╥it№иQЩ9╜ЪКсеzr╒2,сDlА1эZТ [Х▀HТ▌:5Xш78v8.Ш┴╨]╞╓с╖ {Цф(СўЪzW<┘Ч√╔>│guт╬dT"├`иnг╘^v5Т\m╬╡гг+<рS}>h▓▀Lю╕jЧО|НЮ< ┤ЛyE╧2МF╟ЁUpъЖR┐БкЦ▓*▓iФ`E,ХaЄР/.&У ┴TС+6p╦x{о▌╥v-]ЪС├l[ЗUюьфйV>╫╢╕Km▐Z┬цщnл╩v3┘eЮ2╥О╫2╘\╘╕▄¤9\┌avo n0tи*k├h:АJ,█ko<`Гzl;├▓l╧├смe[ФлQД┤л╩ё$КТn_┼й~╤╗5t╬Ї▒Ь▀┬П╓╥НК╟))лФZZgw7┴rjq:ў КnДЕ╩^ч>чg─╦ХMOЄ `└Д═C%┼щyПУ┬^├∙eфя┬ ╔АpщUШм▓ЫIr^┼N╒LО|'╒Йкй`║pcк^м└н0Е[╢6Auj;u _╙▄▌LH]гОь tss─ГE╘╦мЇ^ CщНН╞ iвФеРъ] ╖▓СИY┘@P*!л0AHЛYc`╛╠CMu\▌d╞мй1Ч█*ь@╚Zр╓▒ол1╘k=Єa1╕1╦М▒╞Ш╪Tj.'зlо╤Y єn▒╟~'╢nЩkырjъхкР~гт╢╒╦▐╠.│и╢Fю┬Я╢у╦"█╫┬┐╞v│x щ╨г▒│╙рМЭЭ║·єж╛╩И┬L╗┌ш5═Ы╜╝╟√>?│╚nYЧ┴╥ЇД▄┐ыо│z┼ я╣√,%я}°й√╜m┤,жХ╒fЯlhБюNx╡zЎ~}оИЗч╗F ЭKh╘cи5╫╚чдщ&$·/╡Ї╧¤N╠3ьqbf╝|Ъ+(УЪИPg9.qзЫ╩2zСЫР╛%D!9т<╫тА1┐`ш│n╢иfA─pУГ▄ЬД─JН▓Ф тzє(╤Д$:ЩкI┘ф ) ╨╥m─╪шн`О!sбн╬N&їРlЁлa│╟ЁFAЩ▌═YE#r╪А─#yF╩е∙=!G (& ┬0мЄбо╨gV╣6║<▓14Ы├▓Ан<┌╚KuLЫ╓mэ╞ оh1л ;Юг2`:╡шV▌Iz=е▐с¤m= ¤√OЁ{ 7IУ╧р$Д■_g)№┐╠Я╛'█ ∙е.└N╢хччЛ№q√эЩь°ь┬─фo╚╛=WШ╕fpуJ╙DР╥ а▀c╤6Гoй8Щ╔fЛ< У>└o╦└ фЩ╧Oтz╩▐Й╔)тжйbaВЕт─lц8OOцєlя Ф0Ц╦p\.?│▌BqoКJhШ вШ|╖7 ╙%╜&є┘1T╩ZRJ█╞Y╪vб╦щ,жТKu┼ЄD}╞К3<╒═nкl╦dў│цУ)й▓hўтд7a╬MmM?Че~ЩJ▀вTЦъ=OГ╝╥Fхъ3ЄJщtЫ,┘жхfА%█WJчzv~╬#╫B┬VДЇI┘╔ЪР╝Z╢┘шY┘.╜С╩оYЖ│Ї0Ьи\7 ╪П│d=&?uX▐аI:*╦ї▓фСй═ ╥▄╟dI··SП▄ИЕРэ╢Ч=▓╥v█s▓╦F(╩&=eIЯ╙e▄ЛЇ│Вё!d┤Ї▒Eek█А<-7(!(ёr5RХGmRўgeщ└VЛмHchФа┤Z▒╛╥Ф┼╘ФmЯєX%y╡tсiBхЭ╘j~е:├╜6 ╠Nщх3╚╒яJ╡M·Д▒щ; m▓C:UФ-`1м╛┼v?"╬Ы]z╘VЄа6gБ█!}cБ╩нТcXоТPЪфlУ[!УBl┐'oDЛ╖БJw▓vРбЪВ*█юў╚ ├▌.пE▄Г└6"╦OО0Ц╒╧╩Є)yuш=З╦kчw╔)ї╦ ╥r У▒ПXмЦ Й К╨ОТ│жY8 Wб╪n└╢╜|Тємl};`keO?└┘Є╣Е >╔─Xl╖Б*Юay╒Я.#╫H▀%`p8∙* 7AЯФЫЄ└╖LА№hєЧX╦9Дd┐ь█Z└.\D√(╥╦┤ёИ│I/вЙ=А╞╓│IXj=Ъ▌&]а<ч#ЛЖS╧0еRоЕ╙0kZЛm}Х√ўoб╟ф6·╥@3ШТХ'хi╞┼3╜ пєPщ:х┤╫n∙й\3╘гZsXlяЦe *QЖХэм3Б(▐Pv██нVщБТ|╠КDщЛрvщ√фзP├├P╫)ц█PбO▄вАTє▀0 ,╧С┴░и┤В{╫╫╦uвзV▒єс]Ш╧&UЭ]О· zЦй╘╧·├╓aЩ~▄"CД╟XAЎСеc╛с╞▌°|v*3╜=││kD│╙╙Х┌Т№жХE╗=)¤М╨uыжG┌·зз█пОо[gб 4╧КЩ}+┼@╩\ЪЙ"+`!BЎщу│█Ё>гИФхЫЛЦ ╖cчЕn¤├oЎBГЭjн╢+╤2Ю¤L√<о╘╨ж═.AW╗хO.%ф┤ЖSX█╢╒"╬цЭ8AWП%шR╚M6o2Ї╗▄┐cё╗╝яФ|о╓;м>╫Ц█eЯл¤6Ы╧╒їv{пы<Х·-WЧяiW╗я╫▀_╗Z}_ry¤╧╗▄■P╦▌╦ТM·Щ╖A}ЖA╜▌╝╔╔L7я,z щ│/┌ён|Ц╧х>kё╣╝╖JYЧ√)ЯK∙+Є·S╒Ьк╜┼2А{NУ sD█ czс%╘4В√╨ NТ╜Ah╣ЧВк╣Iь╖к°8н*╛т:╬6]ЛЗd}│Щщ,~3Ч d▓є∙ф┬ё{\[{8\ЭbЯ┌-|63Ш╔│ЭзЕNьЙo▄МЪ)ж{"▄ЇO╬╩T╗n>═dпЯ╠Чфг!°nz╬╪s=▒Й)лэЖRs┌vи╥╛kуkFuп-┐▌Sзз&┤\М╨ЬU▄м╒фТ╧Ё╝i¤s ьЩUёDnl*єу╙lзпlЕ=EcЪЄЧtЪ└ЧX░Ь1▄/THЄЫ_=л=бЬ81ц╦NаЬ)yГxMApv╓№ ` i?зеk┤]у$n[ы│╓2█="¤иg.F╥е╡в>м+JK?a)щ yС|йМ╥Т,ZеOСЫ╧¤{Х╥ъ■МH|ЯЦy╡Ї/╡Эа$NEй╡%ЕJцh┤ЦPцBXДРЪR╬ФЦsE)gъbъщ%м╨┘LKo,5╧╨ы"i)I╥Тї:Chi╡╠f╢а╠·Xйfи─Y"JеUqлУСm лPЄЖF╘╒ш╥\KЪI3└{┼┘AJА+╡лр^вжФ°+ШОЪЩP#НнO│;TBKЯ.eMV*QЩМ╘WQh║2▀╡ВxgЙй┬"Д,ттrLe6MU;)РЭn&ы4─═e┬-Мpq7ЧыafБzШnй╞╢Ц├з╩ю5є╪▐Ъ0+╣я№тТ!рBйЯ[K┼╛yN~uёЮНyЯфїy5рххг▀Л┐щТ─°єZ▓▄wVЙф■х║!цЬ╔y╧Щє2deю┐_*я╥: ўя?█O[чi^t^Ь╤Шн&0 ┤и■АИ▒КєўEП■е8юЬчq╛WЬ╫╗3¤┤▒ыВ8Ыc║∙хЩг╙в┤4 Ф└g─yNЬє&9oU▐ o┐6Ў$~ёАР_┐ ~@K▀ ┐ы─ЩТV"]─ю&№Щ9╞├0ў|Щ Я┴IT!·yЙ╓АO|U╔Є<bтЧрAПm╜╧V|\╔╢╩s 9╕ж╬°Tп)~└щ╝}∙\wP|ъЄ<°$у╜Ч╨Ё9|дКъэ№mdZFgЎ3№╢ФtfKoВ╧{ы0м═╗ ї· ┼ўгш1╪Я║D-ъ!qпA├M|├эЄ╣·-°"█хyn░Ёk.e}╬ц№%,Ў░▀▀{ лBт╡eфhyo0Ф■П|QюЄТё╣═▄%x$|qюЄ№ьf<3╢е╩·╛Їo  ─] pWu^¤╪Цd?█▓м8f╨А\Eqь─%nF╢д─bdG▒х─uЎн▐[=н╜яЗ▌╒Яёд*їL╥РtuЗ╨║н╥Lж5 изMй f├дрi=4эFS\43ui:d└%=gя╜{ўю┘╖√№P╙ЭЙ╡√э┘√Э{ю╣чЮ{я╛Нцлр┐жЖ°╖QЛ?mb╫√2├ DПfЎз╒ЧycЩжQ▒5\fЭ/╙╘W╠fР╔╢└}_fw,╒╗x9k}Щl;УGўШeЫЁ╫Б ~∙Цжr3ЕвU*№Z╬ёF═ВUъ╬б▄эPNзпiз╓_+нdzДМ╓эЩ╙Ю&ЮBv┤Й·hw▐Ё °Ы╤Ш-ЫbJюu]№█  -п&3═ к└∙2_жЕ╩TШ╠И╞айбГЧиh╒∙л Л}бAXм8cT*╠L№и8V╔Э╣5тt.V  ~ВXм7░╪G┤└Y√[lZыа2▄b╢V▌b▌WHkеd│ъbКп>2Ч|м╥▌у  ъю_ЫЩR╠Жx№╢рr┴ЕЮ C ]g╢п(OЭkY,hЛKA[|■]б╓Э┤Е╩х╦Р╢P█╙Чсm1зе╖┼M┤E№╗Т╚бЭ;W&x/п╫▄rQ/"╘лSйWDЖ╫k8и╫Z╫'╗D·ИИЫфєYн║ЭЕ>є ·рё|│╨'╛чRЭ╤/т#Ы╘9ж▌╣╬ХЭЕo<п ▀ИСйHц╪ъР╤▌whдыш`▀68o╤т}┐Я&╪GwM╧p Ує╦лўSaЯ∙└>t°Ўщ╒╥█tVKПcч╡t√\╨к█G╘╜sU║п.╘рл7Wпъ╛ЪM╨П┐j·─√*_╟6Ub▌U@f#фt^Зj╒╕╖0фы_ ┴у▀бЬ╩Кш°%эєв╞Zе>√╠Ў╔P▐ю Zz╠╝дUПЩм_ їя╫кў .╙╫Ы$├╟┴NMXu?н╗_N ▒мRО'│ўhк╠╨▒сtЩ╜╗Уd<█э:vьX ╖J5q^M?о╓╨wfW,M▀Щ╫╥√╬т█и╧ВЦг№╢ш;Ж^Ь▄^}{╡TЩ┴c=щ2{;dЁЁc▌ъД8_4╝q╙qfWд╟yi├7с▀╒к╠R┘РўпYMш▄█@Є1.kщ1сЪЦ>dУь3VqL g[к█ЗЛhБМ┤X╦╥ММЙу╓X╘╥G╞ы5Xc>┴AF╘▓╘╜)бw'шГ╟╧ЪЕ>╒G╞хhШХ\╞G╢ЄТ`╫а @┬Уs/█@ж▓*<Юю[╞F)s`лН░x<ЖO%╚PлЦаN╖й╗ л╞Нз╝]j·PПЕ}ЗyT-З{╘ нЖy╩Ъф№ $iM^s°╚\╤┬Ц  ├н╤╟╩AоуZ╘├o╞ЖW\ьхЎikЎбs"aЯ╬ЖЇUИlВ}D╜▓нK╙у╡цM)эї├eBЯфёBъ№хЖ_e╝╕ое╖EgC┬Кў∙+Нв^8;Zе╩ЁЎ┌▌Р!Sьє?аHч║фИЇОхLgщ╧└S∙u8Э[О?╥в╚XpЪ╔Дe~Р∙L┤_0}Pч╤╞_%╢·yoDЖ╖┼╢а-╢Snч■└╬[h ёуFk #╤·Ыщ╒чц┘Жъ#м╨'╗D· k5мo·╨╡gб╧|В>x№ёrбOї╕Кc╫еїa ∙*z╘e ╚ВВ№' =├╚JH╤* ▓РE┘Hg[dб-ъл╥Ж▀o"є╕Ы░a%бMЕпО╘рл^рл╕Bz+СєcBТoЁХф─JЄШq╥д:} x·},R65tk╤╝ПoБ╠у╦XПijhгЕр·рn█w(hd╦э\┘$ь╝Гъ╝Dv╞уMl},i?ўApўГэГ№vl9╕╟!v6X№Q╦v■╜fag█-фr;BkЎ┴┌┼жещз▓юЭ▒:cЫ■m╨ж┐hНоєуБm·GAЫ■~l9h├м&lИ\1JA╤П,э>[ОW╫ж╟▒Ы│Oї╕:WK\M╨ПУ+Д>╔∙Ж╘∙~нZюЧ╒╥█4Ig7fk╚¤k╚%цSъ~C@{ї\bмb∙╗%A╜|ЇIМ┤Ы├єЭO2л Я├°▄F.Т┘F╛HVA~М2╖ЖС╖щщ #mРВ-╛;М▄Hяmaд╙┤ўЕ\ЮZTРУА╠╜?М|Р┘ДСз╣╛=М№)rэ єВvс?=nW█Л°F╠z┬M°╞SБo╝Ae╕o╝°╞%НE╟РМ╪kk╛Б%>B╩Є╟Э ∙┌чЮфр+ ╙│'<.Р∙g@оьЙZХХМь5V[Ю╒Ци╟5ж╧F╧7╓РUолn1]/ф╜▓б ▀Ыl▒В5▓+D9╒gЇм┐Х┴ Tu^*√poЩk·V}п?иW├▓Ём╩>vЮ┤╣Ё14є1▄┘}┐*#ЎЫД┼Ў╟zР?$°бы9%█,i┘\ї^╪''ь│Н╩pХq╧.u▀su ceS √▌M5ьчfк╫}*ч·uЯлбюsA▌▀√^ў╣ъ~бЖ║gъ╝▀"ъEkAu╓║-ъ║╗kЫГ╚.╗)Вь|╣!В▄u▀ЄсьЧыbя$ьy┬■a  a┐R√V┬~Ь░_$ь=Д¤Х║╪;√a┐@╪▀C╪ыbo#ьCД¤_}й8ъxхйЬ╓9^┴-г'ФuдНА╠)2яфL хрtYЫ/ДezV)їя~ k4kb;OЄиo╛│Я┬ч╦gГ∙r/Хя7еп╧'╠Чё╪ГЫlу╒э<Х;G╡╣qe/ЮZ Р Ў∙n∙M═M╪gоЖїДлБ}b╓m─АMщяk-ж╪ч0╓╘J_Ka2X╬;5▓ЖFъ^}ЭнЦ║▀hJ EX[s ыHыУыЮC▀8Q▌7╞НR▐6й│П>zКy╦sАdD9>ЄнЄЯ┬Ж╖jd┐Ы█p^6╠Pb├ъяP57з█░│╣Жў┘Rl°cиiчЙъ■Г╟гИ5:kр√yС7╕╕5j░╞| ╡&░F╠[Фтm▒м1ЯbН╨хzК5ZёїБЎЫоЎYнUыqЧ┤V╢k░╧╓цЇ╒╦сz▄bК}▐ПU9ЩlЯ╗A&SГ}X9╔Ў╣в-Н}:k░╧ёZ"╥Жd√┴║з╪▀pям┴>Щь│и-Н}║j░╧x Ў╔&╪g╝dёН ЩYНyу%иe(√▒%и{М╬╝ю╫╡ЇС:▒ю,п█╤&ЇёwЫтdh6╕+Agк!╒'╚EI.zНфв¤d■uОоЎ╘┼■ a┐J╪wЎ'щjO]ь √9┬~#j∙╗Ў,√y┬~Ъ░┐J╪▀$sР▌u▒╧Ў_√q║WB╪G√E┬■|]ьGщ^ a"ьч √B]ь#4g#ь¤Д¤,aб.Ўa║SC╪ўЎ╙╗╚├еМ╚├CхИ7U▐╞<\·$фсд^╗■_u▐y>╨╣zN2╘Ш*sўвMc╛фCъuS▐rЕx╦K$FuС ▀#9v}ьЧ √┬▐F╪?,┘∙пH>╙єе,│Ф?&9╜Zh╪▀^oгoр1╖:╠Е3k*°' │-a▐Н╟ч@╞KЩw_ЩWоъ_ШЩOШЫы·t┐4"╛Ц└Vъ╛ %/ЄзЄ "╬3фЧАИ}jЖм5Е?3ф=|щ┐1@vЄ╫Щ!¤А╝дФє y9╚UЩ\#╟nЖ<╛FцQН°жещ8eg1xяП╧В╠A9║]╬┴|-d╓╚╒Ж|Н╫beА\dxE╪> с╦Їjo╜хЧмO█°Eё=&єЛ5r╘cHKл№ю C▐┘╢╝Ю3з-p▀l>мсЭ ╙█"dжrо┐OtIйщ!NШ>╛ ╔ДС▀с2Т¤╙нbN-╩yРsКх┐ф?╒*чхVц╦yн5ZўЯ╖╩QЖ█ъ┤_Сi_╦╛к─,п{╢лCO▀Ka2ўмХ_у▐ИxOЖ!ПоХ3)^w@:о╙kхZC>╚│JM?│6ZЛ/rQС∙* ╫}■im╪[Кf1WЩяб л■ыZVк┤№ ,G╤зuЭ№^oўuЄW╪ d8ЁДвaГGk№н3┴urЭ\НлЎ╤МАзЖ=№▒ur■┼Р'╫E}у@┌TOX'WЁЄўывqу:Цгx]KЖ¤юF>ukЖ¤ъI>u; mJЫ~0#╓[D╜╥╗,№╘╤МЬ├2дРС_╖рq##┐│─Р'Yг╘т│АlSd╛ШС;╬ ∙ Э-av▄пы jaМЦ∙FР╨?╩╕а┤щ╓Зї╤ї╝mы║GZьЮїZ^/3XЖШых/Є1@цTў╦щ ХГ╗"│К> ыгэї @║ВТs▄╟v+ї·■z═ўи╨x╚е {╜№ЎCVАзЬVd6ЄВRЛ.@v*2wl√╪ °у6EЯр■PЁ╘a█4С╣вXь├Ш┘Eд-Лх╝9пhX▐└ZFz┬cdЮ└РП▓U╤Ё@о(\╧"▐s`╚Ч7░6Х╚╒ 2╗Ё#дЕуrП┬ОїюQ╝N█╚Ц╚║НЭ├╛wc4·▌ HптG╣жЇJ№∙╣└оU(╢xЧX╪∙гЩўJЛ}r#SЛqсяr┼ ў;S@цМbН┐Dм╬qklМ┌ЁИ(5mВщB┐b∙   СЇ▐wгМ┬їАМ(O}Р^ефгАlWdL^r(f╢1;Kл~РE┼к▐╞Nе>╚ ┼╬▀kУя1ф'mтэa▒7█фZC6l╥° ░Рy 7ВЪ┬╕ГCтo_ Щ;@&п╘лw╦1еЖGQ,fт)╚щMс╤П'7▒▀¤Е╞ўS,"Й╚C9F╢Lx4 <╡U)∙o╔(~e√5ЬФ∙■жpщў#ъспГМж┤Ec╗\▌eH{╗xL╪ч6@║о;┌х^-C·┌хЪU#╦Я цТ¤(╚ЬU╩)╖у┐ЩРЭЯhПОD╪╬Їх9ф╞#ЦЛ╩■ї|╗x▀Oш№ЧАlW╕╛▐.▐╩2▀dA▒╞ПiVуs╗▄uх#їf╣6╚РнАь ╕╞*жЭЧ▀ю96╚z▌▒Щ═/d╗▀ ╚Eч7│_J─фмRўi@▓ rР╙╩SHЧRпч6Л7сЕ5╛╕Щї\iНo▓D╜dNбэgо┼═тW,gl╩▒щЩ╬~■>V┼1ї▄O`?йьъv╠▒КчtЛч,╧Ў▄╝SЎЇ▒▓У3У┼fJ5H╣х4)ю Q]╖КF┴╘G ╫Дб+ЎqгR╤╜ЩК Уп╚цсЪ├yх '┴ ╝ a}ЁрсС╜CCz └╛#ўыЎОь8tИ┘у,(в8нсxмe#∙ЄФeчsЖУЗЦЄЁ│▄0<МтTk╜dx╓дй╗ь>[,IВ┐╟ W╧х╝▓Cх▒═pbП5╨q21j─╦М[╢єцtотщт}╛Шкш║_ШYЪд╖¤╡н8╘ИAнXY╠-╢J"╞▓YХз┤+J:╘┴мxV╣T╡№єЯ┴wIў_▌[CWХ▌0╥╜╒лpЧЎ{1Sт╘йSjG╫їB.з;f┴rбы*`▐$p╛мьЄиaыyhpWAr>Bl┌7Є└!}hЁЁt*l: b┼)3пgt;W.M2ўЦ╛ВkкыРB∙▓╕╡ *Є'││p▌_ДЖrNтч%¤Ж└╤█╡▒█Nfи^1н;w▀е;%╧*ЪЁ8Ш╓└вж F█▌Cksш╚┴С┴·ЁсБ#¤шЗЖшc╡8╪O├F╥z@├ВШ#▄┬їО╕жsо'РБ№~`!T┼╒╕┤7ю`╜ЇУц kию 8,╘'t?чjт╢О_0А{·╘];еАС╧иК&Sх│XЖр}D:t}¤!) j bм▌бV╙я│J∙с▐.С╦}3Щу▒вю7=~у╛▓│7ЯwL╫Н╣┘WЖ6НФ40mц4Фq║╦%сГе╛ ╟1KЮ/ФkЦ&Кz╨╣lk╘1Ьў╓$│Ци└рmдч&╜╨ХЯ:╦╦)╝ЖQ╚НИP(|i!ИB`╨б┴JF)tg╚╗-╫1№h,штykZпФнТ╜5fЧ ЪН╤ыBШ╢єх ьВ┬f№Ў█I▌_f╥√wьЕ╦Rф3 1║■СЙ28ЩПУ~CВ╦Яp▄qk╠уt.√ФБе░Б═?ы;╠№Ш]ААзH=gЫF b╝ояУъT`ж Cя┤З ТIЁcA-9cq┬Ў░я░+k╟hчзХЄ╘о╨еV8Г;╦[cc№ttЗ(/ФQ='D∙╧P ]А ╗ё╕8ъП╧▌;48єo╗ЇцЪЬгЯЁ▀Y`A яЯгыVyTЫ(х4╓В╙йЯ^╣ЯМD╔╖ГаЦTD╩m┐Щ№ЭCЮMє ╜В єvйJ ┴o·В╒3&)ю·вёЩdў╘ёRgIюIv╗"cЁ▀─ХЧї╥C╗я┌╡ы╬]_У$╞а╟ДФa/G┘z┤Ос "4№{Z▌┤я▄б`P>Ф1Kk№┬Ї■╨8нTJф]:║┼Ду╘4s~├яQГn ╛╛├CжС▀7уЩ╙┌a╙;RbMХу╘}Цэ∙г>╚ЧEё!>ркеdЯ║.├9c╚p╜Ц─O <@du¤╤ЮУh)є ╢NП╤┘╚Б·╨┬<КVr!У╤╦cX F p╦ НыPЭ █╘- └ККїC╡№▓╣3i▓ВМю▌ЙQwлиOЪОЛ╛▀d╪)зэP#bй¤ж ▌уЩЖU╞Ш▄гтУ6Ў([■y╚╙ЎГж3h`┼┤їгшtY@>╟V ╣Ы┼W╦ЎеOцЭ▓JШПыvепШЄє]Тb▀T3IЬbr├┴g─v┴ !╦Щ└█гоiЭї-ь"#хЗн╝┘NЇА>▌нШ9k╠╩ЕЄ╣╘МSz╧╕iT┬N╚уГьёSC┐uq!╢Лу*o·aШнГOiС ▒h╙Jд╛&cЬСч<ПМйx╥┤=u┌Xk▓.ХОEBw+╗б~6АC&йA╥╝=2Я$ ╤IМШж@п,ФКР·кЁhС├wr╟4\$╞n╤p|хЯЪ тт▐╡ГЕЗH■,юV╫2╠И,дЎb¤Б╖dо"╙W┬╝|ё4.ишШ%`ї зi8p>n╠т=ЙЪ╢Ж.kХfBщ 7фd.g;Ш№rCЄ╢╧EКН_ aъ╞╗ЫеВjUЗ(AеЎ ]Э/║У(^(Gk┼xi ,╝═╪&^d└ГX┴яЛ°3RВТlm\л[ЕР!}ЯГ╢ВKЗ╟╦SЕwр╙Ў─u▌w╞И█#╔`░L@#Зb▓░ў$=OA`╠ЫьЗбШGxЪ├▒1W \пhТC)┐╙EZ9bI╩Кк,5ЄR°Ъ╗Ъз┼ч╡ё ЛCдP╢UJ└xUВ6Л.Dи├O8wa^яЕь!є╕ 'X┤:tFh╚Bк╚JDгu╒G┌╚H╞є═p╚Кд9~┘╪╞╨LEнZЦHUТЁсУmвkб╙ъ╦д▒ ╙RСа│·╗юСш "▓$5бW'u┬яY╪їa*Я╟9Нm\┼щВ╪Pu╓YєI╫;й]y`U╔°` юЧr~23│ся┐sТШОw╨иB6e║╩З■°LЫ▌гЦ ес■┌'и║╤YЮОмK╫░;▒u╡┤?}┴RY>Ч╜ЦїЗ   PKВ·Т╒╜РЦwPK-/_▐Vicon.pngЙPNG  IHDR┬оnБъоPLTE^╚Sе9tRNS°№я &є8 цс▄B┴╦zI ╙гА*╖2ЩЮПФъ╫░╞k.p[VNи╧Ж=u╗│_SКgcм_v#ИIDATx┌ь▌ыV┌PрЭ ╫$еEnjлИўъ╝ ЛїG╗к╢DТvHNц{X af╢╨Юн^f▌Q▌,7╫CбКё╧ё╞Y╖Дкф)┬?юOЕкb╕╞ Ь╗ЖP%╘╪jYкА╙1╬ПЕмWЯ#╓MG╚rэЯ Дм╢ ёйи-d▒┴;Дu!kuF╪)рkўР└№лРХЖчH─чsa+╒║Hиy$doВ─Ь/BЦёЦH┴y▓JcНT▄B6Щ"%ўзР=fHя╗Р-Юaв/dЗШ┘┘рж╬Д╩яцжМЙХ▐ ▓{BеЎ├E&п|Ф┌УЛМ&МКЦ╪Щu┘*н#)0,lЫV)0,lЫп>R`X╪6зsд└░░mъR`X╪6э)0,lЫUД╢═`Б╢MgД╢╬╡Лф╢╨ХГд╢╥╡Гd╢╘еw└ЛP95▒├┬╗ї▒ ├┬Vk∙°├┬Ц╗Ьу3 [я4АКo ЧD=DЖЕ+б!├┬╒░Z`+ЖЕлb0ВК{ЖЕKвsГ 0,\%╟чP╤cX╕$Ж]|└░p╒╘юб"Z ХBэ0,\5▐+▐cX╕r╝1>`X╕jS╝├░pї4fP╤╝*З3иp/Л T4∙9а,·PёйpY▄A┼Tи$.аВ_Є7X─└Л бЬuFXм ЧЁЩp╬Ж=ухЦ'√w"д&■TX/Jq░'д'■TpZР┌Ш╦ДXО╝╫М?╞▄6▒o|д*■w┐UМ┌╪ХP^fx╧┐_ч╪/Щ╩═f/█=Ч~cm╝d·[╢{┐$Й б\\l▌ю9№Ц$╟cЄё│▌sЁт C╣╕r═╢{ЇЛГььа=¤tq╪┌X /Ч wbа╙c"а ,∙P█,╖¤ояHm┬╫_█ KC?]д╙х`м╢~очЮ]дq╬2└VЕ(єЖuї{s=╬h{╠┤рж\q*V█ХЫm┴Mї▐▄В!░X╣¤ч╖╠КГЬЙ-Ж#'√ВЫ┌╜╣░-дл╒T;°Э╜8pB█епvЁ;{qp╬Й`*┼-чIс▐Ь╧.╕╢vиvЁ;√╜╣&@┌p╪Г▀эИу└З╙╛╕╗Кт?VРоa√u╖╟{s+ ┌j]ь█╔▐КГ.з`bи└Є?∙~▄├┐▄Gбэ ~▌gfVуP▐c╨* ╒ю9Ф│┤МЩЛГ}б8┼╛щa~Є▌[тпНPмB_Ї°у┴ш░~ы╙6ЕА%s_╦ЁйфЫ╨6 А)ХЖ▐КГc@╢)NL│4t╞P╝┬└4KCАт(жYтыгP░dLs╨еП▄D╠sN=@ОB&:▒wЗ[i─@Е├ВBUPКв ╥Bе╓"UP▒є■/╓Ю╢ч4*Б,▓╔p┐W Lю╬DцрHВ:дщМ╩i]PuFдq.┴Uш:г╤n╩ЎPvF╧ └Вкqс! хK┘6ъ▐ИYXpе'Гї─Аy╔8Ї┤Ц$0▀ПЖР_kЮуўQКў`РGJШЯОAI`╦╨·о#╡МuяёjХ$WЇ~Ю╥ └№\P|∙I0єєУ_└Jй`~f№VK4є3eё√ щ`~NX¤╛\┬ШЯ╦▀▌└№LX юФzцз╔<└)ї╠GF тв є└0i@ёк/@9ш └x^ЛжМ'сuh └╕ЮП╛М╟└\`\АЎз3уt*░╖Ъ<:h └╕ьImfлsx!▌`=и└╕╗КЎьп╩Н┴bъ0.А.▒ШHЙ-A╗А▒#╚m'0.@║АA╞@0ш└Ю #Г■М pЛАБ ` └@0АБ `H:lYЩl╖K╝8ц▓/└`!╠$V`A $R`AьKдо Ьv ! фJвЇЕ(РЙ─И,ФvФ╪r┌╟@M╬└,е} DPД_АЕ_ FRWb3 щE"C╢Ъц1X`С┼``БЭ┼5" н%1╔n ┬ъHL└|шАWнИe╪С"u BыКнo$/░д╜Иm╛╬О ░Фї┼vcМy╔$░Ф ┼RйЪ▀n3ёFЦ╕3▒M═O% n╩▀┐-▒u █5"+FGl-є╧qM|А%m*Ць Яс╛" └rПБ╬эНa ж~mPМ▒їНе7Р@ └ 3_Є╙=Ф ]ГвЇ┼╓5пьIХЮApю1Рэа.N`4─vi▐║К ШуUП▒НЙlUFVиb[Ї╧╪h╩{`Z8╞@╢│Сl╧▄аHхЪc dkOх-0%z^=╞▐е╝Cж┬W▒=>$√╔а`b█7.х;▒АiQ╦└╕U√▓iw`ЕkИmfЦи~Ц═ЪoЬg)ы│l╥Ф(О1PАO╚FЬМ┴ЙX▓v╕]R░╝M╠J▀└TqНБ▄цШ"╬1Р█cFжЗ{ фЎ╜DжЖў╚6.А)qъ9lцУС┌╜A$Ю╓╝═s_#Sс9╧╚ЎбBж┴ы1╨Юё╫А¤bяN┤╘Д┴(', "*и╒q▀W\╟Щё╛ Л╡=зчФ╢3-┌Є╟ {ДaLрц&б╧ФИ ДКЮ╟0Є\─MДВФ[F╬В╚q[бжтsМ╕qбh1уmU─xBYл#┴ eБ╕╣PW ╕F╪-√√Y{╔0║╞И;Й4>5╕F╓1╥й╪}.АХ!К3ч\г╔═щ═М╕FТZ Фe╦HХ `Et╧┼╡Ю╗°-Пп,д┤1P▄з¤╕├0ЪИ╗ eж√╘Р\#kЧ)*нц└HK╒╢г*ТM┴К)] d7_\╙Б-│ ФсErL'┼иЄM╣жС3тvтw┌╖б.АщхО╕Е°ИY?Rpо╧ВЧЗШкx▀zsuРВ▒|:ёЄбUЙ_-▐║╥ШMЎ╝Ў[x[─m▐Ox╒M╗o╝ЁC┬qюП я╥@ ▓^ FDА8[|╙█╠-д`╟:w╛▒%тjтЛV,сUтw\° цД\Ы╖ёiXўW>юЕа3r /б╦]Ъц╚ъ0nЄдOЧЗ,╝╤╢%aдf═7\ё"o p┬√╚&P7s┬лН╘xЬЁjхУБфNx╡SWIxy╥╫OШ0с╜ёЦN=]ё'╙И^НM9с}h%|ьЁ┬ пЎЮё╛*'╝Пa°~┬╦Ы╕┼?2O.ьСTоме╢P4CLЗ^вь¤ф ёХw▌TДВ■ўДўЩ^Ъ┌╧sqЧжB(8╫ '╝D┘╖╗─/╔Яgы╢уIЯм╙╨┬╗$я┼╘_+Їё▒. мїV┐K№VЯ Їe┐╬ЁG]┴Ї╘:ZHb#ШЖJCЙd$║·щE╗жЧ╪уOДf╘Jed@═\0m╘&к$o╒╓Еy╢Р╬еЙ╜ПwpЁ *Wд╘М<3ФHKrеЧ<╖Г x;qЎ╪@▄Єбэф#юvSf d─;;+╚╩МмнГЁr╨░G╚A(MеЄ└ўЇ╡╖РЗЩ`$Еr▒М ╗Л|x№HQmЙЬЁM}Х|фф*=ю9йrИа║ГЬX|О3A7ЙЬL9 h'СУo !hk ╞ ┤3Р #тщЯв╜D№'¤IкKd7;Єa?D dUхзOWeКld╘ф 8]5Щ╠V▄ ж╠\"у┌М┤╥У~ызnГ╘Ь17 ╔;Iдф╝Ёузпх!c╚П_х ╥ЩsрлЕйtъВщ└ХH┴9єA░z░gHс╬╗╛u1Ж:Л█╛┌p (ыє╗┐6╠T╔W┴┤BХ╧+╛Y8Pё╡n:Йа╞xШЫАьvлRънГ┴║WZ╘4н╕║PуьЕ╛┌е╙mї4ю^Ч3╧2ЁcъЧюquш╘{h@IU╟щ┐╜▐п^ве/СФ╫о\-ЖД&Ф╠┤ ╠Rs3щwдcЖЇo7_BEа╔V╧rхыУў d╫╫)╫ ЫP╤а?ўЩе[╪ фi:д[Еm@AГЎд╖hЖ▌Г─_Q}в97║PР¤¤Ыюыдaсп2"К;б#$╫!9 Ч╫o├@тЯш╗ВШЦDb╜1╬t╧W  RTдДHLрL7╝H№sNHк#у#▒Э д╖Щ[°OB%IЙ╜*┌╖a У|TLРT@c`+┬ЖБ nDуп%╩▓(╝█┤w#┼@$0sСTё╡▐╣!QKGM.|0ыc3гЪРМSф аЎY(а╧э▌щbЪ@рсVDН (ввx▀вЩў▒╓ЮIjЫU9fй▀▀■h;3;;k╙яЪкёсЗ║еє]╖'┐?tD6═- н╝n#ek .@6;└ХЕO%т +С·─Ф121╚%╡╡CXBTh'ГR ЩLБ╩╦■G=аLE&%B╤мV^С'д╖ЗП╚─"xXЎ?a[d▓ xYЎ?в·╚вB Ыхi┘чш░ч"О╤61_╦>?QАM ╬╖╓▒7@╛9@ЦБ,<╚╦(ъP┌▀╗У@╖ #QВ\hД╥ЄД╡улЛ~!_н▒ЁFв.С╨ЩъРНC■╗A║k▄▀жЄB(XKHе╖P 3Q╬/@ы`с}\8X(+╢А┐(Y└жW┬╗ЩpсёzцюOBч4Вм┼∙НX╒л°╛Yb!╚╬▒9ЁsjлУц╙Бo╘D╒└Ф п╣ьt√|X╛ Рov▌Г№М│?!№▓mcd°оEfЧЎоe rUE:$EЩuDLЖ?СO▓3╧ ╨ХА,Т·wn|S~у@#0) пkf╪6Й LRхў ВZЗцglЧ╩э╡ft╛Rп╖1a№Rц(:б╗лМ?ъ╟╝DcL^~;!╬1 e нC·чF╙Фd═сВг\po(,√wTВГЗ{S"╘р эIнй ї╙▄ шж:%'ДwдТ%/gT╧╫.╙к+Н╛Бй2?■НD▀А!Н|я/vй╠ZЭl╙ЯТ3ЖПФй:S╩w╒0▀╣г;5z`·─.№Aъ!%Х▒И ■MцЛО├f#ЖkъTЪDл╬╟E┼╢в√зZх╚╧Є┼XВл║║╬Ьj╠ўЗ╥гs╢4▌<┼{┘деЭncол▐%0Э<хYЫ╩╦─ЬGn?fВ¤RK╔1/UA╒┐c╘тФ╤─<ЮъБ│╖л%╠W╪Дщ┌ШyСмЇ$ёЗBЫ-Є >!Me╠╘хЁс\ _(─L7)5°\н/`VVAГ╖я■|mдЛ╓й lЇЮАщ·s.ю╪■;О╞Ы √s nаўK°╬єс_╤A>см╖jNЗШ q╒Ярс_°╚a?kеWGЄмS аУ!╪■┘уй╩├`Ж┤ ы:F╢·ч.зЩ▐?MР░A╨Ед╘О┴X└;╚у▐╢A|Oў б ╧{┬ыBВdI▌sg г╩╪qх╤<╨ОjР┼[D▒│k_лnКГк╜┐╠┌▐ш №·HO%Ў JMЯФ7fу+sSЮи/WЇю6GbДpQ─`ЛмХЪя┌█ВX°a!rЯП6кbЙР▒3 _т.Zj$┴jЭ╨Б╔ L■╜╘%╟Дз[кhЭ ╟ьЛТW╠O╒-nХХ╣═YУ¤ <░F&╧и┐идf═Ю~ЧЕ'кМY║№Жp└aJц1╓╔╣╝Xg¤dе╗юYt7┐Р┐ЫЄ5╖┘b\Н╚=:Ъ%╥·П═dr·R┬у+xЇvєсЪ$;ИФ;█d3╚=╕y╩ПSLЪ∙АуN╖╟!ъ-иX\╟и°▀▒1√g┴ еZ`ў RеA╤J0 xf'▐гБ▀B&s╓%МXB▓здУ╜mTK╣╓"cXМoЮ╧y°]Qч═;ч<|╓Сф╘Ю┌▓CЧw╫=№Bb9√UВ╟О6GБq*┐╜Д-YЁ╟┬Y}Вz▄╬MX¤m:Ыt@РЄї┴dCJзуН`Є√нДкгАкRУ╝Ї╧╠ГеG√0ї▄бГ,[jpЦ▓дд╚╖@.д5╠яР&_╤╞A└╠учєwаС3 Es╛hDFЄLЯ ї╣Гтh┴[╝цЬ°{°EwЗЇ─ЁMTO╚л╨кxBЁjър┘╔QыюХЯЖXд|А╪AG└2Я┐Iн\┴┤┘ 4о╢ыMdЗn┴j╛?v═o<а╨·у╣ї╫▓d╞t ч╘ ╨┘НnХ'_ZВsяDОp6'╪═_r╬;Б`<m╪╢c¤ЎdR;c4L·6й├V▀Ж╔оN'tж&√▒╝ж0K├-J=╒E╡зZ├m╩.ТэьI╗gкs└└╣╨=у╓5-е_rш9╖Щ┼9;кnи╝─M+ЗъФ╥qО╡H╖@эUO+·Ўє7pD╣GЯ!3ў 3ZАз┌╜┼/*zMыЩm┐┼├а%Ф(xЄ@Н║\щPpЯ│╪й9э╙ЯАLл;ЛXРT╚$∙уo╙qюў!┘УЯАШ6C82ф╬Б,╬╜Ъp?"пр∙╨9фУ[▀^┘°vп=ю[w╗└┘ЎFr.ДЬ╨б@Ы┬Д■╬#¤o0└╘┤xоEЭlg√,ъt┤╕╥HЩt$Bwр,v█Ы°в8ч╔│$╝├┐;KФЁра┴╬╫ЙlЙAЛ║CJ(4^№┌' ФeБ1■.4N¤ХjV░'ф∙ORт*и+Р4ЯNb|NцВgДG║EЄ╫ж0╘Я╔╔Щ#Н╠3¤ уу╓с:╫tWZ┤аLg8√уjо╡}н#J∙Ч4e╖Эx┘t№y{А╥eKРN┼Eюзk▒V╫gРqх/жC~Я°щЇqS2;╖вРєРе╤Ю Тб╜┐М╝vР╩z^%їАн $jzНf║Н6$╗√▓5 S!`кuт;Q$╚№НdWЗ╗Еz^$/Ф╞╝2_ДЄ█Х№Огz|$╥ь#Г B~\iТ╟*∙┼Lв"эЁЮ╝╒╪А╓D·~вX│-╪N&╡ьSТ╤Ш ═Gє┬Ы╪√*ёcЪИВi~╔qPЬ ┘Ч$щЖ <ё┴Пm╥Ор>Pв├s▌G─8┴УгТбAvЧJ8>ЕкЮ}5d ,B:ж╓7!√@hkПЎ^╚!} HX╤0д)d√d[ "Kї`ъюfдх4 ibV*UъВ╔├B┌ёп>ХдПA@(∙QMКУK*Еў№5─├Jы'6Bы╗бiN╔╫ёУС  Ё+¤эНHЖvёЪ╠╬ЮсhOK╗б+`║ї░f0sy╜гGcэчВФнЧЯ═'U#║Гў╦у1),?v╧8┴з° фА▄вЬi╣ь■ ╖KmQ°З° └{ъpШЄsdЕ$Ы╖@Яb┼╤Aлgrър╘┘▐В&дл┼skBо╘├_gQgГд°к└RlD;ЗбylЄ┘┘¤=├R┌'┌и╧ы╔KАоьn_√Хd.Ч=Аo╧жу&Ъ)UЧ їs╞1┬$"okО1q┴ЭC~4ЭQ@3ьR36щ#∙N2,4rеPьян °─mЯд╜waп▀╞ *х╪х№Жuм╝╝yA)?Ъ[╥ ~лн4йв▐н= Д╚ н¤ёў4Ы·еЬД╛Ь8НуZ@┬╩║dи|їрЄОгБ┌чї#╥"=┐R\@█їщ}{Кўdщщ}щcа+!aSДД■A$t=Й│dО:#░з{о ═ @зЖХ'▀шlbе|г`>-Z !╙$S╛╤ЬO╚4\ЁМъ█a▀У▀╜Hc╧{Q·ъi╤и сКвщХFWЎЩR╙.JВJе║еЧ!╟СРOj"h&ovт─Sшw¤∙бЇу╨°А╗ П2 =їT╗А╡л=╝Ь,З└╘ь/═╒├ф╨ №фюм╜\N╡с╨4┘д¤╘H╡hдd'╝!Лясї┘йVЁ&∙╓,=R╪&u┬\ek▒'NB8╔ю]hЬ╚;2;ynУfд│√ K\[Гf([Pй`╞╔Вўv╡]:`7}"O║@B#√%з¤h Йc░╞k#5Ў╝имяЇ∙│─╦ёе!ъх·И|b*'▐╦┐YЯреўБuЬg*8ЧЇИ╒Sл'G%xOн╬ъЄЬн╒щy║╡7чna╤в╕7┴bЦy╬╛SxцОмRЬ;О ъ'~ Y╣0э@q7АP ╕^ ┤JзР╩:кфCЫ╨aёцe8}7mмR_7p3╧e7 ]╟fВ7╒щ°╪n>╩╣6aq╘d╣Bъ╡J¤vS7oЄсЮ╒г╕нk+ъy.0┘д~Б╜ ЯT└┬/╤2P╨цA╖H ▐y·=Ї$ ╞AL┴щ┐шжч|%цЭ╒ыЎМ"/qtхT╚$8O▓@е,░CЪхє·cxHГ О╪"K│)Цг5mVўЙ╡Wї▄╥WD~Bxя╠а╒▌╖f:/╡@¤Cъ>Hы╞КwR9╕6║vеЁ┌цK,:ЕьgнБ:НЬы:дАфу╖■ыЯ №'Оo.ўК▀цЧ'XX▀┼C=вDT_JAwe╝▌·╨zJ¤▒ 8&╥╚L▄z>╝.B ■Меcф^/0З+-1╚С1є┌#хL;Бщ▐Z├ў╨(╨FЗ▌HA4Ь'T@╓5qX[CЄk├НPЫкef0^pПN@ЕKG jРн√╔ьв°CК^9╪ПЛ-╜<М+huЩ▀ОЪЙ▓ b╝Nё└_┬x]ZpRBВєCЗ7яф╣▄hj6ўБригDЖ▀ВGGMчИ▄ЦtэПP%Ё╢┘H║╖эБH?\3B╚ХГR ┤ЯП▓'H■cCЄгжDNЁ╠ ╟ш№Ф?8WД zБГчг╫┐.н·~ RБучI?вF!Ё$tMъO┼г6╙q╙Вs▀ИX╜╣┴Р[╜лXЛФ√bnQ0Dдy,ёer_┤ЪVi{TЪ dьqT#.Дў╜гыЯQ8─▌Л¤╕АЫ▐aЇи{Зш╟┤Р~▄B;[еў▄├┌├┌╙Ж╙7ЖОм_т╝шфЮЖ;╦╒ ц.╖%К _}СХм╛╓:Qє╫0rg╒[ rБq╫hT9o╤s]L/ фJ▌╢н{▐г?0G !ЯхzЧ│╣цтuV0├п)q>``─л└╡I▒O└е_╡\А,▀┬L;╔&э ┘m╢╙Зрпр?о╢{з¤6Ч ┌M¤N_▀У┘Щ╕ХЙВ┤JЇ№ЕЄ│╗П{t3Кз$[Й Rm╗ftnQ┐] РaВ▒╔e╧╦u┘4 &о5ўн╣╩@SЛTЭQущV<╝╞╣Я`i╜ eЙ╨<╚Тїs$ч┌З╘be&┘╝8│╩╨Упр?Dявп¤_╘╗#▓г4#Фs┤Б╜╨syд^┼nБTj║HM╘ьrwо╔Ё▄жы█▒\>З*ы╛2ИmTIlтЙхВїэPъє??Dс~а[С@▐єfp╫р╢▀╠їhМш[lG▀тб╠E8▐дящk┬5a~Ao7щУ -ZЖQп√3М№▌¤ЄШ╚э│I°-xRPЁшх╦yтеГ╟╘W┬K╞l1)╨MцПp¤▀!AдяЙў у┼sЫ!g╧ЗКчЦ╞{°iП }lСZь╥nboщ╤\0Cрt─├╪в╪Oz1Ч(%╬5 °}1(╝3UvюХ&0л┴др╜B╨фчq=ЄКОе/┌щmlЁч║FН√0k┐╞q╞гW╥¤к╛Цs╗аmчс,╬¤*▄Ї.ТсhH`╫·┬по1Vp╢▓▄Ў6`A∙З^pN▓ЬыCxG╨▀Guъе-И√ЇyЁлAАю╞J∙J X╧F▐s╗▐bЄЩ;╕Gq>1u(ТёKxc}kЖaНЬ╗2 ▌2╨;A═ └∙tQЛоSс"`┬ [b87v■Ж°Л9╜Cф,}ОЄ9&aО ╜╩╛╥П╕╓k/C3┬1КTиW╓чяжым└ўa>ё∙П╨i╧7╪кЮ┤КюПкДЁ+ЎOаёфыБ,ыАAH▄╓?бО╬Жф╙9:5╬5*Е■h*peXпA2т#▀F1А╢УHgЖ╗√у╫├∙╚ЄYа/h;▄УЗмl/t6▓■о╘гЖz@s:N&Fп╖■у?ыйу╤АuGїЬы6DЭr4╛ Ши=Гї]Лї╜~л╧ю] э¤юфРё ,┴єCdРпQ|W!(▌Fфeч+жСs╜E┐╛sсєL!>°╢{-йО└Учнюр╕Ж╓╙ ·ж JSЫфw|Е kв│?ш╬╖BWХ╢рЛ╣├"uYсmBоtИ╦▌>Эў6ХйН7╖m%ю┘Прf√-аЧ@ў$╚╧┴ё╗QGъД╔zй ▄┬Dg╗StЄ▌'└Fєц├sц+[`L л8пЄ└dж╜[nёdыЪ└"┼T{/jХ,╠\m╠+с*,╞<Y╕8 єДлzR∙ХЧ╢of№{√f▀╘бЎMT?╧Ьд¤фGDї3╝■Gў[GwШk╕А№ръ■╖╜2L╫З▐Ид│ї░пЬ П▀{rtйh╙;/Ь_}jЬ}k-╕{Ў╝3} JJIlWщ░<щ и8}Ї║╤┘уCф▓'Н╠7>╟ь╘c7)▓<двg╬╤N█ї┤╙ЛщЮN#ш╚▐єA╣#">П8h╚}Сs║■ x┐ч╧a;рРм\LDЩI?K gЪ+ ╚т┤└uои╒╓v╧ЛчNЭХ{╖┘.}ЮуM√ьC╗╘╔mn╙╥PШ.*wJзў╟u°хёqm[/б ┐?╙╒Б\o°Ш┼ Ыг╕v■ s╤│┐П┘В┼гw ч┬u"╨`,3Pкїи╟■ ж} М^:sf У!x░V(ХЁпёШQ*тrя╢╪Lgfz5├▄Э╥.+7зн■0╤м└╜╗ПwJ;Q-Бъ▓в3pейI╝.z¤▒ е▀?0^╤_╝w╣╩b┌C╘XЗ╘ф°Ь{ўД╒▄─=·+\ц25їэМс\/cLгД╞>╕бэ█ V╞=p+├бжжQхm▓в╜ 4Ц│}Б№&I╒v╚d╛╧bМSЙ╫] iф\Gи░'Ф8н1ф╣├╕.Ю.Ш╧╓дйЭ┬уVC O/┴│:"Ъ2ц│Ь ┐н@{RpЎ░╬3щЬkщsfв╕ЗЁ7╘▐є1ю'╘_оuЁюN╟tЛф╝╔Є╤Июо?ДБ8Vё#∙zшr_ЧўСЫ"Ї$#SR28╟yЭГmb╪┐`;WЭ▌:ч\C▓э=n┌ы?д║║ml╫pГКd┘КKфЕныxЯHэ< вtЦ┤t8;uzожч|HО8╥<┤jГНkd>╫\╧С:ЭЗ9█щж^Ь√]jЦЪ╘zЫ ╕FAзPJЛпI╬Б╕Хoy│o▓─∙z6}А@Фпц╥p;ДVъ╫'єzx╝еуеW╞ -П├ГF?O▐Мy╪2ШЫ╕w▀╟┘ ЙъcщvO╕ц┐}Гєy└┌┬·{Ej<СИ}azщВ┬_Б}-L4"}яа Є{EїГk°B▒GАjгмюv╟pлgбQт╗&∙пEЭО╘є╬ ┌ЁTшш░┐┘Cжд:╛┼Эгў∙Г@'b8└ь+g@75сv8ўd@ └ЭЛ╬Пt#ц█▀┐┬ез░╜В&╡a■tQ~b?Uc■?ЖєгS█rЮЬ╢гz:▀пК╘N(.вCfЖ╙├∙п·ъrFйЪr.т R▀NчZ Iрv°│]CC╓Вh;єгv░ъ┐~QЎ▓Hа[▀ЧOdТЕЖ╠╬·c╕7щaJд╟М╕╧(m0т!piЧр╜З|' ─C:O,]z X]*3VJлН╡@д╒°║^сGjн.у# ¤AЁ▒H┐#:эЬ+Wg╝У&чБ▓ ВZ■┤ПмДш=┤Р┘EРXУ╩╫wуТИ╚P╔╣ыИ╛дY°Ж$V╔Н $4─mЕL├m▀Еэр>ТєLкc╖IН╚ !l]0▀>Ch∙╣ця╒╓╠а5│П'ыX▐<Р│rtъ~Ycт6u┌К ~╧╪┘у┴├T/юТkA╨Ф╢k┐▐)gLЛу╓╜CЦИ╒▄║'cшвС√WШ┤yТиВ▌dRбU▒▐x5u^ ▀┴K*n╙LVРN*є'ршо─Iє╥hЭ·8ШС:7ЪЫw!Xе╬аЪs╡aЛЮ#─Tb№ўp&┴'иuhм▄жv▄ў]ь<ур\оЛ▒·cУ>д∙╖(-█B|Д╪ЁяR ю$┐u%9?ЪвМjўЮ\f▄юз┌P╗╖╜]└vq и]IЫГ∙mZK╦хЫ┴, dг q~г▓■бкYюбO5hqЕ ╔'П@▐╤J^▐гбy[)_╥Э,ЎЦКnш/&]l░Cy┼юСW} ХьО╢yТМ!~▓9w`ЫZ╬╡ИвЭ°БЖTт0┌╤Й╨QIU~З0.╓А%ЭmшKэє╬m╝[╧"ШCv0│фQзб╒╗╬УЕ-╟03Ё#чZп┴TТh/о[kI`TЄ}еB*╨Лхя░ыWа2ГСЩv#чЪ╪M╗░╥╨1"ГеМ╘Ў╟╫-/Е_╤wP [чФ·ЧГНкЧН╘[j┐Мs9BяUСў3▒];( є╚I╩╪сg7 ═я>ўгX¤·G░·5bХ·▀/w├ўPю─YКнxVaу┐ЭгГ`┴w╚╧ эIас┘Z║QнH)Бя╩h!╬▌▌%ЕT╩· С┌А}ОАЬ√ЄM8ЯБIBПрJpdmАc R▐╞О░oывy╡X╛є t╢╧^▄^ъЕ█^¤)(w`ртr╬_ю Ц√█┐▄л8═ЧрК+╝┌ЪкИ▀═ЯCЄ▄ЕЬoг╖J· M%Д╒умh7fА,F)Р{пбS@╓}Ohе0O'3_рAzв╗┴КJ─e└{┬УЭОBcЇ<4Jt0n║Ёзq║rюПЙ╒ИкдH/═М_Oa)Ё?а Ze!Ду/P%И╦тБ чХ╘╬GX- █Ъ╩PyC╩ш(3НPF:╫cДС╓О▒сфp7Ї=ФЙЩhРuа┼┤╥D<*Ё▓B,!чЖ─я ш╬жU╫d√В*+g∙.░■ mРП░■sРX╖F5Щs═bщ$у"?√) ╩;¤a^DK¤uяйP╨ А┘мрЕС∙#ЁTЖ#╒ъБTшЛ3жё░@пв=°э╘>йTFь&яc$╕ J7%:╗_a ╗╘ошўt4ЪnДЇ\Шhk╣gPQ'ikЫiпT╩╘фlQ)={п?ЇB;°┼ы¤╘ш,JГ╚Ц д S87JфWЗ+R+∙Э¤h╬_:ME6vъЇBуj╩!ХБl1п?TНjp5╙·╔ўФXM╔щA"°√∙иCжdн+єає╠kRИGв╠ мн▀╝1ц]л┐Ч╚О+`Ы ░ъVя┤Q6Ў╕'╓ъQy╓"∙NЯBsФЧvЄц╢к{xй№oЫ$ГхЦ┘э ▒╝Ggs·56 ЦН{е╒╬Ў┌д└Юэ░∙OЁ Я╘╞K┬9<зцьfQи╠T╖X=├Ё ^╫_ИХOО┴╬ЩАТX;ЛўZA╚╪~ш{:O<я╤Г▒IЪ╪6┴╘$H`╞хЕл5Q¤ЙP╘"x-n╞гs╖Лй╕vH╛*l├СёЎА▀чH@J8eН`▐YuТЧDcR╧nх=Р╧1bЫє╕╞n■иъkТCAїQ╥эx┌ъQч√╕-╠Щ▐0>┼╓@ЬPУ┼єЖ1 =Є1┤╦ШANЮ|О(х,Є}&O%█куTL╔Рdgў╝─"МuЎГ}╘2 ї8┐╘H НВу\╓Єк╚r0x?