From b9d9fe1e9a7b3f98e11c264f36a44c7d36923bf6 Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Thu, 17 Feb 2022 08:54:27 -0700 Subject: [PATCH 1/8] Clarify that the X-Matrix validation uses the parsed request body (#3727) --- changelogs/server_server/newsfragments/3727.clarification | 1 + content/server-server-api.md | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 changelogs/server_server/newsfragments/3727.clarification diff --git a/changelogs/server_server/newsfragments/3727.clarification b/changelogs/server_server/newsfragments/3727.clarification new file mode 100644 index 000000000..a20297b75 --- /dev/null +++ b/changelogs/server_server/newsfragments/3727.clarification @@ -0,0 +1 @@ +Clarify that the `content` for `X-Matrix` signature validation is the parsed JSON body. \ No newline at end of file diff --git a/content/server-server-api.md b/content/server-server-api.md index cb9fb640f..349649bd1 100644 --- a/content/server-server-api.md +++ b/content/server-server-api.md @@ -237,7 +237,7 @@ Step 1 sign JSON: "uri": "/target", "origin": "origin.hs.example.com", "destination": "destination.hs.example.com", - "content": , + "content": , "signatures": { "origin.hs.example.com": { "ed25519:key1": "ABCDEF..." @@ -274,6 +274,7 @@ def authorization_headers(origin_name, origin_signing_key, } if content is not None: + # Assuming content is already parsed as JSON request_json["content"] = content signed_json = sign_json(request_json, origin_name, origin_signing_key) From e45d8c507c746e2f2beb610582d9fb13659c5b02 Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Tue, 22 Feb 2022 10:30:37 -0700 Subject: [PATCH 2/8] Fix membership state table and diagram (#3730) * Fix membership state table and diagram There were 2 missing cases which are legal: * `invite->knock` (a fairly silly thing to do, but legal under the auth rules) * `external->leave (via /kick)` (another somewhat silly thing to do, but no different than `external->ban (via /ban)`) The state table considered the first as illegal, which is untrue. * Changelog * Make the graph prettier * Update changelogs/client_server/newsfragments/3730.clarification Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> --- .../newsfragments/3730.clarification | 1 + data/event-schemas/schema/m.room.member.yaml | 16 ++++++++-------- static/diagrams/membership.drawio | 2 +- static/diagrams/membership.png | Bin 31739 -> 32857 bytes 4 files changed, 10 insertions(+), 9 deletions(-) create mode 100644 changelogs/client_server/newsfragments/3730.clarification diff --git a/changelogs/client_server/newsfragments/3730.clarification b/changelogs/client_server/newsfragments/3730.clarification new file mode 100644 index 000000000..823b34037 --- /dev/null +++ b/changelogs/client_server/newsfragments/3730.clarification @@ -0,0 +1 @@ +Fix membership state transitions to denote that `invite->knock` and `external->leave` are valid transitions. \ No newline at end of file diff --git a/data/event-schemas/schema/m.room.member.yaml b/data/event-schemas/schema/m.room.member.yaml index 7d196f4d2..bf2f7145e 100644 --- a/data/event-schemas/schema/m.room.member.yaml +++ b/data/event-schemas/schema/m.room.member.yaml @@ -31,13 +31,13 @@ description: |- from the `prev_content` object on an event. If not present, the user's previous membership must be assumed as `leave`. - | | to `invite` | to `join` | to `leave` | to `ban` | to `knock` | - |-------------------|----------------------|----------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------|-----------------------------|--------------------| - | **from `invite`** | No change. | User joined the room. | If the `state_key` is the same as the `sender`, the user rejected the invite. Otherwise, the `state_key` user had their invite revoked. | User was banned. | Must never happen. | - | **from `join`** | Must never happen. | `displayname` or `avatar_url` changed. | If the `state_key` is the same as the `sender`, the user left. Otherwise, the `state_key` user was kicked. | User was kicked and banned. | Must never happen. | - | **from `leave`** | New invitation sent. | User joined. | No change. | User was banned. | User is knocking. | - | **from `ban`** | Must never happen. | Must never happen. | User was unbanned. | No change. | Must never happen. | - | **from `knock`** | Knock accepted. | Must never happen. | If the `state_key` is the same as the `sender`, the user retracted the knock. Otherwise, the `state_key` user had their knock denied. | User was banned. | No change. | + | | to `invite` | to `join` | to `leave` | to `ban` | to `knock` | + |-------------------|----------------------|----------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------|-----------------------------|----------------------| + | **from `invite`** | No change. | User joined the room. | If the `state_key` is the same as the `sender`, the user rejected the invite. Otherwise, the `state_key` user had their invite revoked. | User was banned. | User is re-knocking. | + | **from `join`** | Must never happen. | `displayname` or `avatar_url` changed. | If the `state_key` is the same as the `sender`, the user left. Otherwise, the `state_key` user was kicked. | User was kicked and banned. | Must never happen. | + | **from `leave`** | New invitation sent. | User joined. | No change. | User was banned. | User is knocking. | + | **from `ban`** | Must never happen. | Must never happen. | User was unbanned. | No change. | Must never happen. | + | **from `knock`** | Knock accepted. | Must never happen. | If the `state_key` is the same as the `sender`, the