pax_global_header00006660000000000000000000000064145016456230014520gustar00rootroot0000000000000052 comment=4733b638bbec1becd264a28f42cab85130381c6d pg_snakeoil-1.4/000077500000000000000000000000001450164562300136575ustar00rootroot00000000000000pg_snakeoil-1.4/.github/000077500000000000000000000000001450164562300152175ustar00rootroot00000000000000pg_snakeoil-1.4/.github/workflows/000077500000000000000000000000001450164562300172545ustar00rootroot00000000000000pg_snakeoil-1.4/.github/workflows/regression.yml000066400000000000000000000021251450164562300221570ustar00rootroot00000000000000name: Build on: [push, pull_request] jobs: build: runs-on: ubuntu-latest defaults: run: shell: sh strategy: matrix: pgversion: - 16 - 15 - 14 - 13 - 12 - 11 - 10 env: PGVERSION: ${{ matrix.pgversion }} steps: - name: checkout uses: actions/checkout@v3 - name: install pg run: | sudo apt-get install -y libclamav-dev sudo /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -v $PGVERSION -p -i sudo -u postgres createuser -s "$USER" chmod --verbose go+rx $HOME # drwxr-x--- runner docker /home/runner sudo pg_conftool $PGVERSION main set pg_snakeoil.signature_dir $PWD/testfiles sudo service postgresql restart # reload isn't enough for PGC_SU_BACKEND - name: build run: | make PROFILE="-Werror" sudo -E make install - name: test run: | make installcheck - name: show regression diffs if: ${{ failure() }} run: | cat regression.diffs pg_snakeoil-1.4/.gitignore000066400000000000000000000002571450164562300156530ustar00rootroot00000000000000# Generated subdirectories /log/ /results/ /tmp_check/ *.o *.bc *.so *.typedefs regression.diffs regression.out debian/.debhelper/* debian/files debian/postgresql-*-snakeoil* pg_snakeoil-1.4/.travis.yml000066400000000000000000000014601450164562300157710ustar00rootroot00000000000000# run the testsuite on travis-ci.com --- # versions to run on env: - PG_SUPPORTED_VERSIONS=9.2 - PG_SUPPORTED_VERSIONS=9.3 - PG_SUPPORTED_VERSIONS=9.4 - PG_SUPPORTED_VERSIONS=9.5 - PG_SUPPORTED_VERSIONS=9.6 - PG_SUPPORTED_VERSIONS=10 - PG_SUPPORTED_VERSIONS=11 - PG_SUPPORTED_VERSIONS=12 - PG_SUPPORTED_VERSIONS=13 language: C dist: xenial before_install: - sudo apt-get update -qq install: # upgrade postgresql-common for new apt.postgresql.org.sh - sudo apt-get install -y postgresql-common libclamav-dev - sudo /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -p -v $PG_SUPPORTED_VERSIONS -i script: - make - sudo make install - pg_virtualenv -o "pg_snakeoil.signature_dir=$PWD/testfiles" make installcheck - if test -s regression.diffs; then cat regression.diffs; fi pg_snakeoil-1.4/LICENSE000066400000000000000000000020441450164562300146640ustar00rootroot00000000000000pg_snakeoil, The PostgreSQL Antivirus Copyright (c) 2018-2019, Alexander Sosna Copyright (c) 2018-2019, credativ GmbH Permission to use, copy, modify, and distribute this software and its documentation for any purpose, without fee, and without a written agreement is hereby granted, provided that the above copyright notice and this paragraph and the following two paragraphs appear in all copies. IN NO EVENT SHALL THE COPYRIGHT HOLDERS AND CONTRIBUTORS BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS, ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF CREDATIV HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. THE COPYRIGHT HOLDERS AND CONTRIBUTORS SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS ON AN "AS IS" BASIS, AND CREDATIV HAS NO OBLIGATIONS TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. pg_snakeoil-1.4/Makefile000066400000000000000000000007301450164562300153170ustar00rootroot00000000000000# pg_snakeoil/Makefile MODULE_big = pg_snakeoil OBJS = pg_snakeoil.o EXTENSION = pg_snakeoil DATA = pg_snakeoil--0.4--1.sql \ pg_snakeoil--1.sql PGFILEDESC = "pg_snakeoil - clamav antivirus integration" REGRESS = pg_snakeoil # Only works when using pgxs PG_CONFIG = pg_config PGXS := $(shell $(PG_CONFIG) --pgxs) include $(PGXS) PG_LIBS=-lclamav SHLIB_LINK=-lclamav typedefs: sh gen_typedefs pgindent: pgindent --typedefs=$(MODULE_big).typedefs $(MODULE_big).cpg_snakeoil-1.4/README.md000066400000000000000000000104201450164562300151330ustar00rootroot00000000000000# pg_snakeoil - The PostgreSQL Antivirus Running typical on-access antivirus software on a PostgreSQL server has severe drawbacks such as severely affecting performance or making the filesystem unreliable. The failure modes are extremely problematic when a non-PostgreSQL-aware scanner blocks access to a file due to viruses, or even false-positives and bugs in the scanner software. We typically recommend not to run such software on PostgreSQL servers, as PostgreSQL knows how to discern between code and data and will not execute any viruses stored in a database. However, running anti-virus software is sometimes required by local policy. pg_snakeoil provides ClamAV scanning of all data in PostgreSQL in a way that does not interfere with the proper functioning of PostgreSQL and does not cause collateral damage or unnecessary downtimes. ## Usage ### SQL Functions pg_snakeoil provides SQL functions to scan given data for viruses. The functions can be used manually or automatically, e.g. via triggers or check constraints. The following functions are implemented: #### so_is_infected (text) RETURNS bool Returns true if the given data matches a signature in the virus database. #### so_virus_name (text) RETURNS text Returns virus name if the given data matches a signature in the virus database, empty string otherwise. #### so_is_infected (bytea) RETURNS bool Returns true if the given data matches a signature in the virus database. #### so_virus_name (bytea) RETURNS text Returns virus name if the given data matches a signature in the virus database, NULL otherwise. #### so_update_signatures () RETURNS bool Update signatures, returns true if signatures changed, false otherwise. ## Installation ### Dependencies * libclamav * freshclam (recommended to keep signatures current) ### Compile ```bash make PG_CONFIG=/path/to/pg_config sudo make install ``` ### Testing In postgresql.conf, set `pg_snakeoil.signature_dir = '/path/to/pg_snakeoil.git/testfiles'`. ```bash make installcheck ``` ### Preload pg_snakeoil is loaded by each PostgreSQL backend when needed. An instance of the ClamAV engine is started for every new backend. This takes several seconds for the first function call after connecting. If backends (connections) do not persist and are only used for a single query, it might be interesting to avoid the overhead for the first function call by adding pg_snakeoil to `shared_preload_libraries` in `postgresql.conf`: ``` shared_preload_libraries = 'pg_snakeoil' ``` When loaded this way, the ClamAV engine will use the signatures loaded while PostgreSQL was started. Newer signatures will not be loaded automatically. If the extension is not in `shared_preload_libraries`, new signatures will be used for new connections automatically. The engine can also be reloaded manually with new signatures via `SELECT so_update_signatures ();`, but this only affects the current backend (connection). ### Create Extension In each database where pg_snakeoil is to be used, execute: ```SQL CREATE EXTENSION pg_snakeoil; ``` ## Examples ### Functions ### Ad-hoc checks ```SQL postgres=# SELECT so_is_infected('Not a virus!'); so_is_infected ---------------- f (1 row) postgres=# SELECT so_is_infected('X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*'); so_is_infected ---------------- t (1 row) postgres=# SELECT so_virus_name('X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*'); so_virus_name ---------------------- Eicar-Test-Signature (1 row) ``` #### On Access Check ```SQL CREATE EXTENSION pg_snakeoil; CREATE DOMAIN safe_text AS text CHECK (NOT