╗Є^.Н╢,H√┴Ь▌r▒9Л|хь╫8Ў ╥&╠-№"а▐─мфУQ\I UsqБп╧Q{▄тЩ░┼Аr╨╬;╧╓ 9Ё│╝y╟┌>┘ФВїcРўўkmR+╢55╖╚gє╬O▒∙╗БїШТ╚yХ║&НE║їЬ`ЎWН│Mа>╚Пр═З▒▐╗Н \v╢*й┘ц╒мыс╚ўм▓╞} briAТЇЙ│З/W<*фе∙I■├ZЮ{╟ЄdК╘хьoяьМ;3Ч│$ъ9сВ╩┐p┌3? ¤G╫╧ЙЎ~М╝─-№ЦPЯXn!]╟Ф▄Ъ&№у├}+\=У|╝╘ОKh├√╧Мп▀┼0╜3м╥nЫ╘╔gюС3XM╗эq|}╧ ╨([ю√Ц[иН╖`╒w*pA[ ў д_у╟┤XЪцGп=^┤╦s╫ьЖ7Й?ф╨7Р╪ўнЕЫ╪Q┬]╫╦н√Y,╪┘ ╕°┐L▓░Я╨м╫Є,mR│┤▀╘Ж√ vcя═н;H&√D╦Lt2:Kl\yЇT│*▄╔=┤BM▄╦╨)╝є8xГaШи¤ч3Є╘1иЛBчз#Ме|з°єЬЁ╖╩/г╡"5Є├√"╤∙u4 ;─ИБкєСїВYxг (~║ JZ╛eФ2Р╫n ceQ┐H``r╚╧RРg лAзCFквЖ┤t═QzVЕыGxзў[@*+aЎ)=Г│<╧┐гдїk╣їЗ╤kйўЭWгз╬╫ўЯЪsЁAцЪ╠ц[тifЧ7*╬¤F 9У╗Ь╢▌G╛hс╣9яKПДy ChL┴╚╪БZЩЗ╣╪╣┌hЖ┤▌XАJa4db╒Є№ЮY ╕ ═КiРT@Ў^а3╢&чW:LЦ№Ьk K▄╘ЖIV(рнZЄ9eA╝Э■iС2схЕ╨U3ся┬Ё┤°HИе■Ц╟a┐оЫ[7v8Ж╥┌Р]сIlф ?п┘Е┌и0╘gШ,╡┬АЮ┼j8ikб╤ЮyBЁ$я═бb╨┴{sВ┬╨Ж▒ ЁZОzн%Б ▄▌<┬Й°MчВo╣{▐╝< b│ ┐─д╙┘Ф╤0Ъ╡6n▌ОФK¤*Л└q{lx▐А╥┘{;+Q▒╢Ш?с╝╧iИЁ5cm8-Cx76к9/й║К#╜■RP┌vн|╤√kЦ█ФDu╡Ь0i╡1пgLшГy?ч║c8N°РW\∙`▌АY<Жv╓Ь¤ї└к╨зО╚Р*╠гQВ╘kШ┘,,╝'№ Щ╚їFБ_:╔X'Гjє┘Qeь@e▓k!eЫ╙пVШN■вwМ снCqю╕ю>┴5,H$╠RiЮХ─y%]x --0 а9{0z┐Ф7}jСЮ∙f╓b:диXє^╬█CЗ▀└{o;яАdNїМ@Isfу p·°О|{╛ ╨А=_.x┼:╧Ъ9╫k▒ДNП▐ Eq. ^Д│9йХэ уэ╥▒\щ√╨■M@▐Я@┤чb╒°1jРs=НD2у\─бВ╛╜Ща░vxAр═│бёЧу aА&Бc"2ШBўнИ▐х}ц Y~├U0x╔ьч┴iУЯЧЎ("╘Ри%█ёd■QЭmУЎ Нл╬(ЎжBk╟Hъ.nб╦zХС№Аj║ Єф8Є9вM$Л│tУ;ёxвЬзtтд╥Поп Л Dс ╥y╣s8J▄┌чь╨dЦMъC, DEq╘ЄRмУcx╚@· Ч╒Р╕7aTCx ХьdЭRЗ╒Р7LКO#K▐yШ┘МтG`йd╦pPоИ╚+▓Ж╙╧Zе6┼Hю┘ыю9раГР LЇ ░╬nф3ъб(ЮН┼|└╤d┼нWDк╓NШrXЗЕ[wHЕoю Ж╞C/г)¤}В81Е▐ч\╧и#CiS&┴Ым╗?Ш!~G.&"B╕л/,ЦD`N┐╢╠hT~Ovиьи8╛%ю┼в╡p▄╜Й╥C;чzъ▌!|З╩эЭ─^Ъy¤░Ч;N)g!ф&-юТТsB-ВW╨У#▌vп╞Mо╬HIжF╩╤╟УI1p5╚ЛgЦHў L╬√ ▓░Ш ДH┤╦╛'єDЮ*dПP+%└ АЬ ╝L╕$└P+! °╕$─0└*└%╓3(P╟HnH l╡lЖk╠RД}%▄W▄еР&S&Ш(#<иG╢уЦя o╦$и▐uFр_зЁ4ёЪЫ┬r|hX┤Omr\ч№┼I8∙вUй╠┐К<У5╚c!@▄UК┌╚"В╓ qЫЩhs`,ЭрpцоМЪа]▀ ╥T╞яqР°pVFkт╓}C4dzх╛xG\▌!P+Э╜ДЇT|ъ╚ъOz °┘сBыФ{Ш ╣оЕsп?GK vBлС▄─#<╪KmЄАLП╟Дз├Sbр4Лw┤\bЪ |Д▀-yцдР-1`i 4Д6J└NЎI"╛`,┤bї╠O!╬┘╡g╔┴юїўСгвh╠▐9Мd■ц╠<'Е╛CзУw·1▄TuЗ·╥T╖}═@Ч[йщB+p√ЕHЧQFєщцhA-╧╥т`оF╨<▌GRШmхмMБFHСф@.ЎОо\▌Щ$}dУvё╥^ yн╣g═Z╗╖0E(:Сы╗┴цЭЄ"я<4№uїЛ╘■.""xя╨XLt╔╝ф│Щ╗╕З' є(9_оB╙вЕ,ьvuC KЬOЪy╬т╔>╟w╔Р╗ц3┴╘cєZ6Ь│HdС)╫Б{жЕ╛sm═NR ▐г,B77╔lцяVvЗЇх│л Ui6╪M▌╕<╠K┘IPсе ]?Ф▓S эy╗╘▌єЗи3╤8e▌Ю$x∙┴Ы╨цK╒e=жш√}0 В┘┐r$n"И'0√ўv'╧vр] ▀oЧц╤>оЙЇ╛│_%>═Ъё│Жл╧╕┐=аЬ│#vL░╦г}@$╞Фxє╬ ]вnЯ°ы┤єDra╚эP┼НРU╥|╦Cа*(Dж√2ЁЖЎJС^h,╜/x╡i"ЦHТаГ┤!Ш·ё¤d[╜┬г¤бЪ`┴╣а{_0№=Nлv_5нлч5W▓FV╫i}дРJМП║Зt▄O|нZ┴ko5▌С└LB░{Ё¤ht╫J┌Э┘.√БнЭgу╓╪еф8O╫Q▓╜Ур╛ {▓twU №ЄНhю]╟8з▀МшI tReВxГ╨ЪезгЖ╗@ф╛Kor{b╖р╤Рлz&┘=Мs║Л┘%═.╟n║ тMdсфcлФEi┌_┴гE>┤{╡ФR╠ЎСE╜д▀#rvУ?Я№g╘Rз└юъ╧р╬╖n2║R▐дAJVCё@np╚Б|Ж▐ЧE┐;ovо╥┼нIа7JJAc7]^└г4E°-СW{■> ∙ЇЩ╨#Ё╪:ьТ▒├&%EЭr ▐▀iо" Vеж@wвZ$ўi(Q╔0bЙ┤ ExЛ Y√╥=╣Д~╧т╤╓П&|╣m∙Ф_0э№jшЫVи└сZЩ│o▓Ч─╤Ъ2ПТ█3зwUТЖЄtО?Е°eo%Є╦цЪ┐╘╙√є╥Яdhлч]▀┴√│iBQiТPt?Р~ПM·╪|~їpй▀&} Э╖I Erf╗wьu╝yQ╖┴╧лчшфГчРn;╚-_°Q│▌ Э,jЭь╒W}~ -╚ьD▌чФ/№▓ К█erPGЎ|r╜╣)╣▐ЪЫwт 6я┤э6sАs>DH╘o7ї█ЬнЧЕЛЪГvяDRЪls█╣lY╣╟иYc7яY9╫ъБ╗┐°Щi^R }ЛwхД╠г▓x╠иЇ▄"ц^i▓│¤v╓gУ|╬цЧAС~\є╔,IsнRc═╦юГkЗЗ╫═Э=мяЩyNpЮ╘└Ї_!KuЗ╛+║п;И║ дaП╘хьV├ЬГч?лnВg·▀ЛХ╡Г╣xdY·┌юЩtпЪєNzбNв√Ъ┼ь=+╬<7 ю>▒@РN├ф+~-H╕PDх~K-л,IР═p`@n ╚Є╠ўЄлаеЎЮul ▀у╛єшHп2█ЗG▀:Аы%┼фшT,эОx│rsа2ї╜и╬УW╙Є O╥Г▓ lHВ9ў▀C■;┌┼°Щэ╫<ХсЩ~╙RBkq╝s·ЯW╞Ь█Co%lYБ"уВ∙(░ъBи╨$Ж╘КИ№L є▌}x╛PЪ▐[Д`VТ╨J■ГКЮWЕVэ■"FЩ╖П■М>шаё╟+ўyl:йЛП$╔AKО№▓?X╝+X▐╝3╝O╜smЯ\ПtU╞єib╬╘ж╕√╓МК·АDЩЭВ и /▓fO╦Ы┤╩'г6пhL▒{r~9Ю^L╩o32ўgvЄжO=1╥rdl┤{Ў╞uЁR╓9╧ч║О█╠зj╛░Km6п▌xYФ╝┌╠эф┬AС[Б╦Ў╗;y╬zBJКхеЄ$ф╛.тQЇсиF░Nн<Иk╛ящ*iК▓У,Ї╦^▐фsLГ┘╟MgD?8ЪаqGдЇ Пм_Ъ¤╒c╚ЩчqН┼3╥b╓Л=╓╦|╝│ Е4GhЛ5{V%СУ0]жV╬]H6╔Хъ╜6R╜р-Х╥3*╩~2√9ч|rЇ=╘╞хsКxМ{p"~╛9['Я9Нур#уАЯ@J╡zбh&Шdха╡зlE√/│╙&∙э▐Еn№p ^нvж(ы╗ЪсВй├УyIгC═ЪЗ▐#аtЩє0+Ш[k`╛ю╝╒Ч ж¤oQВёёjЄюsВ?а╠з╝`─Ыр┼!xЛ(?╢Ы&я╪=6Ў=Ы╣gх ╗Їе "▀▓╪Tаq)чЬ╥6┤k3яо∙▄Ж╗Ы&В Ao:Fт~d▐9дя ░аIOY%!)rшю╚}Тя;A·РшЮ▐wщ─Ў9юб√╔ў║а╢ЎЕш'╛ u╪Z│ТXjЕъК2Ё{│"№ф;Sl╥Зфh|о7┴)╡Y=№╣\яэчxюЭч╖у 5Н╬Бa▄гкхуё╣цоъBлчЎ~└w▒┤ШC┌kХ:L]]▌╥░ще╜6яэ¤`цє]ЗёЁГря6Аб_╧{n ^:╨uЬПы╢!ш╬ :ьqфDЇўa╓╠Nа╨ЭP{╕ОшlНф▐JxЫy╨┤╖KчAфbx╧Э¤]=▐[У∙оn>n┐=╬.9oB╨╬ььъЧ ,Л╥П │═ДЛ═▐б╘"№АDn"L·(Дh╙·iЧ?Рд№блo╟╙}їЗ╨V▐╦Km`/UZ3█┐│po┘┌╗dЇ°F┌K]S{╫ЧР╖NКsА%:╨╣?╚Ks╟в/c%ЦQЗ┐[╦╫&k░тw ~ЫdС82RR ▐ >j(0Nз═т╔█iбЖqU╦╨SW╥8└Нз ╖тлр5Нр%О%MЎl}/FЫ┌BюG['▀ЕЛ&╠5LшF]rS▐&5▀└ТБ%╩=сл^▓Р5╤-├Sс╖рЛ╖╪е▌╕╠ Ц:кДnx╢╩╟qs╧}ЁIk7Лэ▐─q┼╩V╨!;g▌- ╒ў╩ p╩■ашуAўсБЗў┼R┤Fўф║█mdжЕel═ЙнэФE╥иАлш°¤НрE╕я¤╬kЇ╠░*у{n Эп%^║ АUt ^ЦКФъ!▀7Bo=гаMl╚╬ЖЖrБ8exб╞)y mш`╧│а/ОЇ<9h~вд(їе}vйЩT+▀п&ф~@Mn░Q YдмлъБ│|bЧуч╬пЭSh.Ъ7GюU"Ч[$?к╓▒%їAжц╬}ИgDц <@m╖7ж!.1_Бqjf'о╒Т<╚а╩Ё&ZJ°QGП=Й/╦_Ь─{╩еПu┤┐д╗О7∙?о%c▐-?Мз=[dХ▀▄┼Kз╚▌Ц>Щ▄'¤ёlя<╖Ує└╤№Фa═ь#gкw█Бux!рd~3┼╚г)▀'цв;_(╕O8омg"ў]=!░═6╢еюБ ├╣И│Ld7 ░r╖y┤U Ё`NХ_$wXмэ░╡╢Р+░ИЕЪ1╚чбїy╦М╫ЎМ√┤Гь╒█╪}uл5╫2т-XoTХ∙NZхGфLЫ4┼╪єBдП╢VНС@чI╢ч7%НJСї7ъюЦё┬NШв╜I6┴X#░t^├√t╡R!├D▌┐▄&м╙о─дHyБ,8╝КД67Wq[GAF∙i]Щ,xo╦P│R│LY╧Г№їAjЗI√э&Яря╫Ф·ЁкпаЧ_Ж ъoKaъ│,┬_QэёГ█Ы|йЎlбЎъЛRВkГA(6 єЩЪ YMщA╥рmzТ=@ Л$m▄XJ ■Sцгe╩<з└Щ №╣G/ЛЮпВй'KФ∙LБя+p╗_Vр_°и╫(░\Бў(p╢oQ`║F`ро?║B:и№|d1╤┐P:3ф7lH╝ў?ФZБjH|hX▐мъЫAWбЁ7<ъ╜oярЎ║W О3ў╙╕^БН 4(░ў■!∙Зрп щ7°'ЧХUj*к╩ЦN╕╘√ю╤Y бЮ№╒)pC═Я╒√Я╩╤▀╝Є{╦+j╩ ┼UU°▀XЄU╦+К╦E├╥КЕеJ║!═2'Ч╖═61╠ЬХ┼U%e5Жк┬Єe┼б╫sю░╬ЭiЯ3▀─фVЙеЕeЖ▓КъjCEЙб║tYyiIiQayQ▒!-╧>'?▀ДэTИ?Ъл Ь Є-/6TW;╩DCi╡Aми0Tп(,+Г∙ПMЛ+с%а[╝╘Р6o╢%ДE╕╒ех╦eЕUет*CZ╛m╓lеZf╤КBq9`Яf║┘РZН ;jjuZъ▓ЙЖ╘e&Г!нкX\YX6" аmГлсIВgАЯ┴УсnАчс ╠$ГЯ ╧rNДз┬3с▒NА┐Бз╓Gсл╔xя╘ pЮFмg4╕╔Ё<сJАысyq°8<╧C°)АЗчEo°<АЕcf ЦX ╧·<╨f ├┤aаЮnмр<ЯBx1└i╦/l рГЁ|Н╕ax9├|ПaД°▒o3<е є<:o╕тWр│C╕`√╜@WwьX<╨Lсчх0ююШQm6S°C%├,┼:яГ:к`!lhкЖ▒├<YН╦GP!<П@╕рfx!№Ф,║·Оe6└єц°√└єАg╢Е Э7<bА{с∙q╕oМ#Жс9З∙яЗ╛┬г┘Б{0 s╞wр■ ├мГ'aю╔р> Мї ╧┬3┬╠ П╦╝#Д}w┬У╢у ЦR√щў_¤сЮлaM╢Чфt ╟Оbt▒Лc*╡yЯк#N╔╙(╥2;@яЬDї ┬бяП@┌iх=┬pб6у57─лcЦи2╪BсD▐к└╣ \м└*>xdp╗O(ёН lQрз №ZБ¤ М∙JiWБi Ьж└Щ ,Pр= №ХEоQр├ №н7(Ё9╛м└- Ї)pЧ;°ЙП(Ё[ЮS`╠Q ї ╝\Б?W`ЖoVрLЖ~?НЕ S╟ч ╓R\V,чTХКеEЕe∙╩ЩМм╡\,оЪ╠мT═*эЕ╒вХЦ9Жё|▒░JtT┌╩K*xf╡┌V^Кч_Jя┐и╓╟╒╢jKvN╛╜╕piЎ*▒╪  ~5─V^ФХI╨ф:╩─R╠VP1┐tiq╬Є┬*жJЫ_,╬+_^X╛┤мxй╡╢и╕│╧,-lЩ╡∙e┼┼Х╠│┌В▓j@ьО┬2G1єбvЁ9Ё2┤╤'N└CИ 5PPnХЩ╩,ZФ│и║▓╕╧х,вmVсnювEЛ╩КсУ╩┬e┼ЛJхELжоX▓и╚Q╡hEa-MdцBъ▓b╧V-лfЄ!ОЗ К╦W2оXвф╝Л┴J+╩WТў SёъbqQaeх"qU%°ОE4┼Q]\еЬ▄■gнXZV╬мВ╨КъeЛКk▒┤ЗYTDCПCиb┼ └Хa╢3ЛаT9°}Я2ЛJh┌8Ц4ф[┴8┘EeEў2&╒вКrR|ЧjСгЬд=м.\RQ%2V├(A ├<пж-╝н.йм*-KШэrИEL│║дкъюPЧ╘└╕BшМП╬Фc┴│SпPъИ╒м(^QT╣ нwAў└┐╓рYи┬2Р>M╡Xе╦║├e┼°9Ж╩ЛVT2EЪХбжЩ_kjКк╔{ж√ ь╣═:w╢╒~¤фЇеee(I▌ │Ю╒+Лк─v √~Y#▓.Що╫╙Ї╞9:╕ё?Ю№щў╙яз▀ ┤▀D&tЖ[Gy┐L√яЄ{Mб№Хй4 фй,╔ V8 O┐ Y? FFCB:v╓ьyЖ│∙┐╡QgШ┤т╞)ЁGtФO_V\^\UZ╤┬квх╙kз▐8 _.3LЪ3┘0йZ\:}Y╣ШTR2л У&UVоШ^]]9iЙгдд╕jюЭ>ЕIHO┐&]|КkЛ╙ЛШыЦ8J╦Ц.-нвБы▓ч┘ьЦыVДО@OZ95=#=#*KУмЛjJ╦oЬrIюV▒1Eh▌к▒╒E"гMЫx ╔║╪▓КЄeЄ╟QОVQёRШ;ЁFyГ j№нл░p)мо┴*1╛,х^Иkю└U▒╒╦┴КRЫFлАp}ZЭ │kbЗdМ╜.м.'╜╨ъЎA┘ШE╓9╓╝█Ь┘ЛцZsц╠╡0Oи KZв6▄s╨U2,ёТ#Т>│ммeїA·Bг╗Jй?6бj╓E▓)G╦їg├┼аmьl╟К%┼Uy8Ьр╓T┴л╧i)СRшиа Н~Ж·Лa#▓т╞└─щЖ!nё°Gл√#№MXФ3gvБuA╙б╤лЯЙI▌ ї─цe +щgcЧт  Ы7Щ&d─ц╓цTЯ╝HуSbєЛЧх└√ЧbЖ}ёй╖@№e┐уVИ┐Bу╙0>тi№М╧В°л4ЮЕё|И┐Fу┘▒VБ╫iГЦXKUг~Гb)@,УQ┐IcyЫ╠и7╤╪И]╧и7╙╪bИ▌╚и╖╨╪rИ▌─и╖╥Xeь▄┬ZF╜Н╞jcчAь-лЛЭ╗bo╙XCь▄%{З╞cчVW2ъэ4Ў╝Г╪╗4Ў╝+e╘>{jБШЯ╞6╞╬Э╩иЫhdKь\3гnж_ь▄Lш▌kГЇn'Нu@ z╫Bc√!╜kе▒nИMa╘m4&CьF▌Nc╜▒sKп]4╓Яxdюw│├яG┤вjnё▓╥jЇ\╒_╞─ПЛ╟WjО╛Bик(c╘GФ.i8Kё╟▓p·WJч4·у┘UЕхE╦ *HkGХЮF┐ЪYU▒В╝<жЇЬ╛ ЕRTVH1фm╕t@!ОЖQ╧╖═╬Ю3╟╬─мMмGЕУ}gБХЙё\Ж7"ичг└╟2яО96 гf┘(я#s~.г╟ъQэН─╥Мz<Ы╘└"F╬L╦╦Зъ╘yl ■7w#~╢┼ne╘┐W*└"┤╪q6┐ 9/Т╘├╥Fг4тЬy╢┘P╛Ie╥─2╠(ь╥ХHB ЧД║,щw*%╪^вфNХсЦXD/YТхfNЮ╩Гпд╛WЫ&Bzм╜вЖQЧiGь#JJ(]╢ЬQп╨ъwаКbF╙ьъrmм2ы╟`¤ясO b╦╨ДчB s╓жP|гVЦ`Ж╤M╛мН`Є>№╜Ь ОN│┤┬▒дмШQщ5d╩PвZ▌╖Рч ноДP6HК=╞во]РЫ╗(Я┐├║ИЯkхпcNеWпПYш(L?┐вj)гnд╩ЙЙ═' ACU▒Е╦h╩ocЖ!╩Ъ╪╣┼╒┼U+ЛЧВ0 Ожic╔Є╒Ь╩"2¤ЦM;Кэ°УжvR'mуZОУ║IЪ8Я:vЫ:ЙS╗Йу╪ЙТжОг─о_У╛ЧжyНч%q▀I▄{gfБ▌E9=щ;}=┼сrч~ц╬Э;wю╠ь╬юОЯ&╥yЫR.ч7l єЪЗkS└ЯD─ НАЯBj¤-ЯGT√[┐К0Д╨№Ъ `>╛-`ЯААф%Бp3DїяD+C@d┐ э Б╤¤╗╙├1ацў&╬1аш╦sМc@╒W&╟1аь▀ ╠нъ╛*0ўR╤{0╓│▐B╔jЇцп┌ъ1╞п ╧Уc'└ёЮ╖5б{╗╫░х╕ої▌°_Hjs I═ ┤IЙЇ#Ы cDsG_Н├e3|т%╜ъ░┐HMqDР■▐▒цv'ЎBФаЯ┤┼c('С$nщО·є@х│░_:Ъп├7╛hSФ─ф8ыoo8ШЪ И║╬k╔юn№д╓ Сw√╬jАr∙╔DктРiЪ╪Б ы╙ычЦlюzф\ "║~O5/тW╝з╗q ЕЎЙЛ│R╡╗├ш:эjнT├╚╝┌▌x?2З30E─N 1▐н`Д]7─ #Rл[aSQЫ:ШRS?щТЪ▌ы;kЇУ╙(t0"нt╖▒`┐▐?VА╞[хf╙PЕувЩ╣ 0╢╕┼▄4╣pЯ╔▓i┴:╬┤&f│SDZяnBU┌┴XУ:бг┤┴mgp\Clt7й┴V▌[ГuЙ °zCj0ЦT√B╛`(Azд'ЫъЯsБЎУъ▄╪tfжUM╒<мNку╟gqf┼Dр╘КГVє│Рс)О░1·X~fЇ¤"╟)(6Ухyе┐тH+ыФ@>═С╒А─ №3t!Е¤5▌(╗░0/ОиNC╛╠┴zFЗйЬЭc┌}Ег╝АЪ?СЭЗ)GммИЇ╒жj4@ 2L╬e└ГЯчV ╨9n╧▒сkM╒\╪"миь$ ▓_oк╛йЫ4#+RYOФ8№# о"uэ Эo▓П╒`╦-Ej^│█pL╫ЖсH4дq╘KWxы Xьcу3Щ,8рХ^╤И|ЫўSа╛█╝в9SЩ╣IЁ■IЁ╤90eЫЧп▒ь┬щRє╔╙s╟чgSc8`K█9Y)KdT╪╬)╒Ў$мZcS1╓7╞f╡ёbЗW4!▐W╔╨m2╪ZЬRз┘C_'iз╫╛qЕ╬g})ЯМ@4H┼#DСf╝ї╫║бВтNiШёК5$jCдыDнJ67╩Соў┌▄хbb,∙вЪпJє▐·С:fZ╓;nЖU~ д╝╖чхЭ╪╬I╩?!н(JV▐@┌В0ЯЄB'Д╔Фп│:З▄Jц;┼бz;ЖТ╪ПOз9╥л|YnфPЛrб3jU└░|З6(Ч!t3WwЛЄQД9t╣Є/▌┬б+|ЭЙt+З┌№жАЇ6╡+я┴╬rиC∙;ф|;/бS┴ p╥mъRV эvu+е;8╘г▄К┤wp)Aeб;9VЁ[╥]Ь│Oy є▌═биВo╔ТюсP\9Г╨;9ФR■е№ЗЖХBят╨иЄiФЄ╗▐l╣cд%SWЪ┬jЭ╠╘╪8є╣╫█zOЎ╡Ы.ю░zxMz╪[д╛ь4╕┼З nё╟╖x─рbpЛ▄т#╖°иp юъeєy/ўАП<руx╘рЯ0x└' Ё)Г|┌рfЁА╟ ЁГ2у╪YwG(2~Ь8:┘zИlЮ═iыт╕╩∙╟8\p▓p}q>G╗╩ иTжCЪc7Cx7OЬ&О.&дАт╪├А Ha├Иc/ClA*GьcИ+С#0┐Р-трV Оn~}∙Їшл∙e:@Г3╠·К┼|ц°B─ьgД.$░ lОkв{є╔ф╠№╔CЩьм▐=№кT╢╝╓t°°е9]нщп■5Ж╤═3╔тD$Ы[(Gа?pgи╪BСсВ 7╠p|З#─P╟Иd░│#,_╓H Hт8*бщ╖╟ж░6Ид№╛dИ╪нЮр╝▀ї┐А╢╡LP╥╤T$╒Ч@O┼g¤/Вeц`z@фиж[a%dJйбБxjД'╙╤(бШКt ;C7└sвУX┘╣Л╚xМЮad-0х╟+4 ├EТq_*╨GкШ°D"Ц ╞ВмЬШm"╛┴йF =╪?;4HjXцP:SФ╕Xщ;ИЫq@вЦ':HOtcщ"ї╤E─6r дЪXix╡╔Л)0H,CЪ└+T+1СЇЕC╛D┬7BV▒║ёt Т %Вбpdмx"°Хи╒Й█фФGш $─¤_qяЧ>╨╛ЖР▌l ¤]Еv░ ZWХ`╛z !{hBzЭBX▄;▒РЫ═МГ\5Ч+└Ф" ·G┤Ж╛$эG`Ц╡oьж;0juПЭї╬╤*Їгю бQЄtg ¤╟^▌ ПPЗГ┼▓¤у3Уу╫л┬}Tц?╫RКyhU+d╠cI1Не╟hГuтт! 5F╢6 j0┼Q░╬в╟i .╚╩HШф╥q┌r~YцUe;%ЙФ╪RJшYБўКнaЫ$═hWnАq`6W╕1с|Пў═9▒oЖ╨bш┴║НйД■╙Кў├ E║я№bO&d╖#.╠C└д?vтН]|ЕюЗрЁaQ▀XПт!`кl'#¤)╗-ьг╪ @Щ┬+Иш█п3№├А{ё┘╔Bв5¤~╟Kp°?╣ЙРgD,Z┬н9└ыkВk H[╩LV3УЇ┬║Hp p\┼═└┌└}Р°]╢u&№╛═Д╝!2╤ЗЁ▀ ё▐ bГ?┬у└є~O√e╛Й pЇ> щCя█шсKЙ4▌№T╛gd< \°й╟7Q╩р:``├/OРВDБ°6╪У,Ё8$>-сKВ8OА┤╨▌№3` ╟и▒а)Аy╨S)ЕЕюК·B-┴+╪ Й]м`7┴╤╡(2'X'╢рH√ ф ╗жp яFМгл╦Д╝ н╤ В╙т╒\TK85▌ъh═3и╪█АыГPЇрш╜═╒l nРЎЄ:▐[?Ф╚└h'№+G╥Ў=Ї э=i;щ─З!W4+АGh Д╬╜M ? ╚}ыЩИ-b щ┐KР┐ф■ЁM▐/кў _└kX╬VQн_pIc$┌+╨Онр╠╝°AzРЇ/|#рг╤1=нcz\р╖рcя■└▀╧iом%ъ4+■oi5t▐рпАщ+°ХBl╨ЯЁ$■Б @#оNqu╫ЯвwгшШ9>╝ cO{UЁ\жХё└Мl@№║9zpuG ╧+Ж0ГХ╓АIтЯ1ЙOUH|б$ё3LтM эJ|Q/1Ю╦ухЁ▀┼M?D╡]нСТаоНр}╖ tpлhSmюQ№┴M╩C■╦╔╓Є сТ% ║У┼Imлl╒ л▀Д┴·[╜ 1 ╜█¤q╨т жO5ЇU°З▀Н~ О╨+╪aU(┴zА~/АC 9qP№ЩН▄{:└z╨¤ А>"А"·╧s║▄ЦM<ў╥U/мqыVюЎ$о пЩь ШOФ6Їh7zшJЇ5bХ¤(HLNЮ┬b▓╗9ЇL╟ы0о╤DЗW╢▀З▐╘╚PУSЩYь7sp89╦Р┼FЬж╙Сd∙Т╜┼Нo.╢▄╫J`ЄУЇ`1░Р╧OfЛй╔уЩW╩ХdЛ╗╪-_SpdР0║В kQНИк╨Zl1А▓Р▐╬╞▄!▒▐Є,╧▄л╦№ь·╗xцB~аа╟жe~6┴2л╝|ПГ{2b▀Nк▌H▓╢┘ьLф}Ыё й0y╣У┴№9 {Рf┤я▓Шф┴(Ы╦OVИ]/─тр╡/г_&╦ўUe/У:`Y3А╝√P╓d┌QGYЙ├кЪЗщ└tсЖУx/╤┌(Qvч=√─¤tDт■Сю╝РГМhO*hgхvK├aaGU┼ЭwаУ* фИxК@Ь,=u#тYqR<Ц┌#№1■┐ЎЦХг*┴-рS5г8уQхщ▌*рб▄▀6·└сAw╘М П$+\▐#р╔aИ8╤бЪ#,┴■╣К╡гI╚ПЗk╬;z-Ьёа▌ЧpИS]OыKЁJ▐F[Пю▒`LА!Є_l+GCР ╫b╙шў>рщwyGлp2К~╞;·%`╞Г^х= t<\є╡г0K├wgР·+ьНшЄ╝6M&Ч7╫>,╬ ┘[р8╜ї58Y}┐\┌║╣cўoЇОФKя┌Ь.э▌╘О)╢ЫВ├╢┘╠ёщq╚4ХЭ▀V└о█r№ X╬р╞M■╟╣─йув[8Б╕MSNио▀╖╣tRwu▓-Э,2эь"╔[yчo░eє-я┼№ўэ┬4m╝╤э╚╤Ў_I╩╙╕/╘░sJ╬`=▒M ЄNd╞' ─n┼Р╥иэh5!╢aаз╥Г!5ш ╙╤Рў%R_яф├Т- Ж#Дъr%/╩e1r%у╤^цщM┬8TQB8ъыe╪·РX╦▒бa"ыр╨@,1ы╔ф^leЖpJ ─U▀`Pї'|Г└k√Єx¤yОd ХLТ*Ы/Ъ╓▒GЩь ╥щи/RcщTo Ц└к/"Ь:$b╤Xo:джУHЖ┌ЖHuЩКG*╚5e2Ц ∙щ╥ЙL'√ДЩ╚ ]#АА(зwМе¤║╢Т;'uХ╠Аїш1и&√bЙd0АW¤I╜СЪе╥Й┴$i╨┘.ЦNи╥`уhd Т"Н║▓cс╘!_Н ЗаС▒ъ■╨`( А│Рж2k4р-#ё5Ш* ПРfг▒"ГБ`(@VЦ▒╕+ж7ФPГa╚┴▄-Ф$л╩ЇX<е·z╙дE╫оx∙эХHи╛`0A.╙iНR#╨юЁo`g╢Y}rYc ьP&°╩░oнhЦd* hЕ╡║ОI·вС^╝Л╣:X╔ЛТdЭ╤I__Шм7т╤TРl0т№)▓╤мh╪ txжй B6щXВ╥I╝ю%ЫuцDУЗq'Ў^ $[* с¤зн║N0╟цє'╔хF╜·"м╤┬0┼жкщHWIсp"КУm·RjW√╬о▌и▐K%I[Щ▄ ╛Чр.)ВYк╡▌с╥ГЪ¤г1p@╝Йў┌/╞┼.║Ч╪vШГjаyx{геJЬFN╝ %У\^Ть4ТQЧv╒?в╞Зc ╥it№иQЩ9╜ЪКсеzr╒2,сDlА1эZТ [Х▀HТ▌:5Xш78v8.Ш┴╨]╞╓с╖ {Цф(СўЪzW<┘Ч√╔>│guт╬dT"├`иnг╘^v5Т\m╬╡гг+<рS}>h▓▀Lю╕jЧО|НЮ< ┤ЛyE╧2МF╟ЁUpъЖR┐БкЦ▓*▓iФ`E,ХaЄР/.&У ┴TС+6p╦x{о▌╥v-]ЪС├l[ЗUюьфйV>╫╢╕Km▐Z┬цщnл╩v3┘eЮ2╥О╫2╘\╘╕▄¤9\┌avo n0tи*k├h:АJ,█ko<`Гzl;├▓l╧├смe[ФлQД┤л╩ё$КТn_┼й~╤╗5t╬Ї▒Ь▀┬П╓╥НК╟))лФZZgw7┴rjq:ў КnДЕ╩^ч>чg─╦ХMOЄ `└Д═C%┼щyПУ┬^├∙eфя┬ ╔АpщUШм▓ЫIr^┼N╒LО|'╒Йкй`║pcк^м└н0Е[╢6Auj;u _╙▄▌LH]гОь tss─ГE╘╦мЇ^ CщНН╞ iвФеРъ] ╖▓СИY┘@P*!л0AHЛYc`╛╠CMu\▌d╞мй1Ч█*ь@╚Zр╓▒ол1╘k=Єa1╕1╦М▒╞Ш╪Tj.'зlо╤Y єn▒╟~'╢nЩkырjъхкР~гт╢╒╦▐╠.│и╢Fю┬Я╢у╦"█╫┬┐╞v│x щ╨г▒│╙рМЭЭ║·єж╛╩И┬L╗┌ш5═Ы╜╝╟√>?│╚nYЧ┴╥ЇД▄┐ыо│z┼ я╣√,%я}°й√╜m┤,жХ╒fЯlhБюNx╡zЎ~}оИЗч╗F ЭKh╘cи5╫╚чдщ&$·/╡Ї╧¤N╠3ьqbf╝|Ъ+(УЪИPg9.qзЫ╩2zСЫР╛%D!9т<╫тА1┐`ш│n╢иfA─pУГ▄ЬД─JН▓Ф тzє(╤Д$:ЩкI┘ф ) ╨╥m─╪шн`О!sбн╬N&їРlЁлa│╟ЁFAЩ▌═YE#r╪А─#yF╩е∙=!G (& ┬0мЄбо╨gV╣6║<▓14Ы├▓Ан<┌╚KuLЫ╓mэ╞ оh1л ;Юг2`:╡шV▌Iz=е▐с¤m= ¤√OЁ{ 7IУ╧р$Д■_g)№┐╠Я╛'█ ∙е.└N╢хччЛ№q√эЩь°ь┬─фo╚╛=WШ╕fpуJ╙DР╥ а▀c╤6Гoй8Щ╔fЛ< У>└o╦└ фЩ╧Oтz╩▐Й╔)тжйbaВЕт─lц8OOцєlя Ф0Ц╦p\.?│▌BqoКJhШ вШ|╖7 ╙%╜&є┘1T╩ZRJ█╞Y╪vб╦щ,жТKu┼ЄD}╞К3<╒═nкl╦dў│цУ)й▓hўтд7a╬MmM?Че~ЩJ▀вTЦъ=OГ╝╥Fхъ3ЄJщtЫ,┘жхfА%█WJчzv~╬#╫B┬VДЇI┘╔ЪР╝Z╢┘шY┘.╜С╩оYЖ│Ї0Ьи\7 ╪П│d=&?uX▐аI:*╦ї▓фСй═ ╥▄╟dI··SП▄ИЕРэ╢Ч=▓╥v█s▓╦F(╩&=eIЯ╙e▄ЛЇ│Вё!d┤Ї▒Eek█А<-7(!(ёr5RХGmRўgeщ└VЛмHchФа┤Z▒╛╥Ф┼╘ФmЯєX%y╡tсiBхЭ╘j~е:├╜6 ╠Nщх3╚╒яJ╡M·Д▒щ; m▓C:UФ-`1м╛┼v?"╬Ы]z╘VЄа6gБ█!}cБ╩нТcXоТPЪфlУ[!УBl┐'oDЛ╖БJw▓vРбЪВ*█юў╚ ├▌.пE▄Г└6"╦OО0Ц╒╧╩Є)yuш=З╦kчw╔)ї╦ ╥r У▒ПXмЦ Й К╨ОТ│жY8 Wб╪n└╢╜|Тємl};`keO?└┘Є╣Е >╔─Xl╖Б*Юay╒Я.#╫H▀%`p8∙* 7AЯФЫЄ└╖LА№hєЧX╦9Дd┐ь█Z└.\D√(╥╦┤ёИ│I/вЙ=А╞╓│IXj=Ъ▌&]а<ч#ЛЖS╧0еRоЕ╙0kZЛm}Х√ўoб╟ф6·╥@3ШТХ'хi╞┼3╜ пєPщ:х┤╫n∙й\3╘гZsXlяЦe *QЖХэм3Б(▐Pv██нVщБТ|╠КDщЛрvщ√фзP├├P╫)ц█PбO▄вАTє▀0 ,╧С┴░и┤В{╫╫╦uвзV▒єс]Ш╧&UЭ]О· zЦй╘╧·├╓aЩ~▄"CД╟XAЎСеc╛с╞▌°|v*3╜=││kD│╙╙Х┌Т№жХE╗=)¤М╨uыжG┌·зз█пОо[gб 4╧КЩ}+┼@╩\ЪЙ"+`!BЎщу│█Ё>гИФхЫЛЦ ╖cчЕn¤├oЎBГЭjн╢+╤2Ю¤L√<о╘╨ж═.AW╗хO.%ф┤ЖSX█╢╒"╬цЭ8AWП%шR╚M6o2Ї╗▄┐cё╗╝яФ|о╓;м>╫Ц█eЯл¤6Ы╧╒їv{пы<Х·-WЧяiW╗я╫▀_╗Z}_ry¤╧╗▄■P╦▌╦ТM·Щ╖A}ЖA╜▌╝╔╔L7я,z щ│/┌ён|Ц╧х>kё╣╝╖JYЧ√)ЯK∙+Є·S╒Ьк╜┼2А{NУ sD█ czс%╘4В√╨ NТ╜Ah╣ЧВк╣Iь╖к°8н*╛т:╬6]ЛЗd}│Щщ,~3Ч d▓є∙ф┬ё{\[{8\ЭbЯ┌-|63Ш╔│ЭзЕNьЙo▄МЪ)ж{"▄ЇO╬╩T╗n>═dпЯ╠Чфг!°nz╬╪s=▒Й)лэЖRs┌vи╥╛kуkFuп-┐▌Sзз&┤\М╨ЬU▄м╒фТ╧Ё╝i¤s ьЩUёDnl*єу╙lзпlЕ=EcЪЄЧtЪ└ЧX░Ь1▄/THЄЫ_=л=бЬ81ц╦NаЬ)yГxMApv╓№ ` i?зеk┤]у$n[ы│╓2█="¤иg.F╥е╡в>м+JK?a)щ yС|йМ╥Т,ZеOСЫ╧¤{Х╥ъ■МH|ЯЦy╡Ї/╡Эа$NEй╡%ЕJцh┤ЦPцBXДРЪR╬ФЦsE)gъbъщ%м╨┘LKo,5╧╨ы"i)I╥Тї:Chi╡╠f╢а╠·Xйfи─Y"JеUqлУСm лPЄЖF╘╒ш╥\KЪI3└{┼┘AJА+╡лр^вжФ°+ШОЪЩP#НнO│;TBKЯ.eMV*QЩМ╘WQh║2▀╡ВxgЙй┬"Д,ттrLe6MU;)РЭn&ы4─═e┬-Мpq7ЧыafБzШnй╞╢Ц├з╩ю5є╪▐Ъ0+╣я№тТ!рBйЯ[K┼╛yN~uёЮНyЯфїy5рххг▀Л┐щТ─°єZ▓▄wVЙф■х║!цЬ╔y╧Щє2deю┐_*я╥: ўя?█O[чi^t^Ь╤Шн&0 ┤и■АИ▒КєўEП■е8юЬчq╛WЬ╫╗3¤┤▒ыВ8Ыc║∙хЩг╙в┤4 Ф└g─yNЬє&9oU▐ o┐6Ў$~ёАР_┐ ~@K▀ ┐ы─ЩТV"]─ю&№Щ9╞├0ў|Щ Я┴IT!·yЙ╓АO|U╔Є<bтЧрAПm╜╧V|\╔╢╩s 9╕ж╬°Tп)~└щ╝}∙\wP|ъЄ<°$у╜Ч╨Ё9|дКъэ№mdZFgЎ3№╢ФtfKoВ╧{ы0м═╗ ї· ┼ўгш1╪Я║D-ъ!qпA├M|├эЄ╣·-°"█хyn░Ёk.e}╬ц№%,Ў░▀▀{ лBт╡eфhyo0Ф■П|QюЄТё╣═▄%x$|qюЄ№ьf<3╢е╩·╛Їo  ─] pWu^¤╪Цd?█▓м8f╨А\Eqь─%nF╢д─bdG▒х─uЎн▐[=н╜яЗ▌╒Яёд*їL╥РtuЗ╨║н╥Lж5 изMй f├дрi=4эFS\43ui:d└%=gя╜{ўю┘╖√№P╙ЭЙ╡√э┘√Э{ю╣чЮ{я╛Нцлр┐жЖ°╖QЛ?mb╫√2├ DПfЎз╒ЧycЩжQ▒5\fЭ/╙╘W╠fР╔╢└}_fw,╒╗x9k}Щl;УGўШeЫЁ╫Б ~∙Цжr3ЕвU*№Z╬ёF═ВUъ╬б▄эPNзпiз╓_+нdzДМ╓эЩ╙Ю&ЮBv┤Й·hw▐Ё °Ы╤Ш-ЫbJюu]№█  -п&3═ к└∙2_жЕ╩TШ╠И╞айбГЧиh╒∙л Л}бAXм8cT*╠L№и8V╔Э╣5тt.V  ~ВXм7░╪G┤└Y√[lZыа2▄b╢V▌b▌WHkеd│ъbКп>2Ч|м╥▌у  ъю_ЫЩR╠Жx№╢рr┴ЕЮ C ]g╢п(OЭkY,hЛKA[|■]б╓Э┤Е╩х╦Р╢P█╙Чсm1зе╖┼M┤E№╗Т╚бЭ;W&x/п╫▄rQ/"╘лSйWDЖ╫k8и╫Z╫'╗D·ИИЫфєYн║ЭЕ>є ·рё|│╨'╛чRЭ╤/т#Ы╘9ж▌╣╬ХЭЕo<п ▀ИСйHц╪ъР╤▌whдыш`▀68o╤т}┐Я&╪GwM╧p Ує╦лўSaЯ∙└>t°Ўщ╒╥█tVKПcч╡t√\╨к█G╘╜sU║п.╘рл7Wпъ╛ЪM╨П┐j·─√*_╟6Ub▌U@f#фt^Зj╒╕╖0фы_ ┴у▀бЬ╩Кш°%эєв╞Zе>√╠Ў╔P▐ю Zz╠╝дUПЩм_ їя╫кў .╙╫Ы$├╟┴NMXu?н╗_N ▒мRО'│ўhк╠╨▒сtЩ╜╗Уd<█э:vьX ╖J5q^M?о╓╨wfW,M▀Щ╫╥√╬т█и╧ВЦг№╢ш;Ж^Ь▄^}{╡TЩ┴c=щ2{;dЁЁc▌ъД8_4╝q╙qfWд╟yi├7с▀╒к╠R┘РўпYMш▄█@Є1.kщ1сЪЦ>dУь3VqL g[к█ЗЛhБМ┤X╦╥ММЙу╓X╘╥G╞ы5Xc>┴AF╘▓╘╜)бw'шГ╟╧ЪЕ>╒G╞хhШХ\╞G╢ЄТ`╫а @┬Уs/█@ж▓*<Юю[╞F)s`лН░x<ЖO%╚PлЦаN╖й╗ л╞Нз╝]j·PПЕ}ЗyT-З{╘ нЖy╩Ъф№ $iM^s°╚\╤┬Ц  ├н╤╟╩AоуZ╘├o╞ЖW\ьхЎikЎбs"aЯ╬ЖЇUИlВ}D╜▓нK╙у╡цM)эї├eBЯфёBъ№хЖ_e╝╕ое╖EgC┬Кў∙+Нв^8;Zе╩ЁЎ┌▌Р!Sьє?аHч║фИЇОхLgщ╧└S∙u8Э[О?╥в╚XpЪ╔Дe~Р∙L┤_0}Pч╤╞_%╢·yoDЖ╖┼╢а-╢Snч■└╬[h ёуFk #╤·Ыщ╒чц┘Жъ#м╨'╗D· k5мo·╨╡gб╧|В>x№ёrбOї╕Кc╫еїa ∙*z╘e ╚ВВ№' =├╚JH╤* ▓РE┘Hg[dб-ъл╥Ж▀o"є╕Ы░a%бMЕпО╘рл^рл╕Bz+СєcBТoЁХф─JЄШq╥д:} x·},R65tk╤╝ПoБ╠у╦XПijhгЕр·рn█w(hd╦э\┘$ь╝Гъ╝Dv╞уMl},i?ўApўГэГ№vl9╕╟!v6X№Q╦v■╜fag█-фr;BkЎ┴┌┼жещз▓юЭ▒:cЫ■m╨ж┐hНоєуБm·GAЫ■~l9h├м&lИ\1JA╤П,э>[ОW╫ж╟▒Ы│Oї╕:WK\M╨ПУ+Д>╔∙Ж╘∙~нZюЧ╒╥█4Ig7fk╚¤k╚%цSъ~C@{ї\bмb∙╗%A╜|ЇIМ┤Ы├єЭO2л Я├°▄F.Т┘F╛HVA~М2╖ЖС╖щщ #mРВ-╛;М▄Hяmaд╙┤ўЕ\ЮZTРУА╠╜?М|Р┘ДСз╣╛=М№)rэ єВvс?=nW█Л°F╠z┬M°╞SБo╝Ae╕o╝°╞%НE╟РМ╪kk╛Б%>B╩Є╟Э ∙┌чЮфр+ ╙│'<.Р∙g@оьЙZХХМь5V[Ю╒Ци╟5ж╧F╧7╓РUолn1]/ф╜▓б ▀Ыl▒В5▓+D9╒gЇм┐Х┴ Tu^*√poЩk·V}п?иW├▓Ём╩>vЮ┤╣Ё14є1▄┘}┐*#ЎЫД┼Ў╟zР?$°бы9%█,i┘\ї^╪''ь│Н╩pХq╧.u▀su ceS √▌M5ьчfк╫}*ч·uЯлбюsA▌▀√^ў╣ъ~бЖ║gъ╝▀"ъEkAu╓║-ъ║╗kЫГ╚.╗)Вь|╣!В▄u▀ЄсьЧыbя$ьy┬■a  a┐R√V┬~Ь░_$ь=Д¤Х║╪;√a┐@╪▀C╪ыbo#ьCД¤_}й8ъxхйЬ╓9^┴-г'ФuдНА╠)2яфL хрtYЫ/ДezV)їя~ k4kb;OЄиo╛│Я┬ч╦gГ∙r/Хя7еп╧'╠Чё╪ГЫlу╒э<Х;G╡╣qe/ЮZ Р Ў∙n∙M═M╪gоЖїДлБ}b╓m─АMщяk-ж╪ч0╓╘J_Ka2X╬;5▓ЖFъ^}ЭнЦ║▀hJ EX[s ыHыУыЮC▀8Q▌7╞НR▐6й│П>zКy╦sАdD9>ЄнЄЯ┬Ж╖jd┐Ы█p^6╠Pb├ъяP57з█░│╣Жў┘Rl°cиiчЙъ■Г╟гИ5:kр√yС7╕╕5j░╞| ╡&░F╠[Фтm▒м1ЯbН╨хzК5ZёїБЎЫоЎYнUыqЧ┤V╢k░╧╓цЇ╒╦сz▄bК}▐ПU9ЩlЯ╗A&SГ}X9╔Ў╣в-Н}:k░╧ёZ"╥Жd√┴║з╪▀pям┴>Щь│и-Н}║j░╧x Ў╔&╪g╝dёН ЩYНyу%иe(√▒%и{М╬╝ю╫╡ЇС:▒ю,п█╤&ЇёwЫтdh6╕+Agк!╒'╚EI.zНфв¤d■uОоЎ╘┼■ a┐J╪wЎ'щjO]ь √9┬~#j∙╗Ў,√y┬~Ъ░┐J╪▀$sР▌u▒╧Ў_√q║WB╪G√E┬■|]ьGщ^ a"ьч √B]ь#4g#ь¤Д¤,aб.Ўa║SC╪ўЎ╙╗╚├еМ╚├CхИ7U▐╞<\·$фсд^╗■_u▐y>╨╣zN2╘Ш*sўвMc╛фCъuS▐rЕx╦K$FuС ▀#9v}ьЧ √┬▐F╪?,┘∙пH>╙єе,│Ф?&9╜Zh╪▀^oгoр1╖:╠Е3k*°' │-a▐Н╟ч@╞KЩw_ЩWоъ_ШЩOШЫы·t┐4"╛Ц└Vъ╛ %/ЄзЄ "╬3фЧАИ}jЖм5Е?3ф=|щ┐1@vЄ╫Щ!¤А╝дФє y9╚UЩ\#╟nЖ<╛FцQН°жещ8eg1xяП╧В╠A9║]╬┴|-d╓╚╒Ж|Н╫beА\dxE╪> с╦Їjo╜хЧмO█°Eё=&єЛ5r╘cHKл№ю C▐┘╢╝Ю3з-p▀l>мсЭ ╙█"dжrо┐OtIйщ!NШ>╛ ╔ДС▀с2Т¤╙нbN-╩yРsКх┐ф?╒*чхVц╦yн5ZўЯ╖╩QЖ█ъ┤_Сi_╦╛к─,п{╢лCO▀Ka2ўмХ_у▐ИxOЖ!ПоХ3)^w@:о╙kхZC>╚│JM?│6ZЛ/rQС∙* ╫}■im╪[Кf1WЩяб л■ыZVк┤№ ,G╤зuЭ№^oўuЄW╪ d8ЁДвaГGk№н3┴urЭ\НлЎ╤МАзЖ=№▒ur■┼Р'╫E}у@┌TOX'WЁЄўывqу:Цгx]KЖ¤юF>ukЖ¤ъI>u; mJЫ~0#╓[D╜╥╗,№╘╤МЬ├2дРС_╖рq##┐│─Р'Yг╘т│АlSd╛ШС;╬ ∙ Э-av▄пы jaМЦ∙FР╨?╩╕а┤щ╓Зї╤ї╝mы║GZьЮїZ^/3XЖШых/Є1@цTў╦щ ХГ╗"│К> ыгэї @║ВТs▄╟v+ї·■z═ўи╨x╚е {╜№ЎCVАзЬVd6ЄВRЛ.@v*2wl√╪ °у6EЯр■PЁ╘a█4С╣вXь├Ш┘Eд-Лх╝9пhX▐└ZFz┬cdЮ└РП▓U╤Ё@о(\╧"▐s`╚Ч7░6Х╚╒ 2╗Ё#дЕуrП┬ОїюQ╝N█╚Ц╚║НЭ├╛wc4·▌ HптG╣жЇJ№∙╣└оU(╢xЧX╪∙гЩўJЛ}r#SЛqсяr┼ ў;S@цМbН┐Dм╬qklМ┌ЁИ(5mВщB┐b∙   СЇ▐wгМ┬їАМ(O}Р^ефгАlWdL^r(f╢1;Kл~РE┼к▐╞Nе>╚ ┼╬▀kУя1ф'mтэa▒7█фZC6l╥° ░Рy 7ВЪ┬╕ГCтo_ Щ;@&п╘лw╦1еЖGQ,fт)╚щMс╤П'7▒▀¤Е╞ўS,"Й╚C9F╢Lx4 <╡U)∙o╔(~e√5ЬФ∙■жpщў#ъспГМж┤Ec╗\▌eH{╗xL╪ч6@║о;┌х^-C·┌хЪU#╦Я цТ¤(╚ЬU╩)╖у┐ЩРЭЯhПОD╪╬Їх9ф╞#ЦЛ╩■ї|╗x▀Oш№ЧАlW╕╛▐.▐╩2▀dA▒╞ПiVуs╗▄uх#їf╣6╚РнАь ╕╞*жЭЧ▀ю96╚z▌▒Щ═/d╗▀ ╚Eч7│_J─фмRўi@▓ rР╙╩SHЧRпч6Л7сЕ5╛╕Щї\iНo▓D╜dNбэgо┼═тW,gl╩▒щЩ╬~■>V┼1ї▄O`?йьъv╠▒КчtЛч,╧Ў▄╝SЎЇ▒▓У3У┼fJ5H╣х4)ю Q]╖КF┴╘G ╫Дб+ЎqгR╤╜ЩК Уп╚цсЪ├yх '┴ ╝ a}ЁрсС╜CCz └╛#ўыЎОь8tИ┘у,(в8нсxмe#∙ЄФeчsЖУЗЦЄЁ│▄0<МтTk╜dx╓дй╗ь>[,IВ┐╟ W╧х╝▓Cх▒═pbП5╨q21j─╦М[╢єцtотщт}╛Шкш║_ШYЪд╖¤╡н8╘ИAнXY╠-╢J"╞▓YХз┤+J:╘┴мxV╣T╡№єЯ┴wIў_▌[CWХ▌0╥╜╒лpЧЎ{1Sт╘йSjG╫їB.з;f┴rбы*`▐$p╛мьЄиaыyhpWAr>Bl┌7Є└!}hЁЁt*l: b┼)3пgt;W.M2ўЦ╛ВkкыРB∙▓╕╡ *Є'││p▌_ДЖrNтч%¤Ж└╤█╡▒█Nfи^1н;w▀е;%╧*ЪЁ8Ш╓└вж F█▌Cksш╚┴С┴·ЁсБ#¤шЗЖшc╡8╪O├F╥z@├ВШ#▄┬їО╕жsо'РБ№~`!T┼╒╕┤7ю`╜ЇУц kию 8,╘'t?чjт╢О_0А{·╘];еАС╧иК&Sх│XЖр}D:t}¤!) j bм▌бV╙я│J∙с▐.С╦}3Щу▒вю7=~у╛▓│7ЯwL╫Н╣┘WЖ6НФ40mц4Фq║╦%сГе╛ ╟1KЮ/ФkЦ&Кz╨╣lk╘1Ьў╓$│Ци└рmдч&╜╨ХЯ:╦╦)╝ЖQ╚НИP(|i!ИB`╨б┴JF)tg╚╗-╫1№h,штykZпФнТ╜5fЧ ЪН╤ыBШ╢єх ьВ┬f№Ў█I▌_f╥√wьЕ╦Rф3 1║■СЙ28ЩПУ~CВ╦Яp▄qk╠уt.√ФБе░Б═?ы;╠№Ш]ААзH=gЫF b╝ояУъT`ж Cя┤З ТIЁcA-9cq┬Ў░я░+k╟hчзХЄ╘о╨еV8Г;╦[cc№ttЗ(/ФQ='D∙╧P ]А ╗ё╕8ъП╧▌;48єo╗ЇцЪЬгЯЁ▀Y`A яЯгыVyTЫ(х4╓В╙йЯ^╣ЯМD╔╖ГаЦTD╩m┐Щ№ЭCЮMє ╜В єvйJ ┴o·В╒3&)ю·вёЩdў╘ёRgIюIv╗"cЁ▀─ХЧї╥C╗я┌╡ы╬]_У$╞а╟ДФa/G┘z┤Ос "4№{Z▌┤я▄б`P>Ф1Kk№┬Ї■╨8нTJф]:║┼Ду╘4s~├яQГn ╛╛├CжС▀7уЩ╙┌a╙;RbMХу╘}Цэ∙г>╚ЧEё!