user retracted the knock. Otherwise, the `state_key` user had their knock denied. | User was banned. | No change. | properties: content: @@ -72,7 +72,7 @@ properties: Client and server implementations should be aware of the [signing implications](/rooms/v8/#authorization-rules) of including this field in further events: in particular, the event must be signed by the server which - owns the user ID in the field. When copying the membership event's `content` + owns the user ID in the field. When copying the membership event's `content` (for profile updates and similar) it is therefore encouraged to exclude this field in the copy, as otherwise the event might fail event authorization. reason: diff --git a/static/diagrams/membership.drawio b/static/diagrams/membership.drawio index 9eaa707b2..8de798be4 100644 --- a/static/diagrams/membership.drawio +++ b/static/diagrams/membership.drawio @@ -1 +1 @@ -1Vvbbts4EP0aA7sPMUTq6sfGTdIusrvFGtht+lLQNm0rlUWDpnzp15eyKOvGeEnJkpwAQcTRkBKHZ2YOh8rAHK8PTxRtVn+SOQ4G0JgfBubHAYTABR7/E0uOQmJAkEiW1J8LWSaY+D9xqiikkT/H24IiIyRg/qYonJEwxDNWkCFKyb6otiBB8akbtMQVwWSGgqr0P3/OVonUg24m/4T95Sp9MnBGyZ01SpXFTLYrNCf7nMh8GJhjSghLrtaHMQ5i66V2Sfo9vnH3/GIUh0ylwxfD/vnh+T6YhN/2m/CbPY5G7A6IYXYoiMSM+QivxA/FS7Njagk854YRTULZiixJiIKHTHpPSRTOcfw4g7cynWdCNlwIuPAVM3YUq4wiRrhoxdaBuFudkni9LYnoDF+ah4AGokvMLujBRC+eS+4BwmBPmKwxo0euQHGAmL8rggAJLC3PeqLrB0rRMaew4fZj29zIX2IBVxB+AUcCE8IrTKe0dHr6/CJ5g7SVm0omOsFBBxqWDBoBRtwqPWADH3z2NXf9Eg81hLZofjyIoU+NY9oIuQ2+5jTj9kv+Ztbv1Eo71kcif44aFC1FKAoMGEMLABFb9NBZgZPlFeEErdHQyf24VnHEZCpikAx2uqi3QOmxjnkR9RawL+kXUZ/1Tl+HLBZbzEo9ruMZFcfww53Pqm5RBP1+xXUmG3SCz57nS8Xgt8OU4YMKRqBbsrAt2vssdQFDyFa5tJXqyTBUsJ62qZwLQcQgdBAnrccf/uzH+8o3sC0nN0aO18zJ28c/hLJFnaJeOEOaF4yhncsMoF5aAO2lBUXAmHqAuTOGjm2ZN4+YCmCkFFMrXi5IyB7R2g/ixRlz+/s4Did/4X07wdSyeg+mnszvorBvzyswMleRkYG836XdWnE988qxWtnNGi22WVlr2TLflMfYdmmbAnv3GGmmSmKP4S8G0An4K9xPuRmcZXyFgoDsuT2hMT1W78Ydv9MowNvqvd820TTwZwM4jjHEZr/3mwxhrWzodrRJshRd8urb9WZoqvokH+cN7t/Far+1cO3RGOWFs7V5jH3rJAa4N0h7a5ZDiskXtpd8VQGjynuv7ul/YMcJJn9/frr/5/Hfw/dnRl8+S5JvvEsNSbxNleaN0707NOWLq5U1+k0Sbj5JGIrQqRVrSuvacvCx/i/WwAJPubv50FMtxcrrsDdFB81y1bp3OijdP/WYv5s5YjGGtxfC4ai9pO85ntXM+c5HjaXSp2sXh0imWSlid0ogDBn+crsR47z9KOeJeDdivJvtR5GUXOYkXeDy2txCDYKWowbBqxXZpGe5ffHTjC9o0YU65dwOIKRflvWgCVqJbLalBivd4zlQOp6zzcuH0o5xUb+/4zkoPXO6gTSvERVr12QKpO4TDnaY+TPUzEna2vSfeXi7X1uYVvEcGYzsGwGqtKAgmH05wfd9VtrwnO3dgFjzxDY+gGsW5tvHmXlTxKAGR6z9GU+fQNKnDK5tN6QMHcSsailC1MXeUynizKl6K0WkufLKHxF1fSje/xdGKYXPGfLhwDDlMemUMCsb5ZCcPIX/rvF6iml1p5xZHGhaXCnEaByoljaUpsTYUGJspy1jm9IKRr4wbqhWwvtkMLBW3fs6mec1Wm/SiYYkxKkoeWu3o4qIPsvxPFirUqfL1kvfpgLr8i70/FWOXL/Hj0Srcal/0tUJ9PMIR3TWDNGqX1Prs61RJ5tPOCptPm29qkpJvw0882b2XyiJevbPPObDLw== \ No newline at end of file +1VvZkto4FP0aqjIPdNnyBo9peklSnZmeoWayvKQECHC3sSghN5CvHxnLeFMbyeCFh1TQ9ZUX6Zyje6/UPWO02j0SuF5+xTPk9YA22/WMux4Auu4M2H+hZR9ZHE2LDAvizrhTYhi7vxE3xm6BO0ObjCPF2KPuOmucYt9HU5qxQULwNus2x172qWu4QAXDeAq9ovWbO6PLyDoATmL/hNzFMn6ybg+jKysYO/Mv2SzhDG9TJuO+Z4wIxjT6tdqNkBcOXjwuUb+Hd64eX4wgn8p0eNas3x+fbr2x/3O79n9ao2BI+zq/zRv0Av7F7A4v2PX5S9N9PBJoxgaGNzGhS7zAPvTuE+stwYE/Q+HjNNZKfJ4wXjOjzowviNI9n2UYUMxMS7ry+NXiJ/HX2+CATFHZd3BoQLJAtMQPRH7ht6QewAfsEeEVomTPHDh++9qNo5tG1IkgD1L3LQsMyPG1OPblt/tICNynHNZsTOkm9bTn0JA8Cgw5TjhRDDs3nWr+7Ef0Brne8evg+XzDRirbIzUEiekAIxVIFRDl+m8uRQVAZeGyXTKf8RoepnnLxEQSGm+IULSTmUymPZkRAxZvbxNi67E8LVOkjv1Ec50ZPeWhskXs8xBkIAMaJr2Q0g+v7vT1utgIJNloqrFRu9GG9qAKGZvEPwCiSZ3AVhQV7Vz6Pex+Y/HWj9SVux2/86Gxjxs+G4CoE7Di9rFb2Ej6HVpxx/oBYyjLt21Vk+9GEVMAjHABVtLLOfbpA1y5Xjg5Izb+Lgrl5E+0rUdMTbN1MR2IeBf4bTMvxTsWTVhy1NPTvIu71UI948JaLU2zsybbKMy1aJo7xRjLygVsoHXGCFeqSHs0d94Dtsde4XbChsFehL+g5+EtG0+gTfbFq2HHXyTwWLpWuPZhHUw8d9oDoxBDdPpHu4shqLQaOpnVUKuNkqYkJWWTmWYoqRc5ye7zTuzfxGy/N3GnwhixcoNy5W5gti3l4MfqeuSjOx2MlXWVeU9Qll2xQX0rtixgZIPlZuTBLMw0z3O7vGYb+SJL62u2MMhtUWSF+aVWiTL1MQYM69NYx7TPU9kYiPnqlGNlbxF9Je8lKgw2INfaiYBRO0aI+QAwDBi1q4kQs0uAbNKWw3ONSZs8oC+9BsiB17TlwKtcJAe553CSvFskL/gPcrxIFckvVs4R7qm0FdQkUXC1IFihcNgAntULgANg6LUItGXWg3Fdzz3HKN8IsrVS//Y2goBwd6MDsUo1cVdM/zOh6SfkvSHqTuF5LKkrVWQkN0GljRVVcBsxaeIoRysR5CbBanRKtIVhiDRQwdUAVV3OHcs6U84bEL5irvvqY8Embqdz3eN610Su+/W7/up/s/99HgXOuK/dYQT+FpwkCHfDhSN5ZamuZHUox4uKZLRkVw3zFPlMfQA6RD4haIAINOJSU/cTSkUpbwM1p0EzMIYdAk3p11740FLTm/CNnmgSsq+48l3qANNLsFrH/pBMz9Vw53wRl6zvXIaOsgnySToOHKuRSF83c6VzKxPpnyzV5PxbTGOHBUzf7ygiDHe98J0LhUwfH16M/Vuh1QSRYiUzQbauKCJS8bnCmYRcecwQ6AcQ6Idd1/aGIaww85gvKjEXR/xwuQ8nbHhLDyW0GTOCKnpzc5lELi2dPvZRbIre2mmoEq142DPM9WzTaUKqBrnExywvuJlmqX+LJ6+LStV+DaMR6BeDgwYiX/XixdDQzCYADYbZKptuqZWQc/4trr3C8yE8m8tLfdvn5c88a301RTt1IT9zh/yiOPuCbNsb//X58fafh/92v54o+fFZcJw0F3VUDTny19rFZaWkR/H0XHUASu9uqAPQzMhbv8VzcayZ/Mlf5J784aRx/z8= \ No newline at end of file diff --git a/static/diagrams/membership.png b/static/diagrams/membership.png index 586bf28ced248da753e87eb9c482c6b46d92e350..7619801592ef9ee4fb801a6fdee133f4c7966b07 100644 GIT binary patch literal 32857 zcmd42cT`hd@GcB73W$^-f{IcCC@LlNA|*fq3B5OI0YdMg1}Ra504h!C0s_*JCa4HV zv4emVDI!$?0R^NZyb`qs({hkZ_VnLYcNnP=w2=;^3496f!Mii(N> zi$NJsQ9(#lRMgG1M?lMB>X;SyLrpMHSD|{?b>5C2;|? zD0_Rm<4y5)nl66)Vrr7&pkpb}ETD-o($?Y^Qw7)VE^c`6M;&kP=0*95gD);n*u@Jx zE-ED~DJ%+_RGodjJitS0vQokbVF@WI31LxD%2fVc8RcPwurz2h#5v-8UH&r~Wzl#) zoYP+mwsE#W8T%N>;MHAlI)Ml&Ga(h5zZM#R_a(RhDgBn&-(ypL>=*2f|EtvjAK+pS zCL+c!js~)JaKSnG;yl13E`P)+fwS>8a(5B(ut#g_==mV*UCcE9>fI9uR`9!PJs?pb zuq;X^q9y?rZhl@8YI+Eqk1JNsLB}&##Y@&3@8)jkY2ktQGQ|Z4XzHU?F{nq3rK3p)H01x122uWGyggF)fsGfD6&r*~r}4MLHk|Egs|{rJ{?_wR2U~ zQxntF^Vjw8w>S5b#TZNa1nC=V1?u<{#DYYn#e7WtCG?feP zO~qc<%r(&8*bdylI7mt0%_IVyJY~EQcpV%;JP5Qp+WCrsziQ&T(z2eiI4?03ENCVA zfF`0r075xHT1{G6B0x;fOwv$RM^;Zo!z;)Mr>;X(cQ%wJD(eLp`J=%P2!4U);IEoK zWgu4_9ScoI4T(TAS6x@4S73mP4p!Dv%-GymJ4oA5+BXM~z^$al5&VEw*_&{Yx0veAt@$xXz!