so_is_infected(value)); CREATE TABLE t1(safe safe_text); INSERT INTO t1 VALUES ('This text is safe!'); INSERT INSERT INTO t1 VALUES('X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*'); NOTICE: Virus found: Eicar-Test-Signature ERROR: value for domain safe_text violates check constraint "safe_text_check" ``` ## Future Ideas ### Scan via pg_recvlogical `pg_recvlogical` could be used to acquire the data entering the server instead of file system access, allowing offloading of the CPU-time required for scanning to another server. The reaction to a positive ClamAV result is fully customizable from asynchronous notification of pg_snakeoil-1.4/debian/000077500000000000000000000000001450164562300151015ustar00rootroot00000000000000pg_snakeoil-1.4/debian/changelog000066400000000000000000000032761450164562300167630ustar00rootroot00000000000000pg-snakeoil (1.4-1) unstable; urgency=medium * Upload for PostgreSQL 16. * Use ${postgresql:Depends}. -- Christoph Berg Sun, 17 Sep 2023 20:50:10 +0200 pg-snakeoil (1.3-4) unstable; urgency=medium * Upload for PostgreSQL 15. * debian/watch: Look at GitHub tags instead of releases. -- Christoph Berg Fri, 21 Oct 2022 11:01:50 +0200 pg-snakeoil (1.3-3) unstable; urgency=medium * Upload for PostgreSQL 14. -- Christoph Berg Fri, 15 Oct 2021 15:25:34 +0200 pg-snakeoil (1.3-2) unstable; urgency=medium [ Debian Janitor ] * Bump debhelper from deprecated 9 to 10. * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository, Repository-Browse. [ Christoph Berg ] * Upload for PostgreSQL 13. * Use dh --with pgxs. * R³: no. * DH 13. * debian/tests: Use 'make' instead of postgresql-server-dev-all. -- Christoph Berg Mon, 19 Oct 2020 11:45:56 +0200 pg-snakeoil (1.3-1) unstable; urgency=medium * Make signature directory configurable via pg_snakeoil.signature_dir. (Closes: #946359) -- Christoph Berg Wed, 18 Dec 2019 10:42:59 +0100 pg-snakeoil (1.2-1) unstable; urgency=medium * Upload for PostgreSQL 12. -- Christoph Berg Tue, 29 Oct 2019 13:40:03 +0100 pg-snakeoil (1.1-1) unstable; urgency=medium * New upstream version, fixes compatibility with clamav 0.101. * Attribute Alexander Sosna's copyright. -- Christoph Berg Mon, 04 Feb 2019 10:37:34 +0100 pg-snakeoil (1.0-1) unstable; urgency=medium * Initial release. -- Christoph Berg Mon, 28 Jan 2019 14:06:57 +0100 pg_snakeoil-1.4/debian/control000066400000000000000000000013511450164562300165040ustar00rootroot00000000000000Source: pg-snakeoil Section: database Priority: optional Maintainer: Debian PostgreSQL Maintainers Uploaders: Christoph Berg Build-Depends: debhelper-compat (= 13), libclamav-dev, postgresql-all (>= 217~), Standards-Version: 4.6.2 Rules-Requires-Root: no Vcs-Browser: https://github.com/df7cb/pg_snakeoil Vcs-Git: https://github.com/df7cb/pg_snakeoil.git Package: postgresql-16-snakeoil Architecture: any Depends: ${postgresql:Depends}, ${misc:Depends}, ${shlibs:Depends}, Recommends: clamav-freshclam | clamav-data, Description: PostgreSQL anti-virus scanner based on ClamAV pg_snakeoil provides functions scanning PostgreSQL data for viruses using the ClamAV anti-virus engine. pg_snakeoil-1.4/debian/control.in000066400000000000000000000014371450164562300171160ustar00rootroot00000000000000Source: pg-snakeoil Section: database Priority: optional Maintainer: Debian PostgreSQL Maintainers Uploaders: Christoph Berg Build-Depends: debhelper-compat (= 13), libclamav-dev, postgresql-all (>= 217~), Standards-Version: 4.6.2 Rules-Requires-Root: no Homepage: https://github.com/df7cb/pg_snakeoil Vcs-Browser: https://github.com/df7cb/pg_snakeoil Vcs-Git: https://github.com/df7cb/pg_snakeoil.git Package: postgresql-PGVERSION-snakeoil Architecture: any Depends: ${postgresql:Depends}, ${misc:Depends}, ${shlibs:Depends}, Recommends: clamav-freshclam | clamav-data, Description: PostgreSQL anti-virus scanner based on ClamAV pg_snakeoil provides functions scanning PostgreSQL data for viruses using the ClamAV anti-virus engine. pg_snakeoil-1.4/debian/copyright000066400000000000000000000023021450164562300170310ustar00rootroot00000000000000Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: pg_snakeoil Source: https://github.com/credativ/pg_snakeoil Files: * Copyright: Copyright (c) 2018, Alexander Sosna Copyright (c) 2018, credativ GmbH License: snakeoil Permission to use, copy, modify, and distribute this software and its documentation for any purpose, without fee, and without a written agreement is hereby granted, provided that the above copyright notice and this paragraph and the following two paragraphs appear in all copies. . IN NO EVENT SHALL THE COPYRIGHT HOLDERS AND CONTRIBUTORS BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS, ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF CREDATIV HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. . THE COPYRIGHT HOLDERS AND CONTRIBUTORS SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS ON AN "AS IS" BASIS, AND CREDATIV HAS NO OBLIGATIONS TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. pg_snakeoil-1.4/debian/pgversions000066400000000000000000000000041450164562300172150ustar00rootroot00000000000000all pg_snakeoil-1.4/debian/rules000077500000000000000000000003431450164562300161610ustar00rootroot00000000000000#!/usr/bin/make -f override_dh_installdocs: dh_installdocs --all README.* override_dh_pgxs_test: pg_buildext -o "pg_snakeoil.signature_dir=$(CURDIR)/testfiles" installcheck . . postgresql-%v-snakeoil %: dh $@ --with pgxs pg_snakeoil-1.4/debian/source/000077500000000000000000000000001450164562300164015ustar00rootroot00000000000000pg_snakeoil-1.4/debian/source/format000066400000000000000000000000141450164562300176070ustar00rootroot000000000000003.0 (quilt) pg_snakeoil-1.4/debian/tests/000077500000000000000000000000001450164562300162435ustar00rootroot00000000000000pg_snakeoil-1.4/debian/tests/control000066400000000000000000000001001450164562300176350ustar00rootroot00000000000000Depends: @, make Tests: installcheck Restrictions: allow-stderr pg_snakeoil-1.4/debian/tests/installcheck000077500000000000000000000001221450164562300206300ustar00rootroot00000000000000#!/bin/sh pg_buildext -o "pg_snakeoil.signature_dir=$PWD/testfiles" installcheck pg_snakeoil-1.4/debian/upstream/000077500000000000000000000000001450164562300167415ustar00rootroot00000000000000pg_snakeoil-1.4/debian/upstream/metadata000066400000000000000000000003571450164562300204510ustar00rootroot00000000000000Bug-Database: https://github.com/credativ/pg_snakeoil/issues Bug-Submit: https://github.com/credativ/pg_snakeoil/issues/new Repository: https://github.com/credativ/pg_snakeoil.git Repository-Browse: https://github.com/credativ/pg_snakeoil pg_snakeoil-1.4/debian/watch000066400000000000000000000001041450164562300161250ustar00rootroot00000000000000version=4 https://github.com/df7cb/pg_snakeoil/tags .*/v(.*).tar.gz pg_snakeoil-1.4/expected/000077500000000000000000000000001450164562300154605ustar00rootroot00000000000000pg_snakeoil-1.4/expected/pg_snakeoil.out000066400000000000000000000030541450164562300205060ustar00rootroot00000000000000CREATE EXTENSION pg_snakeoil; -- ------------------------------------------------------------------------ -- Management Functions -- ------------------------------------------------------------------------ SELECT so_update_signatures(); so_update_signatures ---------------------- f (1 row) -- ------------------------------------------------------------------------ -- Text Functions -- ------------------------------------------------------------------------ SELECT so_is_infected('the quick brown fox jumps over the lazy dog'); so_is_infected ---------------- t (1 row) SELECT so_virus_name('the quick brown fox jumps over the lazy dog'); so_virus_name -------------------------------- The Quick Brown Fox.UNOFFICIAL (1 row) SELECT so_is_infected('Hello World!'); so_is_infected ---------------- f (1 row) SELECT so_virus_name('Hello World!'); so_virus_name --------------- (1 row) -- ------------------------------------------------------------------------ -- bytea Functions -- ------------------------------------------------------------------------ SELECT so_is_infected('the quick brown fox jumps over the lazy dog'::bytea); so_is_infected ---------------- t (1 row) SELECT so_virus_name('the quick brown fox jumps over the lazy dog'::bytea); so_virus_name -------------------------------- The Quick Brown Fox.UNOFFICIAL (1 row) SELECT so_is_infected('Hello World!'::bytea); so_is_infected ---------------- f (1 row) SELECT so_virus_name('Hello World!'::bytea); so_virus_name --------------- (1 row) pg_snakeoil-1.4/gen_typedefs000077500000000000000000000004721450164562300162640ustar00rootroot00000000000000#!