>ркеdЯ║.├9c╚p╜Ц─O <@du¤╤ЮУh)є ╢NП╤┘╚Б·╨┬<КVr!У╤╦cX F p╦ НыPЭ █╘- └ККїC╡№▓╣3i▓ВМю▌ЙQwлиOЪОЛ╛▀d╪)зэP#bй¤ж ▌уЩЖU╞Ш▄гтУ6Ў([■y╚╙ЎГж3h`┼┤їгшtY@>╟V ╣Ы┼W╦ЎеOцЭ▓JШПыvепШЄє]Тb▀T3IЬbr├┴g─v┴ !╦Щ└█гоiЭї-ь"#хЗн╝┘NЇА>▌нШ9k╠╩ЕЄ╣╘МSz╧╕iT┬N╚уГьёSC┐uq!╢Лу*o·aШнГOiС ▒h╙Jд╛&cЬСч<ПМйx╥┤=u┌Xk▓.ХОEBw+╗б~6АC&йA╥╝=2Я$ ╤IМШж@п,ФКР·кЁhС├wr╟4\$╞n╤p|хЯЪ тт▐╡ГЕЗH■,юV╫2╠И,дЎb¤Б╖dо"╙W┬╝|ё4.ишШ%`ї зi8p>n╠т=ЙЪ╢Ж.kХfBщ 7фd.g;Ш№rCЄ╢╧EКН_ aъ╞╗ЫеВjUЗ(AеЎ ]Э/║У(^(Gk┼xi ,╝═╪&^d└ГX┴яЛ°3RВТlm\л[ЕР!}ЯГ╢ВKЗ╟╦SЕwр╙Ў─u▌w╞И█#╔`░L@#Зb▓░ў$=OA`╠ЫьЗбШGxЪ├▒1W \пhТC)┐╙EZ9bI╩Кк,5ЄR°Ъ╗Ъз┼ч╡ё ЛCдP╢UJ└xUВ6Л.Dи├O8wa^яЕь!є╕ 'X┤:tFh╚Bк╚JDгu╒G┌╚H╞є═p╚Кд9~┘╪╞╨LEнZЦHUТЁсУmвkб╙ъ╦д▒ ╙RСа│·╗юСш "▓$5бW'u┬яY╪їa*Я╟9Нm\┼щВ╪Pu╓YєI╫;й]y`U╔°` юЧr~23│ся┐sТШОw╨иB6e║╩З■°LЫ▌гЦ ес■┌'и║╤YЮОмK╫░;▒u╡┤?}┴RY>Ч╜ЦїЗ   PKВ·Т╒╜РЦwPK-Нh▌Vicon.pngЙPNG  IHDR┬оnБъоPLTE^╚Sе9tRNS°№я &є8 цс▄B┴╦zI ╙гА*╖2ЩЮПФъ╫░╞k.p[VNи╧Ж=u╗│_SКgcм_v#ИIDATx┌ь▌ыV┌PрЭ ╫$еEnjлИўъ╝ ЛїG╗к╢DТvHNц{X af╢╨Юн^f▌Q▌,7╫CбКё╧ё╞Y╖Дкф)┬?юOЕкb╕╞ Ь╗ЖP%╘╪jYкА╙1╬ПЕмWЯ#╓MG╚rэЯ Дм╢ ёйи-d▒┴;Дu!kuF╪)рkўР└№лРХЖчH─чsa+╒║Hиy$doВ─Ь/BЦёЦH┴y▓JcНT▄B6Щ"%ўзР=fHя╗Р-Юaв/dЗШ┘┘рж╬Д╩яцжМЙХ▐ ▓{BеЎ├E&п|Ф┌УЛМ&МКЦ╪Щu┘*н#)0,lЫV)0,lЫп>R`X╪6зsд└░░mъR`X╪6э)0,lЫUД╢═`Б╢MgД╢╬╡Лф╢╨ХГд╢╥╡Гd╢╘еw└ЛP95▒├┬╗ї▒ ├┬Vk∙°├┬Ц╗Ьу3 [я4АКo ЧD=DЖЕ+б!├┬╒░Z`+ЖЕлb0ВК{ЖЕKвsГ 0,\%╟чP╤cX╕$Ж]|└░p╒╘юб"Z ХBэ0,\5▐+▐cX╕r╝1>`X╕jS╝├░pї4fP╤╝*З3иp/Л T4∙9а,·PёйpY▄A┼Tи$.аВ_Є7X─└Л бЬuFXм ЧЁЩp╬Ж=ухЦ'√w"д&■TX/Jq░'д'■TpZР┌Ш╦ДXО╝╫М?╞▄6▒o|д*■w┐UМ┌╪ХP^fx╧┐_ч╪/Щ╩═f/█=Ч~cm╝d·[╢{┐$Й б\\l▌ю9№Ц$╟cЄё│▌sЁт C╣╕r═╢{ЇЛГььа=¤tq╪┌X /Ч wbа╙c"а ,∙P█,╖¤ояHm┬╫_█ KC?]д╙х`м╢~очЮ]дq╬2└VЕ(єЖuї{s=╬h{╠┤рж\q*V█ХЫm┴Mї▐▄В!░X╣¤ч╖╠КГЬЙ-Ж#'√ВЫ┌╜╣░-дл╒T;°Э╜8pB█епvЁ;{qp╬Й`*┼-чIс▐Ь╧.╕╢vиvЁ;√╜╣&@┌p╪Г▀эИу└З╙╛╕╗Кт?VРоa√u╖╟{s+ ┌j]ь█╔▐КГ.з`bи└Є?∙~▄├┐▄Gбэ ~▌gfVуP▐c╨* ╒ю9Ф│┤МЩЛГ}б8┼╛щa~Є▌[тпНPмB_Ї°у┴ш░~ы╙6ЕА%s_╦ЁйфЫ╨6 А)ХЖ▐КГc@╢)NL│4t╞P╝┬└4KCАт(жYтыгP░dLs╨еП▄D╠sN=@ОB&:▒wЗ[i─@Е├ВBUPКв ╥Bе╓"UP▒є■/╓Ю╢ч4*Б,▓╔p┐W Lю╬DцрHВ:дщМ╩i]PuFдq.┴Uш:г╤n╩ЎPvF╧ └Вкqс! хK┘6ъ▐ИYXpе'Гї─Аy╔8Ї┤Ц$0▀ПЖР_kЮуўQКў`РGJШЯОAI`╦╨·о#╡МuяёjХ$WЇ~Ю╥ └№\P|∙I0єєУ_└Jй`~f№VK4є3eё√ щ`~NX¤╛\┬ШЯ╦▀▌└№LX юФzцз╔<└)ї╠GF тв є└0i@ёк/@9ш └x^ЛжМ'сuh └╕ЮП╛М╟└\`\АЎз3уt*░╖Ъ<:h └╕ьImfлsx!▌`=и└╕╗КЎьп╩Н┴bъ0.А.▒ШHЙ-A╗А▒#╚m'0.@║АA╞@0ш└Ю #Г■М pЛАБ ` └@0АБ `H:lYЩl╖K╝8ц▓/└`!╠$V`A $R`AьKдо Ьv ! фJвЇЕ(РЙ─И,ФvФ╪r┌╟@M╬└,е} DPД_АЕ_ FRWb3 щE"C╢Ъц1X`С┼``БЭ┼5" н%1╔n ┬ъHL└|шАWнИe╪С"u BыКнo$/░д╜Иm╛╬О ░Фї┼vcМy╔$░Ф ┼RйЪ▀n3ёFЦ╕3▒M═O% n╩▀┐-▒u █5"+FGl-є╧qM|А%m*Ць Яс╛" └rПБ╬эНa ж~mPМ▒їНе7Р@ └ 3_Є╙=Ф ]ГвЇ┼╓5пьIХЮApю1Рэа.N`4─vi▐║К ШуUП▒НЙlUFVиb[Ї╧╪h╩{`Z8╞@╢│Сl╧▄аHхЪc dkOх-0%z^=╞▐е╝Cж┬W▒=>$√╔а`b█7.х;▒АiQ╦└╕U√▓iw`ЕkИmfЦи~Ц═ЪoЬg)ы│l╥Ф(О1PАO╚FЬМ┴ЙX▓v╕]R░╝M╠J▀└TqНБ▄цШ"╬1Р█cFжЗ{ фЎ╜DжЖў╚6.А)qъ9lцУС┌╜A$Ю╓╝═s_#Sс9╧╚ЎбBж┴ы1╨Юё╫А¤bяN┤╘Д┴(', "*и╒q▀W\╟Щё╛ Л╡=зчФ╢3-┌Є╟ {ДaLрц&б╧ФИ ДКЮ╟0Є\─MДВФ[F╬В╚q[бжтsМ╕qбh1уmU─xBYл#┴ eБ╕╣PW ╕F╪-√√Y{╔0║╞И;Й4>5╕F╓1╥й╪}.АХ!К3ч\г╔═щ═М╕FТZ Фe╦HХ `Et╧┼╡Ю╗°-Пп,д┤1P▄з¤╕├0ЪИ╗ eж√╘Р\#kЧ)*нц└HK╒╢г*ТM┴К)] d7_\╙Б-│ ФсErL'┼иЄM╣жС3тvтw┌╖б.АщхО╕Е°ИY?Rpо╧ВЧЗШкx▀zsuРВ▒|:ёЄбUЙ_-▐║╥ШMЎ╝Ў[x[─m▐Ox╒M╗o╝ЁC┬qюП я╥@ ▓^ FDА8[|╙█╠-д`╟:w╛▒%тjтЛV,сUтw\° цД\Ы╖ёiXўW>юЕа3r /б╦]Ъц╚ъ0nЄдOЧЗ,╝╤╢%aдf═7\ё"o p┬√╚&P7s┬лН╘xЬЁjхУБфNx╡SWIxy╥╫OШ0с╜ёЦN=]ё'╙И^НM9с}h%|ьЁ┬ пЎЮё╛*'╝Пa°~┬╦Ы╕┼?2O.ьСTоме╢P4CLЗ^вь¤ф ёХw▌TДВ■ўДўЩ^Ъ┌╧sqЧжB(8╫ '╝D┘╖╗─/╔Яgы╢уIЯм╙╨┬╗$я┼╘_+Їё▒. мїV┐K№VЯ Їe┐╬ЁG]┴Ї╘:ZHb#ШЖJCЙd$║·щE╗жЧ╪уOДf╘Jed@═\0m╘&к$o╒╓Еy╢Р╬еЙ╜ПwpЁ *Wд╘М<3ФHKrеЧ<╖Г x;qЎ╪@▄Єбэф#юvSf d─;;+╚╩МмнГЁr╨░G╚A(MеЄ└ўЇ╡╖РЗЩ`$Еr▒М ╗Л|x№HQmЙЬЁM}Х|фф*=ю9йrИа║ГЬX|О3A7ЙЬL9 h'СУo !hk ╞ ┤3Р #тщЯв╜D№'¤IкKd7;Єa?D dUхзOWeКld╘ф 8]5Щ╠V▄ ж╠\"у┌М┤╥У~ызnГ╘Ь17 ╔;Iдф╝Ёузпх!c╚П_х ╥ЩsрлЕйtъВщ└ХH┴9єA░z░gHс╬╗╛u1Ж:Л█╛┌p (ыє╗┐6╠T╔W┴┤BХ╧+╛Y8Pё╡n:Йа╞xШЫАьvлRънГ┴║WZ╘4н╕║PуьЕ╛┌е╙mї4ю^Ч3╧2ЁcъЧюquш╘{h@IU╟щ┐╜▐п^ве/СФ╫о\-ЖД&Ф╠┤ ╠Rs3щwдcЖЇo7_BEа╔V╧rхыУў d╫╫)╫ ЫP╤а?ўЩе[╪ фi:д[Еm@AГЎд╖hЖ▌Г─_Q}в97║PР¤¤Ыюыдaсп2"К;б#$╫!9 Ч╫o├@тЯш╗ВШЦDb╜1╬t╧W  RTдДHLрL7╝H№sNHк#у#▒Э д╖Щ[°OB%IЙ╜*┌╖a У|TLРT@c`+┬ЖБ nDуп%╩▓(╝█┤w#┼@$0sСTё╡▐╣!QKGM.|0ыc3гЪРМSф аЎY(а╧э▌щbЪ@рсVDН (ввx▀вЩў▒╓ЮIjЫU9fй▀▀■h;3;;k╙яЪкёсЗ║еє]╖'┐?tD6═- н╝n#ek .@6;└ХЕO%т +С·─Ф121╚%╡╡CXBTh'ГR ЩLБ╩╦■G=аLE&%B╤мV^С'д╖ЗП╚─"xXЎ?a[d▓ xYЎ?в·╚вB Ыхi┘чш░ч"О╤61_╦>?QАM ╬╖╓▒7@╛9@ЦБ,<╚╦(ъP┌▀╗У@╖ #QВ\hД╥ЄД╡улЛ~!_н▒ЁFв.С╨ЩъРНC■╗A║k▄▀жЄB(XKHе╖P 3Q╬/@ы`с}\8X(+╢А┐(Y└жW┬╗ЩpсёzцюOBч4Вм┼∙НX╒л°╛Yb!╚╬▒9ЁsjлУц╙Бo╘D╒└Ф п╣ьt√|X╛ Рov▌Г№М│?!№▓mcd°оEfЧЎоe rUE:$EЩuDLЖ?СO▓3╧ ╨ХА,Т·wn|S~у@#0) пkf╪6Й LRхў ВZЗцglЧ╩э╡ft╛Rп╖1a№Rц(:б╗лМ?ъ╟╝DcL^~;!╬1 e нC·чF╙Фd═сВг\po(,√wTВГЗ{S"╘р эIнй ї╙▄ шж:%'ДwдТ%/gT╧╫.╙к+Н╛Бй2?■НD▀А!Н|я/vй╠ZЭl╙ЯТ3ЖПФй:S╩w╒0▀╣г;5z`·─.№Aъ!%Х▒И ■MцЛО├f#ЖkъTЪDл╬╟E┼╢в√зZх╚╧Є┼XВл║║╬Ьj╠ўЗ╥гs╢4▌<┼{┘деЭncол▐%0Э<хYЫ╩╦─ЬGn?fВ¤RK╔1/UA╒┐c╘тФ╤─<ЮъБ│╖л%╠W╪Дщ┌ШyСмЇ$ёЗBЫ-Є >!Me╠╘хЁс\ _(─L7)5°\н/`VVAГ╖я■|mдЛ╓й lЇЮАщ·s.ю╪■;О╞Ы √s nаўK°╬єс_╤A>см╖jNЗШ q╒Ярс_°╚a?kеWGЄмS аУ!╪■┘уй╩├`Ж┤ ы:F╢·ч.зЩ▐?MР░A╨Ед╘О┴X└;╚у▐╢A|Oў б ╧{┬ыBВdI▌sg г╩╪qх╤<╨ОjР┼[D▒│k_лnКГк╜┐╠┌▐ш №·HO%Ў JMЯФ7fу+sSЮи/WЇю6GbДpQ─`ЛмХЪя┌█ВX°a!rЯП6кbЙР▒3 _т.Zj$┴jЭ╨Б╔ L■╜╘%╟Дз[кhЭ ╟ьЛТW╠O╒-nХХ╣═YУ¤ <░F&╧и┐идf═Ю~ЧЕ'кМY║pc∙╦Р▄ж ■G?KNЦJа7OЧєР╙h╓jsa─F:╬$█LbJ╪оМиC:░┘оЪфR┌║ф█PU╢╪^╘u┬·ж}╨бЦуш\W5W█Д╜ыoёq>F╓б█Yя│Ї√╨╣.t&ЕVQнКДэ>gvL:∙ V{#%t▀d╬UсQ∙)uъmW3;:АМjP8Qё┌Д;n pЧЁ,\ёJЦ█v╠{}DHЎ╔щЪТЕTЗYПq╨╤8>O┬&.x╙zюPJ░ъ№_FУ│рo╣╝═Юф=╣╡tЎЪЮ<у╒Х/╦;унг-▐█у О░ ZB"^╧DоС╪n╬Ф╠▐ё╟б╜ RГUM╨3!3х╠vйеr)m╖$Zw╔{АtЯ│рОNяеї╝ЬХPс╞╪АC╚w№&ь\оKНыЁ)ЮД ╙ЬЇЇhС└+Ш_╡╤ЩI░▀эo╧ `[╝ГFR┌iц╒╟M┐q▓╢м╟~▀├уЦб▐Ў?╨ь/  PKJХ╟╪ЕqPK-Нh▌VAppxBlockMap.xmllТ]oв@Жя7┘ `╪K│╠ атж┤ёЫВийаЦ╗С╧Шб ф╫╗qcЫ╜<'чЭўЩўЬЗз:K;чарДQM@":їШOhд О= н ^bъуФ╤@(Ю■xз╠K,ЬwZ=хЪЧe■ю┼AЖ╣Шп`ЬЕеш▒ р<пБ╟л,├╣╨╤1ПнаМЩ O\UХX╔"+вv"╨╛▐т№т1ю!Ix|ШУ4шмp╓Т╝SN"°bPBgKЪ╢7ьг^√Гe нХлцї╙Oв┌╔ЁЭlx&Л┼3{уЖd5г4┐d║|yы├05'ыН3<ОVЗххxм▐Т^щN еN═!tцj┼│·нЄЮ-l7Сж▌d╒Б╛ЪzI=єнЄ╬г╦Аўнє╤)╙рАHQ1:ЯїВ8┌йЛ]Ъ╝╓7Ў╛l╢юb|Jз {_ЬўТэао▌xй√║Х┤0ч╥Эi╪WоЮрЪ╬ЧМИ╟иШ╙ш6┘ыї╒╗xdї[<╦хВe:ъцfQ╩┤4)█░ ЗЇ╕/ыї&ФГ╥%■ЛLдщk9│Ю╖|д╧|yр;°`╔Жб╘зhг{cl^║╧/Щ1jI K7j╧┬┬ФД/┼v╙7J$х√%Ў┐Qт*Ў▄┬А ^└ эНW║е$n╖{Сьa▒╗wЪ┌XЪxIю*sХТgОМЙ╛у╡i7;;tЗе║N╙<╟цЦ╘щсш.OE╛╖S№  PK$╙ыd5-PK-Нh▌V[Content_Types].xmlНР═N─0 Д_%╩5)BmW№▐°9,`R╖mтDIX┬█уv%hЕ8z<єНхnS╜L┘ъх╣jе@2a┤4ўЄm√╪\╔═╨m┐"f┴V╩╜▄Хп╡╬fЗ▓ Й7SH Пi╓╠f╘m{йMаВTЪ▓0ф╨▌уоИЗ╩Є▒+JqwЇ-U╜ДЭ5Pxнkує>╔е╨' Сц_ыЧ V¤tДo■гЇ@гЄ╣aй*d'╠хlН0эЕЦьИтRy╧Y}├╬[╠■ в·?√}ЙxИ?l╜■z°PKI<█тЩPK--Нh▌VВ·Т╒             unsigned.exeЦw╜РPK--Нh▌V.Щд            icon.png└└ РPK--Нh▌VJХ╟╪            AppxManifest.xmlqЕ¤жPK--Нh▌V$╙ыd            AppxBlockMap.xml-5╚йPK--Нh▌VI<█            [Content_Types].xmlЩтCмPK,--╣nнPK'пPK                PK·Gэ/ЙпЙпPK-/_▐Vunsigned/AppxManifest.xmlЬT▀O█0~жЕх╜Ц╕Y5UI EBjY5<ўЪZ$vцРюп▀╣MJК╪S%╣;ў▌▌wI╬Ык$╧`м╘*еуhD (бWR)їn}·ХЮgГd╔┼/`@╞+Ы╥НsїФ1+6PqURmї┌EBWМ╫u├*офмckэ╒К;L└^дZщ;╤iъy¤!4М ╠xЇ @мПe└К▓zпFЖ8╬Hс`Еp№QЦ╥I░4├D╔ї ФУnЛяД▄Ё Rкн-н,BўБNю╗б|О╛D#╠рdщKi7`R:K√с▀асU]B`6$∙MЪГqr-w0$?~е∙эЯGgЖdЮ>pc∙╦Р▄ж ■G?KNЦJа7OЧєР╙h╓jsa─F:╬$█LbJ╪оМиC:░┘оЪфR┌║ф█PU╢╪^╘u┬·ж}╨бЦуш\W5W█Д╜ыoёq>F╓б█Yя│Ї√╨╣.t&ЕVQнКДэ>gvL:∙ V{#%t▀d╬UсQ∙)uъmW3;:АМjP8Qё┌Д;n pЧЁ,\ёJЦ█v╠{}DHЎ╔щЪТЕTЗYПq╨╤8>O┬&.x╙zюPJ░ъ№_FУ│рo╣╝═Юф=╣╡tЎЪЮ<у╒Х/╦;унг-▐█у О░ ZB"^╧DоС╪n╬Ф╠▐ё╟б╜ RГUM╨3!3х╠vйеr)m╖$Zw╔{АtЯ│рОNяеї╝ЬХPс╞╪АC╚w№&ь\оKНыЁ)ЮД ╙ЬЇЇhС└+Ш_╡╤ЩI░▀эo╧ `[╝ГFR┌iц╒╟M┐q▓╢м╟~▀├уЦб▐Ў?╨ь/  PKJХ╟╪ЕqPK-/_▐Vunsigned/icon.pngЙPNG  IHDR┬оnБъоPLTE^╚Sе9tRNS°№я &є8 цс▄B┴╦zI ╙гА*╖2ЩЮПФъ╫░╞k.p[VNи╧Ж=u╗│_SКgcм_v#ИIDATx┌ь▌ыV┌PрЭ ╫$еEnjлИўъ╝ ЛїG╗к╢DТvHNц{X af╢╨Юн^f▌Q▌,7╫CбКё╧ё╞Y╖Дкф)┬?юOЕкb╕╞ Ь╗ЖP%╘╪jYкА╙1╬ПЕмWЯ#╓MG╚rэЯ Дм╢ ёйи-d▒┴;Дu!kuF╪)рkўР└№лРХЖчH─чsa+╒║Hиy$doВ─Ь/BЦёЦH┴y▓JcНT▄B6Щ"%ўзР=fHя╗Р-Юaв/dЗШ┘┘рж╬Д╩яцжМЙХ▐ ▓{BеЎ├E&п|Ф┌УЛМ&МКЦ╪Щu┘*н#)0,lЫV)0,lЫп>R`X╪6зsд└░░mъR`X╪6э)0,lЫUД╢═`Б╢MgД╢╬╡Лф╢╨ХГд╢╥╡Гd╢╘еw└ЛP95▒├┬╗ї▒ ├┬Vk∙°├┬Ц╗Ьу3 [я4АКo ЧD=DЖЕ+б!├┬╒░Z`+ЖЕлb0ВК{ЖЕKвsГ 0,\%╟чP╤cX╕$Ж]|└░p╒╘юб"Z ХBэ0,\5▐+▐cX╕r╝1>`X╕jS╝├░pї4fP╤╝*З3иp/Л T4∙9а,·PёйpY▄A┼Tи$.аВ_Є7X─└Л бЬuFXм ЧЁЩp╬Ж=ухЦ'√w"д&■TX/Jq░'д'■TpZР┌Ш╦ДXО╝╫М?╞▄6▒o|д*■w┐UМ┌╪ХP^fx╧┐_ч╪/Щ╩═f/█=Ч~cm╝d·[╢{┐$Й б\\l▌ю9№Ц$╟cЄё│▌sЁт C╣╕r═╢{ЇЛГььа=¤tq╪┌X /Ч wbа╙c"а ,∙P█,╖¤ояHm┬╫_█ KC?]д╙х`м╢~очЮ]дq╬2└VЕ(єЖuї{s=╬h{╠┤рж\q*V█ХЫm┴Mї▐▄В!░X╣¤ч╖╠КГЬЙ-Ж#'√ВЫ┌╜╣░-дл╒T;°Э╜8pB█епvЁ;{qp╬Й`*┼-чIс▐Ь╧.╕╢vиvЁ;√╜╣&@┌p╪Г▀эИу└З╙╛╕╗Кт?VРоa√u╖╟{s+ ┌j]ь█╔▐КГ.з`bи└Є?∙~▄├┐▄Gбэ ~▌gfVуP▐c╨* ╒ю9Ф│┤МЩЛГ}б8┼╛щa~Є▌[тпНPмB_Ї°у┴ш░~ы╙6ЕА%s_╦ЁйфЫ╨6 А)ХЖ▐КГc@╢)NL│4t╞P╝┬└4KCАт(жYтыгP░dLs╨еП▄D╠sN=@ОB&:▒wЗ[i─@Е├ВBUPКв ╥Bе╓"UP▒є■/╓Ю╢ч4*Б,▓╔p┐W Lю╬DцрHВ:дщМ╩i]PuFдq.┴Uш:г╤n╩ЎPvF╧ └Вкqс! хK┘6ъ▐ИYXpе'Гї─Аy╔8Ї┤Ц$0▀ПЖР_kЮуўQКў`РGJШЯОAI`╦╨·о#╡МuяёjХ$WЇ~Ю╥ └№\P|∙I0єєУ_└Jй`~f№VK4є3eё√ щ`~NX¤╛\┬ШЯ╦▀▌└№LX юФzцз╔<└)ї╠GF тв є└0i@ёк/@9ш └x^ЛжМ'сuh └╕ЮП╛М╟└\`\АЎз3уt*░╖Ъ<:h └╕ьImfлsx!▌`=и└╕╗КЎьп╩Н┴bъ0.А.▒ШHЙ-A╗А▒#╚m'0.@║АA╞@0ш└Ю #Г■М pЛАБ ` └@0АБ `H:lYЩl╖K╝8ц▓/└`!╠$V`A $R`AьKдо Ьv ! фJвЇЕ(РЙ─И,ФvФ╪r┌╟@M╬└,е} DPД_АЕ_ FRWb3 щE"C╢Ъц1X`С┼``БЭ┼5" н%1╔n ┬ъHL└|шАWнИe╪С"u BыКнo$/░д╜Иm╛╬О ░Фї┼vcМy╔$░Ф ┼RйЪ▀n3ёFЦ╕3▒M═O% n╩▀┐-▒u █5"+FGl-є╧qM|А%m*Ць Яс╛" └rПБ╬эНa ж~mPМ▒їНе7Р@ └ 3_Є╙=Ф ]ГвЇ┼╓5пьIХЮApю1Рэа.N`4─vi▐║К ШуUП▒НЙlUFVиb[Ї╧╪h╩{`Z8╞@╢│Сl╧▄аHхЪc dkOх-0%z^=╞▐е╝Cж┬W▒=>$√╔а`b█7.х;▒АiQ╦└╕U√▓iw`ЕkИmfЦи~Ц═ЪoЬg)ы│l╥Ф(О1PАO╚FЬМ┴ЙX▓v╕]R░╝M╠J▀└TqНБ▄цШ"╬1Р█cFжЗ{ фЎ╜DжЖў╚6.А)qъ9lцУС┌╜A$Ю╓╝═s_#Sс9╧╚ЎбBж┴ы1╨Юё╫А¤bяN┤╘Д┴(', "*и╒q▀W\╟Щё╛ Л╡=зчФ╢3-┌Є╟ {ДaLрц&б╧ФИ ДКЮ╟0Є\─MДВФ[F╬В╚q[бжтsМ╕qбh1уmU─xBYл#┴ eБ╕╣PW ╕F╪-√√Y{╔0║╞И;Й4>5╕F╓1╥й╪}.АХ!К3ч\г╔═щ═М╕FТZ Фe╦HХ `Et╧┼╡Ю╗°-Пп,д┤1P▄з¤╕├0ЪИ╗ eж√╘Р\#kЧ)*нц└HK╒╢г*ТM┴К)] d7_\╙Б-│ ФсErL'┼иЄM╣жС3тvтw┌╖б.АщхО╕Е°ИY?Rpо╧ВЧЗШкx▀zsuРВ▒|:ёЄбUЙ_-▐║╥ШMЎ╝Ў[x[─m▐Ox╒M╗o╝ЁC┬qюП я╥@ ▓^ FDА8[|╙█╠-д`╟:w╛▒%тjтЛV,сUтw\° цД\Ы╖ёiXўW>юЕа3r /б╦]Ъц╚ъ0nЄдOЧЗ,╝╤╢%aдf═7\ё"o p┬√╚&P7s┬лН╘xЬЁjхУБфNx╡SWIxy╥╫OШ0с╜ёЦN=]ё'╙И^НM9с}h%|ьЁ┬ пЎЮё╛*'╝Пa°~┬╦Ы╕┼?2O.ьСTоме╢P4CLЗ^вь¤ф ёХw▌TДВ■ўДўЩ^Ъ┌╧sqЧжB(8╫ '╝D┘╖╗─/╔Яgы╢уIЯм╙╨┬╗$я┼╘_+Їё▒. мїV┐K№VЯ Їe┐╬ЁG]┴Ї╘:ZHb#ШЖJCЙd$║·щE╗жЧ╪уOДf╘Jed@═\0m╘&к$o╒╓Еy╢Р╬еЙ╜ПwpЁ *Wд╘М<3ФHKrеЧ<╖Г x;qЎ╪@▄Єбэф#юvSf d─;;+╚╩МмнГЁr╨░G╚A(MеЄ└ўЇ╡╖РЗЩ`$Еr▒М ╗Л|x№HQmЙЬЁM}Х|фф*=ю9йrИа║ГЬX|О3A7ЙЬL9 h'СУo !hk ╞ ┤3Р #тщЯв╜D№'¤IкKd7;Єa?D dUхзOWeКld╘ф 8]5Щ╠V▄ ж╠\"у┌М┤╥У~ызnГ╘Ь17 ╔;Iдф╝Ёузпх!c╚П_х ╥ЩsрлЕйtъВщ└ХH┴9єA░z░gHс╬╗╛u1Ж:Л█╛┌p (ыє╗┐6╠T╔W┴┤BХ╧+╛Y8Pё╡n:Йа╞xШЫАьvлRънГ┴║WZ╘4н╕║PуьЕ╛┌е╙mї4ю^Ч3╧2ЁcъЧюquш╘{h@IU╟щ┐╜▐п^ве/СФ╫о\-ЖД&Ф╠┤ ╠Rs3щwдcЖЇo7_BEа╔V╧rхыУў d╫╫)╫ ЫP╤а?ўЩе[╪ фi:д[Еm@AГЎд╖hЖ▌Г─_Q}в97║PР¤¤Ыюыдaсп2"К;б#$╫!9 Ч╫o├@тЯш╗ВШЦDb╜1╬t╧W  RTдДHLрL7╝H№sNHк#у#▒Э д╖Щ[°OB%IЙ╜*┌╖a У|TLРT@c`+┬ЖБ nDуп%╩▓(╝█┤w#┼@$0sСTё╡▐╣!QKGM.|0ыc3гЪРМSф аЎY(а╧э▌щbЪ@рсVDН (ввx▀вЩў▒╓ЮIjЫU9fй▀▀■h;3;;k╙яЪкёсЗ║еє]╖'┐?tD6═- н╝n#ek .@6;└ХЕO%т +С·─Ф121╚%╡╡CXBTh'ГR ЩLБ╩╦■G=аLE&%B╤мV^С'д╖ЗП╚─"xXЎ?a[d▓ xYЎ?в·╚вB Ыхi┘чш░ч"О╤61_╦>?QАM ╬╖╓▒7@╛9@ЦБ,<╚╦(ъP┌▀╗У@╖ #QВ\hД╥ЄД╡улЛ~!_н▒ЁFв.С╨ЩъРНC■╗A║k▄▀жЄB(XKHе╖P 3Q╬/@ы`с}\8X(+╢А┐(Y└жW┬╗ЩpсёzцюOBч4Вм┼∙НX╒л°╛Yb!╚╬▒9ЁsjлУц╙Бo╘D╒└Ф п╣ьt√|X╛ Рov▌Г№М│?!№▓mcd°оEfЧЎоe rUE:$EЩuDLЖ?СO▓3╧ ╨ХА,Т·wn|S~у@#0) пkf╪6Й LRхў ВZЗцglЧ╩э╡ft╛Rп╖1a№Rц(:б╗лМ?ъ╟╝DcL^~;!╬1 e нC·чF╙Фd═сВг\po(,√wTВГЗ{S"╘р эIнй ї╙▄ шж:%'ДwдТ%/gT╧╫.╙к+Н╛Бй2?■НD▀А!Н|я/vй╠ZЭl╙ЯТ3ЖПФй:S╩w╒0▀╣г;5z`·─.№Aъ!%Х▒И ■MцЛО├f#ЖkъTЪDл╬╟E┼╢в√зZх╚╧Є┼XВл║║╬Ьj╠ўЗ╥гs╢4▌<┼{┘деЭncол▐%0Э<хYЫ╩╦─ЬGn?fВ¤RK╔1/UA╒┐c╘тФ╤─<ЮъБ│╖л%╠W╪Дщ┌ШyСмЇ$ёЗBЫ-Є >!Me╠╘хЁс\ _(─L7)5°\н/`VVAГ╖я■|mдЛ╓й lЇЮАщ·s.ю╪■;О╞Ы √s nаўK°╬єс_╤A>см╖jNЗШ q╒Ярс_°╚a?kеWGЄмS аУ!╪■┘уй╩├`Ж┤ ы:F╢·ч.зЩ▐?MР░A╨Ед╘О┴X└;╚у▐╢A|Oў б ╧{┬ыBВdI▌sg г╩╪qх╤<╨ОjР┼[D▒│k_лnКГк╜┐╠┌▐ш №·HO%Ў JMЯФ7fу+sSЮи/WЇю6GbДpQ─`ЛмХЪя┌█ВX°a!rЯП6кbЙР▒3 _т.Zj$┴jЭ╨Б╔ L■╜╘%╟Дз[кhЭ ╟ьЛТW╠O╒-nХХ╣═YУ¤ <░F&╧и┐идf═Ю~ЧЕ'кМY║№Жp└aJц1╓╔╣╝Xg¤dе╗юYt7┐Р┐ЫЄ5╖┘b\Н╚=:Ъ%╥·П═dr·R┬у+xЇvєсЪ$;ИФ;█d3╚=╕y╩ПSLЪ∙АуN╖╟!ъ-иX\╟и°▀▒1√g┴ еZ`ў RеA╤J0 xf'▐гБ▀B&s╓%МXB▓здУ╜mTK╣╓"cXМoЮ╧y°]Qч═;ч<|╓Сф╘Ю┌▓CЧw╫=№Bb9√UВ╟О6GБq*┐╜Д-YЁ╟┬Y}Вz▄╬MX¤m:Ыt@РЄї┴dCJзуН`Є√нДкгАкRУ╝Ї╧╠ГеG√0ї▄бГ,[jpЦ▓дд╚╖@.д5╠яР&_╤╞A└╠учєwаС3 Es╛hDFЄLЯ ї╣Гтh┴[╝цЬ°{°EwЗЇ─ЁMTO╚л╨кxBЁjър┘╔QыюХЯЖXд|А╪AG└2Я┐Iн\┴┤┘ 4о╢ыMdЗn┴j╛?v═o<а╨·у╣ї╫▓d╞t ч╘ ╨┘НnХ'_ZВsяDОp6'╪═_r╬;Б`<m╪╢c¤ЎdR;c4L·6й├V▀Ж╔оN'tж&√▒╝ж0K├-J=╒E╡зZ├m╩.ТэьI╗gкs└└╣╨=у╓5-е_rш9╖Щ┼9;кnи╝─M+ЗъФ╥qО╡H╖@эUO+·Ўє7pD╣GЯ!3ў 3ZАз┌╜┼/*zMыЩm┐┼├а%Ф(xЄ@Н║\щPpЯ│╪й9э╙ЯАLл;ЛXРT╚$∙уo╙qюў!┘УЯАШ6C82ф╬Б,╬╜Ъp?"пр∙╨9фУ[▀^┘°vп=ю[w╗└┘ЎFr.ДЬ╨б@Ы┬Д■╬#¤o0└╘┤xоEЭlg√,ъt┤╕╥HЩt$Bwр,v█Ы°в8ч╔│$╝├┐;KФЁра┴╬╫ЙlЙAЛ║CJ(4^№┌' ФeБ1■.4N¤ХjV░'ф∙ORт*и+Р4ЯNb|NцВgДG║EЄ╫ж0╘Я╔╔Щ#Н╠3¤ уу╓с:╫tWZ┤аLg8√уjо╡}н#J∙Ч4e╖Эx┘t№y{А╥eKРN┼Eюзk▒V╫gРqх/жC~Я°щЇqS2;╖вРєРе╤Ю Тб╜┐М╝vР╩z^%їАн $jzНf║Н6$╗√▓5 S!`кuт;Q$╚№НdWЗ╗Еz^$/Ф╞╝2_ДЄ█Х№Огz|$╥ь#Г B~\iТ╟*∙┼Lв"эЁЮ╝╒╪А╓D·~вX│-╪N&╡ьSТ╤Ш ═Gє┬Ы╪√*ёcЪИВi~╔qPЬ ┘Ч$щЖ <ё┴Пm╥Ор>Pв├s▌G─8┴УгТбAvЧJ8>ЕкЮ}5d ,B:ж╓7!√@hkПЎ^╚!} HX╤0д)d√d[ "Kї`ъюfдх4 ibV*UъВ╔├B┌ёп>ХдПA@(∙QMКУK*Еў№5─├Jы'6Bы╗бiN╔╫ёУС  Ё+¤эНHЖvёЪ╠╬ЮсhOK╗б+`║ї░f0sy╜гGcэчВФнЧЯ═'U#║Гў╦у1),?v╧8┴з° фА▄вЬi╣ь■ ╖KmQ°З° └{ъpШЄsdЕ$Ы╖@Яb┼╤Aлgrър╘┘▐В&дл┼skBо╘├_gQgГд°к└RlD;ЗбylЄ┘┘¤=├R┌'┌и╧ы╔KАоьn_√Хd.Ч=Аo╧жу&Ъ)UЧ їs╞1┬$"okО1q┴ЭC~4ЭQ@3ьR36щ#∙N2,4rеPьян °─mЯд╜waп▀╞ *х╪х№Жuм╝╝yA)?Ъ[╥ ~лн4йв▐н= Д╚ н¤ёў4Ы·еЬД╛Ь8НуZ@┬╩║dи|їрЄОгБ┌чї#╥"=┐R\@█їщ}{Кўdщщ}щcа+!aSДД■A$t=Й│dО:#░з{о ═ @зЖХ'▀шlbе|г`>-Z !╙$S╛╤ЬO╚4\ЁМъ█a▀У▀╜Hc╧{Q·ъi╤и сКвщХFWЎЩR╙.JВJе║еЧ!╟СРOj"h&ovт─Sшw¤∙бЇу╨°А╗ П2 =їT╗А╡л=╝Ь,З└╘ь/═╒├ф╨ №фюм╜\N╡с╨4┘д¤╘H╡hдd'╝!Лясї┘йVЁ&∙╓,=R╪&u┬\ek▒'NB8╔ю]hЬ╚;2;ynУfд│√ K\[Гf([Pй`╞╔Вўv╡]:`7}"O║@B#√%з¤h Йc░╞k#5Ў╝имяЇ∙│─╦ёе!ъх·И|b*'▐╦┐YЯреўБuЬg*8ЧЇИ╒Sл'G%xOн╬ъЄЬн╒щy║╡7чna╤в╕7┴bЦy╬╛SxцОмRЬ;О ъ'~ Y╣0э@q7АP ╕^ ┤JзР╩:кфCЫ╨aёцe8}7mмR_7p3╧e7 ]╟fВ7╒щ°╪n>╩╣6aq╘d╣Bъ╡J¤vS7oЄсЮ╒г╕нk+ъy.0┘д~Б╜ ЯT└┬/╤2P╨цA╖H ▐y·=Ї$ ╞AL┴щ┐шжч|%цЭ╒ыЎМ"/qtхT╚$8O▓@е,░CЪхє·cxHГ О╪"K│)Цг5mVўЙ╡Wї▄╥WD~Bxя╠а╒▌╖f:/╡@¤Cъ>Hы╞КwR9╕6║vеЁ┌цK,:ЕьgнБ:НЬы:дАфу╖■ыЯ №'Оo.ўК▀цЧ'XX▀┼C=вDT_JAwe╝▌·╨zJ¤▒ 8&╥╚L▄z>╝.B ■Меcф^/0З+-1╚С1є┌#хL;Бщ▐Z├ў╨(╨FЗ▌HA4Ь'T@╓5qX[CЄk├НPЫкef0^pПN@ЕKG jРн√╔ьв°CК^9╪ПЛ-╜<М+huЩ▀ОЪЙ▓ b╝Nё└_┬x]ZpRBВєCЗ7яф╣▄hj6ўБригDЖ▀ВGGMчИ▄ЦtэПP%Ё╢┘H║╖эБH?\3B╚ХГR ┤ЯП▓'H■cCЄгжDNЁ╠ ╟ш№Ф?8WД zБГчг╫┐.н·~ RБучI?вF!Ё$tMъO┼г6╙q╙Вs▀ИX╜╣┴Р[╜лXЛФ√bnQ0Dдy,ёer_┤ЪVi{TЪ dьqT#.Дў╜гыЯQ8─▌Л¤╕АЫ▐aЇи{Зш╟┤Р~▄B;[еў▄├┌├┌╙Ж╙7ЖОм_т╝шфЮЖ;╦╒ ц.╖%К _}СХм╛╓:Qє╫0rg╒[ rБq╫hT9o╤s]L/ фJ▌╢н{▐г?0G !ЯхzЧ│╣цтuV0├п)q>``─л└╡I▒O└е_╡\А,▀┬L;╔&э ┘m╢╙Зрпр?о╢{з¤6Ч ┌M¤N_▀У┘Щ╕ХЙВ┤JЇ№ЕЄ│╗П{t3Кз$[Й Rm╗ftnQ┐] РaВ▒╔e╧╦u┘4 &о5ўн╣╩@SЛTЭQущV<╝╞╣Я`i╜ eЙ╨<╚Тїs$ч┌З╘be&┘╝8│╩╨Упр?Dявп¤_╘╗#▓г4#Фs┤Б╜╨syд^┼nБTj║HM╘ьrwо╔Ё▄жы█▒\>З*ы╛2ИmTIlтЙхВїэPъє??Dс~а[С@▐єfp╫р╢▀╠їhМш[lG▀тб╠E8▐дящk┬5a~Ao7щУ -ZЖQп√3М№▌¤ЄШ╚э│I°-xRPЁшх╦yтеГ╟╘W┬K╞l1)╨MцПp¤▀!AдяЙў у┼sЫ!g╧ЗКчЦ╞{°iП }lСZь╥nboщ╤\0Cрt─├╪в╪Oz1Ч(%╬5 °}1(╝3UvюХ&0л┴др╜B╨фчq=ЄКОе/┌щmlЁч║FН√0k┐╞q╞гW╥¤к╛Цs╗аmчс,╬¤*▄Ї.ТсhH`╫·┬по1Vp╢▓▄Ў6`A∙З^pN▓ЬыCxG╨▀Guъе-И√ЇyЁлAАю╞J∙J X╧F▐s╗▐bЄЩ;╕Gq>1u(ТёKxc}kЖaНЬ╗2 ▌2╨;A═ └∙tQЛоSс"`┬ [b87v■Ж°Л9╜Cф,}ОЄ9&aО ╜╩╛╥П╕╓k/C3┬1КTиW╓чяжым└ўa>ё∙П╨i╧7╪кЮ┤КюПкДЁ+ЎOаёфыБ,ыАAH▄╓?бО╬Жф╙9:5╬5*Е■h*peXпA2т#▀F1А╢УHgЖ╗√у╫├∙╚ЄYа/h;▄УЗмl/t6▓■о╘гЖz@s:N&Fп╖■у?ыйу╤АuGїЬы6DЭr4╛ Ши=Гї]Лї╜~л╧ю] э¤юфРё ,┴єCdРпQ|W!(▌Fфeч+жСs╜E┐╛sсєL!>°╢{-йО└Учнюр╕Ж╓╙ ·ж JSЫфw|Е kв│?ш╬╖BWХ╢рЛ╣├"uYсmBоtИ╦▌>Эў6ХйН7╖m%ю┘Прf√-аЧ@ў$╚╧┴ё╗QGъД╔zй ▄┬Dg╗StЄ▌'└Fєц├sц+[`L л8пЄ└dж╜[nёdыЪ└"┼T{/jХ,╠\m╠+с*,╞<Y╕8 єДлzR∙ХЧ╢of№{√f▀╘бЎMT?╧Ьд¤фGDї3╝■Gў[GwШk╕А№ръ■╖╜2L╫З▐Ид│ї░пЬ П▀{rtйh╙;/Ь_}jЬ}k-╕{Ў╝3} JJIlWщ░<щ и8}Ї║╤┘уCф▓'Н╠7>╟ь╘c7)▓<двg╬╤N█ї┤╙ЛщЮN#ш╚▐єA╣#">П8h╚}Сs║■ x┐ч╧a;рРм\LDЩI?K gЪ+ ╚т┤└uои╒╓v╧ЛчNЭХ{╖┘.}ЮуM√ьC╗╘╔mn╙╥PШ.*wJзў╟u°хёqm[/б ┐?╙╒Б\o°Ш┼ Ыг╕v■ s╤│┐П┘В┼гw ч┬u"╨`,3Pкїи╟■ ж} М^:sf У!x░V(ХЁпёШQ*тrя╢╪Lgfz5├▄Э╥.+7зн■0╤м└╜╗ПwJ;Q-Бъ▓в3pейI╝.z¤▒ е▀?0^╤_╝w╣╩b┌C╘XЗ╘ф°Ь{ўД╒▄─=·+\ц25їэМс\/cLгД╞>╕бэ█ V╞=p+├бжжQхm▓в╜ 4Ц│}Б№&I╒v╚d╛╧bМSЙ╫] iф\Gи░'Ф8н1ф╣├╕.Ю.Ш╧╓дйЭ┬уVC O/┴│:"Ъ2ц│Ь ┐н@{RpЎ░╬3щЬkщsfв╕ЗЁ7╘▐є1ю'╘_оuЁюN╟tЛф╝╔Є╤Июо?ДБ8Vё#∙zшr_ЧўСЫ"Ї$#SR28╟yЭГmb╪┐`;WЭ▌:ч\C▓э=n┌ы?д║║ml╫pГКd┘КKфЕныxЯHэ< вtЦ┤t8;uzожч|HО8╥<┤jГНkd>╫\╧С:ЭЗ9█щж^Ь√]jЦЪ╘zЫ ╕FAзPJЛпI╬Б╕Хoy│o▓─∙z6}А@Фпц╥p;ДVъ╫'єzx╝еуеW╞ -П├ГF?O▐Мy╪2ШЫ╕w▀╟┘ ЙъcщvO╕ц┐}Гєy└┌┬·{Ej<СИ}azщВ┬_Б}-L4"}яа Є{EїГk°B▒GАjгмюv╟pлgбQт╗&∙пEЭО╘є╬ ┌ЁTшш░┐┘Cжд:╛┼Эгў∙Г@'b8└ь+g@75сv8ўd@ └ЭЛ╬Пt#ц█▀┐┬ез░╜В&╡a■tQ~b?Uc■?ЖєгS█rЮЬ╢гz:▀пК╘N(.вCfЖ╙├∙п·ъrFйЪr.т R▀NчZ Iрv°│]CC╓Вh;єгv░ъ┐~QЎ▓Hа[▀ЧOdТЕЖ╠╬·c╕7щaJд╟М╕╧(m0т!piЧр╜З|' ─C:O,]z X]*3VJлН╡@д╒°║^сGjн.у# ¤AЁ▒H┐#:эЬ+Wg╝У&чБ▓ ВZ■┤ПмДш=┤Р┘EРXУ╩╫wуТИ╚P╔╣ыИ╛дY°Ж$V╔Н $4─mЕL├m▀Еэр>ТєLкc╖IН╚ !l]0▀>Ch∙╣ця╒╓╠а5│П'ыX▐<Р│rtъ~Ycт6u┌К ~╧╪┘у┴├T/юТkA╨Ф╢k┐▐)gLЛу╓╜CЦИ╒▄║'cшвС√WШ┤yТиВ▌dRбU▒▐x5u^ ▀┴K*n╙LVРN*є'ршо─Iє╥hЭ·8ШС:7ЪЫw!Xе╬аЪs╡aЛЮ#─Tb№ўp&┴'иuhм▄жv▄ў]ь<ур\оЛ▒·cУ>д∙╖(-█B|Д╪ЁяR ю$┐u%9?ЪвМjўЮ\f▄юз┌P╗╖╜]└vq и]IЫГ∙mZK╦хЫ┴, dг q~г▓■бкYюбO5hqЕ ╔'П@▐╤J^▐гбy[)_╥Э,ЎЦКnш/&]l░Cy┼юСW} ХьО╢yТМ!~▓9w`ЫZ╬╡ИвЭ°БЖTт0┌╤Й╨QIU~З0.╓А%ЭmшKэє╬m╝[╧"ШCv0│фQзб╒╗╬УЕ-╟03Ё#чZп┴TТh/о[kI`TЄ}еB*╨Лхя░ыWа2ГСЩv#чЪ╪M╗░╥╨1"ГеМ╘Ў╟╫-/Е_╤wP [чФ·ЧГНкЧН╘[j┐Мs9BяUСў3▒];( є╚I╩╪сg7 ═я>ўгX¤·G░·5bХ·▀/w├ўPю─YКнxVaу┐ЭгГ`┴w╚╧ эIас┘Z║QнH)Бя╩h!╬▌▌%ЕT╩· С┌А}ОАЬ√ЄM8ЯБIBПрJpdmАc R▐╞О░oывy╡X╛є t╢╧^▄^ъЕ█^¤)(w`ртr╬_ю Ц√█┐▄л8═ЧрК+╝┌ЪкИ▀═ЯCЄ▄ЕЬoг╖J· M%Д╒умh7fА,F)Р{пбS@╓}Ohе0O'3_рAzв╗┴КJ─e└{┬УЭОBcЇ<4Jt0n║Ёзq║rюПЙ╒ИкдH/═М_Oa)Ё?а Ze!Ду/P%И╦тБ чХ╘╬GX- █Ъ╩PyC╩ш(3НPF:╫cДС╓О▒сфp7Ї=ФЙЩhРuа┼┤╥D<*Ё▓B,!чЖ─я ш╬жU╫d√В*+g∙.░■ mРП░■sРX╖F5Щs═bщ$у"?√) ╩;¤a^DK¤uяйP╨ А┘мрЕС∙#ЁTЖ#╒ъБTшЛ3жё░@пв=°э╘>йTFь&яc$╕ J7%:╗_a ╗╘ошўt4ЪnДЇ\Шhk╣gPQ'ikЫiпT╩╘фlQ)={п?ЇB;°┼ы¤╘ш,JГ╚Ц д S87JфWЗ+R+∙Э¤h╬_:ME6vъЇBуj╩!ХБl1п?TНjp5╙·╔ўФXM╔щA"°√∙иCжdн+єає╠kRИGв╠ мн▀╝1ц]л┐Ч╚О+`Ы ░ъVя┤Q6Ў╕'╓ъQy╓"∙NЯBsФЧvЄц╢к{xй№oЫ$ГхЦ┘э ▒╝Ggs·56 ЦН{е╒╬Ў┌д└Юэ░∙OЁ Я╘╞K┬9<зцьfQи╠T╖X=├Ё ^╫_ИХOО┴╬ЩАТX;ЛўZA╚╪~ш{:O<я╤Г▒IЪ╪6┴╘$H`╞хЕл5Q¤ЙP╘"x-n╞гs╖Лй╕vH╛*l├СёЎА▀чH@J8eН`▐YuТЧDcR╧nх=Р╧1bЫє╕╞n■иъkТCAїQ╥эx┌ъQч√╕-╠Щ▐0>┼╓@ЬPУ┼єЖ1 =Є1┤╦ШANЮ|О(х,Є}&O%█куTL╔Рdgў╝─"МuЎГ}╘2 ї8┐╘H НВу\╓Єк╚r0x?╗Є^.Н╢,H√┴Ь▌r▒9Л|хь╫8Ў ╥&╠-№"а▐─мфУQ\I UsqБп╧Q{▄тЩ░┼Аr╨╬;╧╓ 9Ё│╝y╟┌>┘ФВїcРўўkmR+╢55╖╚gє╬O▒∙╗БїШТ╚yХ║&НE║їЬ`ЎWН│Mа>╚Пр═З▒▐╗Н \v╢*й┘ц╒мыс╚ўм▓╞} briAТЇЙ│З/W<*фе∙I■├ZЮ{╟ЄdК╘хьoяьМ;3Ч│$ъ9сВ╩┐p┌3? ¤G╫╧ЙЎ~М╝─-№ЦPЯXn!]╟Ф▄Ъ&№у├}+\=У|╝╘ОKh├√╧Мп▀┼0╜3м╥nЫ╘╔gюС3XM╗эq|}╧ ╨([ю√Ц[иН╖`╒w*pA[ ў д_у╟┤XЪцGп=^┤╦s╫ьЖ7Й?ф╨7Р╪ўнЕЫ╪Q┬]╫╦н√Y,╪┘ ╕°┐L▓░Я╨м╫Є,mR│┤▀╘Ж√ vcя═н;H&√D╦Lt2:Kl\yЇT│*▄╔=┤BM▄╦╨)╝є8xГaШи¤ч3Є╘1иЛBчз#Ме|з°єЬЁ╖╩/г╡"5Є├√"╤∙u4 ;─ИБкєСїВYxг (~║ JZ╛eФ2Р╫n ceQ┐H``r╚╧RРg лAзCFквЖ┤t═QzVЕыGxзў[@*+aЎ)=Г│<╧┐гдїk╣їЗ╤kйўЭWгз╬╫ўЯЪsЁAцЪ╠ц[тifЧ7*╬¤F 9У╗Ь╢▌G╛hс╣9яKПДy ChL┴╚╪БZЩЗ╣╪╣┌hЖ┤▌XАJa4db╒Є№ЮY ╕ ═КiРT@Ў^а3╢&чW:LЦ№Ьk K▄╘ЖIV(рнZЄ9eA╝Э■iС2схЕ╨U3ся┬Ё┤°HИе■Ц╟a┐оЫ[7v8Ж╥┌Р]сIlф ?п┘Е┌и0╘gШ,╡┬АЮ┼j8ikб╤ЮyBЁ$я═бb╨┴{sВ┬╨Ж▒ ЁZОzн%Б ▄▌<┬Й°MчВo╣{▐╝< b│ ┐─д╙┘Ф╤0Ъ╡6n▌ОФK¤*Л└q{lx▐А╥┘{;+Q▒╢Ш?с╝╧iИЁ5cm8-Cx76к9/й║К#╜■RP┌vн|╤√kЦ█ФDu╡Ь0i╡1пgLшГy?ч║c8N°РW\∙`▌АY<Жv╓Ь¤ї└к╨зО╚Р*╠гQВ╘kШ┘,,╝'№ Щ╚їFБ_:╔X'Гjє┘Qeь@e▓k!eЫ╙пVШN■вwМ снCqю╕ю>┴5,H$╠RiЮХ─y%]x --0 а9{0z┐Ф7}jСЮ∙f╓b:диXє^╬█CЗ▀└{o;яАdNїМ@Isfу p·°О|{╛ ╨А=_.x┼:╧Ъ9╫k▒ДNП▐ Eq. ^Д│9йХэ уэ╥▒\щ√╨■M@▐Я@┤чb╒°1jРs=НD2у\─бВ╛╜Ща░vxAр═│бёЧу aА&Бc"2ШBўнИ▐х}ц Y~├U0x╔ьч┴iУЯЧЎ("╘Ри%█ёd■QЭmУЎ Нл╬(ЎжBk╟Hъ.nб╦zХС№Аj║ Єф8Є9вM$Л│tУ;ёxвЬзtтд╥Поп Л Dс ╥y╣s8J▄┌чь╨dЦMъC, DEq╘ЄRмУcx╚@· Ч╒Р╕7aTCx ХьdЭRЗ╒Р7LКO#K▐yШ┘МтG`йd╦pPоИ╚+▓Ж╙╧Zе6┼Hю┘ыю9раГР LЇ ░╬nф3ъб(ЮН┼|└╤d┼нWDк╓NШrXЗЕ[wHЕoю Ж╞C/г)¤}В81Е▐ч\╧и#CiS&┴Ым╗?