=RkOv*07^qvIv%r!IF24Nxe8xTmQv z=tdgth*0tM#LM6VC=xXzq6}Po?XW~+vP#vhM3f5T5(8$9$*hA04%|JQGBET+4$3;pSEu&?k>*g9Dinf|QYPQzDBA3+&6Ksvxk)ZfnutD)oW<>RYn;4iDLF6*PLscsQ~ z)(cd1F|-g@HgVQBkv1Vp>ES7xW=@fusjIA^iGL794`rm(gIt3Ee5j~PsCuELQ7*E+ zYIb61S1F8%cMxTJy;RJDUA6qgL`~elQ?lx46K!QzjIxS}pO%)cqn)?1Xt1Q2tCJ*_ zNKq9nCtr6-%C;hWjUBX&>~uu64aBf`6-Nm>Bkh17BZ8@siF2^1j-F8f)?ZrG7%M9w zqk+>h79$dZ?d&wQgGF%~UeZAZu3EuPCIl~xnYyYP-p3F_Ksd-sp!^69cnLE*RcC@4 z-We#iiWB8rq5aeW{-`(^IohfDh+!~h!A60mTHdDqdKS(Y<3Je)Sud1VkP6B{&l}?} zL2&lb(#Pp~dzu()`s=v)n7e71ni_eSntS;e*h>cErHMxVM8_a?plWJ5;_9A(&Mrar zUOK^&rjky6F5>PI+KxVWe?wQ@ATe!sGgA}1v8=wkyI7FE8N%1kCCJGFtLJXvZ=|B7 z9f%-;vk{X-*f8|fL#x|zG^ zdHT4k>$uwmsmW^KW!yEL0>!X8jyM-{6$4!aj&jEIl><>KE}}jXZu$g-zp|Z+Q>an)6ZT*880a*u4)*dMsTBGfs>xSZxB|^-Yvj{AYmZw zo`ei8Dss_%}kxd)f|XKag3&p43^+)VhB0` zA9FD$FO@(CDQy(N*h|#j#6cT05_O%W3?1D93^6`N0Q9sp-F!_<_1$z3>h7)vCMNbO zgdiLq>tzs3FpyNWQ^9!}X!>DIoLx```hgC{$|fe_x)^(cl(CG29a>A$#Wx_p$6N;O zVdvvO6vyjGi2^7E>jMLs0_&pY?+w0y?yAYkVw}u${QPTAPJp3&%#$G`Z{+bqA25u&S;zTt)cWp;~Whn!cgfkASjMdTAFf;}~w>L6$GxoL% z)E4zdpo!X8a|dNNac@ykX$gdymJv9zYN|S(9!`b?0COr5GVbC&$~rn)1T|lP;%eS1 z+C*8CKuPgH19vH6fEgC2OK|cGHZ=0m#c28)7^=yL+e?`cHG}lLJ%foRl6paQM(Vm4 z6=R~Kbg+{P3WJxG(LiW98wWaKM5QS5H1T&9)i*RScQGdF+u{5*RW%G{>^xOH%nj`E z_JR6R%J%wFSO*7D@F-3liwg{tk#q{sbVZvPfR>;@e|;HGJB+gyD%cdEZltTK>FG_h zmvl#KxrjOF1y~r^VSVvp9v)t3A5jT0l%BS%DbWaLtmy-=4ILC57~rqr?%`twR;r}| z?3s#|p`Qu(gTiSWNU7jaPJ!kw;HH|HOOOLfpQviCj54>g(De56_pvb5w+DA5{Cs`I zRb_(FG9EI1T8<6@o|5)5GB|OBsDY86DAq`p2yj^~*hN>*U)4^B0L}?Tv&YTE9Ok{Z%75;y}2lo4epMqeBp5w*X)h2O3N`2UZmCXOy|gQQbYaZ_PY z%0@xf-|vO=7!L#=n0~oekP=R?!$81f2_&IOZ5HcV5IK zyfK3N9r{kD>K%ldd#jNgmVB+Q(y`^0MXcSqZwrswnNRn|n*9(UPfCyDvy)$jbq9Bk zIeo7i90>{ER9eoieV8*l91`AL>&Yb>zP}s%G7gG~`1_M<1XWalnOzL2t>r^P{(N%j z^q{@4|2z~46@X|u`vs)`{j&(r@a@pQztB^Gu#)&C6u#; z`*&(U95nxb6h|%szC7YqX)MyTWiQlmV^%e76G z3*W!`pU1YYGJaBYw+g1LcW`4-ma<+4l?XWEcxQPel;wCXt=7$(r~X=Z5;OQuCC&xQ zeHm=*aJ8d0MZ$U-;GYK)moMKt1TJI|ESVU}{s*5!!qS`;s=uSbg_*-bjThx%W-6co zR5x4BB_L0Lr~T;v+JW;>HbJx8u%F2}#pAm(((|Qd4-F_6#)gK;$qi-#bO}gb@c7$w zQJUWyf;aW~h#LfX#WCZS%OPxxneU014eXyTC_M z0fH5bJk=C%O$1lDrD-F(7Z0ymlcuIlK<0zTIQU;*Rf!P6?OfA^tSQAJbM{|1V7UjO z+>m%qg;F{H`8x|?RV(|n%lwP+3T`G@w|k<+$1SRBGQ!0*){ z9=p-O*xY_-)y1u$YWthelo9$xx$e}evr04dyvT!m+DEJ0Gv`Q@%@?d*F`SpPX}dsj z5M_Yn9_T}*zQ}Zg_6E zu6GDJ7tTszc*0N%lnd+#_g+g1l}%ecG<`gZ3M{qfRd`w|R6`pa?EV?A;?+wg<$9ZA zA(g}l5>5ZTz%ldTyy--BPJMBwE~7X$A%ng`ZMR}~M>whAw+xeaj`ab!*o^@_Tk%{V z9Y3#A{NwYpvW@Sb%7m>NiUY@j)ek~<)?EC5jLPl>4nDL>X6snv>tP1i6WbDXCOREx zhs+r*F6Wyq<>s~hs!R$6UD*m(F67$3zCHir*^-H7il9rm-VB^{gjNq~0F|1M>QsU7 zQ9*zJm`?LVI8S^{wRzZ;C2RQhwxQEl*e?$?Y7Xjm@(e(L1+?x%!D)%mcRFBoi<~_{ z2k)J^^CNB%9CRp$h?Nw;`C^n$&kkJkOEu#Mf8R|(q&MMy-(|SWB%XvErb9wGmBK7} zlG@{-Ni0YS=CT{rr_%`3$-VYF62IqEIH@jp9jbu^qug=St>_~kxy>Q1<1zXqkw9&j z|Lz*)>=w{!O^Ik}LilW%TM(SqUv5Gjm)L@WSB}QDY_HC?yE0!fOa(GT+ghE+L4fYe z1M%(!AF;9CA2KaV-=OW_^tqz?OdtAc{X`)+Tx8JY+APb};B9+d*h#jK%#X{8d9;sK zxMuiC24LxHPGQZByVXUs$Ksl_-GaFEp(9&Nt4YWbpo}}>N|bI5p;0f#3MCukf$IEG zN-$)4j)+M3;sr>%omb!KF?Cjw)P8#-pPnm_$bM&cYO2x(D+yQq*o9$|L;@E%E~IZb zM`j$zKjJ{=hKo4RW4MdJVn3h!G0}Q`KEv&y{`l4_>Hfvx+Ok;X=El(~uSZ5B`TD+L zs~ObKV|9bpWdT1%OGX}hRRX+tXkwS}e;t7vqMI#WBIh@k(8n41 zY0=as)L5A|TQSsvt0Ow~?u8@UKaX|PF934_CD+JZ3&6*YOplj zZhRS*n+jr1ZVC84QX)&3DHypTztz`ldFQFmv|4P-BZjZV^09R4wrANj!QRRRh_dNI zUh*g0pcPzD&1i4kZt!|HU$k9gu<)@LtUY)WSDyoIgyquuMQ78ij#m5Yi@l7bFa6O` z@EHg&m2BAbw^8d z@>=OHF&F7rvk^zfDS}5)+Wm?bA4aT1XK6zZw)2bv(ERvdW zx}Bs$G^MK1jEB$r_2r+?!MY3yWsMblN{Y`Cc@wZE;oES#wHJe=%y{(%bGBO{?P#r2 z{AoGA;?tsbkrqwFx`yf7m;0TRewnZDu6CC-g>07Ipl7${cFiWvUyyX{JjvkQ7D>mB zI&KrTjkije~A#f>-M0-apZ#&eCpCKf7{Qdj)rC#IBuH((2tfW&X#TcI9 zd$dH1^`OMoE)6WV60j6L^&Y=AzTcC~VEQ)itUAGRg5-Q5%GIZ7dnVI$e|OvUeTJk( zBks*s6o;oCvmZRb0W-MEu`T63luNP9`Egr}>NG0LX!L|`_>LjP#99?DT>@jr17Owv zwYg+^Iq*mS!H=QpX$Um~+v?2wzRx!%)Us1j*xsKSoOz#lCB}8!UFD$?!?PQsN}2Tl z3wrFqxuqsCo|O}z1x~@@t+Q<%nka5!JSJCGn%RzV>Pum!XRkME0?DViF=X%hy z5GcVtseBUi`zL%BBM&rFV`X-y*q@u#T7B4=u0Os#Rd_4&p-Fo9-e7n|cE}Iefu{r~ zr$UBFMclUC5$Xk=FO(1Z`*E}QXU3_HsMWd;#*hX#%6P(wk=d=MHfFmd(4Jd z7_1zm`bvo5%ZO9!T?x{H;GT+N;(GXtv~SA6_^PL>vsV7< zR@IM#kvcawHAtv6^H=0UT}1VgaloC2W}Mo?|^rF-wl^*>D6$SDov9+O>`x zfcDE2SV||udng9R{r3~;@E#GTk2;X2{FER10ps+$nG?P|_aVR3ut=xt;+Ie(4k2Dr z*XZrT$w*NO5Y+PiW%nH0Ie#7Eyc}>73^Q6m83vj?kc70Rb>M-lw!s$y44{tMjo){i zVQ+P|suVKQEUmo!{eMB5ofsIUOj`|0$Zk6E6Y+ya~@ z-8#3yhn`n_G*ARWt>Qj#M(%sQg3{?lFQ&4+^Rc7L$Pu`JwuM`E9q;4(##>0MmE)4c zasiUuV`sr4z(b<=PQcxI!9wzdx9#u!x_+DloFM%o-JIK@=StJ$-VPV*Z&tmHs{!bc zFqc-z(%@8R1$yC?(EZGVYv20TPt~?ZG4$oA zQo)z@HpeT`nOASGopel@uJwGr7qC7`=yt)8JEuyQS674S*YSfYI(fkZ zaFPodi8`FD2B{4iF8I#Lde-H5-KF@As%cZ9K(LKDOsFfuO$_BB)7 z>9$2P*Dl* zyRTSST!b$#Pqw?hyK}*Hpww6nGW_xG%Z_s%sS_QSJn{m*e&7t)JxQmPlj9L{^LN<7 zA|OMOfg_k`LBzwQ^iVEfF)ey#Udq5P5`Pg$KEz>V`euMVA0o6HAH%1|0ztz_GP(ON zVvYl+dgTiH=Ylj$&c(mP_XhKSoOX(Diy7zqpW6pKpw6kU?=ZG>_oTlHJ53f{ke1z= zs!1zUe&!=1v&BJT;3Mf#T-n-Vlp`(9lE&~$Ff3~Y_`sd7GR^7fSQC)X0>1bET6$h7 z+%N}sYU-HcxpkPQNavn`jH0lJDVycbHh5$}FXy)_Bse0p5UcUU+xx#z#C*1~4c=0l z)mKM@wr!A4P67Vhos)gZ$hQDVQaUFX8y4iQMH!Dzzq)0}A?;~o^(?@@=MdYsSYSjh z)vUaGKzs9bObO=Sc7gm%(W`N^cc}*KBz}i(*~=*&$-;)Rm>r%dkLj&M=^p8FzG(9SU zB`)_H>Xsy**DX!8CSu>`DA}wp42lGN`mppi`TWAwC(BD2l5R$uKR(;1wnnbdN!X3c zJjm2XV!NGf&-hLj0Kj#l|Fhm8e#+{~W@a1*9(&o;0Z(d_+!8n*YAPuyS+X+y`aDbc zfbI3x(9O?9+!rrEni}l$-oXw>HX)qWlQf0(nK!mLRu#MNT`oG9(U?SGn)nK7*RC}g zT=-`V5zF8DisDC}hd&>AN+{Y71d!u8*>>ZEGA&8MYfS!g7mQcUxw^l%H;>opiImq^ z`8ln$TnhLJH*ZZv?IcSWM6&NT_%HNVJRU18)XjOw8~iMA$#a0_YT%$%U`e(8>r#qe zD?NVIP&-`=y}2|Q&1C`%(12aN=*sXAeWVy_M%C4+c;ZAXXeG*3a+1 zc}lz=xKAQv=ne~sC58g0p5Y3xp=W_!3SUC{w544>u)JqKK`PvOf8YF`w0R+OE*wUp zVLa0lRui~1_U;aKXLmaj!}ghPJjIiSGb(5LHka)kI@3fOm}c%o%G}GNy{USkQG%Id zHu3eRme-D&$1@N(2kKU#`4Z@;V+wJ!