/bin/sh objdump -W pg_snakeoil.so |\ egrep -A3 DW_TAG_typedef |\ perl -e ' while (<>) { chomp; @flds = split;next unless (1 < @flds);\ next if $flds[0] ne "DW_AT_name" && $flds[1] ne "DW_AT_name";\ next if $flds[-1] =~ /^DW_FORM_str/;\ print $flds[-1],"\n"; }' |\ sort | uniq > pg_snakeoil.typedefs pg_snakeoil-1.4/images/000077500000000000000000000000001450164562300151245ustar00rootroot00000000000000pg_snakeoil-1.4/images/pg_snakeoil_logo.png000066400000000000000000003323001450164562300211460ustar00rootroot00000000000000PNG  IHDR5|#zTXtRaw profile type exifxڭid)p -yX8`hYS=2+2!?c.'߃?^wݾ~|O|O_u󂖿^_}~FOaғ#?|(n|]7/?wo߹b.盛$FzzcQJoc _ߗ}Я# ?/b痵w{gv3WVI}OKe|uh,&/saސ3pw s<=FS# JW#F1QK%< ';cf+׏ݫ :+*"y J$|_D[_[~VzqN'C_7`xva0!_IPo1XN|&#)EB)qwMJgsM ア@ (H#4#Ms!Z, <*J/̚jڪ0jr+zms/{}8VF͍>ƘNn=z9W\iUV]m54Dz֬۰Nu7{pHO98k7|˭~ǝ??"Q _QS{_5^nApR3"s M b{9*r(절|B,7k\OqSB9}EqK|^TZS.NO?now3o[m'3YA-7bX=RYO34b ^Yf;8PlnbZwՍinWV-onVY#G|»  ѹ/)6Nm.킵FPay@>7AG i=ŝ2C0Fr|T"ri+bY؁zq֫hW;8HڷTcPyX SL?uE<zMP6JIdXpgMPY3R3{RGmg7D.rž'PkEBO~#H ܟS|>|TaĚ3Yd*J9O6n! @TgYjׁ& žI{3 ,/pQ( <n5֞\4M(7j6 7&ܲ PQ_A^%11\FnD)ɵ*_I) Lx#Ck]eJj3n %oЉc!Su$NɈ>"9+qSPs\`CR fl%aQ+: K,~w/ĀyT43hAQz(RCJ^rHhwHl yb;}ɔp\2~ة-g.Obd xe;,473]#T.!:XwwQ64A+7ND>E]Z%5gt\V eG#`C-y:M $; 1HܩHT,4@Q1u;\"/w ߄%QQQgO7<ȹ1 #`1Չ@} } B-0CE j'~*cP{ZS HKqSl{-vV\2:p r3E^k@o$sY\<$3_dVIHֺ-3v4"s PuT[R4yT164DrZfwXqqqtCbVZY5'i@L.k6Sh=3)x*Ge\,ZS-dӲk6Fπ u"ftvWW",{UےКbC |{gcqP(gDXFiPs9y)9ImY:RԋYiӐbqxA$'n[&Hf(U%Wڅ%h"lC ᮄ],ۑXhtoRWp 5Iu.KTz5&( WC9asXW/RZB G o{'@jk\܈f$ % M "1dޔ8*YJ u4SGٳ\)٤p9zGS2d3Nf#@&(("sDe]n@@E1,S('3ÒNOT`6P7,R)M6L 3vciyWe|>jqE 8ih"%2_ҩX3'U sd {FXYC~YTGHp4rA|QR =sV}Iq8g4]&dC1 j= @(CZg|Jk(&wHTG3-[LVB%' Yn@0T>fr(j>ίZA7dc#%ZX"t|/EFYwX=jœ bn.0zctZhgj0V6Q I ͬi/1Օܑ\B>t6FF-QsJtBC¦TuNvO4Bo;|O93gj5,*[ߨ$\bS0%91&14)cQ{`[z --y>22r.ز]0be6u.#.y'JȠC&&zXXj7HP9hFuBpdÑU ^|6x o `\,{5rnj=oGn"Vp8Sr9R ?R5Hy ITw$kׂWmtú4QHjEu?reFOCW.GdlI#Q‚z\Q9b(ah"$((-E^g$nC!ɳAOglÝ(lA=*xp"rqs 9A܊& /)Pw"`Y=ޙt+Wm`Κb m"};1 xMQ?(/Ђ<" d :8mA{(oZU︃VG-aH:AA[6)ӦZuEkՃUOCQ] !(7"W?z.BX'֚ɲIK;/j-wC`äqEފʵāJ' kuj/( 6(9prk  =+v|aC_"PE2}WXD|^!H,fz@"U`PuKv/xRNʄgnJjb=BpVu({>-u(?`ô&f(l;N޾=Ȯgm2mmS\DKL 9E?m>!m 8*% kBD(j+ttB;[PoQ(@=HI+8p}ugruma=~س~0jBo k'a2 O(2?\̺6Ј|#̵:Cn{v#qhiɥ,75 ^ mY m50te+ٖ$xf _v5xL[:zpL U =AlxjDF-QcU<'wco5G*R 8J WQXJ#&V2:g86 V6tfJJzנtaB̯-jP:i=<,2@HPI+$_- h19N^RpuF%ۃ46\3=R++,ɜ2rGN}$ZX{t ;ө 9֧#6H`-_"1Uh~AR%O,!`* g}UL8xczݏK J' 64׫ Fԉ KKbpUZxJЩn4 5? >0\\O51{5Laj`x;+2j:prXqfJ`Ѧו_rg2T VuOKՃ#q]Z(\D5 FY\V^).EA}3򨵙wwdxYJ"p bUF_pP#̰x{#Չ:#@&. ,JZ^S ۳L5Ah7ԣD0Ab9b АClIcz8$)(ju^5CjD:+g0[MFنdi?5 .Tc)9WG+ 4\RnM] YqC/ASWY sx s#|{H8 f৩P+z|R2φ$M&};K س/u€.HR`ӌH@3I{:o!yv/ -~c,܏lQ[G%[ӶBA1nuHB1G5RX)k|w9j0"ZO~7U)BeIH>Gp2v!Hz[j6DnQ!_{%f\Jo28K]e㾅RZ:%B yd;u1_[Tv:TUi^KV8,5E$nDkcF ,H5ʒvN@25Bbw N{?P,22:Dл0fcЅCRќMb$A5`M:d7xǡ_{*g}0A|xh^3P_RwS'}@ oݙ@oH,0NTHwqUQ@kULYﻖOޕ:QeHgm`"c@]בjDsn *;(4L ᵐ'L@ L:`:1A?P<, 7%oc =ΤB\ux]I@h?Q BuCe:Ό(ltR 0"8(r$iUPnQUAS k:0vyn^K&%-޹1ǒ<7 H\dK!;EtH!N]HG_ᕷ.2>K@N¡=3(-LdQAxZVYTk[bE+yAWC],!~YWEɚ2_CO5ܤ.$9@?NH-}jhÉCshlQ} I@ aT8dI3%DZ)|S3HKм>$ U 5[|DGmT mT^Wt@H7^d՝JQT2XxkIو S $x4bxבLB ?),OQP^q;An`1*bTxਃ>:n/WvB.xmVJ7(¼ݚn9 6QR!GI}LYNPe *OdYt%cdb_<5ޡ"':;(ҍ͔:?6:ܪ܊-a!,>0Y2:Vcs@p8B!2s4Vۈ7UfG֒T(q1eY=j:%aϵs(Ϧ:v3IrԁI+v MGXRVXGѦOzhZ s*B۩C E3uG }ic\?:f1%7gtcEMt>GG":ddC'a}@'3AUV)_y|ݗ`RU'u)3^mCjSSPgL:OmjHd|y\_p|:٣è@cc_Qй11jǚ S0Y=̋ĄO5ye\Dwt)kԽjґ}*nU&ud7 'ҴٛMVÅlJ x{:(Y=8>Ĕt.ǬSTh0a~tc_>>3V@r^>/|h\`)b^F : u|!4::n[B(dѧ mmO*`7ڄ`I'> pK":]I)@>1*g՘x)$0+ ; =uL٬0"@XS$0N崋{W;@"Yh|]@:i<;y_jjg[C[$dS4l U`iOQ#{ bKGD;* pHYs  tIME  6q IDATxy$u{ߗGUu1scH!)R%1ZaA ;VCwôSnHu8:$Ů֤d"ES)@R@3}w|y|3sj*++3+{w4PC 5PC 5PC 5PC 5PC 5PC 5PC 5PC 5PC 5PC 5PC 5PCQs SX/س=<=+gcYkMʫ?7ic _;m.zp wzsEڀt=&"Xb@!"BS )"H XDb"0 H)a 0 HAkzo-Iޑ, nL7?m Ygz{ `0 B_ }u9" E"E@)CK~ fPZH]0D-beE0"H2PDVY R>OI)} [,͊hວ!zMޤݯ{jZ+jZ%J|? B1 8J{О Gm6M$,a |5,_x8H>n@^s ^~R6~߈,b6 RKR0Ht.2"=*$<bx~R "<"RYF ,H}-)M$I+12/1,P_f4p]kjJ^x$0nXZ)j;@P%iW ǖwa0۝eHEZH(/@0'0 ھG*iລ 36}^Ĵ7X6 2"q#<9 8IڅZRQ&5 JiÞ#$vMX-0 @Rh$V__Ukzw0 OXR # L`H #1$ea`!c LC:/!Jihm[kO)x)&@+W$:!R`E;f4KIζFF@ᧁP)(OC)zԓ 5@ P^ ,jHJSIOS1Hؚ&18rN۾j'l5&{nQb h \l]L /"*PM,@Tf^4˩%`S+ uY\a_ŃO= }tS=l l|N  \m &\Y jn+CD#QZ̹pgX[[sȌ?!+%xxfb JzXsDĆ 5&۞󭳷7 \}ydos cWPJ!fA8-aP I!>xa (.i@)eM4A#*ҢYFTU RCngυb#CDo^jn~{n~NlJa%H)J/e^)X^~ `ϡ1sN^(}9ADɜP3͠`XdCo4֟EK6u@ $GQRr8uya~6 V֑$I}aOi77K i5]XՊgr;>S676*Ю{qy?;7VүoE,n8;q(|FoƤ!'Oɒj;HÃ_ .,ٓHl+%L;bLw9pe6bqb `@+F{#BhƤwTGr6+-iO`>;pZ벇/P"DX?3*:3§V a"LY f  Ct''rpQ D;Ezk_ Mʵv \Ijt}v=jFo&fM"<_hںu}+;Qv3.6.xbkZ_\g`(!b`=v#G۸eda+f|Sh&M%ŵ6&/Ati\> rfc.t玠HE}L{ y2e 867b"_JI#y"[W[I t/},1S?`|*^<6Cw=;縜$ụ;:\ݙW.`scϞ)h?"9 u87Ѩ 4 |3`xpIHkMJ^UE -\<ƪ\c1-2BLv'O$ ay~Qf$7ob#/> 5W=?mM13TJ{9_'[K8t lH`PB,($<|M/1 6\b~ V/sEQ'Oԩ !@fAa/ZGA$czxf嫢`#cm05eۭu$ *.") (k}DZSjJxa?T|D˧f4pЇ>?=%л!"`~o7[<0 A}( R`=6~DNg6鱋N@_j(erW{G}p5A9KHaI~]ܬy>)YUܸ|+nIԧvޮ *Ty~D #v @I;(^,$(@4%)Chf/#OM=*97pǞ|'νSt sƘ/_ b;*CE6Ĝ6qHlg @ؘZq ?Y/Qεk'{\lLҚ]pGj|)Cu:/c= <,Mb#!e$}ɏ8-)*ϯ'=)l&J xJar8HeG$EEH\ Ŝxe:?Tc, xq1MP/}  "#2b+"H='hv DRf#|3}m[a.!H?'-$;kIfdC0g'+!6y7yaD0wDUMywidC/)5@e 4)#{N1`(^'-ed9}56u֖SqYf_޺Rb{D^þZЀpv!Iob<&,`/_GѡaiwW;Ua^{uBnWlsɇq"[ ׆VV@6u?Jx3G u9p.'q FNַ$K)?yYL p Lof(ڟ$b| ~JRl°"K Fk=T[**#S q0}*g-Qd~ D5k>:nۭ)ͧ)e>!TP.Ɗ9/D+alDh @[ T0g>aQ(Ԟ=!IJ5TVYL \{tJp 1kp0B:@Mebd@Pd#}@Ntt ԗP`nR&An @/bs JL{=N/ufeO4>k~NXP5ץ^Me Ni վ*nÐvGmQ&1| E(1#6Y`HϘ]"R ^0q}e*ZA%;дft« -`g+UиӃ0@LF:LJ=a"$MOT7ըA:#3*j4kN?rk4_;ZMܞ9KD1eﻲR<+fHVy[?gn2Vl"̜ Ġ/'UgYD \t~ F L$}0m` GwK.)ͯG N&TuP58Ji(lO"!=gڗ9^1CD YQ0_.NDkgB^DQR_)[lSNγGߧ\?rT; wV7Ij{%qE*ufA*RT>d_q6pүNB=wrKh06O0BL1U)ω7!ζGoXڈqa#ίriR)b|@F%ibu7iݮu:T4H RO5+q^Id =$TDϪe-s `E*X޶$-WD qb&Z^Z dϢ*l}pTGe =mb?A 8Jbt( )'1U9V:8T* *yѝx[3! RyaOP)To$F0<$"JPDDӺCbiAR?"3DgO)=~;ǐP Y.|hxi; "cʨIL?@K۾wVnG3~ M¾"eZ@&0?hڪN0'd ,}:#< Tj24)V9 wTtW03r0AQ^GdPI&P}$ IB AX+@m"{Lb]e~ᑽ R4\e'Rykr&k(x*#)4*h4W[ 7<(n֠YE "!. d30"X ZjnhG4fOSO #0n,e(Ttpꟽnr#pm/ Dtuf&)8F65=fi 8ۤ:2E%p3Չ\xY4 \? ЋRY~zmV` ԰6m20LvR1/[Ҿ4r:[,%G,25Ngff{*7(`\t9rA(oőZY9>6)<7`of4Gs xtKn7A>qgAe~{)Z9!?MJA+Ƶt'f |Z_Ww7%Pvvk_9HfhM+D`4XWqvlDwRm2:LYPp'8?ھm|[7Y` \}ayq^xw ”8:lO)5EFe\I*:xʷ |U)zڟm°Yx SOa!*"|/ׁjq!ylǠ{;F ) yҘ0Ȩ87#GG{^=8 (%og|]?n/ۆ+KipMMC/ #مgQ 0=|螣[onh:? IxFjU1۞Jwl@8j[krPuC%/?}7߷G{1xh0__Ȼ37LTN_WtU@%)b42sV̙Cs̀KH:SDlD f7py0~:wdFw%TSicOJ H{JiVJyZVDZ$#Y01̉a6 1,ԎK^C_`R`@j$3:f 2 &XK͂n`wOcZ7x pv9:UP[#JeG#"_+?t{: }CT#/KdfĈDƘal8  Ɔc@(v.Fipr:I,Z#7@g? ;i}j~ [d4)JRȺpVWsZ-_[< v8x% E4 ɟH~3ɏ "V'u;Z Nqqu2Rj>;s_{`c8׏͍~9# pnOH'[ C_g72}Gz$DA|י'pm+#=ӯݯQ;[0lT"[%V8u{mb$y||g9s%alz[h}?cۍ<&X2کȅ =U"k@(5)̟jgGQ/3;31՝t zvER)p8DFo IDATFz~wa+uT W {j5Gַ6p&> wfMKJiJeeohϷo ]t_.wDX-(LF׶6~鷭.yOFE ZIk>#cm~׻U՟l=.p%S(1Nʘ}{OC/7έm-n cp&mk {7,:s^ >nȯd"_Q3uw3f8 ]223 ~d<A9Ϭn.8~)$5]NLZ-_^Vjo=7fHγ'5ۑ8?ʆ}Og;#|lssdWk.!iAs# է!I>.rof(5q l Ϯm^4|9/#yUHг4o'DH9WeN81;]QNC;J@[,E@ fx__.ƽG c}ZijR e9!](6I_2VDOu@|NHOPdTf~jus)6ƌ[uN܃LW}+j'!w#*S S=?9a]L,/FyPPcsa9&|WOic<ť/VeZkΞN8WˍNPPW'P "X\}1ieOtq;Pڐ#S'B?4=i݆>yP֯]@mS>=*դ%(V46;{mcW{ޗRЩV`@t? L!1~= N.I[rL9 @1:DMyOtpJ;.%տ#Fj5P/s-A@fA=YH8!E"Gbsm '%SWw5WJw[o ܩduAUJC6 $#?S #8MkGa]ia HyݙcO[9~+sWMuoo=(3KdU-)ϧWaskICvOgMv |t&?,cs.1윓9#`5Qzף*?