Ш!~G.&"B╕л/,ЦD`N┐╢╠hT~Ovиьи8╛%ю┼в╡p▄╜Й╥C;чzъ▌!|З╩эЭ─^Ъy¤░Ч;N)g!ф&-юТТsB-ВW╨У#▌vп╞Mо╬HIжF╩╤╟УI1p5╚ЛgЦHў L╬√ ▓░Ш ДH┤╦╛'єDЮ*dПP+%└ АЬ ╝L╕$└P+! °╕$─0└*└%╓3(P╟HnH l╡lЖk╠RД}%▄W▄еР&S&Ш(#<иG╢уЦя o╦$и▐uFр_зЁ4ёЪЫ┬r|hX┤Omr\ч№┼I8∙вUй╠┐К<У5╚c!@▄UК┌╚"В╓ qЫЩhs`,ЭрpцоМЪа]▀ ╥T╞яqР°pVFkт╓}C4dzх╛xG\▌!P+Э╜ДЇT|ъ╚ъOz °┘сBыФ{Ш ╣оЕsп?GK vBлС▄─#<╪KmЄАLП╟Дз├Sbр4Лw┤\bЪ |Д▀-yцдР-1`i 4Д6J└NЎI"╛`,┤bї╠O!╬┘╡g╔┴юїўСгвh╠▐9Мd■ц╠<'Е╛CзУw·1▄TuЗ·╥T╖}═@Ч[йщB+p√ЕHЧQFєщцhA-╧╥т`оF╨<▌GRШmхмMБFHСф@.ЎОо\▌Щ$}dУvё╥^ yн╣g═Z╗╖0E(:Сы╗┴цЭЄ"я<4№uїЛ╘■.""xя╨XLt╔╝ф│Щ╗╕З' є(9_оB╙вЕ,ьvuC KЬOЪy╬т╔>╟w╔Р╗ц3┴╘cєZ6Ь│HdС)╫Б{жЕ╛sm═NR ▐г,B77╔lцяVvЗЇх│л Ui6╪M▌╕<╠K┘IPсе ]?Ф▓S эy╗╘▌єЗи3╤8e▌Ю$x∙┴Ы╨цK╒e=жш√}0 В┘┐r$n"И'0√ўv'╧vр] ▀oЧц╤>оЙЇ╛│_%>═Ъё│Жл╧╕┐=аЬ│#vL░╦г}@$╞Фxє╬ ]вnЯ°ы┤єDra╚эP┼НРU╥|╦Cа*(Dж√2ЁЖЎJС^h,╜/x╡i"ЦHТаГ┤!Ш·ё¤d[╜┬г¤бЪ`┴╣а{_0№=Nлv_5нлч5W▓FV╫i}дРJМП║Зt▄O|нZ┴ko5▌С└LB░{Ё¤ht╫J┌Э┘.√БнЭgу╓╪еф8O╫Q▓╜Ур╛ {▓twU №ЄНhю]╟8з▀МшI tReВxГ╨ЪезгЖ╗@ф╛Kor{b╖р╤Рлz&┘=Мs║Л┘%═.╟n║ тMdсфcлФEi┌_┴гE>┤{╡ФR╠ЎСE╜д▀#rvУ?Я№g╘Rз└юъ╧р╬╖n2║R▐дAJVCё@np╚Б|Ж▐ЧE┐;ovо╥┼нIа7JJAc7]^└г4E°-СW{■> ∙ЇЩ╨#Ё╪:ьТ▒├&%EЭr ▐▀iо" Vеж@wвZ$ўi(Q╔0bЙ┤ ExЛ Y√╥=╣Д~╧т╤╓П&|╣m∙Ф_0э№jшЫVи└сZЩ│o▓Ч─╤Ъ2ПТ█3зwUТЖЄtО?Е°eo%Є╦цЪ┐╘╙√є╥Яdhлч]▀┴√│iBQiТPt?Р~ПM·╪|~їpй▀&} Э╖I Erf╗wьu╝yQ╖┴╧лчшфГчРn;╚-_°Q│▌ Э,jЭь╒W}~ -╚ьD▌чФ/№▓ К█erPGЎ|r╜╣)╣▐ЪЫwт 6я┤э6sАs>DH╘o7ї█ЬнЧЕЛЪГvяDRЪls█╣lY╣╟иYc7яY9╫ъБ╗┐°Щi^R }ЛwхД╠г▓x╠иЇ▄"ц^i▓│¤v╓gУ|╬цЧAС~\є╔,IsнRc═╦юГkЗЗ╫═Э=мяЩyNpЮ╘└Ї_!KuЗ╛+║п;И║ дaП╘хьV├ЬГч?лnВg·▀ЛХ╡Г╣xdY·┌юЩtпЪєNzбNв√Ъ┼ь=+╬<7 ю>▒@РN├ф+~-H╕PDх~K-л,IР═p`@n ╚Є╠ўЄлаеЎЮul ▀у╛єшHп2█ЗG▀:Аы%┼фшT,эОx│rsа2ї╜и╬УW╙Є O╥Г▓ lHВ9ў▀C■;┌┼°Щэ╫<ХсЩ~╙RBkq╝s·ЯW╞Ь█Co%lYБ"уВ∙(░ъBи╨$Ж╘КИ№L є▌}x╛PЪ▐[Д`VТ╨J■ГКЮWЕVэ■"FЩ╖П■М>шаё╟+ўyl:йЛП$╔AKО№▓?X╝+X▐╝3╝O╜smЯ\ПtU╞єib╬╘ж╕√╓МК·АDЩЭВ и /▓fO╦Ы┤╩'г6пhL▒{r~9Ю^L╩o32ўgvЄжO=1╥rdl┤{Ў╞uЁR╓9╧ч║О█╠зj╛░Km6п▌xYФ╝┌╠эф┬AС[Б╦Ў╗;y╬zBJКхеЄ$ф╛.тQЇсиF░Nн<Иk╛ящ*iК▓У,Ї╦^▐фsLГ┘╟MgD?8ЪаqGдЇ Пм_Ъ¤╒c╚ЩчqН┼3╥b╓Л=╓╦|╝│ Е4GhЛ5{V%СУ0]жV╬]H6╔Хъ╜6R╜р-Х╥3*╩~2√9ч|rЇ=╘╞хsКxМ{p"~╛9['Я9Нур#уАЯ@J╡zбh&Шdха╡зlE√/│╙&∙э▐Еn№p ^нvж(ы╗ЪсВй├УyIгC═ЪЗ▐#аtЩє0+Ш[k`╛ю╝╒Ч ж¤oQВёёjЄюsВ?а╠з╝`─Ыр┼!xЛ(?╢Ы&я╪=6Ў=Ы╣gх ╗Їе "▀▓╪Tаq)чЬ╥6┤k3яо∙▄Ж╗Ы&В Ao:Fт~d▐9дя ░аIOY%!)rшю╚}Тя;A·РшЮ▐wщ─Ў9юб√╔ў║а╢ЎЕш'╛ u╪Z│ТXjЕъК2Ё{│"№ф;Sl╥Зфh|о7┴)╡Y=№╣\яэчxюЭч╖у 5Н╬Бa▄гкхуё╣цоъBлчЎ~└w▒┤ШC┌kХ:L]]▌╥░ще╜6яэ¤`цє]ЗёЁГря6Аб_╧{n ^:╨uЬПы╢!ш╬ :ьqфDЇўa╓╠Nа╨ЭP{╕ОшlНф▐JxЫy╨┤╖KчAфbx╧Э¤]=▐[У∙оn>n┐=╬.9oB╨╬ььъЧ ,Л╥П │═ДЛ═▐б╘"№АDn"L·(Дh╙·iЧ?Рд№блo╟╙}їЗ╨V▐╦Km`/UZ3█┐│po┘┌╗dЇ°F┌K]S{╫ЧР╖NКsА%:╨╣?╚Ks╟в/c%ЦQЗ┐[╦╫&k░тw ~ЫdС82RR ▐ >j(0Nз═т╔█iбЖqU╦╨SW╥8└Нз ╖тлр5Нр%О%MЎl}/FЫ┌BюG['▀ЕЛ&╠5LшF]rS▐&5▀└ТБ%╩=сл^▓Р5╤-├Sс╖рЛ╖╪е▌╕╠ Ц:кДnx╢╩╟qs╧}ЁIk7Лэ▐─q┼╩V╨!;g▌- ╒ў╩ p╩■ашуAўсБЗў┼R┤Fўф║█mdжЕel═ЙнэФE╥иАлш°¤НрE╕я¤╬kЇ╠░*у{n Эп%^║ АUt ^ЦКФъ!▀7Bo=гаMl╚╬ЖЖrБ8exб╞)y mш`╧│а/ОЇ<9h~вд(їе}vйЩT+▀п&ф~@Mn░Q YдмлъБ│|bЧуч╬пЭSh.Ъ7GюU"Ч[$?к╓▒%їAжц╬}ИgDц <@m╖7ж!.1_Бqjf'о╒Т<╚а╩Ё&ZJ°QGП=Й/╦_Ь─{╩еПu┤┐д╗О7∙?о%c▐-?Мз=[dХ▀▄┼Kз╚▌Ц>Щ▄'¤ёlя<╖Ує└╤№Фa═ь#gкw█Бux!рd~3┼╚г)▀'цв;_(╕O8омg"ў]=!░═6╢еюБ ├╣И│Ld7 ░r╖y┤U Ё`NХ_$wXмэ░╡╢Р+░ИЕЪ1╚чбїy╦М╫ЎМ√┤Гь╒█╪}uл5╫2т-XoTХ∙NZхGфLЫ4┼╪єBдП╢VНС@чI╢ч7%НJСї7ъюЦё┬NШв╜I6┴X#░t^├√t╡R!├D▌┐▄&м╙о─дHyБ,8╝КД67Wq[GAF∙i]Щ,xo╦P│R│LY╧Г№їAjЗI√э&Яря╫Ф·ЁкпаЧ_Ж ъoKaъ│,┬_QэёГ█Ы|йЎlбЎъЛRВkГA(6 єЩЪ YMщA╥рmzТ=@ Л$m▄XJ ■Sцгe╩<з└Щ №╣G/ЛЮпВй'KФ∙LБя+p╗_Vр_°и╫(░\Бў(p╢oQ`║F`ро?║B:и№|d1╤┐P:3ф7lH╝ў?ФZБjH|hX▐мъЫAWбЁ7<ъ╜oярЎ║W О3ў╙╕^БН 4(░ў■!∙Зрп щ7°'ЧХUj*к╩ЦN╕╘√ю╤Y бЮ№╒)pC═Я╒√Я╩╤▀╝Є{╦+j╩ ┼UU°▀XЄU╦+К╦E├╥КЕеJ║!═2'Ч╖═61╠ЬХ┼U%e5Жк┬Єe┼б╫sю░╬ЭiЯ3▀─фVЙеЕeЖ▓КъjCEЙб║tYyiIiQayQ▒!-╧>'?▀ДэTИ?Ъл Ь Є-/6TW;╩DCi╡Aми0Tп(,+Г∙ПMЛ+с%а[╝╘Р6o╢%ДE╕╒ех╦eЕUет*CZ╛m╓lеZf╤КBq9`Яf║┘РZН ;jjuZъ▓ЙЖ╘e&Г!нкX\YX6" аmГлсIВgАЯ┴УсnАчс ╠$ГЯ ╧rNДз┬3с▒NА┐Бз╓Gсл╔xя╘ pЮFмg4╕╔Ё<сJАысyq°8<╧C°)АЗчEo°<АЕcf ЦX ╧·<╨f ├┤aаЮnмр<ЯBx1└i╦/l рГЁ|Н╕ax9├|ПaД°▒o3<е є<:o╕тWр│C╕`√╜@WwьX<╨Lсчх0ююШQm6S°C%├,┼:яГ:к`!lhкЖ▒├<YН╦GP!<П@╕рfx!№Ф,║·Оe6└єц°√└єАg╢Е Э7<bА{с∙q╕oМ#Жс9З∙яЗ╛┬г┘Б{0 s╞wр■ ├мГ'aю╔р> Мї ╧┬3┬╠ П╦╝#Д}w┬У╢у ЦR√щў_¤сЮлaM╢Чфt ╟Оbt▒Лc*╡yЯк#N╔╙(╥2;@яЬDї ┬бяП@┌iх=┬pб6у57─лcЦи2╪BсD▐к└╣ \м└*>xdp╗O(ёН lQрз №ZБ¤ М∙JiWБi Ьж└Щ ,Pр= №ХEоQр├ №н7(Ё9╛м└- Ї)pЧ;°ЙП(Ё[ЮS`╠Q ї ╝\Б?W`ЖoVрLЖ~?НЕ S╟ч ╓R\V,чTХКеEЕe∙╩ЩМм╡\,оЪ╠мT═*эЕ╒вХЦ9Жё|▒░JtT┌╩K*xf╡┌V^Кч_Jя┐и╓╟╒╢jKvN╛╜╕piЎ*▒╪  ~5─V^ФХI╨ф:╩─R╠VP1┐tiq╬Є┬*жJЫ_,╬+_^X╛┤мxй╡╢и╕│╧,-lЩ╡∙e┼┼Х╠│┌В▓j@ьО┬2G1єбvЁ9Ё2┤╤'N└CИ 5PPnХЩ╩,ZФ│и║▓╕╧х,вmVсnювEЛ╩КсУ╩┬e┼ЛJхELжоX▓и╚Q╡hEa-MdцBъ▓b╧V-лfЄ!ОЗ К╦W2оXвф╝Л┴J+╩WТў SёъbqQaeх"qU%°ОE4┼Q]\еЬ▄■gнXZV╬мВ╨КъeЛКk▒┤ЗYTDCПCиb┼ └Хa╢3ЛаT9°}Я2ЛJh┌8Ц4ф[┴8┘EeEў2&╒вКrR|ЧjСгЬд=м.\RQ%2V├(A ├<пж-╝н.йм*-KШэrИEL│║дкъюPЧ╘└╕BшМП╬Фc┴│SпPъИ╒м(^QT╣ нwAў└┐╓рYи┬2Р>M╡Xе╦║├e┼°9Ж╩ЛVT2EЪХбжЩ_kjКк╔{ж√ ь╣═:w╢╒~¤фЇеee(I▌ │Ю╒+Лк─v √~Y#▓.Що╫╙Ї╞9:╕ё?Ю№щў╙яз▀ ┤▀D&tЖ[Gy┐L√яЄ{Mб№Хй4 фй,╔ V8 O┐ Y? FFCB:v╓ьyЖ│∙┐╡QgШ┤т╞)ЁGtФO_V\^\UZ╤┬квх╙kз▐8 _.3LЪ3┘0йZ\:}Y╣ШTR2л У&UVоШ^]]9iЙгдд╕jюЭ>ЕIHO┐&]|КkЛ╙ЛШыЦ8J╦Ц.-нвБы▓ч┘ьЦыVДО@OZ95=#=#*KУмЛjJ╦oЬrIюV▒1Eh▌к▒╒E"гMЫx ╔║╪▓КЄeЄ╟QОVQёRШ;ЁFyГ j№нл░p)мо┴*1╛,х^Иkю└U▒╒╦┴КRЫFлАp}ZЭ │kbЗdМ╜.м.'╜╨ъЎA┘ШE╓9╓╝█Ь┘ЛцZsц╠╡0Oи KZв6▄s╨U2,ёТ#Т>│ммeїA·Bг╗Jй?6бj╓E▓)G╦їg├┼аmьl╟К%┼Uy8Ьр╓T┴л╧i)СRшиа Н~Ж·Лa#▓т╞└─щЖ!nё°Gл√#№MXФ3gvБuA╙б╤лЯЙI▌ ї─цe +щgcЧт  Ы7Щ&d─ц╓цTЯ╝HуSbєЛЧх└√ЧbЖ}ёй╖@№e┐уVИ┐Bу╙0>тi№М╧В°л4ЮЕё|И┐Fу┘▒VБ╫iГЦXKUг~Гb)@,УQ┐IcyЫ╠и7╤╪И]╧и7╙╪bИ▌╚и╖╨╪rИ▌─и╖╥Xeь▄┬ZF╜Н╞jcчAь-лЛЭ╗bo╙XCь▄%{З╞cчVW2ъэ4Ў╝Г╪╗4Ў╝+e╘>{jБШЯ╞6╞╬Э╩иЫhdKь\3гnж_ь▄Lш▌kГЇn'Нu@ z╫Bc√!╜kе▒nИMa╘m4&CьF▌Nc╜▒sKп]4╓Яxdюw│├яG┤вjnё▓╥jЇ\╒_╞─ПЛ╟WjО╛Bик(c╘GФ.i8Kё╟▓p·WJч4·у┘UЕхE╦ *HkGХЮF┐ЪYU▒В╝<жЇЬ╛ ЕRTVH1фm╕t@!ОЖQ╧╖═╬Ю3╟╬─мMмGЕУ}gБХЙё\Ж7"ичг└╟2яО96 гf┘(я#s~.г╟ъQэН─╥Мz<Ы╘└"F╬L╦╦Зъ╘yl ■7w#~╢┼ne╘┐W*└"┤╪q6┐ 9/Т╘├╥Fг4тЬy╢┘P╛Ie╥─2╠(ь╥ХHB ЧД║,щw*%╪^вфNХсЦXD/YТхfNЮ╩Гпд╛WЫ&Bzм╜вЖQЧiGь#JJ(]╢ЬQп╨ъwаКbF╙ьъrmм2ы╟`¤ясO b╦╨ДчB s╓жP|гVЦ`Ж╤M╛мН`Є>№╜Ь ОN│┤┬▒дмШQщ5d╩PвZ▌╖Рч ноДP6HК=╞во]РЫ╗(Я┐├║ИЯkхпcNеWпПYш(L?┐вj)гnд╩ЙЙ═' ACU▒Е╦h╩ocЖ!╩Ъ╪╣┼╒┼U+ЛЧВ0 Ожic╔Є╒Ь╩"2¤ЦM;Кэ°УжvR'mуZОУ║IЪ8Я:vЫ:ЙS╗Йу╪ЙТжОг─о_У╛ЧжyНч%q▀I▄{gfБ▌E9=щ;}=┼сrч~ц╬Э;wю╠ь╬юОЯ&╥yЫR.ч7l єЪЗkS└ЯD─ НАЯBj¤-ЯGT√[┐К0Д╨№Ъ `>╛-`ЯААф%Бp3DїяD+C@d┐ э Б╤¤╗╙├1ацў&╬1аш╦sМc@╒W&╟1аь▀ ╠нъ╛*0ўR╤{0╓│▐B╔jЇцп┌ъ1╞п ╧Уc'└ёЮ╖5б{╗╫░х╕ої▌°_Hjs I═ ┤IЙЇ#Ы cDsG_Н├e3|т%╜ъ░┐HMqDР■▐▒цv'ЎBФаЯ┤┼c('С$nщО·є@х│░_:Ъп├7╛hSФ─ф8ыoo8ШЪ И║╬k╔юn№д╓ Сw√╬jАr∙╔DктРiЪ╪Б ы╙ычЦlюzф\ "║~O5/тW╝з╗q ЕЎЙЛ│R╡╗├ш:эjнT├╚╝┌▌x?2З30E─N 1▐н`Д]7─ #Rл[aSQЫ:ШRS?щТЪ▌ы;kЇУ╙(t0"нt╖▒`┐▐?VА╞[хf╙PЕувЩ╣ 0╢╕┼▄4╣pЯ╔▓i┴:╬┤&f│SDZяnBU┌┴XУ:бг┤┴mgp\Clt7й┴V▌[ГuЙ °zCj0ЦT√B╛`(Azд'ЫъЯsБЎУъ▄╪tfжUM╒<мNку╟gqf┼Dр╘КГVє│Рс)О░1·X~fЇ¤"╟)(6Ухyе┐тH+ыФ@>═С╒А─ №3t!Е¤5▌(╗░0/ОиNC╛╠┴zFЗйЬЭc┌}Ег╝АЪ?СЭЗ)GммИЇ╒жj4@ 2L╬e└ГЯчV ╨9n╧▒сkM╒\╪"миь$ ▓_oк╛йЫ4#+RYOФ8№# о"uэ Эo▓П╒`╦-Ej^│█pL╫ЖсH4дq╘KWxы Xьcу3Щ,8рХ^╤И|ЫўSа╛█╝в9SЩ╣IЁ■IЁ╤90eЫЧп▒ь┬щRє╔╙s╟чgSc8`K█9Y)KdT╪╬)╒Ў$мZcS1╓7╞f╡ёbЗW4!▐W╔╨m2╪ZЬRз┘C_'iз╫╛qЕ╬g})ЯМ@4H┼#DСf╝ї╫║бВтNiШёК5$jCдыDнJ67╩Соў┌▄хbb,∙вЪпJє▐·С:fZ╓;nЖU~ д╝╖чхЭ╪╬I╩?!н(JV▐@┌В0ЯЄB'Д╔Фп│:З▄Jц;┼бz;ЖТ╪ПOз9╥л|YnфPЛrб3jU└░|З6(Ч!t3WwЛЄQД9t╣Є/▌┬б+|ЭЙt+З┌№жАЇ6╡+я┴╬rиC∙;ф|;/бS┴ p╥mъRV эvu+е;8╘г▄К┤wp)Aeб;9VЁ[╥]Ь│Oy є▌═биВo╔ТюсP\9Г╨;9ФR■е№ЗЖХBят╨иЄiФЄ╗▐l╣cд%SWЪ┬jЭ╠╘╪8є╣╫█zOЎ╡Ы.ю░zxMz╪[д╛ь4╕┼З nё╟╖x─рbpЛ▄т#╖°иp юъeєy/ўАП<руx╘рЯ0x└' Ё)Г|┌рfЁА╟ ЁГ2у╪YwG(2~Ь8:┘zИlЮ═iыт╕╩∙╟8\p▓p}q>G╗╩ иTжCЪc7Cx7OЬ&О.&дАт╪├А Ha├Иc/ClA*GьcИ+С#0┐Р-трV Оn~}∙Їшл∙e:@Г3╠·К┼|ц°B─ьgД.$░ lОkв{є╔ф╠№╔CЩьм▐=№кT╢╝╓t°°е9]нщп■5Ж╤═3╔тD$Ы[(Gа?pgи╪BСсВ 7╠p|З#─P╟Иd░│#,_╓H Hт8*бщ╖╟ж░6Ид№╛dИ╪нЮр╝▀ї┐А╢╡LP╥╤T$╒Ч@O┼g¤/Вeц`z@фиж[a%dJйбБxjД'╙╤(бШКt ;C7└sвУX┘╣Л╚xМЮad-0х╟+4 ├EТq_*╨GкШ°D"Ц ╞ВмЬШm"╛┴йF =╪?;4HjXцP:SФ╕Xщ;ИЫq@вЦ':HOtcщ"ї╤E─6r дЪXix╡╔Л)0H,CЪ└+T+1СЇЕC╛D┬7BV▒║ёt Т %Вбpdмx"°Хи╒Й█фФGш $─¤_qяЧ>╨╛ЖР▌l ¤]Еv░ ZWХ`╛z !{hBzЭBX▄;▒РЫ═МГ\5Ч+└Ф" ·G┤Ж╛$эG`Ц╡oьж;0juПЭї╬╤*Їгю бQЄtg ¤╟^▌ ПPЗГ┼▓¤у3Уу╫л┬}Tц?╫RКyhU+d╠cI1Не╟hГuтт! 5F╢6 j0┼Q░╬в╟i .╚╩HШф╥q┌r~YцUe;%ЙФ╪RJшYБўКнaЫ$═hWnАq`6W╕1с|Пў═9▒oЖ╨bш┴║НйД■╙Кў├ E║я№bO&d╖#.╠C└д?vтН]|ЕюЗрЁaQ▀XПт!`кl'#¤)╗-ьг╪ @Щ┬+Иш█п3№├А{ё┘╔Bв5¤~╟Kp°?╣ЙРgD,Z┬н9└ыkВk H[╩LV3УЇ┬║Hp p\┼═└┌└}Р°]╢u&№╛═Д╝!2╤ЗЁ▀ ё▐ bГ?┬у└є~O√e╛Й pЇ> щCя█шсKЙ4▌№T╛gd< \°й╟7Q╩р:``├/OРВDБ°6╪У,Ё8$>-сKВ8OА┤╨▌№3` ╟и▒а)Аy╨S)ЕЕюК·B-┴+╪ Й]м`7┴╤╡(2'X'╢рH√ ф ╗жp яFМгл╦Д╝ н╤ В╙т╒\TK85▌ъh═3и╪█АыГPЇрш╜═╒l nРЎЄ:▐[?Ф╚└h'№+G╥Ў=Ї э=i;щ─З!W4+АGh Д╬╜M ? ╚}ыЩИ-b щ┐KР┐ф■ЁM▐/кў _└kX╬VQн_pIc$┌+╨Онр╠╝°AzРЇ/|#рг╤1=нcz\р╖рcя■└▀╧iом%ъ4+■oi5t▐рпАщ+°ХBl╨ЯЁ$■Б @#оNqu╫ЯвwгшШ9>╝ cO{UЁ\жХё└Мl@№║9zpuG ╧+Ж0ГХ╓АIтЯ1ЙOUH|б$ё3LтM эJ|Q/1Ю╦ухЁ▀┼M?D╡]нСТаоНр}╖ tpлhSmюQ№┴M╩C■╦╔╓Є сТ% ║У┼Imлl╒ л▀Д┴·[╜ 1 ╜█¤q╨т жO5ЇU°З▀Н~ О╨+╪aU(┴zА~/АC 9qP№ЩН▄{:└z╨¤ А>"А"·╧s║▄ЦM<ў╥U/мqыVюЎ$о пЩь ШOФ6Їh7zшJЇ5bХ¤(HLNЮ┬b▓╗9ЇL╟ы0о╤DЗW╢▀З▐╘╚PУSЩYь7sp89╦Р┼FЬж╙Сd∙Т╜┼Нo.╢▄╫J`ЄУЇ`1░Р╧OfЛй╔уЩW╩ХdЛ╗╪-_SpdР0║В kQНИк╨Zl1А▓Р▐╬╞▄!▒▐Є,╧▄л╦№ь·╗xцB~аа╟жe~6┴2л╝|ПГ{2b▀Nк▌H▓╢┘ьLф}Ыё й0y╣У┴№9 {Рf┤я▓Шф┴(Ы╦OVИ]/─тр╡/г_&╦ўUe/У:`Y3А╝√P╓d┌QGYЙ├кЪЗщ└tсЖУx/╤┌(Qvч=√─¤tDт■Сю╝РГМhO*hgхvK├aaGU┼ЭwаУ* фИxК@Ь,=u#тYqR<Ц┌#№1■┐ЎЦХг*┴-рS5г8уQхщ▌*рб▄▀6·└сAw╘М П$+\▐#р╔aИ8╤бЪ#,┴■╣К╡гI╚ПЗk╬;z-Ьёа▌ЧpИS]OыKЁJ▐F[Пю▒`LА!Є_l+GCР ╫b╙шў>рщwyGлp2К~╞;·%`╞Г^х= t<\є╡г0K├wgР·+ьНшЄ╝6M&Ч7╫>,╬ ┘[р8╜ї58Y}┐\┌║╣cўoЇОФKя┌Ь.э▌╘О)╢ЫВ├╢┘╠ёщq╚4ХЭ▀V└о█r№ X╬р╞M■╟╣─йув[8Б╕MSNио▀╖╣tRwu▓-Э,2эь"╔[yчo░eє-я┼№ўэ┬4m╝╤э╚╤Ў_I╩╙╕/╘░sJ╬`=▒M ЄNd╞' ─n┼Р╥иэh5!╢aаз╥Г!5ш ╙╤Рў%R_яф├Т- Ж#Дъr%/╩e1r%у╤^цщM┬8TQB8ъыe╪·РX╦▒бa"ыр╨@,1ы╔ф^leЖpJ ─U▀`Pї'|Г└k√Єx¤yОd ХLТ*Ы/Ъ╓▒GЩь ╥щи/RcщTo Ц└к/"Ь:$b╤Xo:джУHЖ┌ЖHuЩКG*╚5e2Ц ∙щ╥ЙL'√ДЩ╚ ]#АА(зwМе¤║╢Т;'uХ╠Аїш1и&√bЙd0АW¤I╜СЪе╥Й┴$i╨┘.ЦNи╥`уhd Т"Н║▓cс╘!_Н ЗаС▒ъ■╨`( А│Рж2k4р-#ё5Ш* ПРfг▒"ГБ`(@VЦ▒╕+ж7ФPГa╚┴▄-Ф$л╩ЇX<е·z╙дE╫оx∙эХHи╛`0A.╙iНR#╨юЁo`g╢Y}rYc ьP&°╩░oнhЦd* hЕ╡║ОI·вС^╝Л╣:X╔ЛТdЭ╤I__Шм7т╤TРl0т№)▓╤мh╪ txжй B6щXВ╥I╝ю%ЫuцDУЗq'Ў^ $[* с¤зн║N0╟цє'╔хF╜·"м╤┬0┼жкщHWIсp"КУm·RjW√╬о▌и▐K%I[Щ▄ ╛Чр.)ВYк╡▌с╥ГЪ¤г1p@╝Йў┌/╞┼.║Ч╪vШГjаyx{геJЬFN╝ %У\^Ть4ТQЧv╒?в╞Зc ╥it№иQЩ9╜ЪКсеzr╒2,сDlА1эZТ [Х▀HТ▌:5Xш78v8.Ш┴╨]╞╓с╖ {Цф(СўЪzW<┘Ч√╔>│guт╬dT"├`иnг╘^v5Т\m╬╡гг+<рS}>h▓▀Lю╕jЧО|НЮ< ┤ЛyE╧2МF╟ЁUpъЖR┐БкЦ▓*▓iФ`E,ХaЄР/.&У ┴TС+6p╦x{о▌╥v-]ЪС├l[ЗUюьфйV>╫╢╕Km▐Z┬цщnл╩v3┘eЮ2╥О╫2╘\╘╕▄¤9\┌avo n0tи*k├h:АJ,█ko<`Гzl;├▓l╧├смe[ФлQД┤л╩ё$КТn_┼й~╤╗5t╬Ї▒Ь▀┬П╓╥НК╟))лФZZgw7┴rjq:ў КnДЕ╩^ч>чg─╦ХMOЄ `└Д═C%┼щyПУ┬^├∙eфя┬ ╔АpщUШм▓ЫIr^┼N╒LО|'╒Йкй`║pcк^м└н0Е[╢6Auj;u _╙▄▌LH]гОь tss─ГE╘╦мЇ^ CщНН╞ iвФеРъ] ╖▓СИY┘@P*!л0AHЛYc`╛╠CMu\▌d╞мй1Ч█*ь@╚Zр╓▒ол1╘k=Єa1╕1╦М▒╞Ш╪Tj.'зlо╤Y єn▒╟~'╢nЩkырjъхкР~гт╢╒╦▐╠.│и╢Fю┬Я╢у╦"█╫┬┐╞v│x щ╨г▒│╙рМЭЭ║·єж╛╩И┬L╗┌ш5═Ы╜╝╟√>?│╚nYЧ┴╥ЇД▄┐ыо│z┼ я╣√,%я}°й√╜m┤,жХ╒fЯlhБюNx╡zЎ~}оИЗч╗F ЭKh╘cи5╫╚чдщ&$·/╡Ї╧¤N╠3ьqbf╝|Ъ+(УЪИPg9.qзЫ╩2zСЫР╛%D!9т<╫тА1┐`ш│n╢иfA─pУГ▄ЬД─JН▓Ф тzє(╤Д$:ЩкI┘ф ) ╨╥m─╪шн`О!sбн╬N&їРlЁлa│╟ЁFAЩ▌═YE#r╪А─#yF╩е∙=!G (& ┬0мЄбо╨gV╣6║<▓14Ы├▓Ан<┌╚KuLЫ╓mэ╞ оh1л ;Юг2`:╡шV▌Iz=е▐с¤m= ¤√OЁ{ 7IУ╧р$Д■_g)№┐╠Я╛'█ ∙е.└N╢хччЛ№q√эЩь°ь┬─фo╚╛=WШ╕fpуJ╙DР╥ а▀c╤6Гoй8Щ╔fЛ< У>└o╦└ фЩ╧Oтz╩▐Й╔)тжйbaВЕт─lц8OOцєlя Ф0Ц╦p\.?│▌BqoКJhШ вШ|╖7 ╙%╜&є┘1T╩ZRJ█╞Y╪vб╦щ,жТKu┼ЄD}╞К3<╒═nкl╦dў│цУ)й▓hўтд7a╬MmM?Че~ЩJ▀вTЦъ=OГ╝╥Fхъ3ЄJщtЫ,┘жхfА%█WJчzv~╬#╫B┬VДЇI┘╔ЪР╝Z╢┘шY┘.╜С╩оYЖ│Ї0Ьи\7 ╪П│d=&?uX▐аI:*╦ї▓фСй═ ╥▄╟dI··SП▄ИЕРэ╢Ч=▓╥v█s▓╦F(╩&=eIЯ╙e▄ЛЇ│Вё!d┤Ї▒Eek█А<-7(!(ёr5RХGmRўgeщ└VЛмHchФа┤Z▒╛╥Ф┼╘ФmЯєX%y╡tсiBхЭ╘j~е:├╜6 ╠Nщх3╚╒яJ╡M·Д▒щ; m▓C:UФ-`1м╛┼v?"╬Ы]z╘VЄа6gБ█!}cБ╩нТcXоТPЪфlУ[!УBl┐'oDЛ╖БJw▓vРбЪВ*█юў╚ ├▌.пE▄Г└6"╦OО0Ц╒╧╩Є)yuш=З╦kчw╔)ї╦ ╥r У▒ПXмЦ Й К╨ОТ│жY8 Wб╪n└╢╜|Тємl};`keO?└┘Є╣Е >╔─Xl╖Б*Юay╒Я.#╫H▀%`p8∙* 7AЯФЫЄ└╖LА№hєЧX╦9Дd┐ь█Z└.\D√(╥╦┤ёИ│I/вЙ=А╞╓│IXj=Ъ▌&]а<ч#ЛЖS╧0еRоЕ╙0kZЛm}Х√ўoб╟ф6·╥@3ШТХ'хi╞┼3╜ пєPщ:х┤╫n∙й\3╘гZsXlяЦe *QЖХэм3Б(▐Pv██нVщБТ|╠КDщЛрvщ√фзP├├P╫)ц█PбO▄вАTє▀0 ,╧С┴░и┤В{╫╫╦uвзV▒єс]Ш╧&UЭ]О· zЦй╘╧·├╓aЩ~▄"CД╟XAЎСеc╛с╞▌°|v*3╜=││kD│╙╙Х┌Т№жХE╗=)¤М╨uыжG┌·зз█пОо[gб 4╧КЩ}+┼@╩\ЪЙ"+`!BЎщу│█Ё>гИФхЫЛЦ ╖cчЕn¤├oЎBГЭjн╢+╤2Ю¤L√<о╘╨ж═.AW╗хO.%ф┤ЖSX█╢╒"╬цЭ8AWП%шR╚M6o2Ї╗▄┐cё╗╝яФ|о╓;м>╫Ц█eЯл¤6Ы╧╒їv{пы<Х·-WЧяiW╗я╫▀_╗Z}_ry¤╧╗▄■P╦▌╦ТM·Щ╖A}ЖA╜▌╝╔╔L7я,z щ│/┌ён|Ц╧х>kё╣╝╖JYЧ√)ЯK∙+Є·S╒Ьк╜┼2А{NУ sD█ czс%╘4В√╨ NТ╜Ah╣ЧВк╣Iь╖к°8н*╛т:╬6]ЛЗd}│Щщ,~3Ч d▓є∙ф┬ё{\[{8\ЭbЯ┌-|63Ш╔│ЭзЕNьЙo▄МЪ)ж{"▄ЇO╬╩T╗n>═dпЯ╠Чфг!°nz╬╪s=▒Й)лэЖRs┌vи╥╛kуkFuп-┐▌Sзз&┤\М╨ЬU▄м╒фТ╧Ё╝i¤s ьЩUёDnl*єу╙lзпlЕ=EcЪЄЧtЪ└ЧX░Ь1▄/THЄЫ_=л=бЬ81ц╦NаЬ)yГxMApv╓№ ` i?зеk┤]у$n[ы│╓2█="¤иg.F╥е╡в>м+JK?a)щ yС|йМ╥Т,ZеOСЫ╧¤{Х╥ъ■МH|ЯЦy╡Ї/╡Эа$NEй╡%ЕJцh┤ЦPцBXДРЪR╬ФЦsE)gъbъщ%м╨┘LKo,5╧╨ы"i)I╥Тї:Chi╡╠f╢а╠·Xйfи─Y"JеUqлУСm лPЄЖF╘╒ш╥\KЪI3└{┼┘AJА+╡лр^вжФ°+ШОЪЩP#НнO│;TBKЯ.eMV*QЩМ╘WQh║2▀╡ВxgЙй┬"Д,ттrLe6MU;)РЭn&ы4─═e┬-Мpq7ЧыafБzШnй╞╢Ц├з╩ю5є╪▐Ъ0+╣я№тТ!рBйЯ[K┼╛yN~uёЮНyЯфїy5рххг▀Л┐щТ─°єZ▓▄wVЙф■х║!цЬ╔y╧Щє2deю┐_*я╥: ўя?█O[чi^t^Ь╤Шн&0 ┤и■АИ▒КєўEП■е8юЬчq╛WЬ╫╗3¤┤▒ыВ8Ыc║∙хЩг╙в┤4 Ф└g─yNЬє&9oU▐ o┐6Ў$~ёАР_┐ ~@K▀ ┐ы─ЩТV"]─ю&№Щ9╞├0ў|Щ Я┴IT!·yЙ╓АO|U╔Є<bтЧрAПm╜╧V|\╔╢╩s 9╕ж╬°Tп)~└щ╝}∙\wP|ъЄ<°$у╜Ч╨Ё9|дКъэ№mdZFgЎ3№╢ФtfKoВ╧{ы0м═╗ ї· ┼ўгш1╪Я║D-ъ!qпA├M|├эЄ╣·-°"█хyn░Ёk.e}╬ц№%,Ў░▀▀{ лBт╡eфhyo0Ф■П|QюЄТё╣═▄%x$|qюЄ№ьf<3╢е╩·╛Їo  ─] pWu^¤╪Цd?█▓м8f╨А\Eqь─%nF╢д─bdG▒х─uЎн▐[=н╜яЗ▌╒Яёд*їL╥РtuЗ╨║н╥Lж5 изMй f├дрi=4эFS\43ui:d└%=gя╜{ўю┘╖√№P╙ЭЙ╡√э┘√Э{ю╣чЮ{я╛Нцлр┐жЖ°╖QЛ?mb╫√2├ DПfЎз╒ЧycЩжQ▒5\fЭ/╙╘W╠fР╔╢└}_fw,╒╗x9k}Щl;УGўШeЫЁ╫Б ~∙Цжr3ЕвU*№Z╬ёF═ВUъ╬б▄эPNзпiз╓_+нdzДМ╓эЩ╙Ю&ЮBv┤Й·hw▐Ё °Ы╤Ш-ЫbJюu]№█  -п&3═ к└∙2_жЕ╩TШ╠И╞айбГЧиh╒∙л Л}бAXм8cT*╠L№и8V╔Э╣5тt.V  ~ВXм7░╪G┤└Y√[lZыа2▄b╢V▌b▌WHkеd│ъbКп>2Ч|м╥▌у  ъю_ЫЩR╠Жx№╢рr┴ЕЮ C ]g╢п(OЭkY,hЛKA[|■]б╓Э┤Е╩х╦Р╢P█╙Чсm1зе╖┼M┤E№╗Т╚бЭ;W&x/п╫▄rQ/"╘лSйWDЖ╫k8и╫Z╫'╗D·ИИЫфєYн║ЭЕ>є ·рё|│╨'╛чRЭ╤/т#Ы╘9ж▌╣╬ХЭЕo<п ▀ИСйHц╪ъР╤▌whдыш`▀68o╤т}┐Я&╪GwM╧p Ує╦лўSaЯ∙└>t°Ўщ╒╥█tVKПcч╡t√\╨к█G╘╜sU║п.╘рл7Wпъ╛ЪM╨П┐j·─√*_╟6Ub▌U@f#фt^Зj╒╕╖0фы_ ┴у▀бЬ╩Кш°%эєв╞Zе>√╠Ў╔P▐ю Zz╠╝дUПЩм_ їя╫кў .╙╫Ы$├╟┴NMXu?н╗_N ▒мRО'│ўhк╠╨▒сtЩ╜╗Уd<█э:vьX ╖J5q^M?о╓╨wfW,M▀Щ╫╥√╬т█и╧ВЦг№╢ш;Ж^Ь▄^}{╡TЩ┴c=щ2{;dЁЁc▌ъД8_4╝q╙qfWд╟yi├7с▀╒к╠R┘РўпYMш▄█@Є1.kщ1сЪЦ>dУь3VqL g[к█ЗЛhБМ┤X╦╥ММЙу╓X╘╥G╞ы5Xc>┴AF╘▓╘╜)бw'шГ╟╧ЪЕ>╒G╞хhШХ\╞G╢ЄТ`╫а @┬Уs/█@ж▓*<Юю[╞F)s`лН░x<ЖO%╚PлЦаN╖й╗ л╞Нз╝]j·PПЕ}ЗyT-З{╘ нЖy╩Ъф№ $iM^s°╚\╤┬Ц  ├н╤╟╩AоуZ╘├o╞ЖW\ьхЎikЎбs"aЯ╬ЖЇUИlВ}D╜▓нK╙у╡цM)эї├eBЯфёBъ№хЖ_e╝╕ое╖EgC┬Кў∙+Нв^8;Zе╩ЁЎ┌▌Р!Sьє?аHч║фИЇОхLgщ╧└S∙u8Э[О?╥в╚XpЪ╔Дe~Р∙L┤_0}Pч╤╞_%╢·yoDЖ╖┼╢а-╢Snч■└╬[h ёуFk #╤·Ыщ╒чц┘Жъ#м╨'╗D· k5мo·╨╡gб╧|В>x№ёrбOї╕Кc╫еїa ∙*z╘e ╚ВВ№' =├╚JH╤* ▓РE┘Hg[dб-ъл╥Ж▀o"є╕Ы░a%бMЕпО╘рл^рл╕Bz+СєcBТoЁХф─JЄШq╥д:} x·},R65tk╤╝ПoБ╠у╦XПijhгЕр·рn█w(hd╦э\┘$ь╝Гъ╝Dv╞уMl},i?ўApўГэГ№vl9╕╟!v6X№Q╦v■╜fag█-фr;BkЎ┴┌┼жещз▓юЭ▒:cЫ■m╨ж┐hНоєуБm·GAЫ■~l9h├м&lИ\1JA╤П,э>[ОW╫ж╟▒Ы│Oї╕:WK\M╨ПУ+Д>╔∙Ж╘∙~нZюЧ╒╥█4Ig7fk╚¤k╚%цSъ~C@{ї\bмb∙╗%A╜|ЇIМ┤Ы├єЭO2л Я├°▄F.Т┘F╛HVA~М2╖ЖС╖щщ #mРВ-╛;М▄Hяmaд╙┤ўЕ\ЮZTРУА╠╜?М|Р┘ДСз╣╛=М№)rэ єВvс?=nW█Л°F╠z┬M°╞SБo╝Ae╕o╝°╞%НE╟РМ╪kk╛Б%>B╩Є╟Э ∙┌чЮфр+ ╙│'<.Р∙g@оьЙZХХМь5V[Ю╒Ци╟5ж╧F╧7╓РUолn1]/ф╜▓б ▀Ыl▒В5▓+D9╒gЇм┐Х┴ Tu^*√poЩk·V}п?иW├▓Ём╩>vЮ┤╣Ё14є1▄┘}┐*#ЎЫД┼Ў╟zР?$°бы9%█,i┘\ї^╪''ь│Н╩pХq╧.u▀su ceS √▌M5ьчfк╫}*ч·uЯлбюsA▌▀√^ў╣ъ~бЖ║gъ╝▀"ъEkAu╓║-ъ║╗kЫГ╚.╗)Вь|╣!В▄u▀ЄсьЧыbя$ьy┬■a  a┐R√V┬~Ь░_$ь=Д¤Х║╪;√a┐@╪▀C╪ыbo#ьCД¤_}й8ъxхйЬ╓9^┴-г'ФuдНА╠)2яфL хрtYЫ/ДezV)їя~ k4kb;OЄиo╛│Я┬ч╦gГ∙r/Хя7еп╧'╠Чё╪ГЫlу╒э<Х;G╡╣qe/ЮZ Р Ў∙n∙M═M╪gоЖїДлБ}b╓m─АMщяk-ж╪ч0╓╘J_Ka2X╬;5▓ЖFъ^}ЭнЦ║▀hJ EX[s ыHыУыЮC▀8Q▌7╞НR▐6й│П>zКy╦sАdD9>ЄнЄЯ┬Ж╖jd┐Ы█p^6╠Pb├ъяP57з█░│╣Жў┘Rl°cиiчЙъ■Г╟гИ5:kр√yС7╕╕5j░╞| ╡&░F╠[Фтm▒м1ЯbН╨хzК5ZёїБЎЫоЎYнUыqЧ┤V╢k░╧╓цЇ╒╦сz▄bК}▐ПU9ЩlЯ╗A&SГ}X9╔Ў╣в-Н}:k░╧ёZ"╥Жd√┴║з╪▀pям┴>Щь│и-Н}║j░╧x Ў╔&╪g╝dёН ЩYНyу%иe(√▒%и{М╬╝ю╫╡ЇС:▒ю,п█╤&ЇёwЫтdh6╕+Agк!╒'╚EI.zНфв¤d■uОоЎ╘┼■ a┐J╪wЎ'щjO]ь √9┬~#j∙╗Ў,√y┬~Ъ░┐J╪▀$sР▌u▒╧Ў_√q║WB╪G√E┬■|]ьGщ^ a"ьч √B]ь#4g#ь¤Д¤,aб.Ўa║SC╪ўЎ╙╗╚├еМ╚├CхИ7U▐╞<\·$фсд^╗■_u▐y>╨╣zN2╘Ш*sўвMc╛фCъuS▐rЕx╦K$FuС ▀#9v}ьЧ √┬▐F╪?,┘∙пH>╙єе,│Ф?&9╜Zh╪▀^oгoр1╖:╠Е3k*°' │-a▐Н╟ч@╞KЩw_ЩWоъ_ШЩOШЫы·t┐4"╛Ц└Vъ╛ %/ЄзЄ "╬3фЧАИ}jЖм5Е?3ф=|щ┐1@vЄ╫Щ!¤А╝дФє y9╚UЩ\#╟nЖ<╛FцQН°жещ8eg1xяП╧В╠A9║]╬┴|-d╓╚╒Ж|Н╫beА\dxE╪> с╦Їjo╜хЧмO█°Eё=&єЛ5r╘cHKл№ю C▐┘╢╝Ю3з-p▀l>мсЭ ╙█"dжrо┐OtIйщ!NШ>╛ ╔ДС▀с2Т¤╙нbN-╩yРsКх┐ф?╒*чхVц╦yн5ZўЯ╖╩QЖ█ъ┤_Сi_╦╛к─,п{╢лCO▀Ka2ўмХ_у▐ИxOЖ!ПоХ3)^w@:о╙kхZC>╚│JM?│6ZЛ/rQС∙* ╫}■im╪[Кf1WЩяб л■ыZVк┤№ ,G╤зuЭ№^oўuЄW╪ d8ЁДвaГGk№н3┴urЭ\НлЎ╤МАзЖ=№▒ur■┼Р'╫E}у@┌TOX'WЁЄўывqу:Цгx]KЖ¤юF>ukЖ¤ъI>u; mJЫ~0#╓[D╜╥╗,№╘╤МЬ├2дРС_╖рq##┐│─Р'Yг╘т│АlSd╛ШС;╬ ∙ Э-av▄пы jaМЦ∙FР╨?╩╕а┤щ╓Зї╤ї╝mы║GZьЮїZ^/3XЖШых/Є1@цTў╦щ ХГ╗"│К> ыгэї @║ВТs▄╟v+ї·■z═ўи╨x╚е {╜№ЎCVАзЬVd6ЄВRЛ.@v*2wl√╪ °у6EЯр■PЁ╘a█4С╣вXь├Ш┘Eд-Лх╝9пhX▐└ZFz┬cdЮ└РП▓U╤Ё@о(\╧"▐s`╚Ч7░6Х╚╒ 2╗Ё#дЕуrП┬ОїюQ╝N█╚Ц╚║НЭ├╛wc4·▌ HптG╣жЇJ№∙╣└оU(╢xЧX╪∙гЩўJЛ}r#SЛqсяr┼ ў;S@цМbН┐Dм╬qklМ┌ЁИ(5mВщB┐b∙   СЇ▐wгМ┬їАМ(O}Р^ефгАlWdL^r(f╢1;Kл~РE┼к▐╞Nе>╚ ┼╬▀kУя1ф'mтэa▒7█фZC6l╥° ░Рy 7ВЪ┬╕ГCтo_ Щ;@&п╘лw╦1еЖGQ,fт)╚щMс╤П'7▒▀¤Е╞ўS,"Й╚C9F╢Lx4 <╡U)∙o╔(~e√5ЬФ∙■жpщў#ъспГМж┤Ec╗\▌eH{╗xL╪ч6@║о;┌х^-C·┌хЪU#╦Я цТ¤(╚ЬU╩)╖у┐ЩРЭЯhПОD╪╬Їх9ф╞#ЦЛ╩■ї|╗x▀Oш№ЧАlW╕╛▐.▐╩2▀dA▒╞ПiVуs╗▄uх#їf╣6╚РнАь ╕╞*жЭЧ▀ю96╚z▌▒Щ═/d╗▀ ╚Eч7│_J─фмRўi@▓ rР╙╩SHЧRпч6Л7сЕ5╛╕Щї\iНo▓D╜dNбэgо┼═тW,gl╩▒щЩ╬~■>V┼1ї▄O`?йьъv╠▒КчtЛч,╧Ў▄╝SЎЇ▒▓У3У┼fJ5H╣х4)ю Q]╖КF┴╘G ╫Дб+ЎqгR╤╜ЩК Уп╚цсЪ├yх '┴ ╝ a}ЁрсС╜CCz └╛#ўыЎОь8tИ┘у,(в8нсxмe#∙ЄФeчsЖУЗЦЄЁ│▄0<МтTk╜dx╓дй╗ь>[,IВ┐╟ W╧х╝▓Cх▒═pbП5╨q21j─╦М[╢єцtотщт}╛Шкш║_ШYЪд╖¤╡н8╘ИAнXY╠-╢J"╞▓YХз┤+J:╘┴мxV╣T╡№єЯ┴wIў_▌[CWХ▌0╥╜╒лpЧЎ{1Sт╘йSjG╫їB.з;f┴rбы*`▐$p╛мьЄиaыyhpWAr>Bl┌7Є└!}hЁЁt*l: b┼)3пgt;W.M2ўЦ╛ВkкыРB∙▓╕╡ *Є'││p▌_ДЖrNтч%¤Ж└╤█╡▒█Nfи^1н;w▀е;%╧*ЪЁ8Ш╓└вж F█▌Cksш╚┴С┴·ЁсБ#¤шЗЖшc╡8╪O├F╥z@├ВШ#▄┬їО╕жsо'РБ№~`!T┼╒╕┤7ю`╜ЇУц kию 8,╘'t?чjт╢О_0А{·╘];еАС╧иК&Sх│XЖр}D:t}¤!) j bм▌бV╙я│J∙с▐.С╦}3Щу▒вю7=~у╛▓│7ЯwL╫Н╣┘WЖ6НФ40mц4Фq║╦%сГе╛ ╟1KЮ/ФkЦ&Кz╨╣lk╘1Ьў╓$│Ци└рmдч&╜╨ХЯ:╦╦)╝ЖQ╚НИP(|i!ИB`╨б┴JF)tg╚╗-╫1№h,штykZпФнТ╜5fЧ ЪН╤ыBШ╢єх ьВ┬f№Ў█I▌_f╥√wьЕ╦Rф3 1║■СЙ28ЩПУ~CВ╦Яp▄qk╠уt.√ФБе░Б═?ы;╠№Ш]ААзH=gЫF b╝ояУъT`ж Cя┤З ТIЁcA-9cq┬Ў░я░+k╟hчзХЄ╘о╨еV8Г;╦[cc№ttЗ(/ФQ='D∙╧P ]А ╗ё╕8ъП╧▌;48єo╗ЇцЪЬгЯЁ▀Y`A яЯгыVyTЫ(х4╓В╙йЯ^╣ЯМD╔╖ГаЦTD╩m┐Щ№ЭCЮMє ╜В єvйJ ┴o·В╒3&)ю·вёЩdў╘ёRgIюIv╗"cЁ▀─ХЧї╥C╗я┌╡ы╬]_У$╞а╟ДФa/G┘z┤Ос "4№{Z▌┤я▄б`P>Ф1Kk№┬Ї■╨8нTJф]:║┼Ду╘4s~├яQГn ╛╛├CжС▀7уЩ╙┌a╙;RbMХу╘}Цэ∙г>╚ЧEё!>ркеdЯ║.├9c╚p╜Ц─O <@du¤╤ЮУh)є ╢NП╤┘╚Б·╨┬<КVr!У╤╦cX F p╦ НыPЭ █╘- └ККїC╡№▓╣3i▓ВМю▌ЙQwлиOЪОЛ╛▀d╪)зэP#bй¤ж ▌уЩЖU╞Ш▄гтУ6Ў([■y╚╙ЎГж3h`┼┤їгшtY@>╟V ╣Ы┼W╦ЎеOцЭ▓JШПыvепШЄє]Тb▀T3IЬbr├┴g─v┴ !╦Щ└█гоiЭї-ь"#хЗн╝┘NЇА>▌нШ9k╠╩ЕЄ╣╘МSz╧╕iT┬N╚уГьёSC┐uq!╢Лу*o·aШнГOiС ▒h╙Jд╛&cЬСч<ПМйx╥┤=u┌Xk▓.ХОEBw+╗б~6АC&йA╥╝=2Я$ ╤IМШж@п,ФКР·кЁhС├wr╟4\$╞n╤p|хЯЪ тт▐╡ГЕЗH■,юV╫2╠И,дЎb¤Б╖dо"╙W┬╝|ё4.ишШ%`ї зi8p>n╠т=ЙЪ╢Ж.kХfBщ 7фd.g;Ш№rCЄ╢╧EКН_ aъ╞╗ЫеВjUЗ(AеЎ ]Э/║У(^(Gk┼xi ,╝═╪&^d└ГX┴яЛ°3RВТlm\л[ЕР!}ЯГ╢ВKЗ╟╦SЕwр╙Ў─u▌w╞И█#╔`░L@#Зb▓░ў$=OA`╠ЫьЗбШGxЪ├▒1W \пhТC)┐╙EZ9bI╩Кк,5ЄR°Ъ╗Ъз┼ч╡ё ЛCдP╢UJ└xUВ6Л.Dи├O8wa^яЕь!є╕ 'X┤:tFh╚Bк╚JDгu╒G┌╚H╞є═p╚Кд9~┘╪╞╨LEнZЦHUТЁсУmвkб╙ъ╦д▒ ╙RСа│·╗юСш "▓$5бW'u┬яY╪їa*Я╟9Нm\┼щВ╪Pu╓YєI╫;й]y`U╔°` юЧr~23│ся┐sТШОw╨иB6e║╩З■°LЫ▌гЦ ес■┌'и║╤YЮОмK╫░;▒u╡┤?}┴RY>Ч╜ЦїЗ   PKВ·Т╒╜РЦwPK-/_▐V unsigned/%5BContent_Types%5D.xmlМР═N─0 Д_%╩5)BmW№▐°9,`R╖mтDIX┬█уv%hЕ8z<єНхnS╜L┘ъх╣jе@2a┤4ўЄm√╪\╔═╨m┐"f┴V╩╜▄Хп╡╬fЗ▓ Й7SH Пi╓╠f╘m{йMаВTЪ▓0ф╨▌уоИЗ╩Є▒+JqwЇ-U╜ДЭ5Pxнkує>╔е╨' Сц_ыЧ V¤tДo■гЇ@гЄ╣aй*d'╠хlН0эЕЦьИтRy╧Y}├╬[╠■ в·?