>>^XH?X4$Ir?5-CV6mP9rhnl3DnH~sZQ-ev zvJ-SK^n`adS91<5t^5a!iD{qC%->?9=}4%dbtv%iOS^nr)zK_Q_6F5x%h9V2)`e9m zlbgWBvl1C?wbVy3C+_e6S~3O4_+e)stC9qof8VR?>&-rN^W3!FQ4t29CYeBAzIKmb zTj;69Gor{0s9xZm`CX~%QO!e$F?sLptP@w%AA5f8kDxxZX2)U!@40E4VfRo7M)niy zhFueGKp%VY{k`;f`C$h3sQv(~VZ_pKt$JL;C$HyLp_|Xf2lSCo9jNssP7BbJnOEBV z_tpm&gkqWRy}YUw1JRJh<^dYTnv?(IT|3Pjp!K3G&e}EA5U_F6uPg!Sc!6btULKvs z7${v3+{6Ddx( z0Ta61N<$R4HZ^6_&l233jAiPm(B-D*Djh#sh|vHNAiP2fWQbrGTHWtC667G-U! z1)ED%ayw6&p!=t%iCg9qM;s?r55JnNaAPHn^%z2T&_Eryxu7-7y5@~7`mebTw$zIV z9ILnwcJ*SQzjLzBoAM~0b>iO^hr1HKOhGLQtxNGVDd;t|w7b1J|A+bO=dhcWk+*)y z4V*mP%LV|U0Cn@*gj_qHUD^A_knzqXPQ{#GbL^Rj*VM^t9lJJg`%CiDQ(ar@3a;m$SxGDAPcc~7+_j4xd?X0$ z4ZLltlo9pI``(y)3F*+3)vI53zgjmDOQgqw^6$P; z%?7|~9m(ww&%~8T#`)OO6FL#$jEw64Z<0L`8;KuY!0*#$_cecWb z>LHUjs~tUg1FZpC>e1x1ybsNxztn18zf&DAz7+#Uq|l4P=vo(c|BDgu>we&<`A0H-cskdpxJrHsD1%VHQ2-VF zAdWYB9=0c(cAV_Y^G-bfs@R#E`7?Y!%_@h5LyN6H?>75D&dT}q>?2`AGOC$bfGAv} z5XngHxYV)*xhjp5A6i`c3cn4sHBKFOMnU1aAQoZ^@Ky7!z}Q}aCnUCP1-x_90D7MS zl>1MZXGt$X9f>c%~%XJ{p;@n@&%UM61+b6Gv2FbAuUxJ>0GhV5x#fuya*b(b|f% zY1`jjY{?*M7LsA|iMzEL~^syP5sj0Svyx*`%g|`1eG)-l4-uq3%Y?`~~1dGyXZzX0VC4?xQyI=`Qj8iLZnc z7VYzoUgQBfO86VNW2tPenrs<#YlRftmIxp@aB&#x(E)YJ0D2`74q{vr=+;ziTPo3U zBwwyq@QH)I`aEMhMD~17EfZjwq^QcyQ*%JBt_=5RDv40y)n?NZ&roWRy^+*^IuMX6 zUw)9Cz5#MbpG%HfbA#~@fy46KZ~%`r`b2ZTcpvb>OD-F?(o?2y`_J@q=c;~>eI1VQ zFS-~6;69Au4-kRXv!4BH>LBp@VRTp|0UQO=pQB)lj>v2Oy>h15mi~LC6NdqCNFx3m z&vIHlzrO?rX53(Sq7nH|=-g$l8*KAYO%pcP`P~db_vCy_bY{patZS}<03>;fzVG5d zb7+YFOy{Xsq;3}o|LNq*_(_0?_bX5qZ4z?^qpdZToZ+Xqvf}^O(ZKqS09TQsco8S4 zV;L`9EpaLY0~iLDUSr1qZE5*OTaX`cH$>JuAAvw%UdMPDWRCVur~Q8~T1E8h4w2{O z8%yJrYVn*N12p2R6lyg^#OC2SovdO&L}pt&H9zsCkJEg;I+0j2k%T^bYwcd}2nfaJ z237xX5DjGx;!jo&;zM-q{rHwT;;~KsdW?l@9KxWAY*JLP#H?ui22U2KK)u?0onCF0rsI!e4 zVLtSCEkG;euut3qC6C!2%``aPu|8xUUjk62{xsvm6Lb;_$WvP!rWx)1KA-!G6sGDw zs5cZ?+O`9Stdv3~8UwyU^K;72_WKnz+BQdO_4CzS{C-Zi)4Ya%1ZHfo^p6e|Yv!uQ za~>7pvpjn_pb>d2VBw?oJuo@XQ^G9$EF^%-#*aS-WIhy=^Xg#@9YFE?;y?#9{&w=;w zf8N0xLO(k7JH{?Ne5L~^+e;=FT$;?GrD zkTipl>QMG#OxW}OEY-<6x3&fN>DYHC%pZH+%aCwMx=rM@2n5cbn?9K=desq7)(z8{ z(q0d>WFsbC$KM8)etxObg?fhRuzV#A!|8(j`42VkU7##V7i+!P!@Bc;AhDF%!6A1C#?jLEbck1Q@Ndq$>$ch3K z9)Zw8w2fz3re z%4X^LLD<=+tq?|())6Mo@>%`wpP!kkci_izzDO&T)o&fbXSy(>@BGYbZ~DN4vx!sP zk}v+zg?;ko4t31O)*P*nws2Ix|F>RroB}P%Qde=iz?vLcoO^5%kb#fyMu_iKq*Urb z9ap_Q2Or)e9_(#ifYi2rE@g{FYA$0rJyVQDL+I!tpU6FlbR>VqD>5yjxFZKCk^9uk zxVyBCu8A#=P~5zvYO7D?DzQi>XZsUcu#@zL-%(fRuKZq;cTUSyS=t<$0C-Q9cx;lx z7-!zQldoP{BFizA=OELJH1=b!8LrcCGW;4|PLZVOBmE1GXj zxW&Jyx9!z646JKorC6LhzXj=C`yWACc5wP~{@7ZXUN1QTLeQ94Ls9O<_)SA3JjFWNtTuTEU}{*$=CcKK&DbIgkihjpYm{H+(5>aOU_z zh+)q7#TX^CJ63gH-T`<)RG*8JDEn;F_TPPW8&-|-#H-q$VtloXh&&99m3{36DE6aH zWAD^n(J*oL6Arw2ddYJ~RUNmgPqx=o|IVxzkME z3eR_9<+UQWFZnETYMcgpm;#DhzJMYUex&1LIP!qvEY7%YAiCSpFLdD~=2O7QP17$0 z*1nA0=4v&IXt~rK*W>BeXyu7(#q<3ohV$|TEv|{ktVMmHQfc?0DtdU~ho=cMKAyTt zdwys^O)Ee{1Ky0NtStdCyL6gN&L$&WuJ=n4X0*;eh@>3_DanD!O=rH3r#i0zV3`}t z{jJI@_5V@jEcFoEla!j5^f)ByV<{Ta$3k-C(}Nc<_cLdUtqH=EI_pLO1?UbVKVl92 zHmb->n(ex0_$1KMD!5U^s+ydl33J9~bm9Ml3bOGV%Ya8}wFE}$_6)jvRg$;RC;B>% zplPLb#g8Y`w_`D7_2=`SjtpkeoD7s1a@y<^E4qX@oXk@LVYn>~2jL!dA&tKCYKv(_2(YEKY+q22#U^OPn@#WRI=2#bdx z0bo*};(ZNY24}n!l)Q8SK)84ReP}CyByG(92}!|^Xy5=ROP)dKZ-ROg#5n==w*U)U zXIAce4dWe|$W(hG-1c82Sjfh$L+3%1RduyQu!2Ikx&TuFs?Px02V4S`NECm!EC08{ zdx$NKQmO?pV@xstR_^_@>Ud2@Cnq!Yjt%maEniik=v)zQ+XeHx8;0NAJOPIAzuhp? z$p`-|nD4o-N>QcyC;gYzheo^5I$M}$_h$kmhU7C%0|1*>Yj0I?j?zIeFgpS1!-wD# zzSjpL8q&)Ozj(x*9ET&I(;!Hwg@8otMls0oB`JaZK{_(UBK7x9(R01J#Ze^XIa=Hh z@clF^VfwFJOb9EQ;?_CAPHj2j$f($o2sKnNKuH_uO;w49(jer`@Y%niNtW$5vr zIA1k%Z^6d2vS}luivY@!B!hoCgw`WAF5c08up)aqqrI9iQynn#;p+PQx<{YrZ@H3lu z9+8o<75TvNyQ_WQjp2BQY}*@p91YK7!faOt96{8nM$vxY%sK~Yb&fSKZSV6GJnL8j zw*9*b*!JheBHEgQo!N#E^qLcjTIBhzFD2q>Vt5CLxe9MMw33M~f-cVncn5(|d|g>c z!$oCFEUOowl6UxEFcNblGl50&j-h<1q&12gb>?09c}Sw??$(OjQGry{p`5TCmryaf z{D^N2bpNI|%=kiKHW?|HG=l4?RW`;DrN!^1lcel4X zzNoZ$9#(NWBRtIi%g3=;T{rkyfDB0I_U->zo5&DM!8PnZfcHh#S}Cksk& z8rFI>3GO9p8Jw}Ss5`=4-c{OsJ(e+}fQ5H(HlKmM^QI6UA}5o;uGQ`HR0plt4K#%W zD#!y@*Cw`wbup?AAR6pi5NeKBMLb~W!-{-IkTNYDl5FR5%(G#G4tt3U* zDudwmpzo?X!=c2*5SgJfQyy+O@-5mslelA>c4nIZlB(IGkVsGrVWc{n;4RmjI&k@s zb9dd^9KpXzQd2HfQiY9~nFQY!H)*t6p%U)oy6pRfytDOM>7i*`_T@mGZidFinhr?b zQqct-GSWP~Lt$rkE27(?HfY8{KUz0R%3qwtSv5WpsY&eQJWYZt2y%sO;cghWo}6m0 z=Oz2$tS3Mket;=#`B0tn2Y8dklSOvaM95N85on%0h8B9BG?(#yw}Fylpi~k7-}15X zufXpk57;A@j{?4@J48p?55w({(M=xx?Wz6RP0`<;;j@AM9Sa2TG z^EH=(4H?&e!|!#to?ZM zSpv%mKnA_x6x+gNr9Gn|Y+i#}N}scP$X9Rp6y(a+zX_Vf2!*Y`;f)t?-@mz?1_}%{ z2R7ptpOswuX=%pRoQOV~Em~-z0DwS4F-VYFEJP0)yVz}BevRQ>n&fHTvO=6&`K!Ce zeKL|?K-O3nKOmvw(i%o&PBTltRbjp?J>T-qefQqRsV?-!XZbDTQ7Oks4)cE4&nChD7(m%W|hJF(j7=;93$jeZ59-vzke&DIW$2#Hzj5?iY&}T?J#ph<%FFb3juNl% ztU%HGUSlra#ZxAoc=TBO4WRRFMZb$#(^*;)uYkB!vtV$_W z%J6@36Jh`@bgkDq+R-LmQ_OqZjPcTa+DDPVj)G~6^G2-VKq}^;XVbdLVNroZ8Vjjb-^9lK)7$o~$LHOQK5v*{7T7@PKj*w0mjD|8_Xax!AzIF|3_SAmTK#TAU zL?d%sFaW3U82?+glPO7`dVzqpfBqH_7-_nWQqA;uE~4r>?HT!?sthrFtVNyc-FcwN ziq;G{o8S7>nP@WM%u~x0o&eM{8C^1c*ndfL)lVNG~o z2csVaukyyp{lp%$n*jgP0+h1?)pt^(f-nw(q|lWZ1(-jk)@xi*!2u8m;;w0fPp_T4 z{o)!~9t~N!I(dSPv^v`zJ-{7ZasNOz@{{ccmtS0H+v`yY?f~+E;vR?mljN^Fy^>Gc z`Qlj2rO8!(QL&;^?;PW6)(1;g3-q4Q1C_Km{pyCkVCIWOzMfbrso8sfQu||#rct3F zdSd5iA>ZdYMnC&?YL#D5^X_|2{DPO+*vAG*;YAR6xcIZHRlBp)CL=FF%;r9fj+V2B za$gjHd#}xXAi~}NyXv29K~LdyWKQIWggqH7t#jWHxDwv}Q!2IvwXyuQym?+58Xbde z;pT>WFAh~d7`b?a069hXrNUM<*S-4}nCdI(nl}q=oHv1-y8cX6FFAs?1(4ngcbjFp z>jX`K!!-bMuCiw=*{)xna~jUx#4l7HN(FU2?0`CaB#}s;ZzdHp466T2DJ88}hFAnX ztv0*w)vYrPZd(lj!m`&@_@>=3pW}H_6dmhu4i6;$?Bzm)U{-3`n~gVd44nZfzgIq| z_^l1ljVUI9IM$AHqL=9;v;bUb!G@}?Af|I@S-XEF_jbDQ*uGexeYTJZvE2DD-5C6^dv>+@}8ToRTTR_sRHQv;PDegEIv8y z9`y7%0C%rM1A!&imN?_?S#uAyYb;JxKh>K49?SNHb(oXka>?tPzXw?V{>e1wWAa^E z=qtC%CKIkh!