}_͗sou# ߻6d!WH7fbɕwF `n' xBkR!hLDX:.X\Oؔ-Ò4v%u hKQHMה('$d]=Ut`;+2hT;Gr*0cVV*E!WuNBVCS_qɨMr/w&ÏfU7~ B䗢 I'UWb8,'JLc'7(4vH/ T{0F59U{9̽wsϲ,vs"sOXR,wr׃J{\#Kp{^YE{o;o48S slK:G$Ruc6$qZuGISFݘo{"q\ *-PJM1w2oLewsmE9+Ht"uΡd< JFe~5Pp5ɕ%U#:/ =!.>ǯ1=na `Jswmʲ򌟺{bGAlrhS\9Ò9R14G&f8;DZTbALu P +P"#'>P UY1t 5KbgZc ~ vc==*7O:7+m`*K/cۗ ¥@#FCVQwܔ%LI:@m-cUF&=\ }PJ) K^z><$ (n$!x_z'FӑWpU@@{vcLN]pb4Qpu<$?'8Z1}&n@k䗫}cN )7#75e.?Kjdnގ@zaL_j|{-8 )n4PX,M=N4G ^=e Sp0$~`Q){+*.;w2+n4v.E̘\y[UvlcWFFY.^*#&D%Qh$QGҁ82#_QB0 Dacps$MWiU>ocux8W> EF0|FENn}s/#+dc$tWRۥd0\Hvw{Z(H \Ӫ>o &PF} 2%-z@ߡ11&J_b>ɰ\й8p Ё|LaG dDx* P|$:pjMl )V(+wZeR 'gMh#i+ -XTGmR1O*휍ĈglZ2ҿ9PDPI'0so yy9Ɓ{g~YC~X u]Yb,I ȧ0pBYaj=UHCu^JM)(lO7p1ƪDz_dr]ƜA)A(R]/}wt(T} #)j82Sf25mcuJRݢ@~_m#Pam} @2ZAAF<D Q_!8 ۶`gH&-Z4)7 @2Vٙ7 |M."Oߋ G#OHoڝ.qÂx`0B&=w;Ɗ-JI-4T5}*^TLNml=5D+PA? Ak$9$A3B6Z AWHm$6Bl.i W=lj9PQ? ;j5N@DtJGȶ>{SQ ;wF$ׁ+3V!T% c=e/?u{+r:Z*;Fbd ^ȘO0u}Ḽ;; h@, "pDdR'!(a8@S;Izv1(<DBG`(d;D2-x^FbD>6=ltr3-l-j=eƘNz~ j"QBGbo  GT婻.@!=> x P 1@I 8!qI5rP7( :FIJɃ 1{d+}h(0!l(h:C@L @H@A@!!}(x "03#^;/A` QX<`:s: I{- 6'0< ^ n~ Q<5?e犇<St'7.W_+; (QngE0T9H* $iA8`!uLä̝Ip@Baoz@AAi ObG<χR!e/! N#R  M|b$:@,4#z:# N |9M譂kKS8D φjdm5b F uDx"5kd#õ-FgFAl cx~6Zea m$Nk&#| GR xEZׯooH h&wW^[ 0T*NQQPJM E Э^f݂\ "h]HyoCx"1 !e~@ p0B3N@jh18UMƊM0!*B#m}fiwQ۞U'` QꋨAdG c+58ZBk0哌 zjiM `]vYAE$OT}CV_ RTGpRߟ`k8p&D3## @+ 'Pm"hLlRfceJ+HH=$VdзRqP*﷑D11 NIh;0=߆S!H@0 c X :ӌc})\<ʼn;8*f>8݇FO_!PMJơXm<|? iĂyF` ~o\ @vK6#Њ=.sKͶ2tx~n}m{iOzezy`VT &&P`B$)F'$H"ztd(HMlPR$a (-x6bxm_4 4G |1=V: `:(}Iv+1HĪAXd:Ec Z8d') NƤ4(;ǿ. `t̮Y`p/S:;>w#I0`]fAʒ:zs`SՈHrPE+7Wo"V0#`6hu ,(h0'Ibq81 00`ί f]@RmKd0: B|vcx-QakN [:-  lxQZk6)Z{Z$Abo`M~f~=d3 j F|E YucH j r2~jޛ@".Kr(1 Tc߫bM} ^v@ FV$1!! -',8$4$aŋgqV7xq g/`iyϼpЊ&"PT|vi IDATl7R`~v ǎ͇c~v0֘`n4eA0 1'Z!(B{b $}j0`b ݩw~ GX:ΗX|*U~J.G*Z^!aW̬]\6 '_U8MK݄ӊ-c`Gtb(cuB{-$q 11x`&N$?@&쀓(Ytq.ųKx"p܊U'5aŜ\L g3+8< *B;=oy}[q<`n$NwZ{ F0ʀTBv4hũ@D=C8w⩇-pRie."xy'+[bnh1??jfH6##&'#'ʼnaĩ y=0Z.hfZ]lUb(0!{>_B8yf_<Ǟ|})ІYQh@ P߃܏4AQ(FM8trB&$b ԓ/h;o(E.xlK 1}<ë{SzЅaL AՁ=$I ii6uZp<[_8(1#@a^m887m=SPdF݁yHvaCR8hZh讏(cfRACkhO$ 6#ƉSxx㶸m%b(K_{ _S}ǎ|=|!t':`7y>A~BI:Е1jxR˜ڛ ?_Otq)u~;ݥ.w_)Wx9aN>J9K|/i@ʃVdv^g}OUX,w ʐd%L/C220Hj07lٸ 7dK.ҭ眷6caBHJ_Z::ܫ{~|o!s4J4M=JBk%v3_v}VQ/8D6vGn hҼ$@D<(#f5V -55QҎ_JR砮.> L]BgdyA :1p1h]juvX29i'/?{q=rݭ00ĺu-mέ-2^sy 7shN`#Ou BgMZx>Ɩ'~4G[q/ﺇ@wwϺῧ:b[RBIAJ@4uR 4Q/rOMw~ kn%ygQG,ejl +P)I Bӭg02 :1AR#5#RhuL8Ijg8?Cn TC@HC i!L>PxH|v߸\; `O5/'xB)UPX[at62]2͟czKi?xc|o`H 9>͝~|,_G/1\ w?r~ϗ*% :ygRsړ Je8oLB5hc%$*%ulNL( \zfNظeK"DYidD4kb($:P'Ȁ#D6 k!XLQ5֔>Bh,'hT4s ET(MlF#D >Pڰrr֬Yˋ;U7箼nQy|걼/̓7MfL6^#^aR]zOacz(,!p?Ȋ?RF"*8YN)c)(ro$K40ݢGG\}}n|)K%/8K\t*E)"'$ Fk]*ȑR"U; $nm2sx1&B X$Щo֢d훢 4QF3CYVxo" ,2 I h;,>8 Ǯ_æ_7lᣟ};{5/y.o}XtB [(S)Zs>R>+s E@? ދ7DO8z. agNcvv&eD N3yA'u~}[‡t/_ʯk9SK쾺(&*L68y8 #@8g2D\U2C!YT>J*h7m12J9'0K0ah1Z[{Vgl$I"GKpnFr@X2S01fQxNa8|qBG|Gú,3I!DE(jjvo\T8_:~sI/B}1{+m8*9? ? KPR򮧷f!^% R䑇@šǞw|o"F^om]TfҮU:Fx_#H_FRܡCjG*y=$4<V=3Y-eNgҙ*M iwt"yRd!M3DH9 2 DɌ YAD@zL:>Fy<ˈB"l*,0Yh$$Ryx$z")x!u3$3-o"&ϓhl TKduź+x;_ˋ #G!rf#~2Nٴn0A:.>Ć, !K5(TZ8݆ٜ\F3p{0<#}]~]׈P|uR&U^v%C:!"[ՉLM*[⬧<,KUQ`mDC1!R^~쵇8㝜˸3hg(ZނgU@ġ!xp"cZ8[u]ȼS&>42M*r_I_8djr4oPHU٨\RܤnRQC(#! ntՃhuЦoBL^xMvzhGN0,u 5(+nUS//{G uA۔ffITu0& uT%\ߒѥ. a633 [~ 1*ay?,%K)|l"@wfT}&&5SmDS5.}h=IZJ8sڭk18ѩMI7(/s$}՟c6#9-R ijldZo2D̐j\zN\:36D>zHGW MOLl@frjbdY ˚XWd-EsN~aTI-Fe8qB U=hE\,PEQMFS H12BI݅!%֥W11gp ?gyh.S/x#d/hMɉa8M3HTc%: 2c!R5DIeK:-Etz% 4 0hӟ0`>j}"B0p}i'DD@V8t$\d|j<%˧t zH7@ 2u_5Ltzx >CH9Gop9G\wCS׾_|.+VDѦRH!*IzRH.z!lci9UU@J1.P 28RBʳ*H^P-e(RQ"}>4(#$ϓ*1BZ!,pQVDC,#ou1Q2tM4( w,*(c2C=5y:qԜ}&~?˹򦻩ǟ|rɸ3D2c6Bλx!⼣ZE>=JE en\3 RzPt#̰z\`%A-|5.oVwqN#xBT{cT{vgӄyaCSh 6imn+XՉBL+6(0EN Q"UBKBa}Ce3md:idE'|ŧ]*Sm'W"ŀ J?0njD  #@'HP[7tG-Q`~fB|Y$+N BBڲčԀB ΀2&@%BeXѣU@ehQ%B 2E ɲM]%(EI@ հĻR*,u?uR(-8bR~_%c|_25sOLNP xR ѣ3EG%J0Vr8vnȵnd\B@Ʉ=1ƓrʖCŪ 4.Aw([xZrADrZZC5Xw G2\+(2#md'-K7dS;GzE@R$*le(cn*C>݂\122;qViY{X\8/ٵoǞ˖;1RůR^|i!6ԃP:zj*Ʀ6'ox 4ndR"lqt:&Y WyffC O*3e4$Ʌ;t"(a9%΁mU0z^]s`vvyO$ӓKӔ5BɲDk;ZWiM]0*V'`7 B2'>٧ّ9zmK_k0XgJFKMu8rkM|k2^"dCd_DJ"U|4FA:18[hKm=NF*#WYN ۈvR#Sԕښ%w8GA)M][b,RbbDb(-BUHe^_|+_Xd>`aXCLߡ,P#5K:]:cLڬ^ҥ=X2I@-V(%hs0HH,jZZ"F@¨E,h)1J|˜,k1[h#RHU7D$#=|d+,7HV[ahK/Ffsl߹Ȟ͇w0Lg򧷳R=b-_:ɦ8b\62IO :F#JgAdD*0#$JDghFdi-l uGsIܡ\>%R&_* ǑXHk!hۯo|=/S*$VyE儧u">TYX\\_j!E;%e#TZE7=&`1ErU2V'bZC.}N~~xj7!fydN}bg,և`>q.eg,Wq)ksq-kgLurPcWyl}@JbŤ"SQ"QgE38O5Fy{s 88D%xqȵjR|6šgzRs`vl쀽s>'|{L3`4KzlZukj$'Y6=IӦk'LzU(aB**.s;H?V[a@$hc%RJ' /<"FTLioWWI zOU],kw55S]VZ6)HѺ ^vYc<>i{i-,$,Ka&5 e@6c1 `kʈѡAC &G7.ޮ IDAT֊-&דLȍLhuY3΃,w@Y7<M]rFL h)8elZK{c)V,DI4BJk2Eh#nGES;w Bm*0˨I0ZĘtiȲpR )r|pZ5ZMwS7F*(-{ؿwBxl'6Vsyӫ.`8.W=p˯WocmÖۙ\r/cdLd9òS#2v$y#P{K h؇Rf?#1Qa R⚚W6]sĘB(R@pT-V˲֒VG2SP|%]S6ܐمaհm'pWv0<#|a9}R* " DRmiYP¤õ\nL2"kā*nTSA=0`9yj][=S faLfG,'9vN:Rg)+:z1jgQQ6#»*dZIơtƓp-w]S)Ǭg\Ra BHDհb?<Ė2߸͆5?yGWZ?+(2B7oB(;_Q߷VQO]˕7o{KxŅ _NvO["b6!F!V4ֲr$EBI#mK=9N>vJIKXvB(MNF>:vZEh%1&GhmRTM5LIPZd22uIGGeF#@c*"E Ԗa 2ezzy8k Cˊ ٱ{;MRߌNUw:MZ06w$$S,,4%#0."BnmSem(dd9߽Bq>~JR~e~ Ǭf˦:ۆvnPJ|Sm@27X4%('Ftˀ! a֒t,!;}:^Ӹ{K/NV$RQP*=8+xhn]y~r˱G/\qɽtV>? mn!tmw*ƙbLnw,SK&XĒVa+!,iudfnE@ Xzv<<(^Xt2.tb}/~mej맵iYDZ (:xgɳޥ{pc팗2S-qjODEdԵ$F|Y_= `ٵŒwϱc,[ڏ}.i| >DF\FމV# R*lp.%X]B[j\ڙcY:cmu1Rt2){&9uJNA$ 5 IDZEeR* hw;QAg#Tr۹斛yej'Ś\pΉx_cmWbkKb6HvquȲ'h^˗j8eSƚڻsOOrtZ&oNQȒPJ^Wo| v[aqv^ ǬC_u;RdE i (YTtZR\~7y?ǯyŅm/ DWpu+mƟ~lWZ'3j@fRg|3rGZyF+$nA9M1FBhچeS=TrH`ݲGg)r-,w`ȣ5Q0oghڣBd^S˗`8dyML f ir/Y6aDAmCQ贞)æ :Sh%ɕ"\%+-ɂ GﰶhAQYP<9@9ppo?ŊnN+쓏z)U]319MSW9Vr8;Ͱ$k|>8x+og粗?c7%Dx|<pA:ȕbj-MHp wpeϡhwO(ҒnӜHpQ(Z-N;H6z4>_f oyѨqbqaMw?Ȗ{,]2)ǭ産ְa i)4i0/ȇ>{fk6>7{2s4 םLrX[yg␹'oW 8iF1( 7? ӿ_z+0#㎺ s[sW›^u!Zd`y|^_viɻ/˧w y+yѹ&E&4LZ\d֬\҉16mXz)>pR]5lX5I"JHA'U fjG+O t3\g*@ב(-aP@G.[!M`[ fvhC"0Zu[*̥`P{L8pdJ#`fA/Z&J]*4BۉjX-4XXr]pK\zpM/}{֮0yɱ/~r_*5u"f#ix+_~+x:>;vqÝWW]Jk:zCi=ؿ V,&) Z歯{1k֮F [dP5g_ڕ+ؿ ;OSVZqEg3֛nw*n!̱k m\{~y>kWw??+صs?~JٕV6ц$&eDfdBIQ=aðh%7 m n- +BV@eEs`}DRw>EKg``&0z 4FQA..Y[y*u?֭Eƺm>۸`} 77/B@􇞵S "gAt2C~ӎYpuX2NS8^'_Ph.i&ȣ;󆗟GU4Np- x|{ƅO K:'Ҹ@0L*A0huݷ>fX2NnTЂ~F4j(%`X:FH1 AcjU EK`YК+Oi64ΣfV{zG.:E 2DJFaivK'PZ7&oaYx|k-41|2 u YL"]ʁ䁗K4-a]-:lt[tEuVͽ%{f rZÇ>u5ò,}YP5su6\Mn(ikOei}pUرs?հDʔt=a sZJDbГ(ǭ"B%Вy6hIBQ$ePO'EJK^(+ =FdtZ9.x, 8ɑt Iij CʱxKs੝$נImxGw1X%%Lla# J 7\|:_a<麭uII9|F.>-Mǚ+~_a >鯱un'ܿm'w~1~ݯc%eI,^ @ ?V#wT€'[\OM=|s̉\XndboOt:9`9ș'Md)[Ne p$;f e;EQ#\t.Xr9Hj_} wiwfɠ>'oˏ][_B=h2y {axüg \*zl/>'䗙 8Xم!>FZ[7S9#y豝u‘LvrY6^D*fMGL[,9<H䨵)0:BMhZF\6P2aP :-<#3&hk g|ĆTIcCkdK:&wPպtۆrؘ H`kKe#K4M;>Z݌"+X ɥº6)Hc?;7\r=(9b2=8oj2:cmoXz6_J"?)6]K?we_5EU5 lqe&H1mt 8ui-?TÊnǿ6VO\B.5 Zj`2X֭^AU/"CDD7"yjhu;dej2FցTHq1jN AणVu+YFN_˜7}:~k{s4@b$ R!B,P&5REٖl8e;bU)QŎRDE$WRI fQHHP$pD /H{wxs慳ؚy,jb,wgWѻo: /^_xoOs_ko:1ԳFb}|[;N #=W䩳k~]ΕFQUJzLXYCʌBs~ډ&` cy;) r hTZs; TBU.29.8Keܲ\:rTCXXңn"#Z$ Z,8y#OWyMװY,:]!E~K|'܋7bkOឯ~+wN;-XZc'jofl[oP j+;yG5b)gC`̷$viħ?d1P*X~f1g\i9* I)=cN4MGQ`Mr߂Yc#bg%+05(w3BB U+J؉G8tpz 0R8 No7Sgؿoyo};qaa U4s/_c{ מ<8 ta֌]wǞ9ϐ W#]CYs eJUu4$bHS(ppѐsҠ_y߱>iV˸Y2Xe؄u\շ w-R$#.@:*4%+,g Qx)cU\T|19uxGxofy1p#|bbbo;cH9s;aaZtt;[ ѻ?JFT_ IDAT%VٳxKR8a3жψc/JT/Y &JIt] +iԿy-;qPA SUC`ւw<>o^u,%PH) $vj8鳒-QdNM9b#¼q V)Y7\7{o:_aw^tY>/bcSEw~ASh!|I17_oóg_ZGa;u:9ȼs;&1V[۔(IN_BB3d4P hc8aI1GўĜIqI1x!'*a\IKfEp4Z4_HsV-qr40 5c\"B1ꪐ*VxٚY}o T3Pjp!5ZrV{!$m;g^˯և ?Rr P0#6c4ޒyxo~ÿ,;-gZj!fBP4MR*F4! X &H9D6u39S{OHJA;Ra.od%YJ! 5)[S14Gk'R6vkүմJ4h 5'RJ4m+{TQq^D}㊃ןbog_%ܳqs<}VNGU>bf{SsU JNT.nHVEcFone @F+.NRS,刱 {0\-@hSQfԩ Dc,րj:'FecRV𾙰X#¦loKwC3sX[8vhY'J{|dsנt +N:9J\{,}Y>sc])+ZYo67 bZ+Zx(e=ECHjNtTmÆXe™`ZOI@PBDY&k)*fhIqi[Rr-mma\CUc q##(rTAWca6"JiJW¦uk =ڶ0Lh0ja= 4MqR^sל8n Ξȩ#s25e(*8uhmgQ)xh :C)U$~V/Kg}`~Ϲ2>fl5U1gb*R [ҕr͠ ʈ(*4,3+C4V"L9+`vΑNoQgtw%VC&+UǎpE~xM۷dǟ~{zM?/B)MZK 1(ߐsHn@wk8Ҵ-v\1H4 O<"ˮ0B ZƜpZvߵ*X4h VŌ݈yI ͦǷ-,Sơ(09چ =ZZ Th]CJ+\Xw`+GXč9%r)x/>$MdiaъH-j|ѹrq=5+c,g0Ne=ft c)p26v!x$DL= h]$VY㌰WC&~o^f1c5 T ci7 3Q }uT!I i`\%xnj]X$y9$lfqYj)`g g/ZghbHLavV2iV}m,XR|KSYcp5qm3fcbkٲbTR^\t,jr1Ck;O>-8Dwa(1J1u7PT-1bT0ڠJRyP8#Cq ,o48EoiiZj8౧_Gx͍ynb[^ ]?^\1">8}ڣOQqljcFk53/\sOOq+8y5|G=m>EdXʤ2RCdc,C|BSZUR%8qZsiph8Ke %E! "@/]#D,\s'n,d$N@XTh&Q( wt%+T !0[,Ƅk%J%̊r!tbA)]SX迥kșՐ^ZƘXCѠ`^ЪQxwC_8LfECrۍ {xӭBQ\u!4fVZ1 {󆜋%m,EqM5ٳt3vxϘd@@-{1$~O|+m73?_ ~o~Bb;vKsДhkOr5'}gξȻrjwͧy>ٯroG+ﻃ 1Ϫ<'Wn7do=fޣ ({C?#0+-4Dwh $⛆ ")F6+!akkz[ ao5:)mhI֓PbZ:aa9V)aȺdn\_QVnn+Y۝Ԑ1GN+6AlC,X2hkwf:4'f;xctiQ ;Z!r6*uSzr(fĜART3=9UsӰYCsbJ,M8_.QpĻSXc7|I2|{ގo:JIʝ}KoW+r%ü n&}{kvv?