√}ЙxИ?l╜■z°  PKI<█шЩPK-/_▐Vunsigned/AppxBlockMap.xmllТ]oв@Жя7┘ `╪K│╠ атж┤ёЫВийаЦ╗С╧Шб ф╫╗qcЫ╜<'чЭўЩўЬЗз:K;чарДQM@":їШOhд О= н ^bъуФ╤@(Ю■xз╠K,ЬwZ=хЪЧe■ю┼AЖ╣Шп`ЬЕеш▒ р<пБ╟л,├╣╨╤1ПнаМЩ O\UХX╔"+вv"╨╛▐т№т1ю!Ix|ШУ4шмp╓Т╝SN"°bPBgKЪ╢7ьг^√Гe нХлцї╙Oв┌╔ЁЭlx&Л┼3{уЖd5г4┐d║|yы├05'ыН3<ОVЗххxм▐Т^щN еN═!tцj┼│·нЄЮ-l7Сж▌d╒Б╛ЪzI=єнЄ╬г╦Аўнє╤)╙рАHQ1:ЯїВ8┌йЛ]Ъ╝╓7Ў╛l╢юb|Jз {_ЬўТэао▌xй√║Х┤0ч╥Эi╪WоЮрЪ╬ЧМИ╟иШ╙ш6┘ыї╒╗xdї[<╦хВe:ъцfQ╩┤4)█░ ЗЇ╕/ыї&ФГ╥%■ЛLдщk9│Ю╖|д╧|yр;°`╔Жб╘зhг{cl^║╧/Щ1jI K7j╧┬┬ФД/┼v╙7J$х√%Ў┐Qт*Ў▄┬А ^└ эНW║е$n╖{Сьa▒╗wЪ┌XЪxIю*sХТgОМЙ╛у╡i7;;tЗе║N╙<╟цЦ╘щсш.OE╛╖S№  PK$╙ыd5-PK-/_▐VAppxManifest.xmlЬT▀O█0~жЕх╜Ц╕Y5UI EBjY5<ўЪZ$vцРюп▀╣MJК╪S%╣;ў▌▌wI╬Ык$╧`м╘*еуhD (бWR)їn}·ХЮgГd╔┼/`@╞+Ы╥НsїФ1+6PqURmї┌EBWМ╫u├*офмckэ╒К;L└^дZщ;╤iъy¤!4М ╠xЇ @мПe└К▓zпFЖ8╬Hс`Еp№QЦ╥I░4├D╔ї ФУnЛяД▄Ё Rкн-н,BўБNю╗б|О╛D#╠рdщKi7`R:K√с▀асU]B`6$∙MЪГqr-w0$?~е∙эЯGgЖdЮ>pc∙╦Р▄ж ■G?KNЦJа7OЧєР╙h╓jsa─F:╬$█LbJ╪оМиC:░┘оЪфR┌║ф█PU╢╪^╘u┬·ж}╨бЦуш\W5W█Д╜ыoёq>F╓б█Yя│Ї√╨╣.t&ЕVQнКДэ>gvL:∙ V{#%t▀d╬UсQ∙)uъmW3;:АМjP8Qё┌Д;n pЧЁ,\ёJЦ█v╠{}DHЎ╔щЪТЕTЗYПq╨╤8>O┬&.x╙zюPJ░ъ№_FУ│рo╣╝═Юф=╣╡tЎЪЮ<у╒Х/╦;унг-▐█у О░ ZB"^╧DоС╪n╬Ф╠▐ё╟б╜ RГUM╨3!3х╠vйеr)m╖$Zw╔{АtЯ│рОNяеї╝ЬХPс╞╪АC╚w№&ь\оKНыЁ)ЮД ╙ЬЇЇhС└+Ш_╡╤ЩI░▀эo╧ `[╝ГFR┌iц╒╟M┐q▓╢м╟~▀├уЦб▐Ў?╨ь/  PKJХ╟╪ЕqPK-/_▐VAppxBlockMap.xml╘T[sЪ@}яL CЭrбУA-▐/%MзГ╦+░аЛ@ЄыГщhМ╙&yh·╕╠~чЄЭ├^\Хq─фhKqBЪм╚ ,ГL\L№&√═4>л,C3З╕NФ╘dI┬^]~№p╤КОЭФйц m▓AЦе_xЮ┬┼хb ╖ M╝МГI╠;iZЄuA°╒~,vRЦщ94г,H▄уpQ\!q╔╓п. "/╚|Е^╔∙DзЎЄ┬└bоЭ╕R▓#√╣*╦╠ёCїMSDP9y┴п│\пfЮд>ё5Y┼65нUWы*ьЇ╞b▒ Бс┤ghBи]мь~^│l0SЫPI╘╦┐Тrc▀Ш╦]г#A c╖wЯєx╨ъ/@9\зэPшЦЮж-П@Кж╚{~ятЕ ┬е─?▄@QOlHъЩНpыЗ3╦_-oЛиРж#╦╔║S·Э \оfЖРХ;D█жN╦п═▀3╖╖╧ц@+╦Ъ╘8]Яt╞[Sъ∙э4═jЕэB├ўы·lR^╦╤X)юш8R7ыб.n{■╝wz┼;vЎ═╕*цГQ╥д ЬI░M4єW╠Ыл▌._╩└ ?З]{.╡G·ЄF1)нЄ\╖Ц·єт+#плy#╣ё╧╕{OПБ°Ї°hъ{;!"┘Oє>EЇ╟i└▓аЭ8S╬ ╨а3╖ч%юж·┌ kГЮх9ўtиЩ=-╒ &5U_lМp╨ПВъТЁО╢ЮмS1к°j┘╘╝▐ж}┤╬mRb,Еmk╤╦}╚╗33╠╙аИ╟У\[┼ф╣l@∙C┘▐┘xY∙ыНч╓/  PK{vDХuЁPK/_▐V=3ъ4т[Content_Types].xmlФТ╧N1Зя&╛C╙л┘=и1,DQиЙ°c;, █?i\▐▐Їzь╠|▀пЭ┤?ьl╦ЦУёоцчв╟:х╡qM═▀'П╒5gЙ└ih╜├Ъп0ёсрЇд?YL,╙.╒|FnдLjЖТЁ]юL}┤@∙@═бAy╤ы]JхбгККГ·ў8ЕEKьб╦х═M░C╬FЫ╣Usб5 (╖eW┘д¤зk=h.ў Вk╢╞Ц Ф·~"t2ЧN Ыкї╘~A~ЄO╪С,х ╝ф-GгС╜Bдg░╣-o│l ╬L1С╪┼ЙЎ9;в╛k╜ЪП!№C¤Q сШ·═4hQДл?nMдцр:Р@БyНO┘┌DC+Сu╟S┬▄$Te4╚ї|  PK/_▐VcЎ$┤о AppxMetadata/CodeIntegrity.cat╠V{4Ф[▀w^3╠┼%╣$фТ$╔фТ╖У[╣* &&ўq╠й├╩ЧK$Э2Ж▄вє╫SжЖш&кГ\║8╔ С∙B║83╒*з╒Yg}k}gня} ╪k?√┘{ Ўє№~{?АE$`E╓е╪д╠С`┬a▐aБa▓ aE|Rl`*E`!░iмИ&FaЦц░▀ДD,■гС├иxз║╞∙║Щ╒О9ю∙uP╥T│ IGшы2`гЮ;]тОм зБ─гиТ╓zжс·D┐ТНЛ╩vLк╝юл'Ц║╗q╙Т вєоЄr <┴РС|ў╔В└(┘╪┘%1А╟ BZ,Ё%qЮ┐▀Є ╫:tyВЎn└щъРз▓Ь▐S еG╖zMСЧ}╩с╦╤z@gЙFWE"фэА╠б(■OGPqВQв┤ ╥З6@:qX╕b└┬Ьс╙!ЧГA`Yю%Г iЮ╗░р╞q*Лoнюъл ╙Ьє#╙`?є╗╚ В┼╕вXI─iY H :x"1,228ТъцO%+EБЩ@Ф▒д╥гh{h~Ф(ZXиТytT`ЭGчsКяБ!т╢ЗЕE)YЪE┘РXч°Я;ЯГ·K║└ч┤│,Р■░│ШmhХBїзQви,Xeщq∙i┼░`1█ё ЖбБ╦ Нж7мб▄+Л╤═╝3░s▌НЮ╖─Fbи√;ЙГSl-┐л< ▒ХЕ√bn┼С'ЁШ▒~q╞9ЪE└~хр╬ФйNvO,╓,л∙╘Ш)╧╕н╚М^:P~╧g╧°JN▀H┌ч╕1СIЎИбГєv¤╓п=╣c╛?j╒W╛&еtЯ,╨ЦkUОТЙs▐¤zkОOrМ╨m╞щ5оНЪ7д_9╢[/-ё]ь1oJ╕пCХзУТ№эёЗcg╡взбx▌в;╤&юЭmEr7}║$М┘Zм╤їpaвєqъ═Ь╩aЬ┤Л,UєRфd╞¤ Эо ╪ў╥х▄м│║╠╢фpF┬ў`2УЙ`°,:╡°Гe№*H┬Ё"* ░№Б!а ░Йв╥шЄG ═ЗУEЬ▀зУ╪Гw}в╨ `Х`XхG?a∙оCС╣G╛с=P╟Сd┐VAжўя∙а &Xх╙1х тa ╨ШCG,рMjурlokf╙*Ксw^BЬ╥PZ2ъ╟kM{█v│YНfLЦИx6У√,=Pг^цш^sЫ9█>ЬX▄EU╢q█L┬-╪№БЫзюjЁ=Й!ФщК° ░~╡Zк)o<▄4М╦nоЭQSъ▌j_:4юA┐?Wё╠5╔n╥Цс╤лТ!У ╡|╙фb▌▌ksmиIj╛┤уў Кф6+ї▀Єb4ЖвлОXЇЬm ╔║&,ХвтЮСЫъPF┴-T╕dяeЮЯ:V{йUнF╗b┌█э╒╜|▌d=}╥jЯ8rIsд▀═sЖy┘∙3ў╦TYSьntNЯo╝╞HTМиgє║°zЭфы╡яг^╡В╒▀!Ы/К.r▒UКfГeWой╫^5_╤нYGўУn ■ aРtДЙтЎФ°░E╔Й╬oB¤ия_/■ОИ▌IбGRЧЁрb,w8СЧ┐з#с3x*Yи}КД,-╗t3j,%$<Ш║┴/,фoU▀tю┤Б▒Єvy╡с▌╗?и╒>yъK╜t┐се╧еe$и╝■╖═б∙ъWw▌2░PЪuж°eфЩ┌┼+ф:7n╔a╡сmё┘t\yДNОЮcЯИўф╕╝p╗зmIглM`jbтёD█7ФшuєК^ ╒Ь*q╤╦Ё┬ФО№j*╬^┘╩ъ┘с╩Нг╩NЯr│п HРцnПNёМOw╦NЪИ*iуmЭ╜Х╝Е╤╡°№aМ7AqбТqмлr$ш`№7╡│iL/{ щ░+o║Yu╒аF{Rў]╚СЮ┼cХП/'vt@НФ{<юКOйлSЫ1С╫╫r5М|ЕчL╘▐Y╡и╜╬∙аz_рє>Й Т(ЦК▌uDx=w╦Ё╦║╤j╠┴р▐┼╜иiЇЯ─■╒█@РV5TРHa■╦%$Д├`╛жx╞ъЭUЭ ?;╩╔╘IIф╢пS6*z4Щб>╬ЧT>я╚УK3]ў╨ИЇZ╠21╖╧ющў/Rt■╖╠бгb┘▀.▐╢є!m^fТNf!J|┼╦єk;√╧Л∙пяФ%╡З╣д A`"Y@┘╧b├Р KJN ┐─Ч@]Rz"░╨■<%лаJЗ▀ЎI─╛h╤nXc3d╤ ZVч4╥vAy[BO~!UФCa╝¤/rцi цCk╦+ЙЇФМ╤4нИ╬█|ьў)[ОЫ╩eё`═ёў┤>їcjО;їтR=]2╙█╧ .nЖj╝,тп┌&:╓ov┼нbЕ░╡╡мj>95p╩ж╫╩└$╦6щyE sЩуїгH▌nfрJ<}eх}я┬1n▌╜bыЧЖ╖ЙТ│сч┤j|фv,║3w'ш▓j-Ф:їЛ[ ХдM'ЄF j*74▓∙L╘}d^vє/л╕лЗO~╗,┬╤м█·НфC▌YЎhcє+ёО╫Я╜ў┌Ю_├√Я<╙HлН ╚▌√╢╛┘├&юЯшП┌╕`"№@N&R╧ж║p▓╞у`■  PK`▐VМЭё▀├ AppxSignature.p7x┤Цy<Ф█└╜3/├,Ц[МДkI╢ф╞B$Kc_# Жж┴0Ц▒toЩDхЧ¤в[╢Т5ў╫┬%k ┼══%E*5Y▓Dqgъ~nnЯючў╧я╛я√∙Ь╧єЬєЮєЬчy╛чЙ ┬^ИИє!U∙`ш└░РЁst д╡I+ )┬@рсЕн╟█СИЮзД┌yж^aA/ р┘№Aё]_-╞╫Щ╪┘╣Щ╕┘Щf┘ў№╕uаГть└ьlx▌р▀9Fё╛░лъ·Уgjю!&nжfЧз╓F[Цr═dэ$yй╦2╖хШ*5wXОHu1Dj┼КgМпбгь[SЯnd╙aЇpё▐ ЎфиГJa9│gХФ№▌rM▄ЎКrЁБ9учYw│OїГМЪЎ03ж7хlр]*bйьU gK^ЁW╟╬ЧenG╦gЯ·зЮk6u█i&╓рк║ u[цX!q b└пB XV!└`[╜░ЁрЦх╞UЧB╗Т╪╢k╜C7й▄  щk┼ёи Ё┴ЭA╛-0╗Г8Qh W@в╤╘ЁЁаpr`И╒ЯДУБд╣jkJвEР╚~─25D╞$2тХFОИ┴ CВ▄p4┬БJНР15Бд▒Ь.Ду╝ЯЮCXМЖЎ&Є∙?н,Й}^Y╚2$ВD &∙УЙ$о @nєv9ёЕ3!n!a NЖ░┐+╨Ы█╜У8ZеЩ·ИхкЄА╒ф-вЕ9t╩Jф╠l╛Ъ_GУИ╨ЎВвzbp3╚2°Лaa zy_рП▓AgцDєз╡\~!Е╔╓Vxз╖hC|ЪЫ┐р+в;ўрф╢Zёq8П(l╥е▌6┐цY ┬7%Ёg╡ъК5LR^▀┼яя&lГ░\Б-L ╞Rг╚D;з ё#}:┐9]4Я+СNд У╣h∙┘\╕йгnызtфШЖ·b< з)№х @L|є╞дhbphi╖5°R▀\WоАвoя/╜ж;2r\с╞л╫╛╤д;Пk5ЪЬZз(е╒┐Дф*v╕їшьУY▓'ы°еdSМмbе▓l╬ы╖ц╬Ыя■xйЎ QжСЙ╖Ёf┐ФфяЄ┤,╛хlqд44Їx EjКё}MЧ╞╧4bо_Ю(v┬зx┴пL¤f$Ь┐╜Н1рш\CЯ╗ьBи Lлw JЇМM╢}С~r&вШ┘d╜╘У░Я▐╗ёЎIФ7Jz╡ВЦS═'ЧA9╗ў╞╥щ8/Bv▀к┤╣╗▓Cч║:[s=8c`#зb·n№¤√з@=┘ПсYEE╥F <╝Sй^Y╧Ч┘Pa▌╝UО▓Ц∙Щz_╚чSе╢А0h3ь╬S№╗ъўO.▐|~ ~&hpу(h∙7╪┐yp├*еr╔╧╣Йyyp°╖Изя°Oн№·пнЎжиHVЧК┐^╤3Ўщ╪╞ъ_LщКmУ─iг╒Ч╩с^iЖ&ДЇБсP "i√╔_░g│Нh&ozХА▒]РЭ╬IoTгУ%k$·═─о];▒4ь{╕WbyїАбюOВ╜WuЄWЇaTYoRЬt(ЕъZG╨y╫4╩Cж▓─ц30▓IU├!,яєКK фYeЛжl╜╘9гЇмP@╜^iЯuоЯ■)idRR^МхДb∙·ГУ^╚xя╠Лў┬¤П3нї╖+╫яЕvуН├╦Л└Ц#9 п╕opїЬeaH╧н╨╬З╦ис╠╪.скыЄ ЦM├1`▓те8╒ ¤я├№╧g╩жвзЁ$╝й~Bу╕ ▒э lpzs╤InТP8Ahsп(д■хG'╩$╦fс∙c($>ЛЎAЦЗэ░Учsp┴жC╔z>мъС╓a╗пX|"ЛФj┘╦·х¤▒#`╛hб4_1Я~s╟ЁS(│▄Ї┘oег3╬M*o╘Ъ┌гR╠\CниЫл'╪▓▄С╢uq2К(:▐╦е╧[╬},Й╜_╡%▀кА1>┬оr═Ї╖Vў╪тх╓ПЁ.z╛Яп;ЬУdf`▐пг▓¤^+-╧iO*АЯ$з╙щ╤Ўs■├Сfэ3C=щlmВМnОzbV/єъ{Ww╒iў ╥#и4Йїы╥И╙┘iеВГ╝я5Ю┐kч░ Y█*▐EКVрд" R┬╦║ЕW┴╚Х*╩┤┴юШЙpbўХЖ}TпЫ╛+@░iiИКB;\┤°ynщU╠З3  PK--/_▐VВ·Т╒╜РЦw unsigned.exePK--/_▐V.Щд└└ Рicon.pngPK--/_▐V·Gэ/ЙпЙп ¤жunsigned.appxPK--/_▐VJХ╟╪Еq╔Vunsigned/AppxManifest.xmlPK--/_▐V.Щд└└ЭYunsigned/icon.pngPK--/_▐VВ·Т╒╜РЦwдounsigned/unsigned.exePK--/_▐VI<█шЩ мunsigned/%5BContent_Types%5D.xmlPK--/_▐V$╙ыd5-ъunsigned/AppxBlockMap.xmlPK--/_▐VJХ╟╪ЕqnAppxManifest.xmlPK--/_▐V{vDХuЁ9AppxBlockMap.xmlPK-/_▐V=3ъ4тЇ [Content_Types].xmlPK-/_▐VcЎ$┤о Y AppxMetadata/CodeIntegrity.catPK-`▐VМЭё▀├ CAppxSignature.p7xPK,-- Q5PKЖ PK            PKЭ╨│ш ш PK-ў`▐VAppxManifest.xmlЬT▀O█0~жЕх╜Ц╕Y5UI EBjY5<ўЪZ$vцРюп▀╣MJК╪S%╣;ў▌▌wI╬Ык$╧`м╘*еуhD (бWR)їn}·ХЮgГd╔┼/`@╞+Ы╥НsїФ1+6PqURmї┌EBWМ╫u├*офмckэ╒К;L└^дZщ;╤iъy¤!4М ╠xЇ @мПe└К▓zпFЖ8╬Hс`Еp№QЦ╥I░4├D╔ї ФУnЛяД▄Ё Rкн-н,BўБNю╗б|О╛D#╠рdщKi7`R:K√с▀асU]B`6$∙MЪГqr-w0$?~е∙эЯGgЖdЮ>pc∙╦Р▄ж ■G?KNЦJа7OЧєР╙h╓jsa─F:╬$█LbJ╪оМиC:░┘оЪфR┌║ф█PU╢╪^╘u┬·ж}╨бЦуш\W5W█Д╜ыoёq>F╓б█Yя│Ї√╨╣.t&ЕVQнКДэ>gvL:∙ V{#%t▀d╬UсQ∙)uъmW3;:АМjP8Qё┌Д;n pЧЁ,\ёJЦ█v╠{}DHЎ╔щЪТЕTЗYПq╨╤8>O┬&.x╙zюPJ░ъ№_FУ│рo╣╝═Юф=╣╡tЎЪЮ<у╒Х/╦;унг-▐█у О░ ZB"^╧DоС╪n╬Ф╠▐ё╟б╜ RГUM╨3!3х╠vйеr)m╖$Zw╔{АtЯ│рОNяеї╝ЬХPс╞╪АC╚w№&ь\оKНыЁ)ЮД ╙ЬЇЇhС└+Ш_╡╤ЩI░▀эo╧ `[╝ГFR┌iц╒╟M┐q▓╢м╟~▀├уЦб▐Ў?╨ь/  PKJХ╟╪ЕqPK-ў`▐VAppxBlockMap.xmltУ]sв0Жяwf ├^:K@>*;╡░ы╖UС zBД$h@h¤b╗vmwў2Щ╝я{ЮsNnяы,N°╚ г]QСdQ└▒Р╨и+>╣¤яQрд!L┼]С2ё■юыЧ[;e(Щ┴\hЇФw┼╕(Єpу r)#ш╚8█bАy^Г╢м╚ 8╦2ШЛ┬ЄxЖЛШЕятккдJХ╪1j╦ Р5╨╕7х|у1lыЖxw█')a╓TRRN"КC ╫XVфе╣3 Eoж╗°эм╡═kйпy]╤X╦ЗЦi╖Нё■Е╦еuуy▐TО√░чрхЫ*╪МNнїFw:▌Лй*╦Э|4RO¤I6w¤ЄцAE║F┬сє Р▒=ЄЇz▓╧{Й<иwЦ╛┤z72LC;√А3┼ВХr]^ъ║╤╣┬P;Я0ТcФ8ы(Ё╖UZй╦щГхEфN_.ъєЮkё·gў▀Й┐{wЮ╠%TQM═4о╗з|К-їH7нYv╗╞I╡rpc∙╦Р▄ж ■G?KNЦJа7OЧєР╙h╓jsa─F:╬$█LbJ╪оМиC:░┘оЪфR┌║ф█PU╢╪^╘u┬·ж}╨бЦуш\W5W█Д╜ыoёq>F╓б█Yя│Ї√╨╣.t&ЕVQнКДэ>gvL:∙ V{#%t▀d╬UсQ∙)uъmW3;:АМjP8Qё┌Д;n pЧЁ,\ёJЦ█v╠{}DHЎ╔щЪТЕTЗYПq╨╤8>O┬&.x╙zюPJ░ъ№_FУ│рo╣╝═Юф=╣╡tЎЪЮ<у╒Х/╦;унг-▐█у О░ ZB"^╧DоС╪n╬Ф╠▐ё╟б╜ RГUM╨3!3х╠vйеr)m╖$Zw╔{АtЯ│рОNяеї╝ЬХPс╞╪АC╚w№&ь\оKНыЁ)ЮД ╙ЬЇЇhС└+Ш_╡╤ЩI░▀эo╧ `[╝ГFR┌iц╒╟M┐q▓╢м╟~▀├уЦб▐Ў?╨ь/  PKJХ╟╪ЕqPK-a▐VAppxBlockMap.xmltФYУвHF▀'b■Гс<#$;ewаа╚вид / ▓дBb▓¤·▒║з&мЪъGИ╝|ЗУў▐ЧяmЦъ░(qN&C0жЗГР∙Уx2Дю№Oi8(+D╬(═I8Т|°¤█я┐╜L╙<╕┌ш6x╘Уr2LкъЎEХAfиg8(Є2ПкqРg║▌ZКбM∙oe║ :*;мТ№№_q╙4уЖчE№8LКци╟╫8Ф т3№Ў2╟i8XбьAr'%ОIxЗm8ьp x' А№Б%?Я╣╖Ъи?Є&├╕Е:ВЛK╫x╤ВDs/┬+НР[Чщlў*╨Qj╬╓Tй2ЙWGлє¤цї╩W▐ 24ц┌╘Фi8ЧЪ2k_Ы`i#╖П'УwЦж%qH} онv╢W иХN,╗ЎaХЖGАЛ&?лsНУx/-.─2╦Vw▄CCх┌zД╨%Uп∙}QВС█йw┌1W░0ч╠Sи ▄[&їfчГ#фd|#ё√IЮд'=мЇIПe-JЯ%╩шfK▒OщйKўСL№C╒оЭИ +Я╖,f╘Sе┘KP┌gаkgVyМТВ┘ЕХйС▓э▄nО╘x{8@╣╨тdзsI=]X#н8 ╗щ╬m╛p"*j╔po;;Ў│hяxХЧ╞лыzrЯ8╦▐ъўм╨3▓YЮ╤╬o[У├x&(jЕЩ#я/BwУ2V╤tїv╬9_фlБ▐WPуоМaфV/KЮ5 J·вы5YJМd/Л╨┤и╫м╬9щ`mєщ~╒kl╦█w┤яV6Ы{!║┌Б:ч№▓▌ХЗkЕe5~,╢зЮgЯ;^°d5IрM% ┌!№tе█▄╒Н:╞ХЛ5╡┐У╘E╠,╕▐ +В7 100.Fileunsigned.psc10U +В71G0E0 +В7вА010  `ЖHe )К[SwHИg ╓┤&CAЁСє╪^д╜ЇС1<ПЗ║s0В -,{8,Бcд╣ !J{e3∙ъC3Yёw) QXзд1В▌0 +В7 1А0< +В7 1.0,Fileunsigned.exe0ВЙ +В71Вy0Вu0В> +В70В.ааВ&бВ"ж╡Ж╒┤б$fов┌О`╓В 1В0В +В71ВЇВЁC╬{¤~ъGУ@╨ъ?ЛY╙°[▒КсДжb7,d°╡╞ZЕа┤ХuИЦжxФ;г■Ў№pnqсйЬ°╠ ╕╒│ Q√_ S╗Ф┬Lz▐;ф ┘╞O6╖ш╜oнrcЗЫIэd&чс╧ъ╒y ЦH╬╙Фr▓ж[ЛвhъOх╗Щj▓rW┴6xЪM┤уsмgсЫщoa╢oj┤╡У;YNй█к╪З╧[F═АёЩcК╠7СЖ■ёxcяOq╓▀NX╖%(нФ╝╣ЯViкC5`-▌c╨є╫Jюю└h&aхЛ8|sх╬ty?┴1/╠f)т<а╢√Еi√╙j:Ц╟┌нн w?г╞xm1╘╥ ёrД╙W┘0╚эK-r▀v16>|╝■ Cа=Ж╚QоU/ tРЕ╜?а0x8чЬОХ(j╣ydAЗ[уыQ^w╖0ВНиSДвфX╓°+=s9їцWc8DI,ў0ч╨1Щr╞╔pщUИ▓█▐Л;хUoK(°# ENR$дVk%Ш?єНiMО|ф╥g(7╥@Oю┌▌b╠х╘U3╫PЄ│ЫХ3>¤┴ФК╙еqзсє▄╜$0ЕpР═=бzф╡Зё;сDЛмлqЬ╝-╩Я"X╜"▓ █╛╬y▌ъsswi}╣чЕ▄Я8Юнм▓Xo╞щf└╫╤╤kOX |┤|zЕ┌╜ЛHЙ,заВ▒ ¤╡Ї╤/─Ыx%bn Lм[bs.NaиzRGвX0Sкo^▌╬b2 ╠X4зa-GЕуШAк└╖f▌┬╠▓а▄#╨Ыя C╡НУХРI╟Cz╕FpnP"┤∙sV┬Ф/Ed╬я[tЩ8хQЬdNя'В╗h █╘░С^─╗Вv╥?чTa┌ ∙т╙∙0н@{ЁВЭЕ╫?Д<─дЯ▌┌·cR╩Ф╫┴Б╟▒ГХC┐ЗfрщЫf╡юМС┌ шт^З=Х в8╕╬1фpZКфСд╠╜е┌Ъ}_И ╟Яжъ/o╢пf'iL"ьao7╛╗И 'Кє}iD║Е╩7Єь°O╖B;ьj╨JЇ=┤=╚┌ўпjд`─╒┌ї{y─┼ЁбЗdСбБЖ╡ cВСiгеj3F  /в╫╣╟О°╖hxQ/їзIп▒e; эoьущ* урУ╫`Ц\ТБ·010  `ЖHe -,{8,Бcд╣ !J{e3∙ъC3Yёw) QXзд0Б╛ n 3шДОЁ]мФ╠&ю@г▐vq╪ОRчпн╫№1БЩ0 +В7 1В0. +В7 1 0File unsigned.msi0U +В71G0E0 +В7вА010  `ЖHe n 3шДОЁ]мФ╠&ю@г▐vq╪ОRчпн╫№0*А/┼║gй░mьа╒гАиеХK^Ё10 +В7 1А0*Щ┘░AбШZ▓Сh╣FюSJ!>10 +В7 1В0*╟ЪАЕЕОВ8ф yV╛╖8┤╚▓10 +В7 1Б0Б╠ ╥#`╬▌ 1єrLБФяqдь╚gIЇuCzW╬ Ч:·{1Бз0 +В7 1В0< +В7 1.0,Fileunsigned.ps10U +В71G0E0 +В7вА010  `ЖHe ╥#`╬▌ 1єrLБФяqдь╚gIЇuCzW╬ Ч:·{0В ¤╛k∙¤Жзlиn├юЮzЁ╜┤ю2M&ЙW╨┘ l6ъЦ1БЁ0 +В7 1Б0< +В7 1.0,Fileunsigned.ex_0БЭ +В71БО0БЛ0V +В7бHж╡Ж╒┤б$fов┌О`╓41200 +В71" fа╡3┴╫,k▄8MZ~дp╚б╔YЯYясжl°\7010  `ЖHe ¤╛k∙¤Жзlиn├юЮzЁ╜┤ю2M&ЙW╨┘ l6ъЦа60402 +В7 $0" OSAttr 2:6.01osslsigncode-2.8/tests/files/unsigned.ex_000066400000000000000000000001701457117515700206470ustar00rootroot00000000000000MSCFx,lDTs tests\sources\aDT's tests\sources\be f a b osslsigncode-2.8/tests/files/unsigned.exe000066400000000000000000002736261457117515700206770ustar00rootroot00000000000000MZР  ╕@А║┤ ═!╕L═!This program cannot be run in DOS mode. $PEdЖW8¤a·ДЁ' "lЪ р@└Ь р4░А@Р(▄са.text°kl`P`.dataЁАr@P└.rdataрРt@`@.pdataА░И@0@.xdata,└О@0@.bssа ╨А`└.idata4рФ@0└.CRThЁЬ@@└.tlsЮ@@└/4Аа@PB/19╢7 8в@B/31.`┌@B/45╤pт@B/57иАъ@@B/70ДРь@B/81hаЁ@B/92P░°@B├ff.Д@HГь(HЛИ1╔╟HЛИ╟HЛИ╟HЛ▄З╟HЛПЖfБ8MZuHcP■  LЙтHН Дwш/■  Рff.ДUAWAVAUATWVSHГь8HНм$АЛ=2╢Е tHНe╕[^_A\A]A^A_]├D╟╢шyHШHНАHН┼HГрЁшв LЛ%█{HЛф{╟▐╡H)─HНD$ HЙ╙╡LЙрH)╪HГ°~СЛHГ° П+Е╥ЕЫЛCЕ└ЕРЛSГ·Е┼HГ├ L9уГY   LЛ-а{I╛    ы1@╢HЙёIЙ╨IБ╚   Д╥IH╨H)┬I╫шП¤  DИ>HГ├ L9уscЛЛs╢SLшLюLЛ8Г· ДЁЗ┬Г·tнГ·Е9╖HЙёIЙ╨IБ╚  fЕ╥IH╨HГ├ H)┬I╫ш.¤  fDЙ>L9уrвDЛ▐┤Е└Од■  HЛ5?╞1█LНeмDHЛ┴┤H╪DЛEЕ└t HЛPHЛHMЙс ╓Г╟HГ├(;=Ш┤|╥щ_■  DЕ╥utЛCЙ┴ KЕ╬■  ЛS HГ├ щ╖■  f.ДГ·@Е|HЛHЙёH)┬I╫шЖ№  LЙ>щЄ■  fDЛHЙ╤L ЄЕ╔HI╤HЙёH)┬I╫ш\№  DЙ>щ╚■  @L9уГ┘¤  LЛ5 zЛsDЛ+HГ├LЎD.HЙёш(№  DЙ.L9уrрщ√■  HН мuшЯ√  HН huшУ√  РРРHГьXHЛ┼│HЕ└t,ЄД$АЙL$ HНL$ HЙT$(ЄT$0Є\$8ЄD$@ ╨РHГ─X├ff.Д@HЙ y│щWРРРРATHГь HЛЛIЙ╠Й┴Бс    Б∙CCG Д╛=Ц└ЗЪ=Л└vDs  ?Г° w*HН+uHcВH╨ рfР║╣ш)Vш╝·  @╕    HГ─ A\├@=└Д▌v;=└t▄=└u41╥╣шщUHГ°ДуHЕ└t╣ ╨╕    ы▒@=АtбHЛ┬▓HЕ└tLЙсHГ─ A\H рРЎBЕ8   щy   Р1└HГ─ A\├А1╥╣ш|UHГ°Д:   HЕ└tм╣ ╨╕    щA   @1╥╣шLUHГ°u╘║╣ш7U╕    щ   D1╥╣ шUHГ°t1HЕ└ДL   ╣  ╨╕    щс■  ║╣шэTГ╚ щ╩■  ║╣ ш╓TГ╚ щ│■  РРРРРРATWVSHГь(HН Ё▒ о┬HЛ├▒HЕ█t2HЛ=у┬HЛ5Ь┬Л  ╫IЙ─ ╓Е└uMЕфt HЛCLЙс ╨HЛ[HЕ█u▄HН е▒HГ─([^_A\H %Б┬DWVSHГь Лk▒Й╧HЙ╓Е└u HГ─ [^_├fР║╣шyTHЙ├HЕ└t<Й8HН P▒HЙp  ┬HЛ▒HН 8▒HЙ▒HЙC ┬1└HГ─ [^_├Г╚ ыЮДSHГь Лэ░Й╦Е└u1└HГ─ [├АHН щ░ з┴HЛ ╝░HЕ╔t*1╥ыHЙ╩HЕ└tHЙ┴Л9╪HЛAuыHЕ╥t&HЙBшеSHН ж░ М┴1└HГ─ [├ДHЙi░ы╒АSHГь Г·tFw,Е╥tPЛR░Е└Д▓╟@░╕HГ─ [├DГ·uыЛ%░Е└tсш4■  ы┌fРшЛў  ╕HГ─ [├Л░Е└uVЛ°пГ°u│HЛфпHЕ█tАHЙ┘HЛ[шфRHЕ█uяHН рпH╟╡п╟│п Б└щh   ш╗¤  ыгfДHН йп └щ<   РРРРРРРРРРРРРР1└fБ9MZuHcQ@E┐╥@%АLЛЬ$АAЙHНD$HLЙL$0LНL$DDЙD$(IЙ╨DЙ╥ЙL$ HН █YHЙD$8ш┴'HГ─X├@╟D$DE1╥ылf= t╖Bщz   fДLЙ╨H┴ш %   D ╨t╟D$DE1╥1└щr   D╟D$D╖BE1╥щT   @╟D$DA║├┐  щ=   ff.ДfРSHГь HЙ╙ЛRЎ╞@uЛC$9C(~LЛАц u HcC$AИ ЛC$Г└ЙC$HГ─ [├fДLЙ┬ш╕LЛC$Г└ЙC$HГ─ [├fДAVAUATUWVSHГь@LНl$(LНd$0LЙ├HЙ═Й╫MЙш1╥LЙсшуPЛCЕ└x9╟O°ЛC 9°П┼╟C     Е О№D╖UMЙшLЙсHГ┼шеPЕ└~~ГшLЙцMНtы@HcC$AИ ЛC$Г└ЙC$L9Ўt6ЛSHГ╞Ў╞@uЛC$9C(~с╛N LЛАц t╩LЙ┬штKЛC$Г└ЙC$L9Ўu╩ГяuЗЛC НP ЙS Е└~fРHЙ┌╣ ш│■  ЛC НP ЙS Е└цHГ─@[^_]A\A]A^├)°ЙC ЎC u+ГшЙC fDHЙ┌╣ шs■  ЛC НP ЙS Е└uцщ    Е П   ГшЙC ыС╟C ■   ывДWVSHГь AЛ@HЙ╬Й╫LЙ├Е└x9┬O°ЛC 9°П┴╟C     Е ДЯЛCГяHўы#АHcC$И ЛS$Г┬ЙS$H9ўtDЛCHГ╞Ў─@uЛS$9S(~с╛HЛЎ─ t╠ш┐JЛS$ы╠f.ДHcC$╞ ЛS$Г┬ЙS$ЛC НP ЙS Е└~.ЛCЎ─@uЛS$9S(~▌HЛЎ─ t╩╣ шpJЛS$ы╞╟C ■   HГ─ [^_├@)°ЙC Й┬ЛCЎ─u)НB ЙC HЙ┌╣ ш3¤  ЛC НP ЙS Е└uцщ   РЕ Е   ГъЙS ыБATSHГь(HНтhIЙ╠HЕ╔HЙ╙HcRLDрLЙсЕ╥xш%IHЙ┬IЙ╪LЙсHГ─([A\щР■  шГIыфfДHГь8EЛHA╟@    IЙ╥Е╔tI╞D$,-HНL$-LН\$,AГс 1╥A╢Гр▀D ╚ИHГ┬HГ·uшHНQLЙ┘L)┌ш-■  РHГ─8├АAў┴t╞D$,+HНL$-LН\$,ымfDAЎ┴@t╞D$, HНL$-LН\$,ыПfДLН\$,LЙ┘щy   UAWAVAUATWVSHГь8HНм$АAЙ╬LЙ├Г∙oД9EЛx╕AЛxEЕ AI╟Г└ў╟Е╞DЛk D9шAL┼HШHГ└HГрЁш№∙  ╣A╕H)─LНd$ LЙцHЕ╥ДїEЙёAГс fDDЙ└HГ╞!╨DНP0Г└7D ╚EЙ╙AА·:AB├H╙ъИF HЕ╥u╫L9цД╢EЕ О┼HЙЁEЙ°L)рA)└EЕ└О░Ic°HЙё║0IЙ°H■шъGL9цДнHЙЁL)рD9шМ║╟C     AГ■oД!A╜    ЎC ЕQI9ЇГ┐Л{EНu ыАHcC$И ЛC$Г└ЙC$L9цv8Л{HГюў╟@uЛC$9C(~▐Бч ╛HЛt╞шЙGЛC$Г└ЙC$L9цw╚EЕэ#ы[@HcC$╞ ЛC$Г└ЙC$AНF EЕЎ~=AЙ╞Л{ў╟@uЛC$9C(~█Бч HЛt┼╣ ш+GЛC$Г└ЙC$AНF EЕЎ├HНe╕[^_A\A]A^A_]├ДfAГx ╣Д/AЙ└A╣лкккDЛk Mп┴I┴ш!D└D9шAL┼HШHГ└HГрЁш°  H)─LНd$ AГ■oДIA╕LЙцHЕ╥Е■  DБч ў  Й{EЕ ПA■  fDAГ■oДL9цЕ\■  EЕ ДS■  ╞0HГ╞HЙЁL)рD9шНL■  fDA)┼Л{DЙk AГ■oДЇў╟ДAГэEЕэ~ EЕ ИЎDИ6HГ╞╞F 0EЕэО!■  Л{EНu ў╟Е°АHЙ┌╣ ш█°  DЙЁAГюЕ└шA╛■   A╜    L9цЗ■  щЭ■  fDEЛx╕AЛxEЕ AI╟Г└ў╟ЕнDЛk A9┼AM┼HШHГ└HГрЁш├Ў  ╣H)─LНd$ A╕щ┬№  ЎC Д╪■  ╞0HГ╞щ╠■  fРEЕ И╖EНu ў╟Д?   L9цЗn¤  щ╔¤  fДEЕ ИчEНu ў╟Д   I9ЇВ>¤  щЩ¤  fДfAГx Д╙╣щ█¤  f.ДDЛk D9шAL┼HШHГ└HГрЁшЎї  A╕H)─LНd$ щъ¤  DИ6HГ╞╞F 0щЯ№  Й°%=Е7   EНM HЙё║0EНyDЙMмMc MЙ°L■шDDЛMмE)щEЙ═AГ■oД-■  БчД!■  щ■  АЙ°%=tдў╟ЕЁ¤  щ·■  DЛk D9шAL┼щo■  РUAWAVAUATWVSHГь(HНм$А╕DЛrЛzEЕЎAI╞HЙ╙Г└ў╟t fГz Е<Лs 9╞M╞HШHГ└HГрЁшхЇ  H)─LНd$ @Ў╟АtHЕ╔ИN@АчЙ{HЕ╔ДI╗АAЙ·MЙрI╣═╠╠╠╠╠╠╠AБтDMНhM9─t/EЕ╥t*fГ{ t#LЙ└L)рL!╪HГ°uIН@A╞,MЙшIЙ┼fDHЙ╚IўсHЙ╚H┴ъLН<ТM L)°Г└0AИHГ∙ v HЙ╤MЙшыЭDEЕЎО╖LЙшEЙЁL)рA)└EЕ└~Mc°LЙщ║0MЙ°M¤шАBM9ьДЯЕЎ~3LЙшL)р)╞Йs ЕЎ~$ў╟└ЕШEЕЎИЮў╟Д█@Ў╟АД╓A╞E-IНuI9Їr ыSfDHcC$И ЛC$Г└ЙC$I9Їt8Л{HГюў╟@uЛC$9C(~▐Бч ╛HЛt╞шBЛC$Г└ЙC$I9Їu╚ЛC ыfDHcC$╞ ЛS$ЛC Г┬ЙS$Й┬ГшЙC Е╥~0ЛKЎ┼@uЛS$9S(~▐HЛАх t╚╣ ш╢AЛS$ЛC ы─fDHНeи[^_A\A]A^A_]├Аў╟t8A╞E+IНuщ   f.ДЙ┬A╕лкккIп╨H┴ъ!╨щн¤  fДLЙю@Ў╟@Дц■  A╞E HГ╞щ╪■  DHў┘щ║¤  ДM9ьЕp■  EЕЎДg■  fDA╞E0IГ┼щS■  f.ДГюЙs EЕЎЙb■  Й°%=ЕP■  ЛS НB ЙC Е╥ОN■  HНpLЙщ║0IЙЁIїшw@╟C     щ+■  ЛC НP ЙS Е└О■  АHЙ┌╣ шsє  ЛC НP ЙS Е└цЛ{щю¤  fDMЙхEЙЁEЕЎПГ¤  щ-   @UATWVSHЙхHГь0Гy¤IЙ╠Дц╖QfЕ╥Д╣IcD$HЙцHГ└HГрЁшTё  H)─LНE°H╟E°HН\$ HЙ┘шXDЕ└ОрГшHН|ы!fDIcD$$AИ AЛD$$Г└AЙD$$H9▀tAAЛT$HГ├Ў╞@u AЛD$$A9D$(~┘╛K MЛ$Ац t╛LЙ┬шЖ?AЛD$$Г└AЙD$$H9▀u┐HЙЇHЙь[^_A\]├АLЙт╣.шSЄ  РHЙь[^_A\]├ДH╟E°HН]°ш?HНMЎIЙ┘A╕HЛшAЕ└~.╖UЎfAЙT$AЙD$щр■  fРLЙт╣.шєё  HЙЇщz   A╖T$ы╘UWVSHГь(AЛA Й═HЙ╫DЙ╞LЙ╦EЕ└ОA9└Оў╟C     ╕    ЎC tMfГ{ Д ║лкккDНFLп┬Й┬I┴ш!AНH )┴AГ°uщцfDГъЙ╚╨ЙS Д*Е╥ь@ЕэЕ"ЛSЎ╞ЕДГт@ЕєЛC Е└~ЛSБтБ·ДwHНk ЕЎО╗╢╣0Д└tHГ╟╛╚HЙ┌шїЁ  ГюД╘ЎC t╓fГ{ t╧i╞лккк=UUUUw┬IЙ╪║HЙщш"ё  ы░AЛQD)└9╨О·■  )╨ЙC Е╥О┤ГшЙC ЕЎ~ ЎC Еы■  Е└О0   ЕэЕ°ЛSў┬└ДёГшЙC Д   Ў╞Е   ГшЙC fDHЙ┌╣ шCЁ  ЛC НP ЙS Е└цЕэД▐■  HЙ┌╣-ш!Ё  щс■  @ЛCЕ└ЎC uГшЙCHГ─([^_]├@HЙ┘ш░№  ы!fD╢╣0Д└tHГ╟╛╚HЙ┌ш═я  ЛCНP ЙSЕ└╪HГ─([^_]├АЕ└ОHГшЛS9╨Пщ■  ╟C     щ6■  fDГшЙC ДN   ўCД   HЙ┌╣-шbя  щ"■  DHЙ┌╣0шKя  ЛCЕ└ЎC uЕЎuщ*   DHЙ┘шш√  ЕЎДS   ЛCЁЙCДHЙ┌╣0шя  Г╞uющ,   fДЛSЎ╞Е@■  ЕЎОT■  АцДK■  fГ{ Д@■  щ)¤  HЙ┌╣+ш│ю  щs¤  fDГшЙC fРHЙ┌╣0шУю  ЛC НP ЙS Е└цщb¤  РЎ╞Е*¤  ЛC НH ЙK Е└О¤  щ■  РД╡■  ╟C     щЎ№  fDHЙ┌╣ ш;ю  щ√№  Й╨щЯ¤  ff.Д@AUATSHГь A║AГшAЙ╦MЙ╠McшA┴°Ii═gfffH┴∙"D)┴tHc┴┴∙AГ┬Hi└gfffH┴°")╚Й┴uхAЛD$,Г° uA╟D$,╕D9╨DЙ╙EЛD$ MЙсM╪DЙ└НK)╚A9╚╣    A╕N┴DЙ┘AЙD$ шж√  AЛL$AЛD$,LЙтAЙD$Й╚Гс └Г╔EAЙD$ш]э  DНSLЙтLЙщET$ HГ─ [A\A]щPЎ  ATSHГьhDЛB█)HЙ╙EЕ└xkAГ└HНD$H█|$PfoD$PHНT$0LНL$L╣HЙD$ )D$0ш┌ы  DЛD$LIЙ─AБ°А  t9ЛL$HIЙ┘HЙ┬ш║■  LЙсшbРHГ─h[A\├fД╟BA╕ыКРЛL$HIЙ╪HЙ┬шся  LЙсш)РHГ─h[A\├ATSHГьhDЛB█)HЙ╙EЕ└y ╟BA╕HНD$H█|$PfoD$PHНT$0LНL$L╣HЙD$ )D$0ш!ы  DЛD$LIЙ─AБ°А  thЛL$HHЙ┬IЙ┘шA·  ЛC ы@HcC$╞ ЛS$ЛC Г┬ЙS$Й┬ГшЙC Е╥~?ЛKЎ┼@uЛS$9S(~▐HЛАх t╚╣ ш╓8ЛS$ЛC ы─fDЛL$HIЙ╪HЙ┬ш∙ю  LЙсшAРHГ─h[A\├ДATVSHГь`DЛB█)HЙ╙EЕ└И■ДрHНD$H█|$PfoD$PHНT$0LНL$L╣HЙD$ )D$0ш3ъ  Лt$LIЙ─Б■А  Д╨ЛC%Г■¤|KЛS9╓DЕ└Д╠)ЄЙSЛL$HIЙ┘AЙЁLЙтш-∙  ыHЙ┌╣ ш√ъ  ЛC НP ЙS Е└цы(@Е└u4LЙсшФ7ГшЙCЛL$HIЙ┘AЙЁLЙтшд№  LЙсшLРHГ─`[^A\├fРЛCГшы╧Д╟BA╕щ   fD╟BA╕щЎ■  fDЛL$HIЙ╪HЙ┬шбэ  ыЫАLЙсш7)ЁЙCЙ&   ЛS Е╥О   ╨ЙC щ   AUATUWVSHГьXLЛDЛYE┐├LЙ▐CН IЙ╘LЙ╥╖╔H┴ъ Бт   D ╥Й╨ў╪ ╨┴ш ╚╣■ )┴┴щЕ┘fEЕ█И╫fБц ЕдMЕ╥Е3AЛT$Г·ЖїAЛL$HН|$0AЛD$Е└ОЮ╞D$0.HНD$1╞0HНXEЛT$ ╜EЕ╥ОКAЛT$IЙ┘┐╞I)∙FН Е╥Й╩EO╚Бт└Г·H┐╓AГ┘·Hi╥gfff┴°EЙ╚H┴·")┬t/f.ДHc┬AГ└┴·Hi└gfffAНhD)═H┴°")╨Й┬u▐┐эE9┬ОjE)┬Ў┼ДоEЙT$ РЎ┴АЕ7Ў┼Е^Гс@ЕuLЙт╣0ш╚ш  AЛL$LЙтГс Г╔Xш╡ш  AЛD$ Е└~2AЎD$ t*ГшAЙD$ @LЙт╣0шЛш  AЛD$ НP AЙT$ Е└тLНl$.H9√w%щРA╖D$ fЙD$.fЕ└ЕtH9√Дp╛K HГыГ∙.Д·Г∙,t═LЙтш-ш  ы╫fБ■ uAЕ╥u=DЙ┴HН■SMЙрБсАщ DAБL$АfБц Д ■  ы┬f.ДAЛT$fБю ?Г·ЗuMЕ╥x ДM╥y√╣╕I╤ъ)╤┴сH╙рI┬И5M╥╣)╤┴сI╙ъAЛL$HН|$0AЙ╔AЙ╚HЙ√AБсAГр ы'D1└H9√w AЛT$Е╥x Г└0ИHГ├MЕ╥Д~DЙ╥ГтIў┬Ё   ДAЛD$I┴ъЕ└~ГшAЙD$Е╥t▓Й╨Г· v╗НB7D └ы╢MЙрHНхR1╔HГ─X[^_]A\A]щ+ъ  LЙт╣0ш█ц  AЛD$НP AЙT$Е└тAЛL$LЙтГс Г╔Pш╖ц  Al$ H┐╬LЙтAБL$└HГ─X[^_]A\A]щбя  РИЫ╕└  DЙ╞ГшM╥yЎAЛT$Г·Жн■  AЛL$щ╓■  fDAЛL$HН|$0MЕ╥Е╜■  щХ№  LЙсш°Є  щ▀¤  H9√wEЕ╔uEЛ\$EЕ█~ @╞.HГ├НF IГ·tДЙ╞I╤ъНF IГ·uЄE1╥щ╠■  f.ДMЙр║LЙщш0ц  щw¤  H9√Е2№  щ№  f.ДLЙт╣-шгх  щ╔№  fDA╟D$     щЪ№  f.ДLЙт╣+шsх  щЩ№  fDГ╞щ╞¤  LЙт╣ шSх  щy№  fDAНB AЙD$ EЕ╥ОF№  fDLЙт╣ ш#х  AЛD$ НP AЙT$ Е└тAЛL$щ№  ДHЙ°Ў┼Д`√  щQ√  ╛└  щo■  DAWAVAUATUWVSHБьиLЛд$Й╧HЙ╒DЙ├LЙ╬шэ1╛1╥Бч`ЛfЙФ$РЙЬ$ШЙ╩HН^ЙD$,H╕    ¤   HЙД$А1└HЙl$pЙ|$x╟D$|    fЙД$И╟Д$М╟Д$Ф╟Д$Ь    Е╔Д0LН-2Pы_DЛD$xAў└@uЛД$Ф9Д$Ш~%AБр LЛL$pЕАHcД$ФAИЛД$ФГ└ЙД$Ф╢HГ├╛╩Е╔Д┴Г∙%uЬ╢Й|$xH╟D$|    Д└ДдHЙ▐LНT$|E1 E1ЎA╗НPрHНn╛╚А·Zw)╢╥IcTХLъ т@LЙ╩шx0ЛД$Фщ   @Гш0< ЗйAГ■ЗЯEЕЎЕjA╛MЕ╥Д╦AЛЕ└И┼НАНDA╨AЙ╢FHЙюАД└Еp   ЛМ$ФЙ╚HБ─и[^_]A\A]A^A_├IН\$AГ Д╚EЛ $AГ tAГ ДFAГ uE╢╔LЙL$`Г∙uДДLНD$pLЙ╩IЙ▄HЙышТц  щ║■  D╢FA┐HЙюA╛щh   БL$xАIН\$AГ Д^Ic $AГ tAГ Д▄AГ uH╛╔HЙL$`HЙ╚HНT$pIЙ▄HЙыH┴°?HЙD$hш:ы  щB■  AГяIЛ $IН\$AГ Ж▄HНT$pIЙ▄HЙышюф  щ■  AГяAЛ$IН\$╟Д$А    AГ Ж╗HНL$`LНD$pИD$`IЙ▄║HЙышyу  щ╤¤  IЛ$HcД$ФIГ─AГ Д_AГ ДїAГ t AГ Д,ЙHЙыщУ¤  ЛD$xIЛ$IГ─Г╚ ЙD$xиД █*HНL$@HНT$pHЙы█|$@шў  щ[¤  EЕЎu 9|$xДПIЛ$IН\$LНD$p╣xH╟D$hIЙ▄HЙыHЙT$`шєф  щ¤  ╢F<6Д4<3Д,HЙюA┐A╛щ╛¤  ЛD$xIЛ$IГ─Г╚ ЙD$xиД██*HНL$@HНT$pHЙы█|$@шcє  щ╗№  ╢FDЛl$@+Ь$ЬDм$Ьщ2■  D╟Д$ИDЛL$P╟D$`EЕ╔И╧EЕ╥ЙеDЙ╨D)T$`ў╪DЙT$pE1╥ЙD$tЛD$ Г° ЗгГ°ПтAБ└¤1└AБ°ўЦ└ЙD$TЛD$ Г°Д> Г°ДН Г°Е┤╟D$hEЕЎ╣AO╬ЙМ$ЬAЙ╬ЙМ$МЙL$LDЙT$xшA∙  Г|$LD╢L$THЙD$XЦ└DЛT$xA!