+@)7@-Q+w)-YG8zWTM3tChZ#Did}7Gfc>K;1scgMASw_*L8qwG3IRJiV}eUnRi9J1-TH}&G^0^p72nog{owa%;g&e-MhD!p^-$KQ$O^Ys{F z;~Wp|EC_ZoYh3!y-B94jH%YLil@~1M56#xcKhP= zNMmqq1_GxtCEjEcx^654)y+|?FnymNUU<^)!+64C`s4b)WWoNw%Obs%?8iM1n{A^v z%aZ^l-{r>^RG?G44vl0cF2(YfW2MGrk7Vv(bn32RE+w`AAH}pcL-kcqdL}!{X~gNq zt8bV4jLt{=QjOZ^v-Rs%*fhFLh&&LyQm^GPT!UVp`=ELt5Wxh9Pn%ZthmAkqy;ED- zswTPpPIEtBZljOM*vRMF!<+?ic9ObI|I@E2SNf;pm2?g?QGFhE?A=aYfW)9#0WW6o z?;k!+zj+Rfl{%r)qF;JPq z)aJJ<(fSHTGRWC>lYcwP#jb`;rtW}~_@Hy$;f46@$2WBsVp;$ds1F^POOSq%o)uIDjuXA& z>oaFY1wuA|RCL}N0-oUEb`cg=X*A~usnP824KaK(dNi5U@+3d4mpw12f8XDAs-1qy zt$$j4%JdQodG=`bd8LEx?g3*{s|V3PJGoLnOxm6@V1q@hePEaQ4*TelR?_X#JV2Qw3+&Ae9^AHR)5n7E;XqbTr*t@r|J09}d~J=fQKR*k zwiy+8;viPHYXc7r(&N2###aRAr&a&*0MyC+t{5{u>zguZOXyO;; zHc!_-ZP*FwIumtfd?)c|KEscQEN6N(Km92<-Ij1QSUqDi`jm@W5A{Asrb{tE395LD zq*GfhQ}Lh>`5P6vaXg{>4CC!fkf&&^=Bv8&_3>Bv*1z#s!$~tD?w!|9iaT~5hCP|P zZWL+ZcQ{+#w)!XIrRBVkAZ0$_WUgH!RUy812tK2F^56X%Ty z#}B{P{A5{41YR{FPX=-MDb8vb=_d3e;Zm3`B>ddO6pw22t>d{0r=4cuPQ#1(_4^IW z=@K1&I3^J|LXHWNj1!F^f>$Dlv?njEbn@JtJ31!Q-ioTDDTE{lbwCq0Npr z4?Yk2N)9}y_(?Zpt6;q0N6m1)`yNBbr<#@LooL&-VCEXQ2Ai)f?##L08MeV$I804qpNm7*SA>55gPi4WbC&e4IqS*cP@Cnm$7~dzgH%6XV2~co-SmEm z@7jDd&U}^SfoNYw+@Zv-taFhim%9~zm5;HWN`0CM?F!!rzTprrC=)qmL-0ax<(^UD zaS|T<`Fw7YIXFh3fnsXD-uu!fkfLoDz~Y=nwf7X~ry~~S5MNAtQ_TVz5xiI!+@JpR zTX@~m$v5%j+*23sh`n#rLB1B0;0t--USnL-^NV9ol+=|GHj;9H3u*Y|`AmD2)Xj5I zKz+?znUFSo132J93^V@^L%4#FHQQD_+7;F?7q?!dv{y2=t(+J26Y|;{5fIhF2ut%K zUwxvIHG3jSAxp-xpr_~86`^bA!$x|0eMwc~drV3y0uUvMdIBu%%kEf#&e_l4<;bw@ z6LBr8_Tq zz?%md_AdnmzU;qyL;{@H0v7`X;D|p@vfWJEKmWQD&UMv)d7^bk-th}l=(AHmPmQ3S zphjWm> zvFk!Pb2~reSXmJFBZv06uN|oiODj)h?;N9c@w|A88PR)_OUe4a`++dnIG1cucgD{dm)>;_ zG|$K*VI(-C8v~7Qh6I-4TEskIoxC_Rsm=0HyY1r;ELZ8%isohM?}<|S&wl>p&v#uO zoejXncLLUwG(;EnU-nO8b_~nM1nC^THD-yqrcmU7Bhxk(W3HP!_|U+w123q5^}u27 zDM;qcZ_nmbmLHpHW8S>odAf}sfb4Nkuf4~MpcI2rn=Z+r60-F;arhc>L&j$+avnta zX1D5{wVU=WSl^d3Fni;eX5m$&u$hZ-^!ZCA-=;y7x@ z#_|$Ax$8G3c+CF61Pp3o^Z7xOHP!mF@jV@psCiH^nY|xDyHljNUV_4l`iMbJKHYj8 z{!5yYdcT2o0R@_m=X)P$K44a~Nm}u{C+Erp3qSdi@&+d7XCip(r%Z~M_|Rjt-T?ZF z-+0$gIGYA|`(e}nj+Z&UTeveit5_8OgC$(e=ul#7&hD4+=sbzt+hHrti;=R*M6adQQe?2{$uIgaYDC3X-Nro$?cLIlZx;~ z$X8m4bfxE@Xhn|da*;q?(0Modz_v?15-z;kf*~qry=%HF zA<|c*+j3(JL~W0f!6ICGDeub7X6J@kqIVu+Lf>BZV1C-tZas35Y40#STQTLe5}pI! z4_@r}*vh8@mp#*iRt`494+6i|N1u#l@O=7}?Z*3sZI;`ssLpfR`S9gWiJiHIU3`4$8%R{Hz*6g;^l+rdB3GfzvX^_I zj{6y;)rKd%**24H0zNz6%f@6p>@#**a&7Q#mlus91emfz;rj^IoA-kkEs-G(Zt=uA zNx3t}c%tYNWmhB1LBWp?dg3v7#pRuTNzM1udEs@aT=FYosKoQ41OEG86)OOcUW9z+ zEwwoWUPw{X(zk|?5rY{+*47t)5cj`|gqurBOS@G|`&U4_h5oJum^TvI7k;)_qj5u+ zbLR)qa5ss=>f|-&&!Aj>9c$)@D0uJy{nq+XT~rK!6ejRikNUEx4YP~dtgfHKfo+PIovA zS?~nz+LZ?UO;umBG4s_RXW>Eac!QzsvXgh2Qsv-e9S zN>am<;|Mk_NT-wP?-(So<%*Bttn_}R_5oxmE_yHhP9+WROyJxtEyO@gt5FvKbnqmK94RZ!Hj{HaDwRzR4LM8l(pFp;rS7JMf zGyhEHptg;q*4;O)+%Ba{)fBq^-GcC`akQ^Og%}+u2w#hAiApd&`r_5fIuD1SY=kKD zF@)x;Iek$I6f`MuDPv3yre`3f)xf`I=hw;nGDS5b`5;GD`>4!FJz2vHDL)zR7PbFC zV3k4SO?hnEP@7LgyEysP~Hi^$EaoLa#)pFu(CuwZsQ{c#r?d`pdrABUk*vcFwvRxW|pYz1x zg^MnOYH2U8>Diz>_pgJ2W3$hYDf;#ADI(%P)n0sRV(DNWdnZM$QLF$I5=;a9Ve$ts zW`yE~^)rAmdFH-m%x9aZ7_~Bs;cZ_XKXSWM5_mI@YLwp49d|LSVx)fRcM}kGlCDxa zK>&`Zyxt3Y_1Xu83?Al`sXR6!LlQrG2_3IRYYWm165_a8>>C6|Ze(=_1#svLa`Dlk zt%8btg3i2}LPhEv+dmu+syZ_RnpA!<4<;+q+fD4p8tzRlL0Hd*0@8eC`DHPlp{+BV z2e`7QR^Dd=1sLl5e-D)gOZGox2YeFMd)8r+D}nLi&Y1>9HW4N~t=XRF191CP@HCtj z{`c$f52@44fa->;M&AFKpNYnV{$y4i})DURS4f6_bfnj)1j}^AeBE zbLY7w;4zM#(``DAF6jHCPX*#cY{h+A@lnrJHH2DQY~4oxz6#rx?e%NJUFdq?1znom zW~#xR*k=dpX~Kgbv*M=h)Bj%l+lS3FzW!B%_$AAsFzXCL){l5KQ}2=!0_8RpNjwl; zok5AiQ+j^0`$L6RE%?~WSRBGJMj-E@f@=YQxjir_zn$@Rb223IY>@&95F|AVlaCNs z{%CDVeSG9CvmAAB6-#S)1;%Azsx>Z68lF2Zg)T~{0~XrdxS>OKhc+`hWfba<8W+|k zo^*h2EHA*9oyXt(2UGW?U_emY#5l8*J3o2ch;VDfVU)h4GZX-hW@U>;VEJFfq-oFg zIN{Dd^Nt>oA#;KXf-Zo-H`zB-FAP9^&A99|sx8ahB^Sh;w+;Cf_x=oPCt^SUBP9;g z(u7_@Qp^1nb-{+CwHIk8FGw5Z&Me#1?%Iy!R7fxnGjYIp1>cQ7Px=jm-|7uCWtKAw zAYr0JbNc%k8?SNcTCSSrW>eU!3a(WSc|*xFU)lM=S^q#wu~UmdBY=+hEc*=|mgbJs zKSCt>R|>6Bt0ck5c##c?B2U|%N*IGaWqw7~fL=cNLTkdfl-ITkQ`7K!k5WYGQ)9%e z+GtjwS&Iz^i+fT7YUBhH*>I%msVTB_s~PD*=7eCz9hO{_%D0 zwG=bnURhwnOQn~mP$8CWJL@nfd2O_WYb})%LtBM6XqkjcF5LIN%J7(R%Re*)GpO-v zv&5#Ym^xnRTID#JGm@0x8Y>Vh5C>Z0Gjt%~sE+eu_0+%KQ9&%yo!5LC zrI8?(LWXg1?aDKXX!9wD^1CBYv0{B{i&s;I_$90@+49v+RPC6lPJ^N-Po0x%D;r8j zQX9m^mEQ0Fyx$=;;+2AlXrjheDR}`NbVyxp<(|9LSz3>vOVX`EF=>;Uqj2Krfz-?( z(dgkFxu3kzr#TA`9rp_Ku)rW}4o~h)C_c`G>;$aCZnyH2z25U*+sEaF^?uX-26+?D zA0Ll-+;8q&>dP@)_fDE|;x7rP!N*uXCx7UeBKK`#KWVd$vnNjAS`o`mU+IU8=TPED zxR8Eo8ELMKF;{>Nr4`Ac)?L#*qD_f)8Z5M;sSe=%ocS4N_Q8b!(dJrrJU7NT&oD|4sxm+Lakg?Rly?=e zFZg2-qkVVeR={Iav!Bg4g@$Abv)7uIh{FIs6T5@GdNP4L!BwHRr)Fto@1@=dY;^~g znAF9cQFc&?$GUutRm12dX+1mb`Oi)CvcVNri2xe|6%`dgh7GY~*7epaNxw#BduGq? zyRCnF)A34$w_Fa6PlkxpIeNlEsD@LvIy6{@K(S~SbZxKQzn9Ohjb_|x=UEyleMTZf@gDr4i88L@n9=vL}CY0~|Vc5X|n(&DIRAZTte=#hPQ*tsdzF z+;5LQ90b#)$~#cEo?4pB2r_3eDLe;?;O&ytUMO#Iyxi^%V&Ws-zV=fbG>68VMvwE zy;2ZJKG!L0I!B(PhSeMCUfh0#_c;Edw1Z0s56{%S)6Uuk2+s>gn7-J-nsVt3>g#T@ zo#nZhbjbzzy~vnZF0Y8)W|~i_J;>AX3(#NhAd*5#=uY!`%<(m~h{I|FJD|1ae7DaZ`7D2fj zeQg?~>qg=wBuQUv%I1!Ix@QesOND;pJQLH6Q-!8m76wu7Afhlp$dx|vq-Tlw{)m0K z+^Tzm(IxCqxGoa53wrZnz9YrF2!s3Dm-Fd!wHN0k8OCG89*g2si%<8thZG7!MAAP} zKDLWZpnXuGM8wM3@bM}IuFE+%dzV&N-ZsbGYcRdhdpg8cYXOnjDIMQd`OPd$&Eu{96@}p ziR8o&_?A66#hmFNxjmOgg*o*zapavN(`OE>=0gkE6kRrN1tLe;#RgQN+v*HH1HPO` z$T!`BgrFchaOYY3%6PEOo@EmmpCJ04BoLe*Nm%8?E;Vr`y(VU8TJ8kuu!}GrR?9?z z_R=4!L@&Ne~66H4&t4S$^ix_O!3-=m=H3oxnNk0~Yi zu@=%2Kd$p*z3^GxL6sPGegPJ7RY>s&OB;dJCfxd57OLK}3UbM+@5e<|?z9_ORu-PD zg{05h3&Piv%DjMQf1_6LH(fFu_%&RCs(qF{eo*dUYhLa1q{62jMKut;dX2=5N^gm) zYFbt{r-(m5j$eqd3ii--r`11EOeSLYOb`L_h-$gL3HW7V!}S-GNEOe=zjq!Y!R6)q4%=<@lm*a%lW_UrI-3D+}yPEO<2&Bm)R)N&yO zv*RG2u_rs&L78v--9h20{|LSaC5x~}DpllJ=LmUEug(RXur0%zVQl7D8DQpcH(#m( zj6XYwf^%W0vqqxaI4%&+<-Qj;`@nLrI!arWHlcLN3I4H z(o*H1SUzw-f3NJ!p6mo-q9Q{1Y_hOur2(LZ4Z{qP6ds%K%7B}&8ksM z1-=6y0(uIEr4aIJd`zIyM0?