$=?3?=[nÇfxߑs-8泎x Ou8ȿw_|kwj-h)]yfZV{iۆyג|6c6i8Jgڃ3%&yK{'hMHRRH,ˮVP%6jI`ތ~lyx/P_[s8]B %*+~kV!L%o(h|nPtPkui0\U^R )U1[O0E+:qSrJ1(m%bO2r8ݲ9Wh1JZ6aZ}` aӯ1RJ8ch'%1'tu13/^po*of͆D(3g9 JBs=̵}z m;ﺏO~n~'?b ؏8g_Ɠaa-ZmBw5\ѻɹo*J-hr&T Eec`uQଣIF nLJLځ.""g 1Fd1'6CZco1aڊ%}Q|!ʔP0VF[s$Pcj $JW6bJƒJ$L Q+‰UHew r.E$yKg5)mCtn#.dPܬӆ{RN2Z@#ZPDZkk$:.Ԙ[`!!1qN" O6f^qU*YGb_{'=ˁ-׾2)-y XGCk>͛_sKjǟaE1\_aݯ8}W?Vm[Ѥq#O/uap~~⯽_8?)^{q^sq4x c?@\2Ӛ'+UKF4j (0:u-\ *82CO;[ Y.=}#|iS3c,PbRdEV $bxio|'JͰs'~c]F.{cN8%&Jp 7X*u1335o1aυd>&^deTēv+*ˀ.DRB`=eJ">BXAgc{wZ{ڶeV0Qbg ׬_rkG>%ykdqjMIpJb,/^v)ɵo`%gX>™/x#Gmˍ3dbTƒQF^P;8rdo|/z6:sYAD15NpixC-?oQ\{m wlQ^dg5{(Z) sAI̼'BNje1[6(-j:Ǹ ҠYU.(^o-c(UXR ˹h&0fT`L@%Q"ҔTaΠܶʾJm#J?&g`=Q+5L)LL(%랒eZm،oe[R4mGGrңFZ1בZf"dqԉL#JS4=ﺅ%8BOc {.]GЊ[o28V2lR(w?r')E<+(kHc8,aus~&4q#).J֑l{Xk 3 CFqưQUek 9Ljr'+/n8sg6o8)at!ia 51DHT9B?HjѢ(YĹx 0 M飘y<9C+FK*X%eJqB$M33xo)Y * G%PFżmd?qcVq&x/""Crٟ6qd T Jalsd8:sX'gr۶c!hePkNkORLiEJN E(/g=o1M^UcK>Enu[G)bpR^v(֒TFvN?l>/H5 ㈺-Ȭm7=) ]kCȅAj3ئ5 J! jEMk ;[3Ʊ5lȘ })$%2loB,;KidžPRfMCY|}#>2HR!SjC-N\20k5jxi="#"B@ykBknL4q4C)vF AEW!"a̻0Ftd+21XgІ1e g-(-o0 ~8R&e jQ {hfŜ'yk1(v%8󯕱I)=T%@i !ȍl4J+rЊB-:\,NQ lOb4l,8!F62"[7\X :0Q,VI8jp2nSlBFhùJɐI:<$ҼжEOy*ư ,[(ZؤLkܴеhsC@)A`ׂ{bûzs 1Fe 1ƓS"1Ga|~Wz{'nB/Za@+08v1AtDZ/|{|;~Dc +{5 kY;IMӧ8ǑI1=Qɹ.rCwf<QTJ.QJZk3$rTι;$Fo! h[4s*C̭(CM COu )]K?l&\#T2NilKց@(eeRxƢU҂JE;fv2\1n Y5_O~[Z,%'f-R TUig-9Gx#9n4mG/]sV}o=w41f1y2vJ#1aG߯XѯW, UAwOW9grJeC,[̗s;7 $ <̋|Kk^})Fa s68hmS>r73Qwֲ 1cMyx g-;;K"VKeZ2c&H68i )h4Y]њ(U9v!^8 (t%(ՏV`}G) tP1Pd6q\C 1چ{a:G/[h:8ẃ{A$v&mϼ\Vv| k<{iSZL#ƭX &{2CNOˊRԒR8e31Vdh&Qꒂkh91dh`#rKc$Q((6϶ma6oU5h%F@am[rѲ(xqTF6!Vե2hM?Dp|pWHSkf0~ #fo||ϻ̕'m[BcO7ce5 Ϟ9QK(MC?Eg H%iY!B&{;Si ֬ew5Ls؝܏b }/k0NLMKz*$!0lzSJd TD ɀyVЕTRhVl<<֑UxCpnaw3<nM.bZ (L*:j1+[KORY M۠a.lUs}('ZYeDri8|=[z6.BܤJ1k,}\*1[3ȅ+Tּ[RJaoF)IC2JYMӢEk0np c0FeՒY$i(0#j|Y0G#zԪr[X[1n]hۆu/!ih;[ɥC)Zy54V^*F+y~M*rP4mb6NTY9R[ᜥ66kliZ9qE_5 $(" ->8!6Zج$gRSf#mxgq[41n_WE%v'B}}* }Ibܷ !Gl)F~Fk50>wͤKiz^#G]_QVM%TR \ȽbR 0Ek 2B)ScT BǴ\fycH0A௑\sV5Nd}ca = 8"wO_gyqW>8|`kN^>nAcc+yw|Ǯ8W#ozNjw9~ϝSX6۔eW*lFZ0IC9v/^(E)8ds4S/ȼkyɧyݵbd-㦧kj LJE ~?Ľw;W?k=fCŊyK)r-7eH֊XEګ5 !;HfjBV Hԛ61DYS9M@(jڡe8&!VoX)Z'/@=2Uh8. s 0o-N2hQ ƾ&>[bZC쮽Xm,!*S:JSϼo~q~;;HZ8/p{n^l7 A+Qtݜ"S읗7t]úo;ןkCRi֜wu(}_uÏ}Sd^Ah$i|#+-܍odg66qPΉ ^*~?^?sހo[̇>y>/R>%^w\\ßg';mq#f-(rޱUDډ%MB)=8C(0R+~t΢fg{Wz>U3Ŝ#9&\5BEuX4j- HJ! V\y g/ O̶Bjz#3αh\y)(VRR>Fx٘/-(4}|S ԽgEJZ6`]LL^'#be}j\?t7WݚtP"MLؘt]kS9ӧ'b{ƌ-UTzX2u=v:GO.Ck`o<ZHrk42hU[G?@5?۹y./~lƫ9p>lYi;l.jxرcOw<;wlICR0HݵS]g0}O,=ڶAkC ,3Iecxキٯ=?v)'r((hEYf>K"6-RJ,m(*݌n<^=;틌G:ky$bBIA89o| ^xmGKvzۿ4c}f/\@B)S LSLke|.-[U8cDh*Z7j).RfzL"^gۄ'wɅ-wPQwrQ~^!81}F?p?R#e$4QB_rmr_\&K} E:j\'Uc1oe9Z沝[y]7|Lx+ljߑs8p x;dqRW؜S憏~}[mkDضWxݕ<ݗқ>"DlD%2lcO/lo\a@B^)hmC}{o>K .t>|;"w_?W op>b <_=ѹtcSk\{9@!&I@BH͆Gx-{aݵDL]`dHF혵-LUQhڤ˥Ӵ'/`!J zsI. M=PdOi 4'ʠs͇^M;9I4z[-3-_ćyߖ : MSg /?Ȼ~y56-[)^ U5ơ.eC lKQqS) BKC)C5׹BI\ghڦ0Jήz{ocf}s=[92xv8קfBi$F*6)Ŗ-ƓŔG%W'l s&!8r'Ǹre\wnYT2;\{﹁WvFF;ŴNGZ W|kq䢇m?p P6eLF1G+svw! .:m{6CLS4uk:/Kwi^2yWi1!͋ OY(M7ZU(Ký7O|Cg·obF#Ec\dJ x׭P"C &}?ٷc~ߡn[|H%pt)NhZ3," X㲝[xs*HaϮ뮛lV+|yCl]^FmZ"Sv>E+U{wp*M;@IԒrTQ%Q &EQ0N|T2FzS1MW۵Q'hSi軆((Owب{L ~Ͽ}:~gZ̤7\/pR ,]Cg{16L-&5=rʣNEnqN5*KъIzHx3 f& 2rmQuח#O@D @*2ml/肧11B1J`ukڜ%26߹̩| CdR>\{ĊH#ۖ&:ᕓ2杷_S')&_G2O0 )3|Lڀw)+LP!yCͷx\u=.^>v'ϲuq3t1^< E z,h70@ϭrMr{lm3iEU%XLGS1ӎ+: Hǘ; CIB*2Z, 2f@H-A`*5B@jEDPsry,T(:FM45 x67fh%鏼m[*ub9*Sig$]ߓ[?w^ ODsέ8=53{uNv?|%nf?#( 1L<=?yw>|/:zT#Kl?IgBHl?s@ oa>!u-}o:Kg]{oS6f=[W.BZȴƫ ؽm=Y][ޔf|[(JUq*$ $uӦȵ1]w8#d N3AHh5Ma=peP"l]YGS]%m]wsm(Mz5,$styIVTɪLdu?|/ӷiwP[Gu<|׹b wMxċj(m1ZF5|}[IEN¶*cm#KK0`RI]ORL,4A.1x#2Iټ8D$w_η;/ ^8zy9+gc~2Y}3dJ&#}^}w\s;~#h+E;{s[J~(z5^KaNHLr jF֧,@:GKѱ:MQFGfEeIކbƼֱZbHL)JV٢ dah.2~WWuܓ<~g=i/r;-o+vێ K iJ? \O '9qv__⇿ vnǘl3M=aέ/~C咽NSGu8P2d'] e$7dFv5Jh!0佥i|b v3򬠩[֜=ʸ*kZ IDATc/؆mKo\+Vϯ0qO<25fuu3,G$ R­'sAa B$հO*풢@8]۷`!Ās>S=F;_m[f׶L $ Rs>OyWy7[J,ͻ>ط}>p=/i?o̫ko.w234DŬ m#3-X#eѧQF71֬\G/QaTe8VOm.l96!DEaR#O'%!XZ}WqMJ~ Lk=[O)^;QC~/}|wtb7W ޡUv/z!JWo" }K[1gW4mx2be_c﹕;x<"Mףw`6) 7kOkcK$6xF"DI̛wr3! Y2DPeaGzmYlFcۗ ί5)ʋ6Tt dd:S橋c󙇞cuVb?[ȥy֥1cdyn,/z'gH6-y^ Y񘈸 fӚ˜n@H/hm.߽Խ׎g=)j + %(t#= IK}ky=7ӿrʼn|}c`ִYx\0'|nD^(!iF'TEG wH v5B LX"$v>3=;X]CO|JG[O|g?现sέ2WOrjLr%vv?7q 'r8*[ǔy?xU<}4-IO})~'ci\bmBR"[ɴ qlb\ $楻H&2k,Y.*:ٶnm޲z +R]om<=yՏͭR7 KEF#C ,Mxx]5u̦srʊ;pŞЃw3}媤i6URq] ʯHmZ& q]CUUt]4_Ӛ):Iʈǟ= !lJY,v-x$%#ϰc? ֱk2[Fy]3 J%RyB`TߟtyQ]ٔҋàs͜|O@ 5yѸm! YT-+y-jV5S4,-Xg]tzj7m|"<{tgُܓjX\w ?{'-_,rì12RK֦uұ5i:JdćH_ _$y˸.)S7s1&;tBk[i_zr`ka2ݿ5Mmwf eY0/~7p\wN:LѶ}2DXػܐ.ݦ; &8ѴhT)n*p 4gKR*Em~;ګ@8zbt],K}hN?-wxkyv^8z?Λ1ЇD@nrE vsybq\b.L+2)!pH]꣯w(o-Z9T e$^?#gX%?D_`MaFjV8ד08]sᣧb6ڻn)#,FkRSdU9,9Cz!h") h"1$"}K#}vQЋ˖``bl2q>lS_%D :W6[0x f!q>TbFTYA,~륻dZX̻Bg"}8R@DǺ@Ƣd(fƥ@A4{w,-ziԳ# TMN h2ƹ^ 1 ,z2Ȯm-pp[ٵu3Fo]aq\ l;qvWK5{$R㜥=znf{w,qyqm{#~9]H;_4`B}i8ʪL H!tX[[EkIYxy8 L ^,T<9D_yEDhV&:ާyH::JRN"l]*9PfQ2HR@R Qh1A I^?zI"ON#ENVs"/YP0Kv5h %`FRU&%؃LB3{G 1+>0 :ziz˼,V9.feib8x9~sksykػ0}V00mN6&=[ެ*$ l#MX֒uޝ[PJi[S^z599x jX 2'O؉ܶU{wpmpz,g"$<غ2mS/aZÑ+\k;7C׵Wi}ӥBP>@ C9y<~`ʐ“i5rк@1!ZnFaTe4}cȴdub,ӿ\I>eNJHز<#5ix.>D>VuΑDH*Ӥsr~~ڡIs,Jl h ]똔%MKi֧a;X^SteT:uCD(C}z[ŀ,YcL&cdҷ] ম:ڶd>(*:`QJ<2C]v @&aTt}3 (.;xvgV7ʒٜÇԝ]w^R/?2:s xϝ( ^^=/nQueyӌ{O>.,]%_O"H6JHFbLF^-зs,1tf( k]3dg 骱MɊT1=*/10o:~wSa0P\l2MH=!1zsTʢ-2SEӹjM!%Yp>bxcd`:\#ǀv6oXTxqKw6Q:+%; |4qp}$s1b@EAz${DJu#Ӧg"=DD d\w;jyV2kj ۧ7-HB$޵ #B  `OCvspWktY &W0OЦCGyW.IbLᢻn>0K(CrS|Ϟuc߮|G1PMFc"vm[a-oz~nv2|}p^ܠTWJIWn ! Gv&c66[\g0 JTn!g5v֤.ȰJ7 Y4(2Dvd-*˜+vnAżɳ-c=R|De'" i!U S 1gȄDKm2ðMԼlY4Ly6JIi|֥4)[T(P6Y|Hgz>*\zs)bi65Zؾ\a$בYgU(L- ƑI!| /3M)Y}fka ׺@Y(z)%Ԍd9)%.\))m2;zU~kÎm+8 m.]m p!yʪb:oɌ$]^8r{+{/ہ%U7إ|p>2hCy&e·o>":uYc$y^4h"gV}k Zu-U5&9*?@jLJHlHIo{Kg%eQUIwT,Tih).Sf:(6!\Jcl$&Sլ,3XYZ.҇sV-QHRj0BZK4] MEL ݅qjl n91k=̒YY[+ét#"( 3\/yˤ*q!"6S Ɯ g%)"t#3i6I2bHu}g!{ iWGk3w~=YƼ!Xh\4.QZ^7`kk,.߱h:{O7!ZXF)3,XbT"yǙ qۍޒ#2sj7S_=F! ۶L77YZZƻDy;Os*Mٕx1ZtYV &-R<R6@g2:;`Nr8aO(޶.W&ka˧?S AP) q|e'ުE[t* ke.TRK s$B &bV{12փ"Oi؂2Uah:Ԉ"qgQZJhҷvsEN yN_gώ-x(&=hj! lCĺdo0߿Ս)gέqq2LF\Hј/kW[ywMr عcګ$;t> "!8g#k7^B8*Dџw6~o:DbVUEs?KoC с҂w(/ɵ&d^}1B dZ#+LiCI܈HwtMr&((b>%0kEF$F#RJ="rH_^4Z#{` J6$ͥ| 8Y %S"k anB1 Dy2kET/p1Gyҁɍf AJE {-"Y42YJmyF.aH:dT _}K~GϮme#}?b޺R7ƫ (ؾ8Io!׶0/p~mQ9[#&" mem=K{%Rı癌 J"\(%F*۷uIѧxt [Qضhϼ܄iZO,0Ӥ?%Bl(PFv=9rTbmv2-n%")J0ҽ̥КJDXBQF"p)D~qQ 3 銥{zJZ&_[K'Sy2mIQ76A5E"H)'cMrpMt4Mg$_3|Yf{'6fDHAo;R`0Yڴe "m em/F s;-|s(o>;c fkBsIuV,-"eچk1i#ڦyb%y\Wi]}o]Gf7BлJ:X|4)*P&ʾD4E4^ 0*AG2 Ktӥ:y1|HL@DXeUiȴaLg ɨdZFX Z4fQAQjJ%DsեtIlc(9RWEMiiՖiF+lxAԂ6{u*%vh|&cHYܺbo֡먛o>ǴiPy ()?II0V@ӹ ǀ(BB$m@I괧r,o&"Wqald9S}4QvSUQFg/+ĐH%Is!odJ%t.6 ͨdF=Ѭs&unfy&%JHB)t/=Xn]`,ɣn;7g| ޝ[9p^N^ȱ~${/ZVEFOx3}!rՓA f<> B@(c' 1;oCs[bk)Qᅗ+%)˜T IDATtM)ʊ`6u.qB' ]os9^!=sSvl]"Ӓh 2S.HmG@HMpKДՄf l>#(pzO~J4m192c}BdӶRg h(u@ɤR;GUh,xP^=RsT,] w4ݥT:9Ȕ`\(V&-vacnTڎM dRPIc@:u}˳h0Z2.r&e`#E9OFCLnmuee_?b?Ww|\Nx#x:Ɖ!mx<+<>G. #16Uє֧]UUhƚ_:u)\BK-ѵﻕn^'h3&xBik6.Yzm4:K]dDqaQ1\udj#Qkh)MQ(KLYOiDM~>QR!վ>"zɵnztik2Pk@ʛ=&!2Rl`~ @<]s`c^sdwWe-cn醎Ŭ金ZYJXm{r$U5l#wxч>GVJބ.G|O~wUP]Șn[?x[ c _o1njg.?q֜JCsBubz@xN^'Z"rJeB9~d\É;?Ga}:^X,d5o}wV2Oc 8yWa (+v_  u94H_2`gynjk|Ӣ GH 6fr U홏AcczBh2!&IҖ!z7Rndu lԍ?ҵ*¹~dgTj2K |AW9eTX$LJuQ%498IK*t4C3{%8CdГU@:1hF§慬zW"J.=8t=H'̕o#} ub.dL/?ȫo?es_?,W]z = (/]?q+N'٭R1J! cAIqXѭWF+Μ AJ%Hۼ/zyBO}~yk_Y乮_+|EMhAiCU5cho-uP/pըTz~(# q$y>y,!&чUffi[(ƘuߑS8bxR D044eJP\)diN_\ RݍbL\dtEpMmbg8{.KaE.=2cJmA#*vT m[ak 4 UG ,6OSs٪f hۆ[de3oyݍ XH ;|~s[f Q{x^Պ~˼퍯O=[jΞ>jsexԳp%A綛_N. g<?4lqXi$9S(r$ .{ ~~yg99'V>qW9xhkv`sT QDSgϰZw(e8r`GN=ǣpWPTLב V_@*k㩧O3̝7]֖<Dr X c{"c<B2cXP;rIg$,g]Xʱ4qĜ(HIJ0mC"Ƭ&f@5}w+HRu"Ry*ֈ*flcAnHi]9MSMkȬ5J3t 9 3.O)C:r%dMeaLZa;3Ǣ Q\r "'K/"̳//8hˁ9 >o>o,o&;Xw+;1~7́M>o^bP('xi~-wOq~rMS9l 6Ef[[,fv>;;?82CǕ~=~]k*8tx K(kNQ75T%^1:o-U]Cfh_w䬤Oo6X/25GlPH,vABm+mԙqጣ=]2LV^9Ce,]Hx#4%u"pb a]&)>g))uE#P[$>r,hU0JJ|c Le5]N3%jJᒃ1ˍ`35 DJ(D]Uo)k@7 9% 4ȬSW Jɲfӆz|;og|SΛ7>w;#z'k4ЁM>op%~wvYv#_@)KOX4\9㽀3s̓&̷Q$^iXll0{_3oc-B8 ]+%`]qIKdPZ =vyju'Z5 S R oERSs=N@X 2^TzG#] d Wto=q<$N?ϼ8XAO^SRzCNlCf{XGb)84) xik Tkm=pI6^ߎp1TNSUk0!#@)gJpʰZBN`eJrS*2ofMV !20>PW5(+ä0igpJC?C,>s3,tf3~k_ 9{KcF"[8z`׿,f3pwyoas1'3_BK0 w;9qA\yiY\D?