┴ЛG ГшЙD$Tt(ЛT$T╕Е╥I┬ГхЙD$TЙ┴Д═╕)╚ЙD$TEД╔Д╣ЛD$T D$pЕлDЛД$И╟Д$ЬЄД$АEЕ└tЄ%ТAf/рЗf(╚ЄX╚ЄX РAfH~╩fH~╚H┴ъ Й└Бъ@H┴т H ╨ЛT$LЕ╥ДDЛ\$L1эHЛ╤CfHn╨AНC HШЄ$┬ЛD$hЕ└Д╞ Є ]AЄ,╨HЛL$XЄ^╠HНAЄ\╩fя╥Є*╥Г┬0ИЄ\┬f/╚З═Є%х@Єх@ыIЛМ$ЬНQЙФ$ЬD9┌НжЄY├fя╥HГ└ЄY╦Є,╨Є*╥Г┬0ИP Є\┬f/╚Зrf(╘Є\╨f/╩vмН}╢P HЛ\$XHЙ┴Й|$PыАH9╪ДV╢P HЙ┴HНA А·9tчHЙL$XГ┬И╟D$H щДЛT$P╟D$`╟Д$ИЕ╥И!DT$PDЙT$p╟D$tщZ¤  f.Д╟D$ fя└DЙT$LЄA*─ЄY╩?Є,╚Г┴ЙМ$Ьш▀Ў  DЛT$LHЙD$XЛG ГшЙD$TЕEЕэИX ЛD$p9GНЙ╟Д$М    E1Ў╟D$L    fДA)▄DЙщЛWAНD$D)сЙД$Ь9╤НРDЛ\$ AНK¤Гс¤Д~A)╒AГ√DЛ\$LЯ┴AНEEЕ█ЙД$ЬЯ┬Д╤t D9╪П\ЛT$`D$PDЛl$t╨Й╒ЙD$`╣DЙT$xш═╟D$hDЛT$xIЙ─Еэ~"ЛL$PЕ╔~9═Й╚N┼)D$`)┴ЙД$Ь)┼ЙL$PDЛL$tEЕ╔t[DЛD$hEЕ└ДsEЕэ~;LЙсDЙъDЙФ$АшЗLЙ·HЙ┴IЙ─шLЙ∙HЙD$xш,LЛ|$xDЛФ$АЛT$tD)ъЕS╣DЙT$tш#Г√DЛT$tФ├Г|$ IЙ┼Ю└!├EЕ╥П╟D$tД█ЕC ┐EЕ╥Е+|$PDЛD$`ГяГчA°Й╝$ЬЙ·EЕ└~DЙ┬LЙ∙ш┘ЛФ$ЬIЙ╟T$PЕ╥~ LЙщш┐IЙ┼ЛМ$ИГ|$ Я├Е╔Е5ЛD$LЕ└П╣Д█Д▒ЛD$LЕ└ЕJLЙщE1└║шеLЙ∙HЙ┬IЙ┼шwЕ└О$ЛD$pHЛ\$XГ└ЙD$PHГD$X╞1╟D$H LЙщшЎMЕфtLЙсшщLЙ∙шсHЛ|$(HЛD$XЛL$P╞ЙHЛ|$0HЕ tHЙЛD$H щў  fD║╟D$P)┬ЙT$`щ·  Дfя╔ЄA*╩f.╚z f/╚Д╔°  AГъщ└°  fDГш╟D$TЙD$ щ!·  ╟D$hE1ЎE1╔╟Д$М    ╟D$L    щt·  f(╚ЄX╚ЄX v<fH~╩fH~╚H┴ъ Й└Бъ@H┴т H ╨Є\Y<fHn╚f/┴ЗВ fW R<f/╚З╫╟D$TEЕэИзЛD$p9GМЪHЛГ>HШHЙ╟Є┬EЕЎЙєЛD$LЕ└ПчЕНЄYц;f/Ф$АszГ╟HЛ\$XE1эE1фЙ|$PщU■  @Г°Еп√  ╟D$hЛD$pDЁЙД$МГ└ЙD$LЕ└ОWЙД$ЬЙ┴щ9∙  @DЛ\$hEЕ█Ет√  DЛl$tЛl$`E1фщd№  E1эE1фAў▐╟D$HHЛ\$XDЙt$Pщу¤  РDЙ╥LЙщшД█DЛT$tIЙ┼Е░╟D$tAЛEГшHШA╜|ЕГўщт№  fDЛD$pГ└ЙD$PЛD$hЕ└Д╔Н/Е╥~ LЙсш║IЙ─ЛD$tMЙцЕ└ЕЬHЛD$XHЙt$h╟Д$ЬHЙD$@щнfДHЙ┴ш8╕Е И |$ uHЛ|$8ЎДэHЛt$@HНnЕ└~ Г|$TЕпИ] ЛD$L9Д$ЬД╞LЙ∙E1└║ шKE1└║ LЙсIЙ╟M9ЇД$ш/LЙёE1└║ IЙ─шIЙ╞ГД$ЬHЙl$@LЙъLЙ∙ш╤ё  LЙтLЙ∙Й╞НX0ш╤LЙЄLЙщЙ╟шЛhЕэЕ)   HЙ┬LЙ∙HЙD$`шйLЛD$`Й┼LЙ┴шJ ЛD$ шЕ╖ HЛL$8ЛЙT$`Гт T$TЕє■  HЛT$@Йt$ HЛt$hHНjГ√9Д▓Е ОY Л\$ ╕ Г├1HЛ|$@ЙD$HИLЙчMЙЇfDLЙщш╪ MЕфДHЕ ДвL9чДЩHЙ∙ш╡ HЛ\$XHЙl$Xщ╡√  fDш IЙ─IЙ╞щч■  ╟D$hщ4¤  Г|$ Од∙  ЛD$LЛL$tГш9┴М╜)┴AЙ═ЛD$LЕ└И ЛL$`D$PЙД$Ь╚Й═ЙD$`щy∙  DLЙъLЙ∙шuЕ└Й╕·  ЛD$pE1└║ LЙ∙ГшЙD$@шr ЛT$hIЙ╟ЛД$МЕ└Ю└!├Е╥ЕTД█ЕбЛD$pЙD$PЛД$МЙD$Lf.Д╟Д$ЬHЛl$XЛ|$Lы%f.ДLЙ∙E1└║ ш ГД$ЬIЙ╟LЙъLЙ∙HГ┼ш╢я  НX0И] 9╝$Ь|╟1 ЛL$TЕ╔ДуAЛG╢U Г∙ДГ° EЛGEЕ└tAHЛL$XыH9╚ДЧ╢P HЙ┼HНE А·9tчГ┬╟D$H Ищ%■  D╢U■HЙ┼HНE А·0tЁщ ■  ╟D$hщ╧Ї  ╟Д$Ь╣щ█Ї  HcD$pHЛК9╟D$L    Є┬ЄД$АDЛD$p╟Д$ЬHЛ|$Xf(╚AГ└Є^╩DЙD$PHНGЄ,╔fя╔Є*╔НQ0ИЄY╩Є\┴f.╞ЛlЄЧ6АЛФ$Ь;T$LДьЄY├Г┬HГ└ЙФ$Ьf(╚Є^╩Є,╔fя╔Є*╔НQ0ИP ЄY╩Є\┴f.╞z╡u│HЛ\$XHЙD$Xщ∙  ЛT$tLЙ∙DЙT$xш DЛT$xIЙ╟щ╝ў  HЛ\$XHЙl$Xщ╓°  LЙ∙DЙT$tшЄ DЛT$tIЙ╟щУў  Й┬+T$tE1эЙD$tA╥щ3¤  HЛD$XГD$P╟D$H ╞1щЦ№  LЙ∙║шйLЙъHЙ┴IЙ╟шл╢U Е└П■  u ГуЕ ■  AЛGГ°О┘╟D$Hщ1■  HЛ|$@DЛ\$TЙt$ HЛt$hLНOLЙ═EЕ█ДUAГО╚Г|$TДЕHЙt$ LЙ╧LЙЎLЛt$@ыOАИ_ E1└HЙё║ IЙ■ш2 I9ЇLЙ∙║ LDрE1└HЙ┼HГ╟ш LЙъHЙюHЙ┴IЙ╟ш╙ь  НX0HЙЄLЙщHЙ¤ш╥Е└жLЙt$@IЙЎHЛt$ Г√9Д╟D$H LЙчГ├MЙЇHЛD$@Ищk√  Л|$TЕ Д*Г ДёHЛ\$XHЙD$X╟D$Hщ6ў  ЄYтHЛD$Xf(╚E1└╟Д$ЬЄD4ыf.ДЄY╩Г┴EЙ╚ЙМ$ЬЄ,╤Е╥tfя█EЙ╚Є*┌Є\╦HГ└Г┬0ИP ЛМ$ЬD9┘u┬EД└ДЄ!4f(╘ЄX╨f/╩ЗсЄ\─f/┴Жйў  f.╬HЛ\$Xz f/╬Дд╟D$HDНEHЙ┬HН@ Аz 0tєHЙT$XDЙD$Pщ[Ў  ╟Д$ЬЛl$`+l$LщpЇ  ЛL$LЕ╔ДЄЎ  DЛЬ$МEЕ█О7ў  ЄYO3Є O3╜    ЄY╚ЄX F3fH~╩fH~╚H┴ъ Й└Бъ@H┴т H ╨щ─ё  AЛL$ш┬IНT$IЙ╞HНHIcD$LНЕш LЙё║ш╫ IЙ╞щ'°  ЛGГ└;D$@НнЇ  ГD$`ГD$P╟D$tщЦЇ  ╟D$PHЛ\$XE1эE1фщAї  HЛt$hГ√9ДщHЛD$@Г├LЙч╟D$H MЙЇИщE∙  LЙчHЛt$hMЙЇщ░·  ЛGГ└9D$@Кщ?ў  A)▄DЙщЛWE1ЎAНD$D)с╟D$L    ЙД$Ь╟Д$М    9╤М╛Є  щ°Є  ГD$P║1HЙL$X╞0щлё  Е└~7LЙ∙║шс LЙъHЙ┴IЙ╟шу Е└ОлГ√9t-Л\$ ╟D$T Г├1AГОeLЙч╟D$HMЙЇщ¤  HЛD$@LЙчHЛL$XMЙЇ║9╞9щ·  ЛD$@ЙD$pЛД$МЙD$Lщ╙є  HЛ\$XHЙl$Xщ$Ї  ЄX└╢P f/┬Зяf.┬HЛ\$Xz u АсЕ╥Ё  ╟D$HщА¤  f.╞Н}HЛ\$XHЙD$XЙ|$PКЩ№  f/╞ЕП№  ╟D$Hщ┼є  Н}HЛ\$XHЙ┴Й|$PщВЁ  f(╚щш№  LЙсE1└║ шёIЙ─Д█Е:   ЛD$pЙD$PЛД$МЙD$Lщ╒ї  AЛO╕Е╔DD$HЙD$HщL∙  ╢P HЛ\$XHЙ┴щЁ  EЛWEЕ╥Е+√  Е└Пq■  LЙчMЙЇщ╜√  HЛ\$XHЙ┴щяя  EЛOLЙчMЙЇEЕ╔tA╟D$HщФ√  Дъ∙  щЙ∙  u Ў├ЕJ■  ╟D$T щQ■  ╟D$HDНEщW№  ЛD$TЙD$HщS√  AГ~ ╕щвЎ  AГ║E┬щРЎ  ЙшщMї  ATUWVSHcYЙ╒IЙ╩AЙ╤┴¤9ы~LНaHcэMНЬIН4мAГсД~ЛDЙ╔┐ HНVD)╧╙шAЙ└I9╙ЖЧLЙц@ЛЙ∙HГ╞HГ┬╙рDЙ╔D └ЙF№DЛB№A╙шI9╙w▌H)ыIНDЬ№DЙEЕ└tBHГ└ы<АA╟BA╟B[^_]A\├РLЙчI9єvрДеI9єw·H)ыIНЬL)рH┴°AЙBЕ└t─[^_]A\├DAЙBЕ└tиLЙрыЦff.ДE1└HcQHНAHН РH9╚rы)f.ДHГ└AГ└ H9┴vЛЕ╥tэH9┴vє╝╥A╨DЙ└├РРРРРРРРРРРРРVSHГь(ЛдtЙ╬Г°t{Е└t9Г°u#HЛб{D╣ ╙Л{tГ°tюГ°tOHГ─([^├f.Д╕ЗUtЕ└uQHЛ6{HН St ╙HН rt ╙HН aшо  ╟"tHc╬HН(tHНЙHН ╨HГ─([^H %╫zГ°tЛїsГ°ДX   щq   А╟╓sы▓@SHГь ╕З└sГ°t HГ─ [├DHЛuzHН ▓s ╙HН ╤sHЙ╪HГ─ [H рff.ДVSHГь8Й╦1╔ш┴■  Г√ ~LЙ┘╛╙цHc╞HН Е#H╕°   H!┴ш6 HЕ└tГ=:sЙXЙp t5H╟@HГ─8[^├HН╔rHc╦HЛ╩HЕ└t-LЛГ=sLЙ╩u╦HЙD$(HН s чyHЛD$(ы▓@Й┘╛HЛBLН{i╙цHc╓HЙ┴HНХ#L)┴H┴ъH┴∙Й╥H╤HБ∙ З2   HН╨HЙщM   ff.ДATHГь IЙ╠HЕ╔t:Гy ~ HГ─ A\щi Р1╔шй¤  IcT$HН¤qГ=FrHЛ ╨LЙ$╨IЙ $tHГ─ A\├РHН 9rHГ─ A\H %yff.ДРAUATVSHГь(ЛqIЙ╠Ic╪Hc╩1╥ДAЛDФHп┴H╪AЙDФHЙ├HГ┬H┴ы 9╓рMЙхHЕ█tA9t$ ~!Hc╞Г╞MЙхAЙ\ДAЙt$LЙшHГ─([^A\A]├AЛD$НHш■  IЙ┼HЕ└t▌HНHIcD$IНT$LНЕшX LЙсMЙьшх■  ывSHГь0Й╦1╔шв№  HЛqHЕ└t.HЛГ=HНD$>LЙ╦LDрIЙ╒LЙ╞шщЙ╟шъHЕ█Й|$(IЙЁЙD$ LН eLЙъLЙсLE╦ш&■  HШHГ─@[^_A\A]├ДAVAUATUWVSHГь@HН▀dMЙ═MЕ╔IЙ╬HЙ╙LDшLЙ╞шГЙ┼шtЙ╟HЕ█Д┴HЛHЕ╥Д╡MЕЎtpE1фHЕЎuыJfDHЛHШIГ╞I─H┬HЙL9цv-Й|$(IЙЁMЙщLЙёЙl$ M)ршА¤  Е└╠L9цv Е└uH╟LЙрHГ─@[^_]A\A]A^├f.Д1└AЙ■HНt$>E1фfЙD$>ы @HШHЛI─Й|$(LтMЙщMЙЁЙl$ HЙёш¤  Е└█ыеРE1фыЯff.ДATWVSHГьH1└IЙ╠HЙ╓LЙ├fЙD$>шzЙ╟ш{HЕ█Й|$(IЙЁHНкcЙD$ HНL$>HD┌LЙтIЙ┘ш▓№  HШHГ─H[^_A\├РРРРРРHГьXHЙ╚fЙT$hDЙ┴EЕ└ufБ· wYИ╕HГ─X├fДHНT$LDЙL$(LНD$hA╣HЙT$81╥╟D$LH╟D$0HЙD$  ▄iЕ└tЛT$LЕ╥tош▀√  ╟*╕    HГ─X├АATVSHГь0HЕ╔IЙ╠HНD$+Й╙LDршКЙ╞шЛ╖╙AЙёLЙсAЙ└ш:   HШHГ─0[^A\├ff.Д@AVAUATUWVSHГь0E1ЎIЙ╘HЙ╦LЙ┼шAЙ╟ш2IЛ4$AЙ┼HЕЎtMHЕ█taHЕэu'щПАHШH├I╞А{ ДЖHГ╞L9їvm╖EЙщAЙ°HЙ┘шм■  Е└╨I╟╞    LЙЁHГ─0[^_]A\A]A^├АHНl$+ыРHc╨ГшHШI╓А|+t>HГ╞╖EЙщAЙ°HЙщшY■  Е└╒ылIЙ4$ыйf.ДI╟$IГюыСfРIГюыЙРРРРРРРРРРSHГь Й╦шDЙ┘HНIH┴тH╨HГ─ [├РHЛЙa├ДHЙ╚HЗva├РРРРРSHГь HЙ╦1╔ш▒   H9├r╣шв   H9├vHНK0HГ─ [H %СgD1╔шБ   IЙ└HЙ╪L)└H┴°i└лкккНHшоБKАHГ─ [├fДSHГь HЙ╦1╔шA   H9├r╣ш2   H9├vHНK0HГ─ [H %IgDБc   1╔ш    H)├H┴√i█лкккНKHГ─ [щ0HЛ HЛ├РРРРРHЛ HЛ├РРРРРHЛ HЛ├РРРРР %╛gРР %жgРР %FgРР %&gРР %gРРД %юfРР %▐fРР %╬fРР %╛fРР %оfРР %ЮfРР %ОfРР %~fРР %nfРР %^fРР %NfРР %>fРР %.fРР %fРРщ[Щ  РРРРРРРРРРР        └{@         Ё{@             @├┐  └?└╤@рy@z@z@Рz@ z@Ёz@{@{@Hello world!р@AAЬ╨@@Ё@Unknown errorArgument domain error (DOMAIN)Overflow range error (OVERFLOW)Partial loss of significance (PLOSS)Total loss of significance (TLOSS)The result is too small to be represented (UNDERFLOW)Argument singularity (SIGN)_matherr(): %s in %s(%g, %g) (retval=%g) ╚Ж  |Ж  Ж  ЬЖ  мЖ  ╝Ж  МЖ  Mingw-w64 runtime failure: Address %p has no image-section VirtualQuery failed for %d bytes at address %p VirtualProtect failed with code 0x%x Unknown pseudo relocation protocol version %d. Unknown pseudo relocation bit size %d. РЛ  РЛ  РЛ  РЛ  РЛ  °К  РЛ  └Л  °К  #Л  (null)NaNInf(null)Т╢  Ш░  Ш░  м╢  Ш░  ┤╡  Ш░  ╦╡  Ш░  Ш░  @╢  |╢  Ш░  G┤  `┤  Ш░  |┤  Ш░  Ш░  Ш░  Ш░  Ш░  Ш░  Ш░  Ш░  Ш░  Ш░  Ш░  Ш░  Ш░  Ш░  Ш░  Ш░  Ь┤  Ш░  ╘┤  Ш░   ╡  D╡  |╡  Ш░  │  Ш░  Ш░  0┤  Ш░  Ш░  Ш░  Ш░  Ш░  Ш░  ╔╢  Ш░  Ш░  Ш░  Ш░  ▒  Ш░  Ш░  Ш░  Ш░  Ш░  Ш░  Ш░  Ш░  К▓  Ш░  ▓  А▒  *│  └│  °│  b│  А▒  h▒  Ш░  В│  в│  L▓  ▒  ┬▓  Ш░  Ш░  █▒  h▒  ▒  Ш░  Ш░  ▒  Ш░  h▒  InfinityNaN0°?aCocзЗ╥?│╚`Л(К╞?√yЯPD╙?·}Э-Ф<2ZGUD╙?Ё?$@@@@Ар?}Ё?$@Y@@П@И├@j°@АД.A╨cAД╫ЧAe══A _аBшvH7BвФmB@хЬ0вBР─╝╓B4&їk CАр7y├ACа╪ЕW4vC╚Ngm┴лC=С`фXсC@М╡xпDPят╓фKDТ╒M╧ЁАD╝Й╪Ч▓╥Ь<3зи╒#ЎI9=зЇD¤е2ЭЧМ╧║[%Coмd(╚ Ар7y├ACn╡╡╕УFї∙?щO8M20∙HwВZ<┐s▌Ou@А@PА@╨{@рв@рв@ Р@@tт@Ьт@┤т@─т@Ё╨@P╨@X╨@@Х@Ё@Ё@Ё@0Ё@а╨@`╨@р╨@`@А@А╨@░╨@p╨@Ш╨@Ф╨@Р╨@GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.3.1 20210422 (Fedora MinGW 10.3.1-2.fc34)GCC: (GNU) 10.3.1 20210422 (Fedora MinGW 10.3.1-2.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.3.1 20210422 (Fedora MinGW 10.3.1-2.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34)GCC: (GNU) 10.3.1 20210422 (Fedora MinGW 10.3.1-2.fc34)└>└@Й └Р╢└└▌(└р¤H└h└ ,p└01t└@Сx└С▒Д└└·Р└jШ└pПд└РЧи└агм└░▀░└рa╕└ps─└Аx╚└АГр└Р·ф└bЁ└p■№└A┴P\┴` ┴ Л(┴Р 8┴ Щ D┴а В!L┴Р!╝!T┴└!"X┴"п"\┴░"(#h┴0#i#l┴p#█#p┴р#$t┴ $з$x┴░$n%|┴░%ў%А┴&'М┴ 'w'Ф┴А'╪(Ь┴р(*░┴*W*╝┴`* +╚┴+/0╨┴00▄3ш┴р3@5┬@5ё8┬9р9$┬р9Р:0┬Р:x;<┬А;Ё<H┬Ё<;BT┬@BчKh┬ЁK'LА┬0LмLИ┬░L╠LФ┬╨LFNШ┬PNe░┬ef╠┬fSf▄┬`fstrlenAstrncmpcvfprintf}wcslenррррррррррррррKERNEL32.dllррррррррррррррррррррррррррррррррррррmsvcrt.dll@@@Р@р@░@,@,Н)p%@2╗)Й)GNU C99 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34) -m64 -mtune=generic -march=x86-64 -g -O2 -std=gnu99 -fexceptions --param=ssp-buffer-size=4 ../crt/crtexe.c/builddir/build/BUILD/mingw-w64-v8.0.0/mingw-w64-crt/build_win64@charsize_t(,long long unsigned intlong long intuintptr_tP,wchar_tgkVshort unsigned intintlong intunsigned intlong unsigned intunsigned char╓_EXCEPTION_RECORDШ┘ ЗExceptionCode┌ сExceptionFlags█ с]▄ !╨ExceptionAddress▌ tNumberParameters▐ сExceptionInformation▀ @  З ЗЩ _CONTEXT╨д%╖P1Homeе dP2Homeж dP3Homeз dP4Homeи dP5Homeй d P6Homeк d(ContextFlagsл с0MxCsrм с4SegCsн ╘8SegDsо ╘:SegEsп ╘<SegFs░ ╘>SegGs▒ ╘@SegSs▓ ╘BEFlags│ сDDr0┤ dHDr1╡ dPDr2╢ dXDr3╖ d`Dr6╕ dhDr7╣ dpRax║ dxRcx╗ dАRdx╝ dИRbx╜ dРRsp╛ dШRbp┐ dаRsi└ dиRdi┴ d░R8┬ d╕R9├ d└R10─ d╚R11┼ d╨R12╞ d╪R13╟ dрR14╚ dшR15╔ dЁRip╩ d° ф VectorRegisterу  VectorControlф dаDebugControlх dиLastBranchToRipц d░LastBranchFromRipч d╕LastExceptionToRipш d└LastExceptionFromRipщ d╚WINBOOL БBYTEЛ┐WORDМkDWORDНкfloat╟LPBYTEС° __globallocalestatus TБsigned charshort intULONG_PTR1.DWORD64┬.PVOIDЗCHARLONGИГLPSTRPЯHANDLEХЗLONGLONGъ%3ULONGLONGы.EXCEPTION_ROUTINE┬)Б"╨tУtPEXCEPTION_ROUTINE┼ >щ_M128Ak(tLowl╓Highm─M128AnDtХtж╟╢__onexit_t2╚╬Бdoublelong doubleЄf Ф _XMM_SAVE_AREA32Пx ControlWordР ╘StatusWordС ╘TagWordТ ╟Reserved1У ╟ErrorOpcodeФ ╘ErrorOffsetХ сErrorSelectorЦ ╘ Reserved2Ч ╘DataOffsetШ сDataSelectorЩ ╘Reserved3Ъ ╘MxCsrЫ сMxCsr_MaskЬ сFloatRegistersЭ Д XmmRegistersЮ ХаReserved4Я жаXMM_SAVE_AREA32аа╬╙ Header╧╙ Legacy╨Д Xmm0╤tаXmm1╥t░Xmm2╙t└Xmm3╘t╨Xmm4╒tрXmm5╓tЁXmm6╫tXmm7╪tXmm8┘t Xmm9┌t0Xmm10█t@Xmm11▄tPXmm12▌t`Xmm13▐tpXmm14▀tАXmm15рtРtф ╦ FltSave╠x FloatSave═x  Т t. PCONTEXTъУRP EXCEPTION_RECORDр ╓PEXCEPTION_RECORDт Е P _EXCEPTION_POINTERSў ╨ ]° j ContextRecord∙ . Л !¤ "Next03 "prev 03 _EXCEPTION_REGISTRATION_RECORD3 #╓ #9 ¤ ! f "Handler ""handler "!Х "FiberDatat"Version с_NT_TIB8#4 ExceptionList.3 StackBase tStackLimit tSubSystemTib t#f ArbitraryUserPointer" t(Self#4 0Х NT_TIB$Х PNT_TIB%[ : _IMAGE_DOS_HEADER@╝╩e_magic╜ ╘e_cblp╛ ╘e_cp┐ ╘e_crlc└ ╘e_cparhdr┴ ╘e_minalloc┬ ╘ e_maxalloc├ ╘ e_ss─ ╘e_sp┼ ╘e_csum╞ ╘e_ip╟ ╘e_cs╚ ╘e_lfarlc╔ ╘e_ovno╩ ╘e_res╦ ╩e_oemid╠ ╘$e_oeminfo═ ╘&e_res2╬ ┌(e_lfanew╧ С<╘┌╘ъ IMAGE_DOS_HEADER╨a PIMAGE_DOS_HEADER╨a _IMAGE_FILE_HEADER+·Machine, ╘NumberOfSections- ╘TimeDateStamp. сPointerToSymbolTable/ сNumberOfSymbols0 с SizeOfOptionalHeader1 ╘Characteristics2 ╘IMAGE_FILE_HEADER3%_IMAGE_DATA_DIRECTORYh^VirtualAddressi сSizej сIMAGE_DATA_DIRECTORYk_IMAGE_OPTIONAL_HEADERрoYMagicq ╘Ўr ╟Мs ╟ыt с∙u с╖v с ╧w с8x сBaseOfDatay с╥z сВ{ с Ь| с$} ╘(к~ ╘*ё ╘,КА ╘.уБ ╘0УВ ╘2▀Г с4,Д с8Е с< Ж с@АЗ ╘DmИ ╘FhЙ сH└К сLЛ сP{М сT╙Н сXIО с\▓ПY`^iPIMAGE_OPTIONAL_HEADER32Р Л|_IMAGE_OPTIONAL_HEADER64Ёв[Magicг ╘Ўд ╟Ме ╟ыж с∙з с╖и с ╧й с8к с╥л╓Вм с Ьн с$о ╘(кп ╘*ё░ ╘,К▒ ╘.у▓ ╘0У│ ╘2▀┤ с4,╡ с8╢ с< ╖ с@А╕ ╘Dm╣ ╘Fh║╓H└╗╓P╝╓X{╜╓`╙╛ сhI┐ сl▓└YpIMAGE_OPTIONAL_HEADER64┴СPIMAGE_OPTIONAL_HEADER64┴ ЮС$_IMAGE_NT_HEADERS64╪Signature┘ сFileHeader┌·OptionalHeader█[PIMAGE_NT_HEADERS64▄#дPIMAGE_NT_HEADERSы!PIMAGE_TLS_CALLBACKfDl%БtсtЗСЦ╨ &HINSTANCE__╨╝'unused╨БHINSTANCE╨╬ЦPTOP_LEVEL_EXCEPTION_FILTER БLPTOP_LEVEL_EXCEPTION_FILTER %╘&_STARTUPINFOAh 3Ж'cb 4 с'lpReserved 5 е'lpDesktop 6 е'lpTitle 7 е'dwX 8 с 'dwY 9 с$'dwXSize : с('dwYSize ; с,'dwXCountChars < с0'dwYCountChars = с4'dwFillAttribute > с8'dwFlags ? с<'wShowWindow @ ╘@'cbReserved2 A ╘B'lpReserved2 B ■H'hStdInput C ┤P'hStdOutput D ┤X'hStdError E ┤`STARTUPINFOA FSTARTUPINFO ]Ж(tagCOINITBASEЪ Хч)COINITBASE_MULTITHREADED*VARENUMЪ s)VT_EMPTY)VT_NULL)VT_I2)VT_I4)VT_R4)VT_R8)VT_CY)VT_DATE)VT_BSTR)VT_DISPATCH )VT_ERROR )VT_BOOL )VT_VARIANT )VT_UNKNOWN )VT_DECIMAL)VT_I1)VT_UI1)VT_UI2)VT_UI4)VT_I8)VT_UI8)VT_INT)VT_UINT)VT_VOID)VT_HRESULT)VT_PTR)VT_SAFEARRAY)VT_CARRAY)VT_USERDEFINED)VT_LPSTR)VT_LPWSTR)VT_RECORD$)VT_INT_PTR%)VT_UINT_PTR&)VT_FILETIME@)VT_BLOBA)VT_STREAMB)VT_STORAGEC)VT_STREAMED_OBJECTD)VT_STORED_OBJECTE)VT_BLOB_OBJECTF)VT_CFG)VT_CLSIDH)VT_VERSIONED_STREAMI+VT_BSTR_BLOB +VT_VECTOR+VT_ARRAY +VT_BYREF@+VT_RESERVEDА+VT_ILLEGAL  +VT_ILLEGALMASKED +VT_TYPEMASK _dowildcard`Б_newmodeaБ__imp___initenvi∙,y ╦'newmodez Б_startupinfo{░-ЯЪД&)__uninitialized)__initializing)__initialized.ЯЖр &__native_startup_stateИ+2__native_startup_lockЙtz/_PVFVь_PIFV╚_TCHAR╟__image_base__/ъ_fmode8 Б_commode9 БЙщ0__xi_a@$▐__xi_zA$▐{0__xc_aB$__xc_zC$__dyn_tls_init_callbackM"amingw_app_typeO Б1__mingw_winmain_hInstanceQ ╝ ╨@1__mingw_winmain_lpCmdLineR ┐ ╨@Ч1__mingw_winmain_nShowCmdSс А@2argcU Б 8╨@2argv[  0╨@2envp\  (╨@3argret_ Б2mainret` Б $╨@2managedappa Б  ╨@2has_cctorb Б ╨@2startinfoc╦ ╨@__mingw_oldexcpt_handlerd%°1mingw_pcinitpЙ  Ё@1mingw_pcppinitq{ Ё@_MINGW_INSTALL_DEBUG_MATHERRs Б4mingw_initltsdrot_forceX Б4mingw_initltsdyn_forceY Б4mingw_initltssuo_forceZ Б4mingw_initcharmax[ Б5__mingw_module_is_dll┤ ╨@6atexitжБ@Ь07funcп{8 @=(9RєR:duplicate_ppstringsЭ Ч;acЭ&Б;avЭ2∙check_managed_app^Б X86_TUNE_AVOID_256FMA_CHAINS?X86_TUNE_AVX256_UNALIGNED_LOAD_OPTIMAL@X86_TUNE_AVX256_UNALIGNED_STORE_OPTIMALAX86_TUNE_AVX256_SPLIT_REGSBX86_TUNE_AVX128_OPTIMALCX86_TUNE_AVX256_OPTIMALDX86_TUNE_DOUBLE_WITH_ADDEX86_TUNE_ALWAYS_FANCY_MATH_387FX86_TUNE_UNROLL_STRLENGX86_TUNE_SHIFT1HX86_TUNE_ZERO_EXTEND_WITH_ANDIX86_TUNE_PROMOTE_HIMODE_IMULJX86_TUNE_FAST_PREFIXKX86_TUNE_READ_MODIFY_WRITELX86_TUNE_MOVE_M1_VIA_ORMX86_TUNE_NOT_UNPAIRABLENX86_TUNE_PARTIAL_REG_STALLOX86_TUNE_PROMOTE_QIMODEPX86_TUNE_PROMOTE_HI_REGSQX86_TUNE_HIMODE_MATHRX86_TUNE_SPLIT_LONG_MOVESSX86_TUNE_USE_XCHGBTX86_TUNE_USE_MOV0UX86_TUNE_NOT_VECTORMODEVX86_TUNE_AVOID_VECTOR_DECODEWX86_TUNE_BRANCH_PREDICTION_HINTSXX86_TUNE_QIMODE_MATHYX86_TUNE_PROMOTE_QI_REGSZX86_TUNE_EMIT_VZEROUPPER[X86_TUNE_LAST\ix86_arch_indicese[ш X86_ARCH_CMOVX86_ARCH_CMPXCHGX86_ARCH_CMPXCHG8BX86_ARCH_XADDX86_ARCH_BSWAPX86_ARCH_LASTsigned char__int128__int128 unsignedcomplex floatcomplex double complex long double_Float128 complex _Float128func_ptr*╜t Р __CTOR_LIST__/Е __DTOR_LIST__0Е t ╠  Р 6 ╝ А╤@ ж 7 ╝ p╤@% $ > : ; 9 I&I I : ;9  : ;9 I8  : ;9 I8  7I 5I  И : ;9  IИ 8 : ;9 IИ 8 : ;9 I8&4: ; 9 I?<: ;9 I'II И : ;9 : ;9 IИ IИ !I/ I'I' : ;9 IИ 8  И : ;9  И : ;9  : ;9 IИ IИ ! : ;9 " : ;9 I# I8 $ : ;9 %'& : ; 9 ' : ; 9 I8 (> I: ; 9 )( *> I: ;9 +(, : ; 9 -> I: ; 9 .: ; 9 I/50!14: ; 9 I?24: ; 9 I34: ; 9 I44: ;9 I?<54: ;9 I?6.?: ;9 'I@ЧB7: ;9 I╖B8ЙВ19КВСB:.: ;9 ' ;: ;9 I<4: ;9 I= >.: ;9 'I ?.: ; 9 'I@ЧB@4: ; 9 I╖BA UB1R╕B X Y W C1R╕B X YW D1╖BE41╖BF1R╕B UX Y W G1H1R╕B X YW I 1UJ1R╕B UX YW KЙВ1LЙВ1MЙВNКВO.?: ; 9 'I@ЧBP.: ; 9 '@ЧBQ UR41S: ; 9 IT<U.?: ;9 'I V.?: ; 9 'I 4W: ; 9 IX.?: ;9 'I Y.?<n: ;9 Z.?<n: ; [.?<n: ; 9 \.?<n: ; 9 ].?<n: ;9 %% $ >  I'> I: ;9 ( : ; 9 II ! 4: ; 9 I?< !I/ 4G: ;9 IЁ╡√ ../crt/usr/x86_64-w64-mingw32/sys-root/mingw/include/usr/x86_64-w64-mingw32/sys-root/mingw/include/psdk_inc../includecrtexe.cstring.hwinnt.hintrin-impl.hcorecrt.hminwindef.hbasetsd.hstdlib.herrhandlingapi.hprocessthreadsapi.hcombaseapi.hwtypes.hctype.hinternal.hcorecrt_startup.htchar.hsynchapi.hprocess.hwinbase.hmath.h @ ЎK╘ {y.g╔╔╩twB J=ВЫ~sggвXнX▒Z$t]mмхЄJ▌ ╩ВЬ~╜╓║ ам~XK yEЗ о<║хa  t╜┌├3╔@Р ▌{tK п ┘u. xtwХ xВо  В ╤u  X ut . . Ф% .Иа .ХЕ!ЮY╝Y ╚xp@ZZ█  GX9.?;цt tuJ <Z╓ ВГ KIУwД!Xлi █t5t╝r> ╪ ЮK г~В▌<K в~▌Xб~<┌ ж~JX┌ ^XutШ`╪dh╝ dhЕ┌!jJ ┐Є o] .Т Ю .Т/hГЬ  м┴uуЄ ZfпJ╒g╩Юф~ K╔ Z6 ВK╔ Z6╤ВK )Xнc;√ ../../../libgcc/config/i386cygwin.S p%@Ї""gY0uKgg0=L""rl√ ../../../libgcc/../gcc/config/i386../../../libgcci386.hgbl-ctors.hlibgcc2.c    x а@,@.D0з E Z F @@ID@D|Р@&BНBМA ЖA(ЕA0ДA8ГG╨K 8A├0A─(A┼ A╞B╠B═F К 8A├0A─(A┼ A╞B╠B═F └@D0Xр@D0X@D0T    x а,`p%@2AВAАn└A┬__p__acmdlnCheckSum__mingw_setusermatherrSizeOfImageBaseOfCodeSetUnhandledExceptionFilter_pei386_runtime_relocator_setargvSectionAlignmentMinorSubsystemVersion_fpresetDataDirectorySizeOfStackCommitImageBase__set_app_typeSizeOfCodeMajorLinkerVersion__p__fmodeSizeOfHeapReserve_set_invalid_parameter_handler__getmainargs_amsg_exit_inittermSizeOfStackReserveSizeOfHeapCommitMinorLinkerVersion__enative_startup_stateSizeOfUninitializedDataAddressOfEntryPointMajorSubsystemVersionSizeOfInitializedDataSizeOfHeadersMajorOperatingSystemVersionGetStartupInfoANumberOfRvaAndSizesExceptionRecordDllCharacteristicsSubsystemMinorImageVersionFileAlignmentMinorOperatingSystemVersion__p__commodeLoaderFlagsWin32VersionValueMajorImageVersion../../../libgcc/config/i386/cygwin.S/builddir/build/BUILD/gcc-10.3.1-20210422/build_win64/x86_64-w64-mingw32/libgccGNU AS 2.34RєRЯЯб0Яб Pn0ЯЛо0ЯЯи0Яи╖R╛╪R╪┌x1'Яn0ЯЛо0Я─у0Яу°PPP╪ TT╪0Я%VєV0Я_VЛоV─═0Я══P∙0Я∙T%Ц 0╨@Я%ЦVBЦ]BH0ЯHySBHPHЦU^ИTu~Tuys3$}"y}s3$}"u}PU_0ЯЯ▒hЯЯ▒0ЯЯ▒С╨~ЯфЎ ЯЎ¤P─╓ Я╓▌P_gP╠P>P╠pЯ>pЯтpЯg╨ >─ЬЮу°`puР╢╪┌∙Puy~fimruuy~.filea■ gcrtexe.cj К Х0╝@тP )рGe p╨Ж░ЮР╩@ ╫envp(argv0argc8я∙└Р &@KPq{╨в0╩Ёmainret$щА pа+РA└ S─.l_endw╫]р .l_startф.l_endўatexit lрТЁ.textI.data.bss<.xdatap .pdataTк┤ ╛ Н)▐╩ З╪hу 0ЄP Ї `8"`.filer■ gcygming-crtbegin.c/  D0 .text .data.bss@.xdatap.pdataTа8.fileп■ gmyapp.cprintf@ mainС .text@q.data.bss@.xdatax.pdatal.rdata р8[└ p.0m а__mainp Ь@.text└╧.data.bss@.xdataР.pdataД$  8.textР.data .bssP ` 8.textР.data0.bss`а 8иР .textР.data0.bssp.xdataи.pdataи .CRT$XIC(р 8_setargvа .textа.data@.bssА.xdataм.pdata┤  8.text░.data@.bssА` 8╢░ ┼р ╘А__xd_aX__xd_z`ыp .text░├.data@.bssР.xdata░.pdata└$ .CRT$XLDH.CRT$XLC@.rdata H.CRT$XDZ`.CRT$XDAX.CRT$XLZP.CRT$XLA8.tls$ZZZ .tls а 8.textА.data@.bssар 8.textА.data@.bss░.CRT$XCZ.CRT$XCA.CRT$XIZ0.CRT$XIA 8_matherrА .textА° .data@.bss░.rdataА@.xdata╚.pdataф ` 8_fpresetА fpresetА .textА.data@.bss░.xdataр.pdataЁ а 8.textР.data@.bss░р 8ўР   ─the_secs╚(p  B└M░~└.textРn%.data@.bss└.rdata└.xdataф0.pdata№$  8л  ┴╨╧P  .text \.data@.bss╨.xdata .pdata ` 8.text` .data@.bssра 8ц`  .text` ║ .data@.bssЁ.xdata .rdata╨( .pdata8 р 8¤   +9Р Vi Йа .text b%.data@.bssH.xdata(,.pdataD0  8.textР.data@.bss`` 8.textР.dataP.bss`а 8ЭР ░└ ┐ ╘░ ё0  p р ,  I░ .textР▐ .dataP.bssp.xdataT,.pdatatlр 8.file├■ gfake╛Н) .