^nt_D#!9+nrrTm}A1aWaFjO*pls*h&FHQjlXYs*)Tk z7!Bube&QV17I+e!8TAH^ahKl7-Mh4g@v81sdMLzmm#5G)<73wAX(Z%JA|cr5V2Gc{DOf{WL(oiLq% zc&FZC^&gSoA8-Lo%mV^X@CbPIT~WtTjMjOpHRX!XnLxz2qbFTCaxGjS^)}=f8sIdL zV^I8RA=pxmSAY?$tu&aTh5b$}!6k}xEY}4(AqxiPS?;Gb+`^SwBk>kh= z)zsANfDvl&=)%-4kQsFVeU33_H@c zxs4Yn6<7~KC0-G}32K3tDV7%=gTsadis237{lzS|S^TSph%akwZ==+G7~jO4e6BC& z+4kCt^En^ZGWh0|=L(?lOc;A{47vsfqKz1sn)Y~k0~K2#5MD_{N0e+w+mosIb7em3A;X-VxAL-BvT z_QalMDA@T)?JU=_>43k9xBm4Xg{Om_v3<9Oa3Vl#T?VYjpX|GNC7;A8a6X&0Cn#rL zdCmwWX~FK9vD`8dN_ycQkX*7%_qY2Oo?d^hg;YA62Z%(=c~Jjlw-_`a`43A7yP+c6 z@`r&Z`2I?>HwA)Y+dzp&CF;6YP3oOIy9KsVCu6-@4AZvA+n;?bwC9sIyYo7`cS;rQ zJwaruX}Z;{yGG=%`+-n~0P)1qtlaL+TltJB`9Ou3HO@I({b2bH?CF{c;hoSgz3|$- z*#8a%Dc&Z)(=OdyBgT7R-UsxgtT52q9ZT{7!8=0p-nkVY0h(taRAQ|iqK9bQu6x4Ok%^b3TEYmmAC95}c7)X?_eYnu7)HhH8$9Q;|BRb3PzPZN;xUyb)r$V_~py zO&mwI35AB2G(=7}%vg>n7tmP?=L2`B`r5{EEEz`K!LN?%9LkgMdV|DG5k#x1w-6yi zT;OzSAWzGNX@KKU0al`Mx&+q+Ri^kX@x&RVk z5s}l}5{!bDN*PUJV{TA~-CmvZtI#_n45vI1@O}$_r@swGbK9;+4!Yy4drn?ak0VXW zCQJ;S@7nKwoS_GfwRvzxoi_q0iI93B-Fa_MF3f;VF`xU=W$kEA7AZC#*gWyC(51^fTNLzWf{EXAeqaG29I)cO#&pJ*T^g}51 z;?C&d+l>&FEyMCPeLbOuylp%D|X~0B2WZM3E^Y(o$ts6rvII+ogaUGCM$zwM>rjBKjh+MVX#- zSY}wvQGr0BRQ2YlJMw9_u`C&?fmL>ssta>tm6g=E(lPIM2vv_d%_fQXXqu@~NF~Cv zt2F)KS-wYn;0=&7L>WN$$x;@Op1;m%=kFG4gGrO%kncv8;vuavu%AS#8`+@o=h4^NosK_j)FrqOKvBeIzr_1O|S@yK9w9r5qczb53GE2>loxRPxriP8x|UVbelam zFe|bESUZmMZ+{j5P+ixv6 zJN2-_^{{+^y@ryG^kT%L*snb)gR&+1)t!7ZT~9ln0%JGadag5tp2}a_6!4qo2V~mZ z7B~W40?}uFtXdda$2Wkq;-APe1bvocm9rPvEYc8M7GFvrk~JE`YifBxpxVye#+ZS@ z-H%zr1E+8d?xwE@~Gv=E^m;|0vrVP<0XoZtbGnUu3T)8l^t2BkG zG5%ZmSd!TV3#F+fpewFR8_`-v@DQ~Ibz9RlhAa}NX0HOM=Ak|H@=oyM{MYhOy(2B* z@Pt_5?Rdo^q}>E z0H@^1M3{p%t?b1l_Em$_$mBGxFRISZw3HxjoV{pb|6-1y<#v&xt4Fwso;Uqvdj!}# z%Ztbj-&l9;+okb@5}+TH%%F7)<1kb>K}l}0f>o&!RT+svmaB5fJ4{r#F8MQpuR)ad zZI92T+Oy2h%47(<47kIHD@Dj~h#?pPPTVuSjJ88T71=>Gn01INw=A`g&h`pg=iF<_ zGux0Y4YZk*m{&DRD4>i#uS}ngB`wW&Py^bx|8&GesXt`ap|pfMpYr)O;%hbz4;)n~ z(asX#B(u=k=m=(hL8*&wE`Q2j*~&DP0Cy$Jd~jEGh@pTUGo80R66>;rfx5>@Hc()9 z_U&*5qwPcA?rEiTyKLXIfaC@`l9;wD1wW~0*m!}8n&cPswl#69oWJfLGkgI<8>8qy zhNuBW&-f9ng_P+Pud>s`NZCT*zIUmxknQCU%;t0465g5x# zhw-9qAj#m9>)>#^5XAYsvq8NHbA=;(Zl~EjzcqSbrqkp77d)+82Xg6KlX8fJ3aO@e zwZ>#~*^b#2pFHkSws4KEB?Hc$EptCby)t3fxt;`P(&y$cFDZRt4{(beFgWUrHE#0} zp1q?(0RXTTI`eCN;iUJE$&Xj@y>o_G9wX8OmijLPJfC%jV`J)f&Bub5FR{cfJCI)r zfk7I80vFjFp4Znh8h-iqdrx>#X!ZDYOpLsc*aMAJH$4|$A|e|nbAixrc{agHL1;Jy zU(H(?Ex4wb?E<7&sj~Eh9K+Iu+PSods=4a5tD%d|hYnG5AUy)at}0;ttbaMJC6&jI zjF5Iel53ttQc&03Q$%hI@4NFA(_Dp2?NLRbM5y3<0=g&FdalJDN}MeP&pkKWiYbk~C5kI8~IM@9k}#+rV3ATC}W;@F(i$*mJ+=?&q$57X$hws)6&^1g2M zypYalT|@lEz(C52DME3<;l_==?B?mXY7Ngxien5xUp8e3bO?+FwYy)}a+B_#5V4Cg z0KROBoY|Vgw>eEoY|-3V^;rRpMLbi?Na2dfw$`-2_cI#T;Ps}gx`%y*Sajp%} zGFNPZb$h}~1kdGpty+CbOLj0uakCDCQ?ge$EFXA<0=M$iL6Fz`p&-i&i>1%%v$45_ zn`IM65LuJoga*OTT#OuEY)dDW>&EL0jaI!Cbws97GF*6n&5gPDG=J@vEHkj4Xz!Aq}R-8NgZn|gq&@f z8NUk#6tmUz=NO(X2D!4|5(_PVUC;!Nv#ebLqeW(9@0+eIhi;u7aj**dY$WNxep}*t zJ0sK6OU@78FV>DcT4>JalMWGLO=k~~LIMM{LO_U|8Ddmh z=`cMfN_-rl*b6osYp68$)&U4$_)%-%J*0@qtW(oMM|vjeIbq2W@*h53={J|%{ifm~)4Qw?{`NQ%?Ysfa4aG7LX5 zWy|lbFcUsZTD4QVKN)AD6^iVGl?S)+AT5=LzE_}QG*sa!e}t*YcyV}te3-5pci*$k zu(@aAVNI0oo4oG41>6>anUR8IjuqereI|spRosd!NelBpdZ<0)b$ycpTA@Yd+Fsh& zaD&gH?a;}^Q91eK&2+h$AEi43K?>y=Jc15k9yB#fK3{4`Gv;cZ6b+9lxv>tXMeOmD z5|$x3b-dH?^idvE8kSW;d}N0ib3`ckdge#XYdmmRb-4d(sPAN#yOoAG@eg@jpUG)U zlahd~|v78EWaofXUEA2n5qqw`rqWa#|E-bB0^Gi3WVBumZID`z$!yl6;M zDD};wfn15j3&K3&s%z1S&4&z!@?1%TjF3U#oRMLK%$v~?x#ZL1skZARyN;7;PRsA?+Fpao%u)&jJuIFW>#BX)4@0-WV z9~{0g-3Hg{Rof>T6nBcn!8OF}q%$hJP5E$$oipl7VAWiLj5F?#zuOlDl-2iS2bo8r zO|P`KDqFSdP*gpJJmj=P301f&9Ox7T!szbP*LBou6rI-_+tZ*bFSHC3lqy?{BvDO$>l5;{F~&>nn!&Q zWd?(5|FD6a|L1}ZwhiC9`YFI}q8Hs#r<*Mj?K}?0|01v9=oLMgXO#^Ho>%s{xJc$ z9S%SA6kIb>L&wh&Kf_#HT~*kSuh)p2!&bu+SFMES7ile zbD{!{Gi1tNE6z%b;;O9%mx7|vnuZEXQpJRs2Wfbba(EdD|2Fu~dw$qQn-~mhU5Wl9 zVTR-Bbke(_Pu@-PVG9%(vD;HhQfRoGUb!RlG)*dj!`CbH`sF5$OOnK#rLK-6Wm+df zPQ^N8IJNMUW;LAfG0LcD(f;l!n11Aim(RnVvn75YDFXNX3nJc65i2`^3}3H#yW>Yg zHfuQsO@9sb8!&D4H##|`A&L$KOR~u;?HQsSboKdsB^v@X0!`tUVXm{a@H-l2-;CrXekuBb z@4FNK5C@S)e%2IHQ!`0750-gNl3T*h_O|p|H>)|x(b=!m%D?s+b(aPW$d#Zq2EX_l zVF1lDmEWMPthS!m+q24355IY6rp`-DSbglraQO5trt+$)GHL>;Uf47I8G{a=cu>XF zkOXDQd<2nwys3ifc{K8Lt5w_JNmT3|gBzGgQLUfTR<1r}ON7vwzyb2i1HYJ;AqW(6 zW%v8tO6^$VJ5R@+7i{zpGD^8$*#+Wn24whp3s!Hc7SLt-E*~TzS2x|Tu-`?RTG;#c z$dA)}SjInaQ04Rf5#sGpKcvmM40n3D4SIm=0+4sG zVg!#qZ5mvh!~Uqp(){uJZd4&vP?fp@lE-xvfr&X;@*F`eN%t{GmOb)CCJw$W4ZxL> z>N0?!#M!>}=f3Rcm95sxSy)Ig5_X?%j$S~(d?UpidA5};q$aL0T=kN5z?&m9yDx_C zvZ&4xKGP3IdD!o8?4-Y1a>h5cmaxyCC_{=~q2Uob`~9jKs3@&lZ|3rj#uhgL1f|sr zRvhbuN6+s}kQxt0OCS#m@UTqy>@#%(@8Y#A zZQ#nYudq-id2Q&wFHH^!Aw5fTg@G?}!zO{rIVKX>6yKf0;O59@j(AUVnQ9^JUB;LT z@7SY|YJKJAN4|u1e53{-L93WEK{E+7DXw2f<2fIV2lz7%-vJ*&gedh{_uJW1T%JF_ z4W^yF^;iMb7G1r*@jbG)@!Xwnngg7jlC!i)<~M5(oR|Viz{Vs_l>YOhYhuBV#i9yT zWIZe!;zg)@56Q7mGg#;i^nUy$_(h53)h~colW%<3vR;4M;i=RKL>5*;@J6+~Q^MVE zm0?IrUqASQR(%HnhSS(ar0es#hF>w&kYdCVCUFxxx4zViGofNiWQ>4EtgB9hbAlEm zrqegYwQ1+=A&S}PtN=n&5l!$gT)5>%NB|vvlneR1@BJtV$ogK`B{DHC8pij5e|co4 zmwr)zlx&P9FS4;LE*hazJpxx8z)#^lC><9{D|d64C%;f};6Qoy68b-UT2L|Fegg27 z>LfmW=*AgK%qiLSE_{KR1eqjkzSd0ZtUuCF<}+pMW#wd~OV}>G2nA-YG~|Z;EZ@G% zrVhCO^XH03ow>eyX)OmB&1#^H=;)HYlG`;g{>LZlDpiHxf7KKoTs}!;(w)NKeYzs7 zrW9kSgyMx4`fW0OCDhF~U%$$nYH1-KPb!pk_*2Za7dZ0cCqiyVSQ+m3=tKBeYFa1s zx%a9bTC~nbrs%ig)lEKfCz74gleiLgN(60?Q|^IyM1_*&rYVGWJDYZu*oCO2?p_Me z`EhB&>x$&FLPa(*geS##>3cU+`3k4uE0ZHWk6`PK@Dn!rc#92)3j*Ysz%IzxF7ftz zc~!gP>qcZtCp(Uqt+S0okD_GGWuI3uNO9EEB<4`)H|rimA`p$wq90U+*zPW|$Msnc zJVMp~JU*%j5uBZn68Y5cq7HPp0d;xg{ma2WF`w_Fo56pjGw(A}QCpoxTxsCnNH4Su zq$NTB8dCCt|3f-U9CR-`a01_re~x@PRH9_8IU(tW_G?iw$QOW1tij4}RX-#N&@c_x zeGqKjkwPL|3UMen==i2-fIKH^8b~SjK;rM~0(L#j#L01Bl%8w%+tXhc&fq%#@ZHvgDeS}M`|R%>ldab^am%>4{g;|L z>~SDR5J`a|s`aoD5aUdCy5Mjt0_{oO$32XwN>**Ik9v4$ z>=Pxf-6*krnwW>^Zxcd$l&1#V%sH(b)SOX!XQA1ju7LR*RX-uKET#Z1v25dmKm7)) z=-{0RmXU}RLUG6aX@yt=uNzSITF=e@ub;mqHb8fg`fpdnb_iLQ(Qp?SvubdsMt;b6 z53YHARC)Hce+>Sg-iP-^V7|axKQXYjx}EG_!