(r:o),Z8uI{mosWoa`#q llRV) 7 W#z 3%&Q;m-}11e*Lnb7RJ֚i*#U|eqF9!iD90FXv=u&ƋQZeVTR5 c[GrQXg@bZ^&ڳhg9#;_E){m0O>/N"PS\z"r|_ל1o=0`!I")Kr=\Kp旳hgӧe=ຫq)Fc\ jCyV /d(yZAz!e xRԸ%(+^_4z. Ŭ'%ae{4ђHxLB~/(R%!T VkcX6Uj˘d18k} V PFQ4kO LzN=ߎnnaZCd1z]>vS0ȉ i*Z3X+k42™3FhYwTqLq1v8j1ƀ5(, lx%<|g{o>7(n_S︙{oq#(9|pۛ^pѡmRǟz|ٟ| 7^}\Ęx|_o cO~G)gq9]rn5p>zU<[sz05o|hYۛ7VJ "JtxL(+*"'v֢]E1=jVe$FQZQ5h0ZվX{s#f)j1ƈ.ȐS*#1DR/%TVxH1N ,1`!yg#)ry d*|꾇C(ŏ<& +Dp,Q\}8Um+d@/J+FR+E];Ɯ(J5 BͰC"A(4%J#* ?)bdc72)e{h| |-!8z W_N|`\kneٰC<|!w ˴N+w8?s;Xy[v;=xa(weM2 1|g_ǿmwnC'[8rhUW]YZlm- c{m&sQDM1hXԎ_/=_7(gdSRdFV,)8іMا!u] )BM4;v$jC@i %5BL X+5)bTlyf:rJ(cH1 w uFZR ZCJZЇ8,wm^S(CHcG)Gb_JLY4i=6g\uCgJruK`h#1Y-ڲ2s/~ s|vżMVt%*kH/7ABk* Ȑlײ5$-)gJ(U-S,â9ouqnɧO룼_͢8[!1 |ͿۛsH?gؚ7vDExӜm>58qq%Yu婼Gi[z x'םKR(y=aC%=q^uf=P8+W7@Αe*-m5xPʋ by'jRc3SECQ DLCc1ZI"=B R"<|qb[W>cla{JF`ƻ#!eJ>FI+c(R$Q*M[I^J12_PaS9:JTx6̚9RZ7 6HYd:c :I*g%8ڦm=z{KeV{fmb.U;F9GV}_'/q6ݍ|ӫLIDGb=JIk;4jc׍YFJV~)dk"4$_\FC0%ibT03¸059) xݵ \Wd6hWai=|QRy)Oj83>|8yq|eEs&w=Ecx%Ok?|YO&o"'ٳ|S_}_z8}!=U*5ǯZ傢"amu QIؓuC ]"⍯~9 7p=Y`$|SQ1kY/Xl.XH@ʎT(!b WTUzhHNFEi^j 6-Z.#uvFЏBdXJDFaxIEw 51I ^Y4N8`$^9~Xxr R 6lEQw{l8TnjP&X:F5˚Fa AV%Y'!TbȅjS97ØYjb-YTÈZv1Kk4mW IDAT1V}v1R%89,o[yǾȿ}yۛ^Gv8?MKqI;rO? ԕ!@JI5U5#Ɓ/9ޏWUmZqRR! ݚZS7-Lʞ~<.>~ХХ٦H) D% aOkJ_JRNHe+8Z;7@ k !hc(c1JRnc(V&IQ+ܻFYe[r`jJTx[g(s*U'6:-u K4kt!pK̪2UK7aE+URT Q B7H)J,%e< 1cLd NL^ǐ}Q'%BH#v0ĨkMtRTXT9)mQhZ{~q|{gz76\E 2C.DL#xxueO~'xu'WgȲ5ׇT j}YƮm18&HX2u݈8gbD8WGd"+NY5$0Rew3TLݳ F RH/dbЕdϙ0log=//1VVDU2 { H#k8teRt}bkbqNMEeշK5X.TP AYⰍ1ĘhvUS^I pZȈ^v }O#?C8MT\~tkv{{9>,O?w~{؞y$| P)EbT$e4Zo!GƱ8n~Rd)¹Fw H];nQ${W<~oSs?|wJ,y>#5ʴSOj4 q@Y {Kwv!0=MkTH92kgV PZeh 8+NVhbD~\jRzҘ(Zx(A{fQ q7S2`q&AZ ({_%vT_`9 i2<V+VLW8-А4$fITЕ"LHEile-'yF ȟU``HH!hkIEs& qa 8tk=0Fs!_B#E #):Kc1*w<A1L9Tf @,)1+.>ŷ|cGܹ%5Z<΢ѹ)9`ʋwi^{I.lGE+8ttK1oj:ѭz666($^|)YsNb$JLT8 ciE-;թ5 }32*f,%\& g=\I9ԍ**mR[s>TGCLhSPIg3; z2\.xb>{ E3N= "TjkZbcP|."jV}rY%CUh 3kJ,R2E'6 @ k<@6+J,fsr0;0VPiXΉXF)^(21)PZk}v3R۲Z;>B8|h[on.v.8G5kI!S?:fgD7 kr1|Ck79J @)O,iY91$;"YOd$d&A Lrm4dSY+ F'Q&JЈca}70>ʳX!Ly?ƗaR,fd(kno\rJDg/hE xp310H5:w!TIz!)-csL5{}ƓJi h(u$0(8  !b\"Hj'[}bN&Q 9bd ASUBɅ4DӶ+qXd6+'vkzvh7Ȧw%cks\ V#$\`ʛ RMw,/^ͱM(R, /Ny荭0FL^%vvQhq%8JkV$gB1F1U<9D3" <%)$TkPe@k#% a`Gg\$[V]ҐHJȘ M e@yn*!R5>/]WtC3l/Z,gO ­]f5HO-X6*w^TֆӴEIFE-`N)`am8)@['Y53&OE]Oe-&Fk5TM-{8EukZdVMJ<%Dhc$Y(`iMf[;)lUa75mꪥ-nЦHIGe'pfw E7Dzb[ S^V>yy돡b~3Ēq^Ig-Y՚~ݡyc'T`#!vl6GUhB5Z!RUk+YL\ ~O iJV9L^BHbkh#"ʉ$MeO^BΤWkV,UM5SXÚʳ{v1 }%<)DL)փ~H?$.?qWt=wq!e>qWmb>Fdٿ}8أmUE:Xc`nfֶb=v11Ĉo$KŬr!Du@FBH42đU?P;U ]$VM̑z`R" P(3"Pn_,K֊4'ł_yE\@[伭 jA-LȉY QZ)!  Yk\06׫@.27I1JT ]4M5X+9U]#L#輠uI8jXGNYF)3p/Drdd]T͌1fc)G iB{-R_/5!t8H2y DFkˉ;kS0Z@(:Ǻ"Z)\]ɠnRiBB18H0 7 C9M6T͜nQUbL)łkX {kְ\X[M¡| K_{k;s9lϹQʦBI)Fy)h*Ѭȃ?'E?4F{,9M7j;CiM"o=Y XCƆMʰQ+ `4Ny" EH gYss贜ȼrzI(>k6ZQ CHBȉcfĐ6T)`]=cLCcB`kdGl_*̤l+K)*fGTUVADUfʢF'D?UxhAl&nb[;3P+%ֲ_a \]J E<^J T)ʢDb+PF,r_.sZTՐrRaSx*m3[XfZz=l-v,eL:o5D61oJm(0&|USJYwK q SGNO)[yiT8FRsϟeIom mZ7ĥDIDW֡uE%' =E5yUM! #' E[(Vq*vlB:J3rl{FLC>"+E v/YPZ3S&x=o;qTEQkgZ#Ž>K (*E-LEӍ%4bYZe\59|`F"%QzeG;L%B4M^DE*Ev zw"rXɖYt0񒑕.^0TP4)ac QQ2to =8Vr EIx+AebhR b⻏XUZ`!o-%UA|ӣTA]2~s;`'lc ndJaekII܂a: @HȬC K\3%XVRWߢPiU1gWD UJ1hPKdfEL;i+/ny EmXw Np L@0IXg5cRbQC$"JY=95'ۂqC6hm@Vc,KQqmoB COa_7؜C/;ED̴K(I}Lѳy;+U5c{r1MBAنjzE! (eiEU& +Ec ØhZ3/j(c֡!͍97\s~۳T<m#ɭMuwZOzcIYQp^"%sI!Ё ~;P aBq '(Hmv YlH,E1& HdwI o). %H~%7p.[{WjYK7q@$EXOg<n{{C-~4Ϝc1k iI(/st}`us.g=:ͣO=Kr0<nɳg1t?5cs2o泆+/=ʉ#Anhٜc*$1FLF%)Ø$gGLhZRQ(r)ysyv}N{LX,p1j:rБk2N* 1R0$kAiS {Pf)a{1(3l ˠ>0|#PjͤKm(yTdYv6@T z2imBP{K/+W6AYdH F-ihRD0D¡dJ)"][S*M6GɫJ <&+h.A/mBc(pm˷X[jޣ++)RG%Hp2id}ﰾ4<&Y$yzDܼuGp4b{8ƭM.\kwޝй߈G5?2~o{y_뭄 7cyA>1֗M*#]yOd`GŴT4MK][LBV.$ S?Os *W ,{/:(3ۓ44kM:@LWvE&"1c.žFx1H\Q[G?3h%3+JT.S;4ֳcX[ff )RD*Ÿ@r$fhcmZŐ&ä)'rE/5RSTwVhMW)GWhmkH"fx|O!B)2% lGe='ٗ> ~ ̕Q |gҰ8K6<}*ggܰ#`g4ޝ-ssgk>i,Na$aoKo|,͖3S9)F+:Й!@%KiӢu%#01(꿓bk@h FqJ#ef XB0jd/i۴wf2~>Rbm$ "B*1=(jrћULD CV^0?ezuC MRZz {Iq5_4J+4e2ꤨBYGk!2hLId].䡃ަȧ5M&ݺ{\w~|Ou.09 ڎFeDtp]k;^/:X_u~gtϿr?wrkw,󑛛nsx>^t0F@,5x,NsdFH[Y. #(NͶ(FR :v߻-(tӹb4D(LFukLZg lפOA#u(ek77wy-޹~<3ӀJn-4L3erC[t\7gmKVHGkȋ YBȪYbL!R5wYj\v.-?/p6I˸nީ)ʌ^}tS}%T1"6/ K9ilGh ]M*I7m~f}GX5N]sx߼]~ֻ9ҏ~SGK?BLZ]N^JbosZt4xUZJHI\D2 XdԸ)JI*KE3Mj'P,Y5t`mokOx)S3*AT G43ipx"9Z"U AD&u g8i8c~tn֨"i8yǎ*{X_[ 3k2'2bd麈i2mAR'>3NL9kKcsE*|{/~9y *w~K,՛wRdZE2R*!w!.30CU-ͻWn7#GG,KζӠu߸?|<|yQ{_ot!Qÿ>PS~ΰ |e!ҧA(!hjGv,`2ȧGlR QRIr#ij}O%l$5IufF>EΤ>c~6Pd=6Xȍ@f\J=2iNPhM$E!\6 3̬>rO>vo ?a*0yi6wwx%޹vWnMStϦSRܨ.aw^^<>)NH9~Y_]dueA/gmc#U*eQ0mcv)t}MK/+ l|/q'(KؿgT^0?i& U,iSWh'NܻXZamx:ӨĶ5R¤iy鍋jvC޹zS3'qֲ87>cto=*Ntt;o~WcG ޱyw\dZ'4mdZؿLg<^?kkyu~VuG t.0X&qS3Ne8i)r\U07?KUh-) (F'foUJ C#'#<#:1Uees{Ǐv7nrks+7!fٳ$>rB=SWȍG9qx_օܺp՛wy.^^q*gN> k3B\~+ Su)Kg#µ۷Yzъ^;J{6SVm'tcm: xmcwtm;oūϿy^yũ|k\eKIe4t][*!o*2ȉS.RS;b̸B4ҠuRu/slF=ޚgwbFpwAŅ^;h(mt,0AB+f̗"9,"mq!)(~ ,*PEi:RAIs/?f"Rdxz[_ν-"ZuL y17nmѯJזx~9zo=Ҷ&B^خ#s~╛H@B E(x40oRRu䙤0ѫ VMvƬ-a[f%e(yk4~ksZvRҼyr`ρ=<&u˕wY#өZ: DE`mK^T3FK~qxrv2[Q z@)E$qUL1ʲ"{ˋ^HS WngqfXXeUvG ;;C̀$~9޼x%6֘W5%PL:.r2FZ!M^ʳO't ass@D>=3C %w5"@?O-[,OcdZ qB|+N&d4ZEr-@@iܑhm`AkpId0()BZU*Yp.-xA+4 ,`R(zga~5f%6rwp:9s7vz{g">yn^c;NYADpO>ȍ8"JhrwYWyٿc',oǔp (zdWPO6Wؿwx?kNshߞ_TQ j0OI@@J-UچϿV2 x|{X˓eN.osk7ɧN8RĞNuU!M1e)u9Hk'Sgx'N·m^| YfxWnܣL[} @ ES7x#,2%O=C 2g4jp`tI@~sN[th&ب{0&s[LFGno7Y|EH<%BH*b'cbKh'4Z[؇p^.),;  Ǝz,Bh\kAjM7AhڎZ$gf*sY *BEyaB3TY% 4@佔yV|董r.1%~4MCge@J!6M 2:O Eu)0o|+_~~m;[w^#?+׉۬,aCv:2חJ"IymveueGO$t.*w7y m\~~-q͉{ E"Mt$ qGQe jS"v%% Q{CI)Z U,LX,`=|%:'HA AFv\b :hFl$1SfDh-򂪐]Gex\8W1|[g9utO:5g߹#3n8.E^;3|,K~!ve+gY[Ybin<DZCXD/X`{VoH9~p-"FTu:(TZ auiv}*_]9y !$|3u]ԣitA5`;;]E ╛|‡?E+Y^`cu4|ۯ %<} ׮],mJyNBG.ї#E!)& Qݦ|uisVæ#<  3t& 0d8~bwh3\+2] \'NpOl@Tٵ^yO>|ģS&X! ]ӱ<7e1R+&{V();)>3Y~+^xm!K~'8s#3AGO}qHtB L> dݚ>e^O=Wngl[no7_OLQH3SH) >2RIqwdFࢥs `f&!}֑Kvz`byR~ߺr$'Nw>qD}K3,;ܾ F 98lnrss ⵷߹_gdi~pe̹2CpH%pOrPd<g[8yKt7]&GL$6KĘ $v]R9iB0˹wsǏsؓL@CB\#dV!5 St+4]>"yX%\" QGcM#DL.d4j(,-g*rnnQS(s?4ֳ;y #7)6 G z㮥k#e/<Ա^=wkya.߼ͤv2>k߿ĔE (N=1gUma}a܀ ?s7οuZbM;{V9{ ӿ"ȡ|㧩BP9mBL #At~lO=!izY )uV~!ze{aF TEn՚;^cP'8wm8wo]V7Dj;X(JڮAk$/ܼͽ;C,Й1:c8s:.Rɇ1(u.{wbswlXYÏg}0 i1<fоe~W>3O=F+n#d@H]7IQ=P躖j0FAQbL5W:ן{|>ۄL]ENxl%Jqk,D#QtMCi./z m2}66VR;˯#/Jvw<| MvK3="/EӇP.}[Q." ɘz&kKS'h]+4VEێLUsu0dFTYR)Ep"dKA`c4%Ҿ:#Ʋاn(i5.Tu/, 2$y[h4N~7`GFkϡMCYYgzFY|LŤqH$uQ=G3n3C۶tM]k± GfW6tmMPl xa.Yokp.P"di8I}d$P4̳OP}VP:IS/U 8Es<'P5`;t\s&>[Ú+֯,EV @JA>&DH]$ĘεihY-Xθ;Ͽ4G3Pc1,u<}߼^9#YÝms H7 JKJ *K Z+\P1' sIn5zIKw:F sϨkAq )Tح-HIniC#I@#S 1!g0qnwR*DR(YVAO'X IDAT{|׸}w.ϱgʘP>AYq1 Nk wt޳sk 4(ř#{MɄk"J_,& A"[2>5Z/| Ϟ"c6̰=ywŹs3P@!"a/7&Kpi?{ZI[:qΦw(u7Z%Tv4DR)r2GD@'ڂ 5 G"K޳C,ۖf2:ٷX33p4aynIt)"Q ^n)d+!ۻ "vj!TGQ@5 OPd:c`8q Cg;XGiQx"GH?Bq"0)d "6xFhB fAࣣTEg.ɣxBfDJIOu5R,c z0{u>i[̳m7nsm\TE3Ԍ-!xfKb%e^)1T",1{I|L['G%+RcPDδX`wPu?#ؘG0J@.;l܂dXlm7LZd%]ےM|Ԟ<5g_d.MW|3u:z3"=ަ""#d"YyTBi"'x\!3B+CS3nPd7LJ%%ҥFH *tGpYJ_4EW)+(P un1"dL(N>z15-J)6VY_C>Nnmns]B((w1S_I>84QFӵ-J$ 5zWtvrRvvP0v17O]dBov3ŧJ{LaX^ڎnNbۘ>EdRmIK(霧m;Lp%j6h@a*_Q.< D蜠ɵ;lƼsc{ "#!/1}eF6MU P>}Z0O[EgJK'<UV&=MBl "0O#4Ehr: Im?[W6!DFeI^A)$Y:۠$̀Q@/2!q#FʌT B i4Rж-1FyA4?ǎFCTٙ3UɱMT\z?x#֯G7:UQV*TdZ"EDDRsL@JLv$Yd8~u!ϼR%BHM]*zmh Z30$)jB5D Q>DE.GHQ(&LQqs;׷Z޾.#IL)ZLN3}y\yMNlzOnGIEa]#{xmFT4[ߛ8uutZ劧Opx}s_P%KflzM%(֓҉69IIl=R2iEjRd]) RBLxIoģ΁1U:hphCS~/"!xt!KBẗ́n<2cw8ŗ^G,sg5pڞg>J~~G6ȳRƓ]0_{NTZ|N%Ĕ@h#.B $"N`Ʉ>D20MacכhXGQ4M'-*O6#9R)sxU=uԣXvG5. F͘5Ñڝ^>wwo1CծE '6*ŠȘF${LF=M,>?)B΁N˝qk;ڀP$&W^/^GIr-9uhGaedy~lGQd,RǏ'(PRO`oR!Q!e^d2&dQZbh]LB!FEn;HLӕ ,]n0ŤMEL>'( ?- K |lnBswln CJevCkxpDzYhmtJPyb4QU U/Y k4BO&3dyI3=ݐ补xסdsbHB-P%FI&4[!:"#wh;#vw'{{wosי4>eRB?{ ɲwRUL>`0$H( $"E2eѶ(SٲBaɖM!Y)(%˲i"H@f`޻2z*{=3̗{Zurڈy='&N Աp(Qh A^NRy*AuexµQ4dyG1-kj Ɖ؝D1%+yܘ*T^JǗ=u3cs{Opr{c[#FG HBB݃|( e#ª/.RM'd'1pL]Ua&*C)PUAm1"tCYTa6 'MP;@V0k J4 ܯT73fI2 #8J(Y`%QPU%JŌ8 $(B@:5tiG$" 2 ,Gh_9J3\U# &=FePtVNs^xק<vr&y}Pbn i5go$ܶE8>fs<`kh^V1\-(c1[&Ӝk?P ҈T^a% i yx`IY±}Ř-UYtB^ J9a5YV4b&TjCgheC8IPC(لDx_2f=4Smsilc":ZIW$C"!eDqC9N|Pf!yc(K#|Deϼ̵ ū\/]ΔK"|CY4ruB }cCl99ẍ́ &q1+qtd*[0=ADa"Q } ;QM QG fa2RQbAlV,A& ( GD)% iS?|\%w _ x/\nypmsmro<QhlW(?I(3&uQ\&&~oj0F8p\Y0E16"rЂQ6BH|@)֦uc"$bF'dU aMP5ڰ;a4QSvlhVȘXZW٘*IJ:g7! pՐSt ( u IU*T (I49q)^+k1|wNY̻h m33[}I:ͩ0&1S'njӨdž{cērđA.MflPdgs6jkiΒA !{3;$040)K6F <˒QU k7 Ʃ˻$V QFTk<{&MIOǜ=;v<+o3Y|y'z/+<J_V9"E~ͭ (YIR֦xMz0F)KORV3$!!veL#V'(cldQY(m:.3ᰩ$Z|xuNQ1,'QTJ6MISDcm*8_8_ q0&+r@ ʐ#8a9V+r"cy"/t6!MR*+tlLO1+J8@ Nsc=uAxɓDZ&q(6(PxfٌD8ū .kMjT`zI ǕP:6FQ{QƆAb٭96NL}UÁ= [Xm="PplUBfQw%8B !jX^jF&h2Tk8嵹1 &ES8QR1.Iͤ/| ?