╩З Ї g.textp2.dataP.bsspу0 0 Б"`H.fileО■ glibgcc2.c.text░.dataP.bssp ╛╗) √ ╩Ы Уу`  [ v 8.text░.dataP.bssР`8k░ .text░G.data`.bssР.xdataА .pdataр а8| fpi.0`К  ЩА нр └ ╧` щ  0  р# /@% D) Zр) kР* {А+ МЁ, Я@2 .textч%/.data`.bssР.xdataМЇ.pdataь└0.rdataМ[р8пЁ; ╛0< ╬░< ┘╨< .textЁ;V.dataА.bssР.xdataА0.pdataм0  8__gdtoaP> ц`.textP>└Q.dataА.bssР.rdataРИ.xdata░.pdata▄ `8 U  V .textUC.dataА.bssР.xdata╠.pdataша8 `V $  1 > @W P РW freelist└ ] Аg └s РX  Y Н ░Y Ч pZ в ╨[ p5sаp05.0 ▒ ╨] ╛ р^ ╚ 0_ ╙ a ▌ b ч 0c .text`V· ;.dataА.bssа╨ .xdataрм.pdataи*.rdata Hр8strnlen`c .text`c(.dataР.bssА .xdataМ.pdataи  8wcsnlenРc .textРc'.dataР.bssА .xdataР.pdata┤ `8.text└c.dataР.bssА .idata$7$.idata$5l.idata$4╠.idata$6F.text╚c.dataР.bssА .idata$7 .idata$5d.idata$4─.idata$6:.text╨c.dataР.bssА .idata$7.idata$5\.idata$4╝.idata$60.text╪c.dataР.bssА .idata$7.idata$5T.idata$4┤.idata$6&.textрc.dataР.bssА .idata$7.idata$5L.idata$4м.idata$6.textшc.dataР.bssА .idata$7.idata$5D.idata$4д.idata$6.textЁc.dataР.bssА .idata$7 .idata$5<.idata$4Ь.idata$6.text°c.dataР.bssА .idata$7.idata$54.idata$4Ф.idata$6№.textd.dataР.bssА .idata$7.idata$5,.idata$4М.idata$6Є.textd.dataР.bssА .idata$7.idata$5$.idata$4Д.idata$6ф.textd.dataР.bssА .idata$7№.idata$5.idata$4|.idata$6┌.textd.dataР.bssА .idata$7°.idata$5.idata$4t.idata$6╥.text d.dataР.bssА .idata$7Ї.idata$5 .idata$4l.idata$6╩.text(d.dataР.bssА .idata$7Ё.idata$5.idata$4d.idata$6└.text0d.dataР.bssА .idata$7ь.idata$5№.idata$4\.idata$6╕.text8d.dataР.bssА .idata$7ш.idata$5Ї.idata$4T.idata$6о.text@d.dataР.bssА .idata$7ф.idata$5ь.idata$4L.idata$6ж.textHd.dataР.bssА .idata$7▄.idata$5▄.idata$4<.idata$6Т.textPd.dataР.bssА .idata$7╘.idata$5╠.idata$4,.idata$6~.textXd.dataР.bssА .idata$7╠.idata$5╝.idata$4.idata$6j.text`d.dataР.bssА .idata$7─.idata$5м.idata$4 .idata$6T.texthd.dataР.bssА .idata$7└.idata$5д.idata$4.idata$6F.textpd.dataР.bssА .idata$7╕.idata$5Ф.idata$4Ї.idata$6(.textxd.dataР.bssА .idata$7┤.idata$5М.idata$4ь.idata$6.textАd.dataР.bssА .idata$7░.idata$5Д.idata$4ф.idata$6.textИd.dataР.bssА .idata$7и.idata$5t.idata$4╘.idata$6ь.textИd.dataР.bssА .idata$7д.idata$5l.idata$4╠.idata$6▄.textРd.dataР.bssА .idata$7Ш.idata$5T.idata$4┤.idata$6Шє аd mbrtowc f  И  Рf  Д mbrlenаg 0 А .textаdZ .dataР.bssА  .xdataФ@.pdata└0 а8< h wcrtombРh I рh .texth╓.dataР.bssР .xdata╘(.pdataЁ$ р8S рi .textрi.dataР.bssР .xdata№.pdata  8c j handlerР З j ж j ╩ j .textj.dataа.bssР .xdata.pdata `8щ j Ї Рj .text j╨ .data░.bssа .xdata .pdata8а8 Ёj  .textЁj .data└.bssа .xdata.pdataP р8* k 7 .textk .data╨.bssа .xdata .pdata\  8U k ` .textk .dataр.bssа .xdata$.pdatah `8hname┤fthunkT.text k.dataЁ.bssа .idata$2.idata$4┤.idata$5T.text k.dataЁ.bssа .idata$7р.idata$5ф.idata$4D.idata$6Ь.text(k.dataЁ.bssа .idata$7╪.idata$5╘.idata$44.idata$6К.text0k.dataЁ.bssа .idata$7╝.idata$5Ь.idata$4№.idata$6<.text0k.dataЁ.bssа .idata$7м.idata$5|.idata$4▄.idata$6°.text8k.dataЁ.bssа .idata$7а.idata$5d.idata$4─.idata$6╞.text@k.dataЁ.bssа .idata$7Ь.idata$5\.idata$4╝.idata$6░.textPk.dataЁ.bssа .idata$4╘.idata$5t.idata$7( .textPk.dataЁ.bssа .idata$7Д.idata$5D.idata$4д.idata$6В.textXk.dataЁ.bssа .idata$7А.idata$5<.idata$4Ь.idata$6r.text`k.dataЁ.bssа .idata$7|.idata$54.idata$4Ф.idata$6`.texthk.dataЁ.bssа .idata$7x.idata$5,.idata$4М.idata$6R.textpk.dataЁ.bssа .idata$7t.idata$5$.idata$4Д.idata$6J.textxk.dataЁ.bssа .idata$7p.idata$5.idata$4|.idata$6,.textАk.dataЁ.bssа .idata$7l.idata$5.idata$4t.idata$6.textИk.dataЁ.bssа .idata$7h.idata$5 .idata$4l.idata$6■.textРk.dataЁ.bssа .idata$7d.idata$5.idata$4d.idata$6ъ.textШk.dataЁ.bssа .idata$7`.idata$5№.idata$4\.idata$6╬.textаk.dataЁ.bssа .idata$7\.idata$5Ї.idata$4T.idata$6╝.textиk.dataЁ.bssа .idata$7X.idata$5ь.idata$4L.idata$6м.text░k.dataЁ.bssа .idata$7T.idata$5ф.idata$4D.idata$6Ф.text╕k.dataЁ.bssа .idata$7P.idata$5▄.idata$4<.idata$6|hname<fthunk▄.text└k.dataЁ.bssа .idata$2.idata$4<.idata$5▄.text└k.dataЁ.bssа .idata$4м.idata$5L.idata$7И .text└k.dataЁ.bssа .idata$7╨.idata$5─.idata$4$.idata$6t.text└k.dataЁ.bssа .idata$7╚.idata$5┤.idata$4.idata$6^.fileв■ gcygming-crtend.c| └k .text└k.dataЁ.bssа Р └kЮ (н t ╝ ╪kа8__xc_z╔ рш Ї■ ь И& 5 шkD ─Q dj ╘v РkЗ xkstrerrorрc г Ї_lock(k ░ р┴ ╨ Pя @  __xl_a8√ иk Р р_cexit`d 3 @wcslen└c R   j   Г Щ 0k д Ь▓   ╠   ш 8· ▄__xl_dHи_tls_end ;аQ ]Xkj| Сдв8▓╝┐Ё╫ memcpy°c т№Ё └3ЁLPmallocd k░_CRT_MT@~hkКШ▓T═рЁ  ь└/:8k M@X`kg░vXИ г(▒Рd╞ р0abort@d ░+X__dll__  ;  P░kePВРС@  аА░  ╞$calloc8d ▐@ш<їp|╕$41рfprintf(d OLSleeppk^_commodeаo~ЁЛШ╨kжl║╘а __xi_z0р0 '7@UфpЬsignalшc {XТstrncmp╨c дД╖(╘╨kу╨D  #D=TJ@X,e~ Лрк  ╜№▌АdъИd °Шk@k &№memsetЁc 1d@  Ult|▄Км__xl_zP__end__ Ч╣╨▄▐шk__xi_aьPkxd %$1└CИk__xc_aXФo  ИXЪ  _fmodeриhd │,┼pd ╓░чї╨Аk4fputc d __xl_c@1 ><Q╠aФx`Д|Х$жd ▒ ╔р_newmodeАрPd fwrited ъ\°╨"Р8  P  a`tЛpШPо╚аk╪lх\_onexitHd  рexit0d а6  R  jфxМ_errnoXd НШ_charmax0еpstrlen╪c ┤а├Рш┤ў╕k р_unlock k /А>Xvfprintf╚c freed N.debug_aranges.debug_info.debug_abbrev.debug_line.debug_frame.debug_str.debug_loc.debug_ranges__mingw_invalidParameterHandlerpre_c_init.rdata$.refptr.mingw_initltsdrot_force.rdata$.refptr.mingw_initltsdyn_force.rdata$.refptr.mingw_initltssuo_force.rdata$.refptr.mingw_initcharmax.rdata$.refptr.__image_base__.rdata$.refptr.mingw_app_typemanagedapp.rdata$.refptr._fmode.rdata$.refptr._commode.rdata$.refptr._MINGW_INSTALL_DEBUG_MATHERRpre_cpp_init.rdata$.refptr._newmodestartinfo.rdata$.refptr._dowildcard__tmainCRTStartup.rdata$.refptr.__native_startup_lock.rdata$.refptr.__native_startup_statehas_cctor.rdata$.refptr.__dyn_tls_init_callback.rdata$.refptr.__mingw_oldexcpt_handler.rdata$.refptr.__imp___initenv.rdata$.refptr.__xc_z.rdata$.refptr.__xc_a.rdata$.refptr.__xi_z.rdata$.refptr.__xi_aWinMainCRTStartup.l_startwmainCRTStartup.rdata$.refptr._gnu_exception_handler.rdata$.refptr._matherr.CRT$XCAA.CRT$XIAA.debug_info.debug_abbrev.debug_loc.debug_aranges.debug_ranges.debug_line.debug_str.rdata$zzz.debug_frame__gcc_register_frame__gcc_deregister_frame__do_global_dtors__do_global_ctors.rdata$.refptr.__CTOR_LIST__initializedmy_lconv_init__dyn_tls_dtor__dyn_tls_init.rdata$.refptr._CRT_MT__tlregdtor__report_errormark_section_writablemaxSections_pei386_runtime_relocatorwas_init.0.rdata$.refptr.__RUNTIME_PSEUDO_RELOC_LIST_END__.rdata$.refptr.__RUNTIME_PSEUDO_RELOC_LIST____mingw_raise_matherrstUserMathErr__mingw_setusermatherr_gnu_exception_handler__mingwthr_run_key_dtors.part.0__mingwthr_cskey_dtor_list___w64_mingwthr_add_key_dtor__mingwthr_cs_init___w64_mingwthr_remove_key_dtor__mingw_TLScallback_ValidateImageBase_FindPESection_FindPESectionByName__mingw_GetSectionForAddress__mingw_GetSectionCount_FindPESectionExec_GetPEImageBase_IsNonwritableInCurrentImage__mingw_enum_import_library_names__mingw_vfprintf__pformat_cvt__pformat_putc__pformat_wputchars__pformat_putchars__pformat_puts__pformat_emit_inf_or_nan__pformat_xint.isra.0__pformat_int.isra.0__pformat_emit_radix_point__pformat_emit_float__pformat_emit_efloat__pformat_efloat__pformat_float__pformat_gfloat__pformat_xldouble__mingw_pformat__rv_alloc_D2A__nrv_alloc_D2A__freedtoa__quorem_D2A.rdata$.refptr.__tens_D2A__rshift_D2A__trailz_D2Adtoa_lockdtoa_CS_initdtoa_CritSecdtoa_lock_cleanup__Balloc_D2Apmem_nextprivate_mem__Bfree_D2A__multadd_D2A__i2b_D2A__mult_D2A__pow5mult_D2A__lshift_D2A__cmp_D2A__diff_D2A__b2d_D2A__d2b_D2A__strcp_D2A__mbrtowc_cpinternal_mbstate.2mbsrtowcsinternal_mbstate.1s_mbstate.0__wcrtomb_cpwcsrtombs__acrt_iob_funcmingw_get_invalid_parameter_handler_get_invalid_parameter_handlermingw_set_invalid_parameter_handler_set_invalid_parameter_handler_lock_file_unlock_file__p__acmdln.rdata$.refptr.__imp__acmdln__p__commode.rdata$.refptr.__imp__commode__p__fmode.rdata$.refptr.__imp__fmoderegister_frame_ctor.text.startup.xdata.startup.pdata.startup.ctors.65535___RUNTIME_PSEUDO_RELOC_LIST____imp_GetStartupInfoA__imp_abort__lib64_libkernel32_a_iname__data_start_____DTOR_LIST____imp__fmode__imp____mb_cur_max_func__imp__lockIsDBCSLeadByteExSetUnhandledExceptionFilter__imp_calloc__imp___p__fmode___tls_start__.refptr.__native_startup_state__ImageBaseGetLastErrormingw_initltssuo_force__rt_psrelocs_start.refptr.mingw_initltsdyn_force__dll_characteristics____size_of_stack_commit____mingw_module_is_dll__iob_func__imp__acmdln__size_of_stack_reserve____major_subsystem_version_____crt_xl_start____imp_DeleteCriticalSection__imp__set_invalid_parameter_handler.refptr.__CTOR_LIST____imp_fputcVirtualQuery___crt_xi_start__.refptr.__imp__fmode__imp__amsg_exit___crt_xi_end____imp__errno.refptr.__imp___initenv_tls_start__mingw_winmain_lpCmdLine.refptr._matherr.refptr.__RUNTIME_PSEUDO_RELOC_LIST____mingw_oldexcpt_handler.refptr.mingw_initltssuo_force__imp__unlock_fileTlsGetValue__bss_start____imp_MultiByteToWideChar__imp___C_specific_handler___RUNTIME_PSEUDO_RELOC_LIST_END____size_of_heap_commit____imp_GetLastError.refptr._dowildcard__imp_free___mb_cur_max_func__tens_D2AVirtualProtectmingw_app_type___crt_xp_start____imp_LeaveCriticalSection__mingw_pinit__C_specific_handler.refptr.mingw_initcharmax.refptr.__mingw_oldexcpt_handler.refptr.__RUNTIME_PSEUDO_RELOC_LIST_END_____crt_xp_end____minor_os_version__EnterCriticalSection_MINGW_INSTALL_DEBUG_MATHERR.refptr.__xi_a__image_base__.refptr._CRT_MT__section_alignment____native_dllmain_reason_tls_used__imp_memsetmingw_initcharmax__IAT_end____imp__lock_file__imp_memcpy__RUNTIME_PSEUDO_RELOC_LIST____imp_strerror.refptr._newmodemingw_pcppinit__data_end____imp_fwrite__CTOR_LIST____imp___getmainargs_head_lib64_libkernel32_a__bss_end__.refptr.mingw_initltsdrot_force__tinytens_D2A__native_vcclrit_reason___crt_xc_end__.refptr.__native_startup_lock__imp_EnterCriticalSection_tls_index__native_startup_state___crt_xc_start____imp___lconv_init__lib64_libmsvcrt_os_a_iname___CTOR_LIST__.refptr.__dyn_tls_init_callback__imp_signal__rt_psrelocs_size__imp_WideCharToMultiByte__imp_strlen__bigtens_D2A__imp_malloc__mingw_winmain_nShowCmdmingw_pcinit.refptr._gnu_exception_handler__file_alignment____imp_InitializeCriticalSection__lconv_init__getmainargsInitializeCriticalSection___lc_codepage_func__imp_exit__imp_vfprintf__major_os_version____imp_IsDBCSLeadByteEx__imp___initenv__IAT_start____imp__cexit__imp_SetUnhandledExceptionFilter.refptr.mingw_app_type__imp__onexit__DTOR_LIST__.refptr.__imp__acmdlnWideCharToMultiByte__set_app_type__imp_Sleep__imp___p__acmdlnLeaveCriticalSection__imp___setusermatherr__size_of_heap_reserve_____crt_xt_start____subsystem___amsg_exit__imp_TlsGetValue__setusermatherr.refptr._commode__imp_fprintf__imp___p__commodeMultiByteToWideChar__imp_VirtualProtect___tls_end____imp_VirtualQuery__imp__inittermmingw_initltsdyn_force_dowildcard__imp___iob_func__imp_localeconvlocaleconv__dyn_tls_init_callback.refptr.__image_base___initterm__imp_strncmp_head_lib64_libmsvcrt_os_a.refptr._fmode__imp___acrt_iob_func__major_image_version____loader_flags__.refptr.__tens_D2A.refptr.__imp__commode___chkstk_ms__native_startup_lock__mingw_winmain_hInstanceGetStartupInfoA__imp_wcslen__imp____lc_codepage_func__rt_psrelocs_end__imp__get_invalid_parameter_handler__minor_subsystem_version____minor_image_version____imp__unlock__imp___set_app_typemingw_initltsdrot_force.refptr.__xc_a.refptr.__xi_z.refptr._MINGW_INSTALL_DEBUG_MATHERR__imp__commodeDeleteCriticalSection__RUNTIME_PSEUDO_RELOC_LIST_END__.refptr.__xc_z___crt_xt_end__osslsigncode-2.8/tests/files/unsigned.mof000066400000000000000000000015641457117515700206650ustar00rootroot00000000000000 ■[ClassVersion("1.0.0"), FriendlyName("Website")] class Demo_IISWebsite : OMI_BaseResource { [Key] string Name; [Required] string PhysicalPath; [write,ValueMap{"Present", "Absent"},Values{"Present", "Absent"}] string Ensure; [write,ValueMap{"Started","Stopped"},Values{"Started", "Stopped"}] string State; [write] string Protocol[]; [write] string BindingInfo[]; [write] string ApplicationPool; [read] string ID; };osslsigncode-2.8/tests/files/unsigned.msi000066400000000000000000000230001457117515700206610ustar00rootroot00000000000000╨╧рб▒с>■    ■                                                                                                                                                                                                                                                                                                                                                                                                                                                   ServiceControlNameEventArgumentsWaitComponent_SignatureFileNameMinVersionMaxVersionMinSizeMaxSizeMinDateMaxDateLanguagesErrorMessageRemoveFileFileKeyDirPropertyInstallModeInstallExecuteSequenceActionConditionSequenceValidateProductIDCostInitializeFileCostCostFinalizeInstallValidateInstallInitializeProcessComponentsUnpublishFeaturesRemoveFilesInstallFilesRegisterUserRegisterProductPublishFeaturesPublishProductInstallFinalizeFeatureComponentsFeature_CompleteMainExecutableAdvtExecuteSequencePropertyValueDiskPromptAcme's Foobar 1.0 Installation [1]ManufacturerAcme Ltd.ProductLanguage1033ProductCode{ABCDDCBA-86C7-4D14-AEC0-86416A69ABDE}ProductNameFoobar 1.0ProductVersion1.0.0UpgradeCode{ABCDDCBA-7349-453F-94F6-BCB5110BA4FD}FeatureFeature_ParentTitleDescriptionDisplayLevelDirectory_AttributesAppSearchSignature_InstallUISequenceExecuteActionFileFileSizeVersionLanguageFoobarEXEFoobarAppl10.exeLaunchConditionComponentComponentIdKeyPath{ABCDDCBA-83F1-4F22-985B-FDB3C8ABD471}INSTALLDIRServiceInstallDisplayNameServiceTypeStartTypeErrorControlLoadOrderGroupDependenciesStartNamePasswordCustomActionTypeSourceTargetExtendedTypeUpgradeVersionMinVersionMaxRemoveActionPropertyMediaDiskIdLastSequenceCabinetVolumeLabelCD-ROM #1#Sample.cabMsiFileHashFile_OptionsHashPart1HashPart2HashPart3HashPart4BinaryDataIconAdminExecuteSequenceInstallAdminPackageCreateFolderDirectoryDirectory_ParentDefaultDirAcmeProgramFilesFolderTARGETDIRPFilesSourceDirRegLocatorRootKeyAdminUISequenceRegistryShortcutHotkeyIcon_IconIndexShowCmdWkDirDisplayResourceDLLDisplayResourceIdDescriptionResourceDLLDescriptionResourceId               "   &   &           &                           ■ рЕЯЄ∙OhлС+'│┘0░xАа─╪ь$ 8 h tАИРифInstallation DatabaseAcme's Foobar 1.0 Installer Acme Ltd. Installer.Foobar is a registered trademark of Acme Ltd. Intel;1033'{4AF73A72-4437-4274-837E-0A1CEF1EB401}@АЗЗ╙╪@АЗЗ╙╪dmsitools 0.101MSCFF,FDTРs FoobarEXEI ГДГшГЕUАБВАБВ9АГД#({ ГДГшГxЕ▄ЕаП╚Щ<ПNА╘МYП▓ДщА ь°B■ААno,TUАNN,OАВАI╝В ГДГшГЕ+ААА02468:<13579;=&'( ГшГxЕ▄ЕЬШЩ╚Щ+, !"#$%&'(╝В ГДГшГxЕ▄Е@ЖЗмНаПpЧ╘ЧЬШЩ╚Щ))---..>>>>>>>>FFHHHJJJJJJJJPPQQQQQQVVVVVVVVVVVVV_____dddddddiiiiiippppppwwyyzzz||}}}ЕЕЕЕЕИИИЙЙЙЙЙЙММММММММММММММММАААААААААААААА ААААААААААААААААААААААААААААААААААААААААААААААААААААААА А А А А ААААААААААААААААААААААААААААААААААААААААААААААААААААААААААА А А А А АААА *./>?@ABCDE.GJKLMEAQRDESVWXYZ[\]^A`abc<efMEghjk0lmaqrstuvxxD}~GЖЗ`ЙЖЗ/МDbAНОПРСТУФХHн ПЕ ЯХHНHн НЭЭСССС ЭеЯHнHН ЯHНЕHн ЭХ&нHнHн ЭХHнП&н&Э@Я ЯХЕHЭЕHнHнHн ЭХHнHН ПБHЭЭХБ н ПHн&ЭHНЕ ЭHЭHн Н ЯБББ Э Э Э Э ЭHН ЯHнЕHЭ ЭС&н╜╜ ╜б ЭHНеБ@Я Э ЭHЭHнЕББББHнЙHнЙHн ЭХHнHнHнHЭ ПHнЕ Н ЭХHн ЭХHнЕ П ЯЯHНHнHНАПHНHН Э ЯХHЭХХHЭ ЭХ ЭХ)-.>FHJPQV_dipwyz|}ЕИЙМ ■    !"#$%&■   ()*+,-.■   0■   ■   ■   ■   ■   ■   ■   ■   ■   ■   ■   ■   ■   >■   @ABCDEFGHIJKLMNOP■   ■                                                                                                                                                                                           Root Entry         Д └FА@H??wElDj;фE$H        ?@H??wElDj>▓D/H        DSummaryInformation(            'рAЁD/B╛AdA         /F@H╩A0C▒??(E8B▒A(H        1@H C5BцErE 5.1.19041.3930 osslsigncode-2.8/tests/server_http.py000066400000000000000000000124141457117515700201570ustar00rootroot00000000000000"""Implementation of a HTTP server""" import argparse import os import subprocess import sys import threading from urllib.parse import urlparse from http.server import SimpleHTTPRequestHandler, HTTPServer from socketserver import ThreadingMixIn RESULT_PATH = os.getcwd() FILES_PATH = os.path.join(RESULT_PATH, "./Testing/files/") CERTS_PATH = os.path.join(RESULT_PATH, "./Testing/certs/") CONF_PATH = os.path.join(RESULT_PATH, "./Testing/conf/") LOGS_PATH = os.path.join(RESULT_PATH, "./Testing/logs/") REQUEST = os.path.join(FILES_PATH, "./jreq.tsq") RESPONS = os.path.join(FILES_PATH, "./jresp.tsr") CACRL = os.path.join(CERTS_PATH, "./CACertCRL.der") TSACRL = os.path.join(CERTS_PATH, "./TSACertCRL.der") OPENSSL_CONF = os.path.join(CONF_PATH, "./openssl_tsa.cnf") PORT_LOG = os.path.join(LOGS_PATH, "./port.log") OPENSSL_TS = ["openssl", "ts", "-reply", "-config", OPENSSL_CONF, "-passin", "pass:passme", "-queryfile", REQUEST, "-out", RESPONS] class ThreadingHTTPServer(ThreadingMixIn, HTTPServer): daemon_threads = True class RequestHandler(SimpleHTTPRequestHandler): """Handle the HTTP POST request that arrive at the server""" def __init__(self, request, client_address, server): # Save the server handle self.server = server SimpleHTTPRequestHandler.