*Wu9cN`lI9^8li-U7}E9;M4@iB)wN zR?)wP^_p;5N)2PPD91>0$3OgEmlcAyml9Vk7Rz|?ywkXh>s%)*(l_tAFw*lZU2WgzBD-Z#hCy7#pEm9KV6>2c}>AtY__FmqUcwAPdU=OsP~1&iDI99 z?_%d!_1&e%Oy_#QSd;6)GU9THGzU^+f(}R*k@i5yzP>vMFHA2&P;8Fo>itM#ns6sp zkNHpQMM{4e_!4so<}_$fBfwG|%@*YR9$3eSJSi09hl``{4SD{d+Ye=yG6<;x+=Yvn z&eUx>`q=!^+poL`4e|5CgU&zaEgQ*NnEB8By?(6BlbcEipKVo_H&!eQt0!v3nr(NQ&4>t4*qwn8QqCBIqLAqR;NM+8|6d2r|2rCz?)W^-Tsn^P S77#xKf0X6b<#I2YJ@`LdKe?;` literal 31739 zcmeEuc|4SD`!^CQLfY)RC|Sl>vt))D%h-2W!VCs8!;F24h$MSql4L2Z6e4A*RCd`a zSu1;4%D#Kgi@WE(pWpBKz3;#8`}w?g_eW!{^E$8dJht;VzQ^|}&e#ymvY%@|4Gj&8 zu8x)|4Gmoy4GnD#69f3>Lrc@peK~zo?E(?Ch z%1Oz}$=U9XcXGoK|C&f%N(M|IZiOdeNdXk_(a;?Hkd*;n%OSuga6tjS`!P@fE&;yL z^!E0`S>c@Z@xG!kl)Rjxl$-+iT3lbp+yEmALxRs;o$FAu)|dt=a887b&HGbdLkGX5VAgC@ZFI=Suc z7h$CZbF+30u#r<#Q1%LPm&I9uyPz@tI5GtfgtQ~FKaYkk_y&37cE82q{P8Ye9WYTj zZ6Ina-pP&ZL;yqZe@PSW4aV`4~gX#On+KZuS^|wD%#2LnXc;{>SA?Il zj;4*dCc;z^NJm@7&&Y(Jr|GGUx02OU!dRI(*?`en%7H$3yr(D7D@q3j*Tw4wnYw|` zJ~kwxo_0W>mZ6m=5~UyHtU&U`BM?eXp3c4oCYAwKW@tAbvW&4D7;9unB3ih?;6N}a zxVf^tnYXe55rGb}m60{`wnmv_Y{-U4S4E0eDlgJ1G$Bgz!W8VLgd>WsD7xq=f>rJGsL((IiiQ1B{;s!W0-V z0%rz(z!3oigfT%sAdn=3^E1&wYZ5R@WH&cWJq%LL80Ui_BV@>?22QvDxT~!POgUKB z8m5b|3+Bgq&MDE zGZ5zIgO@WgA_RI6Jx!HOodSU4B0Q}vKzu;SntOp?bT9~8=U{D;GTG0-76rr_ATMX^ zLy$K`7z0B`1X^1V&~j$TV0lHNnUb}euac1k+{QrP)Cb{AA#3`={3#Ty2}&yn`SCXwvo;tHPU7pwy&R3gbykTOI=87CuIrC>dnk_))x zj?qIAo%C=<+D1+&c#u2MgLBL%Jn92*$1wTxl_)+`7It|JIUO0YkPjPMT*q68Rt z;Y>Yk&`NR&)>tc|wz86vPoR}A(GZP?!K^I3$S`w^tCxYR4VFM~)+GANq0t0_8A0C| zZl;8m(Imq4l>?3aObITw)_@T@Dock^-=L#3GKw;ahDKHxA9)K%>7FuX z&K~l5XkD_2kEtcu%+KG+#UB|6CV+yoRe+|Rv7fWQybQ{~H_(Mlrf6YN2qoDdS!ZuK zBfJOJ7#d{bFHe!T@j#<}16`4DC%m$^k&-;o*BbJ27kM2ICu=ir7{%IM22Zdu^TK0g zNN!pPDCoJ6DW-76U}b$HoE}aKi}%;__cfJATUZ;}cv|DMf?&RZNG%(ED^h?n!Y9z$ z)*FqJcXib<_dqI>WNa)HU2oBVOLb4m0VkPhEuS2l* zG7r?(M4KuEE2AM_cQrB8Cu-@-`x+{k80ff|QJnBzNLd4GoJ9~3AFS`Cpf6+P>F0{k z*9k<)x|(@F2WTJ`t#4y(jCRGi2WV+|8Q=&O21tstye-njSl1d10EdnOp5P_xEgxvB zgLZeaMiRB15J4m_4<`$6in)yiT94u#B+w+0s-eD zYXya7GrWzBXP~|(31{UeM}qt48dLlOjZt{Ag^w#n*3;kB+YLij!YhJ|0)?_NvIao~ zrQ;!EMs{(6>`%tmLQmP)K-W~x+)B$3?PD!#Or|Kvn(E2>8XFb)Ckpm_awn!WvZTJImcySW8SA&Nf9QRozO1&qJ`=#V z{-|_Wxi$?x8a^}_@_6%{=j{CYr|?HvFTj6HtZX!NXK9#dXa#8KBWT!kB3~H@q)8Yf zkL>ktG-uE68{XcJp?c=AR`!f+FjRcwotjB~g`#*P1gFU29 z^UvFoxoDFcyW4Yx{;`S(Ah6KC#R_Kqzgl3Nk;ILa-@aol)b5D9zxFW__3F9L@WjGo z*D5^G5~yZJ8uTx+h%e%R<(Tfd@|RYVS?Mx!=3gIqOc(hGDDoo4by2XJ5t8FQ0UFqS zI=N_?$hSKe#QeF;fhcI04o3pPvfo3BvAHJ#Ni|?8(wh4q^+Yg&fx+kL@6piz05|W0 z#YNK615Gf|0T~Ol(2JhByfc390G~Yr5ULiiFJu{)ZxJ1^DuFbMUz7!)tjGv<>zDqg zH-FY{o!Xqss4aLo^CEuh8~;|MWw8UVchYSYHt}OSH;m4?FED@`Oa-5KeS!U$n7F<8 z^K)0B#wLF4opiY7DXXG_Z*{Rk+d(hLqk4PU&K`@5*xuRs+U%Y7Cx@8?UYbj^SnHe+Nr|p@OWjUj zWO5gZV8$eLFi`2K-8}Kh7Ebiufq8G<2XyVlHR6Zi*_Hi!;$55{!6yok{BO76)B(`sw@=IiaaVj{op1*|od>FP;Cr?MQL0FArVF zIVx#=eyxl$Zuq0GqPT18qvzD)iora5*WHeZj(q%R)Ah<`eWBa#AtD_|aNAdDraOA5ScFceNsiTzdi~A2BK5W)T;_!RgOpog4@z;QWV{ubE^wpqP+A(Q|0$G>$ z?Qi2a@E>leE%dk~b-1a|bFOtHg=-a8&Fz1DuA+!rIe2Sz9KW_O$?(di)YUJZcuV8L zV43L9K+t&hLINo?ih=ofdjdv}yJJn;`rRe9=R?!e({SGj;~!H~^i*@1f&(ul?%7;s zN^WGD@=ix=upv%Gfav9eTB2PSr()rO`)=fXb_hxM^vDJovOFU%lAQ5o_T{X)v$J@C zZu*1i+RDM#QH=QM-e+RHjYE$eYj0&Lp&Ca5YS-<#)I*=+ODF2VLz9p(%();|cYG;z zYuz@=R{5B4S?=gV%g3+*-1jy=6%`fcwhbO-asi{VG#7Wy=*uTrA2yrwxS?d?=(eW4 z02?S-v^2vl9%X^ERr@GzBZA?4CO%_iI^`Ggl zbl8_CN!cFS-pslGqj|9L(b9QIt6~R($B!TTetWaGx17Mus}_8X;UJIuQXE->szlk2 zW#LAZxLvO}{!7lS?Iz#orJgeZHHYLgKN3YR=Ao_5ifM{9PYq3Ep_#7Xg!nYVRkM{T z?}f3$_e~cP#RTEf)eEVDF#l*7BUs~z9@7H@o#EVcBMH6(Hhf}(hf+q>a(SqS$!#4v z4r}S*eI2@DLmN5^<#+D9%Cr*0^{m-8sB}^q?<~rpy4k?$ie)O(B<{0|a z-}Gi})|r4J8<<x&DcGT6wpkz#aP1N_KARUf+899aSQ0cSU^Vs_7#hS&(BMa0~fBl_qGOy>Eu*PF!^Ev@>4C9I1-K0ds=y}mTU8SVF@AtfAq$}jlC?v0@FPt&6z4cE^e`htT6eSf>JOM(AhO4={PS8DY9 zzNM|rb#9@ySpOfVDNz`O<>!+Ao`bUD>jSVac0h&w`Q1K1ZVpwUc#|b$N}Vt~Ci8 zr^hM14UfJ@p)xX0eH(nimFdyoopjYO9ulI;Ee46}=-ZMUK9@I{OvYiX$9w9k{p4jn zCV%7O%s#3K7UZYOVtO*^tc}=rwsrQrHXNVKlh}}-9_Jqj)~Uf%PG1Du{}ISlV9o~| z;$0=p6X}EN!KqHH%S-LA%#kr6SYKOuDEs^k*SW7smw7p!LVMnkX9+yI$8+U*3^Q+8 zzdkJ(;5%#K&d$`W`Ra3A=Imt1Z1pncidN&zL!Tr3-ybOw&d^#Gc52DTN9vq1 zSf%!VSY<>KhpgjNRq&#R2Z1o1eo7_bsnT?g9RmxD%JBL}_irD`=)@XGjEHA@AXkPG z?LEj>^>LZP@$1X8g|U3Wmyb$2cnQTHld_YkOq8~Nfi>OmL9uTclDR2&+1mE0kp@-g z2h5DrwCBe^C>EGE728#IvNc;gwB$VH(|gvC)4F?DcuCvoTa+DG;}Q6Omn5`CG)G@w zAAV`-3p`+^pNkqgQ#p=lb7{l36!DRj z);KxRGpIL4tM#8l?lEKGoJr}xvttioP3yY^?#wZ*D6q@P9?o-1do$P|l2IDxwBT|3 zzFA@CH3>6jpSQF(n_h+@X+pUV;GSIDRr}t*)lS3V7A3K5ezs6-+yonXowWe zRD2yD)|4@Xh5vJMZd7`R1mrn0)%#D=MXE5J7m{i_9TDc!6NUM4zWCcP7tFVvEWH;j zv9sDLS6jf?8OHhjfT&h>v+89?#2^2Ih<9VyWtEJeSFiYH9zXmKqHBV&$Mz(#`AN-3 zL;_h@{Rdg>MxRG=e6?&7KYq;V=e~N@aXbUqy8ORvJ@Tv|)7ML;Oj9WL!JgXnnU`?N z7)Hf+f(?|V#m^HFWM}%hB^H)#{eFDXNhq)dk0cuJWm-v!c(31l;qa9X8PZh7>2s(v z{!_QLfHXuyof?pYBy*oZ>Le{KH*F(DjXa_gJe;72VaO~|=aPP0 z;+*l!G06FYNn;z)^*>E|X|6^FEZVGmy){y9F$-O0kjc_mr-$X;MJlij)P z*7EF17q(QNRaA5VBfDQ(%7HDpK}-%Qo)4u`%;y?U9XM%(IkLw zZhUVa-cSZ^02P`F}r>5@}__B92UQEa~4t1z; zdYCIH>{L-LaS&QD`89|_X@~4b+(o3r6o zt%nE)_R!4TOEhRvM&{#Z`PbTGCqA7c$!i3!%z}W>0UWz!Na@RCT*3nRtXP-Jc%B$^ z!W_^*a34WM#0h9%j;{_aHjLae$#?(JeZLIbc<6>|5V@j3gaeb@xc`jtYy0u8zEhTu zZl69^-aee9;qWrt9h9weK(okm z3*L58WZ}%UJr3LqW*mEsV>*EBPCL$!|DhidV-a#PK&r|T+hh0?bC{kZ`Hc@uDe!