$M? `@9AiBuKUV(U0ZኊAkPA{!SeR3)3KEN'= ,puM]x爢*˨U HX1$ԼAEBY./**c,"ڕhJŔEE<8( 5 5c+>} Q^8td:qD]ddeɱm,G)OO3+J3?]|gF<=Ć s m3-s* JRh2>! [;(HkzJ J+.^""SK*<ѐ%=ω)VEU$!j&S uJmĂ ;b0rll;Q2>Qzc/=Wv f5yY!X((f%6mSJJ6DqDN)Ck"Ms4&IRR8o'+*~>M<WܟO#` !fBYKUUQ<:bAy&Be3~+T ZЈ4t a0PSUElL]a !R '#7*qĻ%9ZpkM bfb^LU9C)!M9ʪ cث =UUl6Cdʲ Ne~|iQ؇ćSuF eU!0P"c1{=PV.hRv)[c|hT8\*Ib(༤0H\3|Il7[o"*ލ16Q b|`d`a$ P㫒Y8cf8PV5a8mQ6h "DI(*5*u剣y8tKBȦ^DQ ^PnXj* `ABQ).?±qSZrwZyAQ4Mx 9Ƀ (IL6>t4:$} ;%yqYKD_ ð]ՌF)Yc ",|IUŔD\#zYSWxQ\S0L$(A=pU8 Ln\Qm$1ٴ`o:ckIPx%|ZC?ֈd"0JSql˳UՎ ]uU7eW♕92 [ըfWjC6y/pѐ vv[YD떡WKVo/N9\M^Lw ӝWWMM3ܨ8^u'tP1M#7=rFYqLTeذ+KJb F_q]?+'?=.Dqx q08 TE=ع@AloVm"jWքX.(xW"&C`6AF|ZkF/qx$#$ b$n]5q1M8164(,sM&mS40Mc,A]~s SͰk4>؇&c!iYMhP64)up4&k;g,YnUY)7LwcvG3C])3}e=7~mnh 58[VxdXEtI3R|PQS%u]bL !ehӒl:m҉3h8QΗu*6 $,c2ԾۣR( 8MVpc0x"턢I&4 U %ߛQqESeyO(Kˏ?E|afc_՟G}* 4FM"gh|HlU 5l K6۱K]"0E*Y?0p^O'NQqu˯5\󩦘ZO4VHts$ly-G 7 *0CTyAK?~ݏ{YEY;~铿'?%>y˽g6H.˒d4Fe{D!U6KndjG(aL(g!4Y6c&i&h#MvHF(4Z;EJBCQe'{O HSAp>/K)I\c}fњ(N,H MX>%JX^SَZ58D `-TUj68( i?|'~rL>~?;ӬpZn8!cU8M^i&,`3|: ؁RAc0f6 & q e$;h}7)q-QV|: 6w8u$I8bsk DNxcv) SwEamswO|*9F1/?0$U5AJL1Uae6ec7a*|=:Ks} ͷxO% b AzZ{lnբ\v>g$Kxֆhm0& [c>Ѓ|郎 ^#3N6 hBcb=Btzy;O|7?ϧ#+*~3_x<͏w/ iftv*k"H ڑeQ> Vk5!$+3P0m\}J ˢ{ K:hIpXȵ_3|YQ%h4yQH x_s#s=S'~3iŸBGxxPtdӘ//?2:PCy遧+QC`0oR;H34J:܆jR i(AW+:ޕQxp!~׻'_W>yO “Ͼ|*O+?{[XH3 hcCTj PDu56M/0'.tRQ1MPGAth"FxvJeAOҘ&5 -MqeM2R5q<`w^ӿ%~wfwZ.P*?Oqj^R'iW% Q5)_1^Zr0GZI;e1مBBv-+hKqyc+t~XBG~\D03s|Zy|{Yg~FA {=b Q0Ʌ1UZGhjmgy?gYz!8ˏ=WFkz>}};lrj{ԛ଄)c ^6r.N30qhs{ɔd4D ߾& lA6R9`Rc8:)Jh@% k"tʜYͥy|kO?:WOZ`V?A~O:KYl#P_QsHiM/X/\|),]R*t`Me?w6u+x]"Tj1? 6>Pl?`H7|7 uʉeنDž1;;c`L (AN;L,rEF(c)=Ӥi7vx깗}?N #${ŝi!mȋ09XyƊi*J GUF];D<&E^ وl:pTo\Ya~b8ٹ+H(1#&1j^8wg]w58[A~zu[idҔB)E$IB1Uulz ]Jxq˗~}yP;e1_@E+oT!U dљ,lPx9O הy]?h~#oUnhQ;ŅGgٿ-{>Zr0%$ejV&р_7Bآ{n6r:slom2Le9ao^"*(),qeft9^),ՍV1q֡˺030˘f/\yŋ<Rejو:Q`Xŭ|O7m {!}*'$gaxMVpQ_Skd|C?xȑ =Ñ*dw(b"lPZQWX"JN|}o?«<|¹K̊d,GzGz `ۃη=w;pFq hB+IJ$%nzHThHv '%t6#\۝p y_Ɠϝcw2vyxPd54ɏ|𞷿Ϟ" =Al«E>%Dqܐ@5/?qitw}W^ؽܭoRmvq[{dA֙VC6jn.}Q:R 4N'|GwTllYtfe$t ?6NNp.^B][jAFC4Wٗ.'_&Ͼ*N|K1*Sf4VY{oI"348'LVӬPaz{*"pg{3'O'14#ٗϰ*BD:w\llhDR96\xϥՔ* ~!>\;Rw'KRt e fN?7-PKZ;ڄv|Z@^oH7XQ ?@EQ^_CmTs= @1ReSxh8$` X QT'F>1;z?g>@Q\~,׹p\|s.ԳdaP҈_JFhy;O}wrmΜ<'8sqm.R*آpW,3(U%u)FAEޗ(qBsyMnb@erO^+{$ K1OMi# ECc_:/P΄( !>@{)J8yq=oyg;MpA3 #|#v E`_a(QWY08BY3N<&uUcLjs5ɄZiMۛhT6J06n& Gh& c|Flj$hlBs11H%6IEHC1z( &:+ȋY`֊UG(=`rW4~6MX"kr)X:%Žل T(o,G##)/PX~Ƕg2@<\0 \js);Y8{JX(c U1,ZYC5h2ܻm8 vʪ"R6G U5BíJ@ŅaZG0L)=b62Xf' Ucu9c2FM꺦r 0e 4&N:/y#^z$evM51YYc(S$pW \ssIXBǬNxz:x3|DArpiz[A5^n#Y^^>LhI:h!s ߻xg'N&l@ݟaMǡ77`#u"t *cNЀR()C1Ci1Q4RS8k,F5"(_P%bmVTBpk"Mh$Lft30MQZƐg3l]76=:s1aa;@@)UZ\ ҍzOw+'4~QSvR}!81Gg#_[,fot+bwлB _LD--D ku\zjF©=w=5NFMx(e<"AOkM(JIUYDNPA&A`Ȃxf@5Ee55*+m`&aTXcxgӠ!QUP%v.(2Fۘl1nRLG< xɈ svĻb妚D`]:yhe.CEBMνB HqCsŢךyT7 , SWv˯ݗ}ҳ`si})U%sS(pNk_sh%F+_lʒʰ֠\󞆺+ANs0X(ʌ 4Hk 5#PuuA:D=EQ`LF[CYVh&ҁE(T"y[\x~OZf4a\Z7rZoJaxNE<3:+~]BF.zaG˄T!-blx>fmws&/k2S\zpiã&apN',ޔ8ޣKa>s\ӁhFx_S9F'h,*2es$NPRpu@@tS?Ƅ>Wa °RgS+jjQ%ܸr43Pyݥ=9bg ױM 8:h\Z"!*gEm'PC>Э/SGx+k^CvԍB9Q1]UpNlp쎊Sw O;$Ca8N1 U. Q Zhuh*uƴ(€M)fiNY/8? tfqjU0d+c_0\=pB%C9/ dj l*PpyTS0='kΖ~> MltRzͥ+XM>ˤU/aU:Šm:Rqb$ 17Mm -ag|q 7!g{P50MD]$M)u(䳜Ez4$)bo${  K송4eAwunJ 3 ,H_D`C@GN U|`&u#,oW wNuQp@8pSE1UנF imac'z0([cc!ZmsdlxY!}ULQ̠4U޾̣٫զ濼]OAOȢ(0G'PI'{vB#!ygx{ë QQGQ_Z՚Ͻr 4U̿::(x(%9k^5(5d ]@}NڟՂ5mO̾%FEpF7x:#zVP~dO&krUH:V>*Yh3" D1l*QZ!XoV9V"B3pZRZ.w3"D^}ŷ9 }svU.nObyly!c?j[nRZ1uD#մYSmm!v_A,!~?^z{>nNzEj'+^y vħ օ',LnY/nʣLIRU 2~tuxkYb`b!D_UAVX5P;] 8tjEWIo<WkNK1 eUc u]!i}[tKOp'Ho_z85DZ(x%-oodrŔ.$1+Q(}kQVջ>w]!G,"B5oMt tL Gzu#FGV)*ɿ+lcq~X5;{7Qsds G9wlWSLe{q}Vqߏyw߯yB\lu&u'Mۇ=sEy_q -J4T[xc(ճ = NBPuUs:@OAɤ?d@nx#x$!:'߽_!~徽*j~?(\pu4~Յ8rSFgǷY'j JP~_Dݫ8~"h2\?&4zzj;:{=V֦#뢎ʀW!׻)eoH^K՜)9Z0is nW&wZQj~mWո5J|a"+>wTsV/?-M(l0>ټW3&r֔YupGCWYW|WX9rDgZӭwEt"%w>grUB}Q9[rH:.+܏[F?galp:zKs>W vhݡlA4Z ܁2Hp6lnc"J?g;_2f\ zSecttTV{;h@~'pU#t@z}*?뛞 0o;gغ=LUqp<.е~d0/wa86rZσb|au]ߡIsM&R!$Lu,KC9n9: JR|ob[ QWuGoHW[51\ݖcϾ\ًuج ?-=Ќ#Sz#GoZW%&ΙUf߇ ˆc7mc>"y`Vt<_"+rZuu:,@B_[7B]e=Bof=UbQwB\e΁Vz r#:1hB}fYSk=V=]y%ml.󕱶qӃjΓܟD@'O~s* wwCuaݏYT+T_ [+غ_cc̹+Wl}0ߏ 6+V}pI]=s6\18 0JqJٿ|'ZױkMM?} 6È@K 6"nuVTX98z1Wj;PK<K#^!>sbnZpQY}hVZN9]W$}BOIDAT G&]\v_#W6Kz@_o{V.JSxߡx*{|FA{Sj94Y\ɻujBi1[у GM+h۰Oz˴c~f,&Xj7aѻ"`-HS㯫/yщ@tK-׾/NB;mnY' od Z۹)dWMɕSɽZ Q!a;+QU+EXt(6h/-$"\IU5yhtLqP] Y[_ɣ;+zܾҎ[Lnfc5 %,6@.s*WeVM/:aUGv+k]C`"#ZẼ#s)\?Ptb[n5)G2E3Tk>PN_tVjYb|{KW}:z ;-ѧswvNwn?ҳø;Xz&~w̶3԰m 7Loe ϵ<ε[rURU %y/"]JԂ&޼Q{r!>2k]WҙtO >K&fׅ^{d緾v=Y떱ԭk^sEMmv"frM..mGgmb$[:Cjy.B.d {U( R`8.>p5z2ptQ~n;*@Xnu; }|*w|ݳtdO^)5[Zi`6ϴTp1X 﫮`E:AHdUدzR׻(|Y}uu k JG ++8WfO>ս_}d"Gϯeu9w@V16ˠH"8.VL7  ff: hr ǯSe 0*[~O>2@2c{K{ş_篋'zҀ7+F=Bc< +S]5Wf+:thJ;SkSvB۝=8\bM MfRzBK=g:?ˮ#o3e|@|ZuYgj /KK#\fHT)m4ŽzaW=k@[``Oblm+P73ޚyM@w^!=>ުF{8qŤrxds܋E_=}ֺ?-o7vGˁmQ(+qᘾޛS6F>,G^Pٷ&7zMO2ծ*Ri_4/';\2~R! N2s׮\z! ӵ;yG0z̀iz6E#8UK8..`nZCPXFꔾ#~nbVI8 n]aZ]sB_(cH5L7&4p^_^"Wٟ'BDV89w8[5D8WU˲bV}Yվ ?-'b,"ԫ$V1BvV$:].6hSl;2g(P( FXgPoFوf3 tG:"DFEQlUm#*pVtE(#GҝDqhMEk}Ս>uX_ eyu_sMNjW;ZUQ$*_MSSU&DE$Co(?s|*PXoJVځȼ~k r?iX $H:UM'\ QR-jd@cǍ6Ms2x`6Ԍ"82IdUl(k2`Ve6 Bxk ZYv1T#(/Njr޻K];Tu-|Qn ?Jչ߫w%ϻ`Ю98z>YJ7%kx]Fjo dc}i(F-L- 6? ێܤ#X(J5'4kjCV V Ֆ-걉XH&֩1*FEZ+J_n`ZiF+PJ).J)}m}5ϩ͌dA_ADċ ^@D"É8n{vTI%/\3W.^=u7_sx8)xjws?~fE ֭BV쪣?VE[ o>J[p!" ݊#Я3Xz3ǷG#wje#nM: a;r)qy<&tgPkNuǣ>.G$`oo#UGhW7]}-Ӏ5˵قp҃ n%BXuvܥ:np[,-(+k1*˯m}_ xKΙr;t_@t9D] p۫" OBzݪ#0t9eW]eU˰˖CZT|G_n|;%7a ? ʟbGR!{\a _!&`쀣 Wn;epX^03JOv !zrQأi{BE~-.y*9_ 8w?Dv/`Jʽ)e,bZ_@gS4H{& #X5{ޒhF6 g *Aߞra Gd{xn? z |Ɇ?Ve$CxF8e˅~Ÿhj{4n ܛ{4W5zbe?:YC_ N/r\eWTmۤh {dȨw@a a+du ]15t2{0~;.M]R\W,%5 (xf4Ơg@x֦^֩gk!tzZ (VȳVRXwV% h(;_iwld`aC4*a>jn|mt͊>Yt,e ,G}w4 b93cV? ~(Af4 Q Q"0[":  ! e8V$6d֌@ygnGxr%yI3/2W[ `QC@Kad=g54O5 `1yCudW'b" B!X to@t;"DMiF 0z|$jNL恺\o35*{>W `64-~_[E󮄷\& f!OoUpݱQFi=?T,a((((((((((((((tt3IENDB`pg_snakeoil-1.4/pg_snakeoil--0.4--1.sql000066400000000000000000000000001450164562300174500ustar00rootroot00000000000000pg_snakeoil-1.4/pg_snakeoil--1.sql000066400000000000000000000031441450164562300171100ustar00rootroot00000000000000\echo Use "CREATE EXTENSION pg_snakeoil" to load this file. \quit -- ------------------------------------------------------------------------ -- Text Functions -- ------------------------------------------------------------------------ -- Returns true if the given data matches a signature in the virus database CREATE FUNCTION so_is_infected (text) RETURNS bool AS 'MODULE_PATHNAME', 'so_is_infected' LANGUAGE C IMMUTABLE STRICT; -- Returns virus name if the given data matches a signature in the -- virus database, empty string otherwise CREATE FUNCTION so_virus_name (text) RETURNS text AS 'MODULE_PATHNAME', 'so_virus_name' LANGUAGE C IMMUTABLE STRICT; -- ------------------------------------------------------------------------ -- bytea Functions -- ------------------------------------------------------------------------ -- Returns true if the given data matches a signature in the virus database CREATE FUNCTION so_is_infected (bytea) RETURNS bool AS 'MODULE_PATHNAME', 'so_is_infected' LANGUAGE C IMMUTABLE STRICT; -- Returns virus name if the given data matches a signature in the -- virus database, empty string otherwise CREATE FUNCTION so_virus_name (bytea) RETURNS text AS 'MODULE_PATHNAME', 'so_virus_name' LANGUAGE C IMMUTABLE STRICT; -- ------------------------------------------------------------------------ -- Management Functions -- ------------------------------------------------------------------------ -- Update signatures, returns true if signatures changed, false otherwise CREATE FUNCTION so_update_signatures () RETURNS bool AS 'MODULE_PATHNAME', 'so_update_signatures' LANGUAGE C IMMUTABLE STRICT; pg_snakeoil-1.4/pg_snakeoil.c000066400000000000000000000147201450164562300163220ustar00rootroot00000000000000/*------------------------------------------------------------------------- * * pg_snakeoil.c * ClamAV antivirus integration, can check given data with ClamAV * * Copyright (c) 2018-2019, Alexander Sosna * *------------------------------------------------------------------------- */ #include "postgres.h" #include #include "utils/builtins.h" #include "utils/guc.h" #if PG_VERSION_NUM >= 100000 #include "utils/varlena.h" #endif #include "miscadmin.h" #include #include #include #include #include /* * Set SNAKEOIL_DEBUG to 1 to enable additional debug output * This can produce overhead, only enable when needed */ #define SNAKEOIL_DEBUG 0 /* ClamAV defines */ #define NO_SIGNATURE_CHANGE 0 #define SIGNATURE_CHANGE 1 PG_MODULE_MAGIC; void reload_engine(void); bool update_signatures(void); void _PG_init(void); void _PG_fini(void); struct scan_result scan_data(const char *data, size_t data_size); Datum pg_snakeoil_find_virus(PG_FUNCTION_ARGS); Datum pg_snakeoil_virus_name(PG_FUNCTION_ARGS); /* * Holds the data of a virus scan */ struct scan_result { int return_code; const char *virus_name; long unsigned int scanned; }; /* * Global variable to access the ClamAV engine */ struct cl_engine *engine = NULL; char *signatureDir; struct cl_stat signatureStat; void _PG_init() { int rv; /* * Get different randomness for each process, recommended by ClamAV */ srand(getpid()); elog(DEBUG1, "initializing the pg_snakeoil extension"); rv = cl_init(CL_INIT_DEFAULT); if (CL_SUCCESS != rv) { elog(ERROR, "can't initialize libclamav: %s", cl_strerror(rv)); } DefineCustomStringVariable("pg_snakeoil.signature_dir", "ClamAV signature directory", "ClamAV signature directory", &signatureDir, cl_retdbdir(), /* ClamAV default signature directory */ #if PG_VERSION_NUM >= 90500 PGC_SU_BACKEND, /* forbid changing directory after startup, restrict to superusers */ #else PGC_SUSET, #endif 0, /* no flags */ NULL, /* GucStringCheckHook check_hook, */ NULL, /* GucStringAssignHook assign_hook, */ NULL); /* GucShowHook show_hook) */ EmitWarningsOnPlaceholders("pg_snakeoil"); reload_engine(); } void _PG_fini() { cl_engine_free(engine); } /* * Initialize the engine for further use, this takes some time! */ void reload_engine() { unsigned int signatureNum = 0; int rv; elog(DEBUG1, "reloading ClamAV engine"); if (engine != NULL) { elog(DEBUG1, "free existing ClamAV engine"); cl_engine_free(engine); } engine = cl_engine_new(); elog(DEBUG1, "using signature dir '%s'", signatureDir); /* * Get the current state of the signatures */ memset(&signatureStat, 0, sizeof(struct cl_stat)); cl_statinidir(signatureDir, &signatureStat); /* * Load the signatures from signatureDir */ rv = cl_load(signatureDir, engine, &signatureNum, CL_DB_STDOPT); if (CL_SUCCESS != rv) { elog(ERROR, "failure loading ClamAV databases: %s", cl_strerror(rv)); } elog(DEBUG1, "(cl_engine_compile)"); rv = cl_engine_compile(engine); if (CL_SUCCESS != rv) { elog(ERROR, "cannot create ClamAV engine: %s", cl_strerror(rv)); cl_engine_free(engine); } /* * Only log start info if loaded via shared_preload_libraries, othervise * we could spam the log. */ if (process_shared_preload_libraries_in_progress) { elog(LOG, "ClamAV engine started with signatureNum %d from %s", signatureNum, signatureDir); } } bool update_signatures() { /* * If signatures have changed, reload the engine */ if (cl_statchkdir(&signatureStat) == SIGNATURE_CHANGE) { elog(DEBUG1, "newer ClamAV signatures found"); reload_engine(); return true; } return false; } struct scan_result scan_data(const char *data, size_t data_size) { struct scan_result result = {0, "", 0}; cl_fmap_t *map; /* * Open a map for scanning custom data, where the data is already in * memory, either in the form of a buffer, a memory mapped file, etc. Note * that the memory [start, start+len) must be the _entire_ file, you can't * give it parts of a file and expect detection to work. */ map = cl_fmap_open_memory(data, data_size); #ifdef SNAKEOIL_DEBUG elog(DEBUG4, "data_size: %lu", data_size); elog(DEBUG4, "data: %s", pnstrdup(data, data_size)); #endif /* * Scan data */ #if defined(CL_SCAN_STDOPT) /* test for incompatible API change in 0.101 */ /* version 0.100 */ result.return_code = cl_scanmap_callback(map, &result.virus_name, &result.scanned, engine, CL_SCAN_STDOPT, NULL); #else { /* version 0.101 */ static struct cl_scan_options cl_scan_options = { .parse = CL_SCAN_PARSE_ARCHIVE | CL_SCAN_PARSE_ELF | CL_SCAN_PARSE_PDF | CL_SCAN_PARSE_SWF | CL_SCAN_PARSE_HWP3 | CL_SCAN_PARSE_XMLDOCS | CL_SCAN_PARSE_MAIL | CL_SCAN_PARSE_OLE2 | CL_SCAN_PARSE_HTML | CL_SCAN_PARSE_PE }; result.return_code = cl_scanmap_callback(map, NULL, &result.virus_name, &result.scanned, engine, &cl_scan_options, NULL); } #endif elog(DEBUG2, "cl_scanmap_callback returned: %d virusname: %s", result.return_code, result.virus_name); /* * Releases resources associated with the map, you should release any * resources you hold only after (handles, maps) calling this function */ cl_fmap_close(map); return result; } PG_FUNCTION_INFO_V1(so_update_signatures); Datum so_update_signatures(PG_FUNCTION_ARGS) { PG_RETURN_BOOL(update_signatures()); } PG_FUNCTION_INFO_V1(so_is_infected); Datum so_is_infected(PG_FUNCTION_ARGS) { bytea *input = PG_GETARG_BYTEA_P(0); const char *data; size_t data_size; struct scan_result result; /* * Extract a pointer to the actual character data */ data = VARDATA_ANY(input); data_size = VARSIZE_ANY_EXHDR(input); result = scan_data(data, data_size); if (result.return_code == 0) { PG_RETURN_BOOL(false); } else { elog(DEBUG1, "Virus found: %s", result.virus_name); PG_RETURN_BOOL(true); } } PG_FUNCTION_INFO_V1(so_virus_name); Datum so_virus_name(PG_FUNCTION_ARGS) { bytea *input = PG_GETARG_BYTEA_P(0); const char *data; size_t data_size; struct scan_result result; /* * Extract a pointer to the actual character data */ data = VARDATA_ANY(input); data_size = VARSIZE_ANY_EXHDR(input); result = scan_data(data, data_size); if (result.return_code == 0) { PG_RETURN_NULL(); } else { PG_RETURN_TEXT_P(cstring_to_text(result.virus_name)); } } pg_snakeoil-1.4/pg_snakeoil.control000066400000000000000000000002161450164562300175530ustar00rootroot00000000000000# pg_snakeoil extension comment = 'The PostgreSQL Antivirus' default_version = '1' module_pathname = '$libdir/pg_snakeoil' relocatable = true pg_snakeoil-1.4/sql/000077500000000000000000000000001450164562300144565ustar00rootroot00000000000000pg_snakeoil-1.4/sql/pg_snakeoil.sql000066400000000000000000000020241450164562300174700ustar00rootroot00000000000000CREATE EXTENSION pg_snakeoil; -- ------------------------------------------------------------------------ -- Management Functions -- ------------------------------------------------------------------------ SELECT so_update_signatures(); -- ------------------------------------------------------------------------ -- Text Functions -- ------------------------------------------------------------------------ SELECT so_is_infected('the quick brown fox jumps over the lazy dog'); SELECT so_virus_name('the quick brown fox jumps over the lazy dog'); SELECT so_is_infected('Hello World!'); SELECT so_virus_name('Hello World!'); -- ------------------------------------------------------------------------ -- bytea Functions -- ------------------------------------------------------------------------ SELECT so_is_infected('the quick brown fox jumps over the lazy dog'::bytea); SELECT so_virus_name('the quick brown fox jumps over the lazy dog'::bytea); SELECT so_is_infected('Hello World!'::bytea); SELECT so_virus_name('Hello World!'::bytea); pg_snakeoil-1.4/testfiles/000077500000000000000000000000001450164562300156615ustar00rootroot00000000000000pg_snakeoil-1.4/testfiles/fox000066400000000000000000000000531450164562300163760ustar00rootroot00000000000000the quick brown fox jumps over the lazy dogpg_snakeoil-1.4/testfiles/fox.hdb000066400000000000000000000000701450164562300171310ustar00rootroot0000000000000077add1d5f41223d5582fca736a5cb335:43:The Quick Brown Fox