__init__(self, request, client_address, server) def do_GET(self): # pylint: disable=invalid-name """"Serves the GET request type""" try: url = urlparse(self.path) self.send_response(200) self.send_header("Content-type", "application/crl") self.end_headers() resp_data = b'' # Read the file and send the contents if url.path == "/intermediateCA": with open(CACRL, 'rb') as file: resp_data = file.read() if url.path == "/TSACA": with open(TSACRL, 'rb') as file: resp_data = file.read() self.wfile.write(resp_data) except Exception as err: # pylint: disable=broad-except print("HTTP GET request error: {}".format(err)) def do_POST(self): # pylint: disable=invalid-name """"Serves the POST request type""" try: url = urlparse(self.path) self.send_response(200) if url.path == "/kill_server": self.log_message(f"Deleting file: {PORT_LOG}") os.remove(f"{PORT_LOG}") self.send_header('Content-type', 'text/plain') self.end_headers() self.wfile.write(bytes('Shutting down HTTP server', 'utf-8')) self.server.shutdown() else: content_length = int(self.headers['Content-Length']) post_data = self.rfile.read(content_length) with open(REQUEST, mode="wb") as file: file.write(post_data) openssl = subprocess.run(OPENSSL_TS, check=True, universal_newlines=True) openssl.check_returncode() self.send_header("Content-type", "application/timestamp-reply") self.end_headers() resp_data = b'' with open(RESPONS, mode="rb") as file: resp_data = file.read() self.wfile.write(resp_data) except Exception as err: # pylint: disable=broad-except print("HTTP POST request error: {}".format(err)) class HttpServerThread(): """TSA server thread handler""" # pylint: disable=too-few-public-methods def __init__(self): self.server = None self.server_thread = None def start_server(self, port) -> (int): """Starting HTTP server on 127.0.0.1 and a random available port for binding""" self.server = ThreadingHTTPServer(('127.0.0.1', port), RequestHandler) self.server_thread = threading.Thread(target=self.server.serve_forever) self.server_thread.start() hostname, port = self.server.server_address[:2] print("HTTP server started, URL http://{}:{}".format(hostname, port)) return port def main() -> None: """Start HTTP server""" ret = 0 parser = argparse.ArgumentParser() parser.add_argument( "--port", type=int, default=0, help="port number" ) args = parser.parse_args() try: server = HttpServerThread() port = server.start_server(args.port) with open(PORT_LOG, mode="w") as file: file.write("{}".format(port)) except OSError as err: print("OSError: {}".format(err)) ret = err.errno finally: sys.exit(ret) if __name__ == '__main__': try: fpid = os.fork() if fpid > 0: sys.exit(0) except OSError as ferr: print("Fork #1 failed: {} {}".format(ferr.errno, ferr.strerror)) sys.exit(1) try: fpid = os.fork() if fpid > 0: sys.exit(0) except OSError as ferr: print("Fork #2 failed: {} {}".format(ferr.errno, ferr.strerror)) sys.exit(1) # Start the daemon main loop main() # pylint: disable=pointless-string-statement """Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: """ osslsigncode-2.8/tests/server_http.pyw000066400000000000000000000112501457117515700203430ustar00rootroot00000000000000"""Windows: Implementation of a HTTP server""" import os import subprocess import sys import threading from urllib.parse import urlparse from http.server import SimpleHTTPRequestHandler, ThreadingHTTPServer RESULT_PATH = os.getcwd() FILES_PATH = os.path.join(RESULT_PATH, "./Testing/files/") CERTS_PATH = os.path.join(RESULT_PATH, "./Testing/certs/") CONF_PATH = os.path.join(RESULT_PATH, "./Testing/conf/") LOGS_PATH = os.path.join(RESULT_PATH, "./Testing/logs/") REQUEST = os.path.join(FILES_PATH, "./jreq.tsq") RESPONS = os.path.join(FILES_PATH, "./jresp.tsr") CACRL = os.path.join(CERTS_PATH, "./CACertCRL.der") TSACRL = os.path.join(CERTS_PATH, "./TSACertCRL.der") OPENSSL_CONF = os.path.join(CONF_PATH, "./openssl_tsa.cnf") SERVER_LOG = os.path.join(LOGS_PATH, "./server.log") PORT_LOG = os.path.join(LOGS_PATH, "./port.log") OPENSSL_TS = ["openssl", "ts", "-reply", "-config", OPENSSL_CONF, "-passin", "pass:passme", "-queryfile", REQUEST, "-out", RESPONS] class RequestHandler(SimpleHTTPRequestHandler): """Handle the HTTP POST request that arrive at the server""" def __init__(self, request, client_address, server): # Save the server handle self.server = server SimpleHTTPRequestHandler.__init__(self, request, client_address, server) def do_GET(self): # pylint: disable=invalid-name """"Serves the GET request type""" try: url = urlparse(self.path) self.send_response(200) self.send_header("Content-type", "application/crl") self.end_headers() resp_data = b'' # Read the file and send the contents if url.path == "/intermediateCA": with open(CACRL, 'rb') as file: resp_data = file.read() if url.path == "/TSACA": with open(TSACRL, 'rb') as file: resp_data = file.read() self.wfile.write(resp_data) except Exception as err: # pylint: disable=broad-except print("HTTP GET request error: {}".format(err)) def do_POST(self): # pylint: disable=invalid-name """"Serves the POST request type""" try: url = urlparse(self.path) self.send_response(200) if url.path == "/kill_server": self.log_message(f"Deleting file: {PORT_LOG}") os.remove(f"{PORT_LOG}") self.send_header('Content-type', 'text/plain') self.end_headers() self.wfile.write(bytes('Shutting down HTTP server', 'utf-8')) self.server.shutdown() else: content_length = int(self.headers['Content-Length']) post_data = self.rfile.read(content_length) with open(REQUEST, mode="wb") as file: file.write(post_data) openssl = subprocess.run(OPENSSL_TS, check=True, universal_newlines=True) openssl.check_returncode() self.send_header("Content-type", "application/timestamp-reply") self.end_headers() resp_data = b'' with open(RESPONS, mode="rb") as file: resp_data = file.read() self.wfile.write(resp_data) except Exception as err: # pylint: disable=broad-except print("HTTP POST request error: {}".format(err)) class HttpServerThread(): """TSA server thread handler""" # pylint: disable=too-few-public-methods def __init__(self): self.server = None self.server_thread = None def start_server(self) -> (int): """Starting HTTP server on 127.0.0.1 and a random available port for binding""" self.server = ThreadingHTTPServer(('127.0.0.1', 19254), RequestHandler) self.server_thread = threading.Thread(target=self.server.serve_forever) self.server_thread.start() hostname, port = self.server.server_address[:2] print("HTTP server started, URL http://{}:{}".format(hostname, port)) return port def main() -> None: """Start HTTP server""" ret = 0 try: sys.stdout = open(SERVER_LOG, "w") sys.stderr = open(SERVER_LOG, "a") server = HttpServerThread() port = server.start_server() with open(PORT_LOG, mode="w") as file: file.write("{}".format(port)) except OSError as err: print("OSError: {}".format(err)) ret = err.errno finally: sys.exit(ret) if __name__ == '__main__': main() # pylint: disable=pointless-string-statement """Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: """ osslsigncode-2.8/tests/sources/000077500000000000000000000000001457117515700167215ustar00rootroot00000000000000osslsigncode-2.8/tests/sources/CatalogDefinitionFileName.cdf000066400000000000000000000034661457117515700243740ustar00rootroot00000000000000# https://learn.microsoft.com/en-us/windows/win32/seccrypto/makecat # makecat -v CatalogDefinitionFileName.cdf # Define information about the entire catalog file. [CatalogHeader] # Name of the catalog file, including its extension. Name=unsigned.cat # Directory where the created unsigned.cat file will be placed. ResultDir=..\files # This option is not supported. Default value 1 is used. PublicVersion=0x0000001 # Catalog version. # If the version is set to 2, the HashAlgorithms option must contain SHA256. CatalogVersion=2 # Name of the hashing algorithm used. HashAlgorithms=SHA256 # Specifies whether to hash the files listed in the option in the [CatalogFiles] section PageHashes=true # Type of message encoding used. # The default EncodingType is PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, 0x00010001 EncodingType=0x00010001 # Specify an attribute of the catalog file. # Set 1.3.6.1.4.1.311.12.2.1 CAT_NAMEVALUE_OBJID # CATATTR1={type}:{oid}:{value} (optional) # The OSAttr attribute specifies the target Windows version CATATTR1=0x11010001:OSAttr:2:6.0 # Define each member of the catalog file. [CatalogFiles] PEfile=..\files\unsigned.exe # 0x00010000 Attribute is represented in plaintext. No conversion will be done. PEfileATTR1=0x11010001:File:unsigned.exe MSIfile=..\files\unsigned.msi # 0x00020000 Attribute is represented in base-64 encoding. MSIfileATTR1=0x11020001:File:dW5zaWduZWQubXNp CABfile=..\files\unsigned.ex_ CABfileATTR1=0x11010001:File:unsigned.ex_ PS1file=..\files\unsigned.ps1 PS1fileATTR1=0x11010001:File:unsigned.ps1 PSC1file=..\files\unsigned.psc1 PSC1fileATTR1=0x11010001:File:unsigned.psc1 MOFfile=..\files\unsigned.mof MOFfileATTR1=0x11010001:File:unsigned.mof osslsigncode-2.8/tests/sources/a000066400000000000000000000000041457117515700170560ustar00rootroot00000000000000aaa osslsigncode-2.8/tests/sources/b000066400000000000000000000000041457117515700170570ustar00rootroot00000000000000bbb osslsigncode-2.8/tests/sources/c000066400000000000000000000000041457117515700170600ustar00rootroot00000000000000ccc osslsigncode-2.8/tests/sources/myapp.c000066400000000000000000000001041457117515700202060ustar00rootroot00000000000000#include void main(void) { printf("Hello world!"); } osslsigncode-2.8/tests/sources/sample.wxs000066400000000000000000000025721457117515700207530ustar00rootroot00000000000000 osslsigncode-2.8/utf.c000066400000000000000000000150331457117515700150400ustar00rootroot00000000000000// utf by pietro gagliardi (andlabs) тАФ https://github.com/andlabs/utf/ // 10 november 2016 #include "utf.h" // this code imitates Go's unicode/utf8 and unicode/utf16 // the biggest difference is that a rune is unsigned instead of signed (because Go guarantees what a right shift on a signed number will do, whereas C does not) // it is also an imitation so we can license it under looser terms than the Go source #define badrune 0xFFFD // encoded must be at most 4 bytes // TODO clean this code up somehow size_t utf8EncodeRune(uint32_t rune, char *encoded) { uint8_t b, c, d, e; size_t n; // not in the valid range for Unicode if (rune > 0x10FFFF) rune = badrune; // surrogate runes cannot be encoded if (rune >= 0xD800 && rune < 0xE000) rune = badrune; if (rune < 0x80) { // ASCII bytes represent themselves b = (uint8_t) (rune & 0xFF); n = 1; goto done; } if (rune < 0x800) { // two-byte encoding c = (uint8_t) (rune & 0x3F); c |= 0x80; rune >>= 6; b = (uint8_t) (rune & 0x1F); b |= 0xC0; n = 2; goto done; } if (rune < 0x10000) { // three-byte encoding d = (uint8_t) (rune & 0x3F); d |= 0x80; rune >>= 6; c = (uint8_t) (rune & 0x3F); c |= 0x80; rune >>= 6; b = (uint8_t) (rune & 0x0F); b |= 0xE0; n = 3; goto done; } // otherwise use a four-byte encoding e = (uint8_t) (rune & 0x3F); e |= 0x80; rune >>= 6; d = (uint8_t) (rune & 0x3F); d |= 0x80; rune >>= 6; c = (uint8_t) (rune & 0x3F); c |= 0x80; rune >>= 6; b = (uint8_t) (rune & 0x07); b |= 0xF0; n = 4; done: encoded[0] = (char)b; if (n > 1) encoded[1] = (char)c; if (n > 2) encoded[2] = (char)d; if (n > 3) encoded[3] = (char)e; return n; } const char *utf8DecodeRune(const char *s, size_t nElem, uint32_t *rune) { uint8_t b, c; uint8_t lowestAllowed, highestAllowed; size_t i, expected; int bad; b = (uint8_t) (*s); if (b < 0x80) { // ASCII bytes represent themselves *rune = b; s++; return s; } // 0xC0 and 0xC1 cover 2-byte overlong equivalents // 0xF5 to 0xFD cover values > 0x10FFFF // 0xFE and 0xFF were never defined (always illegal) if (b < 0xC2 || b > 0xF4) { // invalid *rune = badrune; s++; return s; } // this determines the range of allowed first continuation bytes lowestAllowed = 0x80; highestAllowed = 0xBF; switch (b) { case 0xE0: // disallow 3-byte overlong equivalents lowestAllowed = 0xA0; break; case 0xED: // disallow surrogate characters highestAllowed = 0x9F; break; case 0xF0: // disallow 4-byte overlong equivalents lowestAllowed = 0x90; break; case 0xF4: // disallow values > 0x10FFFF highestAllowed = 0x8F; break; } // and this determines how many continuation bytes are expected expected = 1; if (b >= 0xE0) expected++; if (b >= 0xF0) expected++; if (nElem != 0) { // are there enough bytes? nElem--; if (nElem < expected) { // nope *rune = badrune; s++; return s; } } // ensure that everything is correct // if not, **only** consume the initial byte bad = 0; for (i = 0; i < expected; i++) { c = (uint8_t) (s[1 + i]); if (c < lowestAllowed || c > highestAllowed) { bad = 1; break; } // the old lowestAllowed and highestAllowed is only for the first continuation byte lowestAllowed = 0x80; highestAllowed = 0xBF; } if (bad) { *rune = badrune; s++; return s; } // now do the topmost bits if (b < 0xE0) *rune = b & 0x1F; else if (b < 0xF0) *rune = b & 0x0F; else *rune = b & 0x07; s++; // we can finally move on // now do the continuation bytes for (; expected; expected--) { c = (uint8_t) (*s); s++; c &= 0x3F; // strip continuation bits *rune <<= 6; *rune |= c; } return s; } // encoded must have at most 2 elements size_t utf16EncodeRune(uint32_t rune, uint16_t *encoded) { uint16_t low, high; // not in the valid range for Unicode if (rune > 0x10FFFF) rune = badrune; // surrogate runes cannot be encoded if (rune >= 0xD800 && rune < 0xE000) rune = badrune; if (rune < 0x10000) { encoded[0] = (uint16_t) rune; return 1; } rune -= 0x10000; low = (uint16_t) (rune & 0x3FF); rune >>= 10; high = (uint16_t) (rune & 0x3FF); encoded[0] = high | 0xD800; encoded[1] = low | 0xDC00; return 2; } // TODO see if this can be cleaned up somehow const uint16_t *utf16DecodeRune(const uint16_t *s, size_t nElem, uint32_t *rune) { uint16_t high, low; if (*s < 0xD800 || *s >= 0xE000) { // self-representing character *rune = *s; s++; return s; } if (*s >= 0xDC00) { // out-of-order surrogates *rune = badrune; s++; return s; } if (nElem == 1) { // not enough elements *rune = badrune; s++; return s; } high = *s; high &= 0x3FF; if (s[1] < 0xDC00 || s[1] >= 0xE000) { // bad surrogate pair *rune = badrune; s++; return s; } s++; low = *s; s++; low &= 0x3FF; *rune = high; *rune <<= 10; *rune |= low; *rune += 0x10000; return s; } // TODO find a way to reduce the code in all of these somehow // TODO find a way to remove u as well size_t utf8RuneCount(const char *s, size_t nElem) { size_t len; uint32_t rune; if (nElem != 0) { const char *t, *u; len = 0; t = s; while (nElem != 0) { u = utf8DecodeRune(t, nElem, &rune); len++; nElem -= (size_t)(u - t); t = u; } return len; } len = 0; while (*s) { s = utf8DecodeRune(s, nElem, &rune); len++; } return len; } size_t utf8UTF16Count(const char *s, size_t nElem) { size_t len; uint32_t rune; uint16_t encoded[2]; if (nElem != 0) { const char *t, *u; len = 0; t = s; while (nElem != 0) { u = utf8DecodeRune(t, nElem, &rune); len += utf16EncodeRune(rune, encoded); nElem -= (size_t)(u - t); t = u; } return len; } len = 0; while (*s) { s = utf8DecodeRune(s, nElem, &rune); len += utf16EncodeRune(rune, encoded); } return len; } size_t utf16RuneCount(const uint16_t *s, size_t nElem) { size_t len; uint32_t rune; if (nElem != 0) { const uint16_t *t, *u; len = 0; t = s; while (nElem != 0) { u = utf16DecodeRune(t, nElem, &rune); len++; nElem -= (size_t)(u - t); t = u; } return len; } len = 0; while (*s) { s = utf16DecodeRune(s, nElem, &rune); len++; } return len; } size_t utf16UTF8Count(const uint16_t *s, size_t nElem) { size_t len; uint32_t rune; char encoded[4]; if (nElem != 0) { const uint16_t *t, *u; len = 0; t = s; while (nElem != 0) { u = utf16DecodeRune(t, nElem, &rune); len += utf8EncodeRune(rune, encoded); nElem -= (size_t)(u - t); t = u; } return len; } len = 0; while (*s) { s = utf16DecodeRune(s, nElem, &rune); len += utf8EncodeRune(rune, encoded); } return len; } osslsigncode-2.8/utf.h000066400000000000000000000043111457117515700150420ustar00rootroot00000000000000// utf by pietro gagliardi (andlabs) тАФ https://github.com/andlabs/utf/ // 10 november 2016 #ifdef __cplusplus extern "C" { #endif #include #include // if nElem == 0, assume the buffer has no upper limit and is '\0' terminated // otherwise, assume buffer is NOT '\0' terminated but is bounded by nElem *elements* extern size_t utf8EncodeRune(uint32_t rune, char *encoded); extern const char *utf8DecodeRune(const char *s, size_t nElem, uint32_t *rune); extern size_t utf16EncodeRune(uint32_t rune, uint16_t *encoded); extern const uint16_t *utf16DecodeRune(const uint16_t *s, size_t nElem, uint32_t *rune); extern size_t utf8RuneCount(const char *s, size_t nElem); extern size_t utf8UTF16Count(const char *s, size_t nElem); extern size_t utf16RuneCount(const uint16_t *s, size_t nElem); extern size_t utf16UTF8Count(const uint16_t *s, size_t nElem); #ifdef __cplusplus } // Provide overloads on Windows for using these functions with wchar_t and WCHAR when wchar_t is a keyword in C++ mode (the default). // Otherwise, you'd need to cast to pass a wchar_t pointer, WCHAR pointer, or equivalent to these functions. // We use __wchar_t to be independent of the setting; see https://blogs.msdn.microsoft.com/oldnewthing/20161201-00/?p=94836 (ironically posted one day after I initially wrote this code!). // TODO check this on MinGW-w64 // TODO check this under /Wall // TODO C-style casts enough? or will that fail in /Wall? // TODO same for UniChar/unichar on Mac? if both are unsigned then we have nothing to worry about #if defined(_MSC_VER) inline size_t utf16EncodeRune(uint32_t rune, __wchar_t *encoded) { return utf16EncodeRune(rune, reinterpret_cast(encoded)); } inline const __wchar_t *utf16DecodeRune(const __wchar_t *s, size_t nElem, uint32_t *rune) { const uint16_t *ret; ret = utf16DecodeRune(reinterpret_cast(s), nElem, rune); return reinterpret_cast(ret); } inline size_t utf16RuneCount(const __wchar_t *s, size_t nElem) { return utf16RuneCount(reinterpret_cast(s), nElem); } inline size_t utf16UTF8Count(const __wchar_t *s, size_t nElem) { return utf16UTF8Count(reinterpret_cast(s), nElem); } #endif #endif osslsigncode-2.8/vcpkg.json000066400000000000000000000004501457117515700161000ustar00rootroot00000000000000{ "name": "osslsigncode", "version-string": "2.4", "dependencies": [ "openssl", "curl", { "name": "python3", "platform": "!(windows & static) & !osx" } ], "builtin-baseline": "9edb1b8e590cc086563301d735cae4b6e732d2d2" }