{ z*iXCn7$8yXJ(bD(APanx)XuYiQ$coL*CxxQfJb z3Yk7N2V_Sk=gx8e_K#0HVe~04wbL+lLS!myphmlFN4VPO#}WTBgR{3Kpp2xsGwCiv z^V5j1JrP=5RLoqQhkC)g=1)s?CTOV>#|HYEzlWawSiL-`4<(*)#9sDRxP3%e*KNyC zUY3{m264VdUoI%B+@0s?rlZ>jWiNK=;Ue&yuJ21MGzc*&)7-n|Dlgt@R}YYEJzLkS zoVk9=swI*)eC17OqHB@uvnI&^N(h;K>+9>NR@idSQy0&GY=xgpQ+>>W8nvIFWW_LR zbP$S;KxVds`F*8{EWy0RO~&p?yXzqoyeA@AS1dN+;8$-dsAP@@g$lm{D)VH=Y#9>i zlP`;*Px#QBxE^%zae=IqJT}^c2BcAq#$m^T8DpRXsANG{X4%B-*pfw5?|lJiOWymh zIJ-bLb7h9X!~z8+QZ{QQILE2SvrkBww{jsfb;>iM2g>1mFpHRd#kRX=`Z0BnA8%?r zjL#e?fW{bVns_lo$6CjLz=I|zk(AQccrX=z8I%5DjceExiMp2#Wl78*19Ah-|8<>? z!Y}XVyYm2taplC!MI3`ul znx$Abp)4eD|CloFJBZOQQyN{JHN~<7&2P=hj~#;?pZ<^IM+&mdX|;6xIZ&dwepK|6 z4^*#?WnI=2`-NPe^J&azO&O@9jCb+|^lKK^ta-4OH26u`zt93D;C*|;w$+LXLZ7S9 zbt8?`ZHJvZ`+Wae|Gh^xXIcsqNcl9skyobVHN$%Fz%9 zhT7o8laFmmW0Y8gKRcNQ{r>)rYjVn9y?qm2iEA=J))ApZmErGpEhFVB@+;MVQa(>K`OQFNm#Dt8*5%ksLn&>3HJ7;FA(x%kXc&bO1 zrtam3evmjWdZ-sO-@aL9v)!~-9Www2cFz9~JLeR0{u`}paj;MeVJw`z9;0!9I z5#(7yX^mb-obfwCxZG3P_9tc@WR8Sk-tuJMRHlgWs`xU6h;pnsmf~iDQ*;v@=IT=P z1=BXZfYJv)(Vhzrnj7iG&rHA+rSH#2@(!9c7FMDYxNzw;AOSvihQ*=y0Pa^;^j!&U zAIQ&`J|6$`6#vUKMyY`th}!_EkiNv@-ZepESdAlA9=iAJ*+)ryA2xMas~2l>@T*M6 zP4%!B9Sgs{)ybDgSnc_}r5o-|Qy(d-=81r!{V(QEJwKpu^xpsIVM%GaOp(o!(^Dol z)u3$7E#(p94mL94B~p+AQnnbs+!Bb;?c_ji=(62w^8-AYAf{?0FUUrT|#bSPSP`R_!YH8h~7edN0() zu;h0Y8l9O48x~7lo1FikVf4A!v2c5>csuW@OMPbk%AV(9s;L0zF%OMbKCLI4vf1FZXTw`Q#W@ z(UjL(B#;HhoK@dk=(?1m+gFAmo;h;{!tuhD?e>-Fe&@!&d?+aVn5g}E4^{HDh(j5N zX7~!Qi-qPG!CoYCTm+^h^!&nh_zgL?gQp#9`jZZ8;i7F7L0(4nbHPYU@+6qY(sZ<>Z_RNSvuzpRvVu68psB4^gYO zx7H{5w}0~+4AjN4o=Hkw8-2ajEAl&`tQX&)^YC29A{46QmoyueX~4Glj=we))CzH* zxT(d!@n&hs-?l37sbDB(L&~8_N6xiH2Af*zme<(a3eqk3NTRO5cF15=P+7<_kxMnu zJ3;awCoDP>P@;YVB*pbhFgV@EO5OX)6~8q1gB{#LQ`!R^|5;vIG18NTr_7=W&NIy;?pggFetZ-vZM+FmnFzZ-jyw>OHZ z=~knApFo;{!DQ9hLqj^J?2stifh$Ff;Bd4lV@1?3LSlZ!1V$vVeKu0&>iP5u1^O-` zf>#!W(u$x6XJC*K68XF)MVlQ2frV55AqXU}P3PuP>^O_7m$-OU1Cu`$*?Y2G=lGnD zN`N(YRauqf=jRi#uo)2HE|CUaJoA5EPYih#K`S5o23FD5bLA(uO<6~BigvBgPY6Rf zI(Z>^dLNy(VQN)>;AE$0A>*OI)s*GZ)>~>>Q^#JO@K&_Q*9n1J6lv13WDhrey@L-A z>h!;Yb(iFn4ASxt1HdtQSDinPy85Z_GtFOI04QC57+EkK%;=r@*7*b0 zcGkl|x`+fP-S^q|UpA=6GzB_ad_g1ZKY)AK$64GEsa+qK?F3=8x@K4!GJ;2fNW2c> zstY|l6p4&+vF^SB#Upcy0@KNZv^6s$%eC8Tr)|p`?9vX2Uf0H?R&CU$5`n^1< zEu?$(C|Ytgq_TXp_nGH2l{rqd!0L;1kh9-ND?ed$3*I5TdQK>9$!Xuyx0l(4Ju=Yf z+KS@nj&eKprG{QKOSU`~`;K-oUh{07A{=`-%EA9W-W+kLu;yuEtEi zUek%;H$We|ko*4BP_2fapWl(r929nL<@fNyuR2!l?7a1pggNUZJ92gbwzDSLHsXnN z$tU^~Z!^+k+PGlwX=a-lw)S73?ww)lAne1Ie8-YOyZmjC|8H}SNY)E0b#JN44uRh; z-EJr_5D21Xv6}UmG{UhZ?5mP*QTdsXR?*!s zZ81)bM3Jpg$1Ty# zs;9U+_)oS@om?l0_9b2;Ed-S={R*SdU-?x#W@}MM51oom?Du~#mwpdv3K0Xafa}3; zD^ps(OC<{PqTDv9_tcy1rYMJ{ThI{=y8is=!HTcLc;c+)DPzrq zWBEU4@Du&q)Dg3dzH&moTTa*~I}vsFb^%J$(3Y&zc8|Mns-t?+*v~P30sVBzNgsZX z1vLA%cgo>J6JCJ+TK6tn9$l<^_l*DWM+f#TD|5%NYX?Al09Dj*gYP4b8LBU{ds{2M z>bQM?CUP9;vjfe4hkxr=tXPhMM(8gpplp>7AjPcai2&~Cauen!_{B{6=vm=r}y_rxV+16CIois*sEIYsXdlA8W zYzfE~HcTxeK^85Lri(V%*X)UTD;j;eLh6z`D@*pz6x}v+GwCKJ|0!z@ZEQ*Xh;g|Q zlT&GNj*9=(aTZ>cvUA-}JJjwiUL~SWD8CWMn)bLL1VhouVFqwF1qgwMT_u1!gLHVe!-fnyIovEe!yx ziXHFVYrNtxVm4!AcP7+AmfBsC)GUQVcm_rkrq1n|>iV*z-uS$^pEA}W%b6Knu%EUl z?}OVkg?%f-VjT975kwboAaq?e{BkTIPU()v^+!kZ)Zo4|2^fd!;OhW|LZ7Q3%Ii0F zG!#_lm2QTP&p)O1q2^f=!P1 zn19@#R&cW4;L;HStFBz5@`soBIzZ=o=0oN)PS^kb}3y3-&?PTXG{J=9VKu zR`(5`0$u1mY(ui(n6O}4hO}eRo!pyBK6#bQH|L%DCM7DX3SN!qLrJ%1Q_r#3`9)=N zt#fC{k#B|JtM`q1p@7GnBV&+v0JuAF_*8bY&JvI)!@N?KzWyWvz6+tG_SZgqBSYQi z0iC1A8yDW3$aV~0#ZiQA6u01gHI;I%jfoc;7_JV5y1Ar2lCJ*trbINKg`;P}#c^1e z)6?$UKut_T4Wi*0PuXV<+638rL1FVg$l)(yVpM{8eak7(-2R~AF0pL~g zpZjH~Bk?b5S6fLpP7z1&hqG_Wd!~PJX=K+47c;nlU2-J$KTlC2IHf<5*8YB|{*geM zk8xAsRVY_%V9ee)w|7U!Ef;PENzJ(!o5 zcOd;8_1Yk4NGx>fOMjfhx;3sHQiOf!?Cd;kmJlZUeB|AjXkfU~Y&qLkREL&sY+yZa zK>Neu8a>DL-p><&ty3x33h_EXDtY7HV=eM1<^8Yj`(^{3YE9MGBwtePYO6X)1o-=_ zpaw7@KH}XK^u7Ggxr3P^ycZ{L-xrz|)bFf1ESaL<&^Cr6i8*7Er__@BDoDkn&&FO@ z71_y(#Pd5yjk}LMuz0A`+nl;6Dn%XfQrdVjShCUjHhqx;CK1fcqx8gIIVgXW)YxTT zyuH|fg|j|S$oD#y{76wZeUpE0By=w-(XOd zSv}SQD>TX}(w6x-?NTO8kz)PYEu4TkDEie}5C#A-6bGxWM}u0R>lG-G*iXRl zXn}ZKC@1MVI6n+YxpR|NHwK#Z+0{V3+;*Oj9YhFywBT zHdsJZ$(hw^qn%Tu)iw|U+|;WSniB`8*Kj0<_hX|!Du%+(EYb3WoTEv9F%Xpfp69M$ z9k0-f(@>ifG{zE@rSCX_j9zjlqjzoYSI7PQ-JIW4Y|yb~6&@WjE4VA`k8ZS*4}-^P zxuj8_vp=<0rZC4X;l5lr-a6tkOquCdrus_yqcq#2LAg!l2~lCX;~FM*~vidWc(&>-yXB?v1G0>dGs5q4?u;$ z8+GSek?hlBwEZQx=9Z6A@kdYR0RZP%?!^k2yqCjK&Ot8O^Y6ZLzvE)vJtKN#t@S3k zI9@7v^IWgmT%?hc_nsv!q%Qif#8huyOv;#F0K#GAap*|gqKbl%a&gZgyLH{c^bOIC(9>SLH_(pH_~+*$eXtX(VoU4KCDz1CS5=cM~r z=ACgf=Z-#sdrQP$l~l?nhS3921w%*?h|zzvm=|%1GE{Q@L8QJ77WI;S%co&}VW3h~>T3R{<}Zjx&O0(bw;9nlQ487>%r z{<(C&jO^UxCB9TR1`Aw1JSK45g|(LAeUBaDoi!^ej4vWvD&*8{>^HWe{vaPi;|%F@AZF z4ku;@WW?q6slld55V>}6{VrJdkDUY_tXuf6b+=k0P93Ggg$rg>lJGZs68lH47uz8j z8n9eHk2#`uDvTto0?V#QN)rUTQP`3>^;ap}>Z?uE2nEvM%>#T~Fl(O;>xOrsl?o5O zadW}QdnLx-?=G9dhqdskX^|cQB79s-9&z1usoeg#Yn}~&Zv2z>-KQ=n^M99@X`r&J zzH-^jWSl~so0{?U6Z8`5ZRGll8i?cKGQ9YmRXUOh|A4-i~B4K){Q z9=IkwSo|C?)LO^4YcMrQ8#If}E+un&W7yV@=C#%IoMBbl8KuaY6!vbjZMegkyGa`tE@ZEsxI8Sq4wa@kZS0ATvkxeo?V5Fiff+}NaI^O%O}ms`jYdi zo<%A8F zTa^U>DFD32Ugq8223bTIao`2lQ@h%5wa1`2;*0BMklsEvMF^R zZ_DnkAPx1{Z-4m^?#eU@;QM=kF*a-w3DDPs%b+r#|ZN-5#nbJE)gC=>nYWZL*avF10++W3Vnw<@#L?MpkVWAg!gNSiN0unC`_)V zjY+)OssS^0({hQX z-+qZJWt2Mop-z9!Q;v0e_b_ZBwOE#qs*0U*e8v2fB=}=0zIwhr-(%^X?S=VYoEe0F zIeJF^VFD-pj(aNn?MVNFd+voz=CY3bp3~_yXlsYLwq*9=zEsr~KS*L-YJWR8zIDZM zPF`2{ATR#=xUJ>C!jhV42cJ;dg*jSv=HDRy?x4!KwdnSOeui9mz^~U=AZS*qB0cRn zUdNhGI;n>@?r`WB)ve_t9KV)gd6%>pS`y2kP_t}R!WfCUyUehou*QX9MtN?5uj|di z@!!5LB^Z6svrH8cDY-@DQA^>d08`mzmwr7|K~#e^zNOCUj4WK(02ck+zp*@Q|CcR8 zA-%aT1-fY-gob^tV*3D^tVqyXdj(&4H+`<3to}u~sLiHnbO70Yvw6ur8;sZYk4*W`RXoqzC1J?r z>44Tze6;e}tN}JVQ%SG8LCVwdQ|suICwWEc9bn;goNs0wK565eI+ESCha+by1-+d| zSQ~U)CmL>jtKa%GIOx!fA8gp3`nad)m|pb1LbgZC-6Lr!&`P6y*2Sa?0CVzl`a>!P zBAbrgsl&$V4$lm{WNDn5nu1Fg|AV{49Y(#RBbJ}SKN+QUY?YJ+_*0i}2HbEQT%55U znd2EP6VB+oYhR&r;mS{>_KykE^4ZOVE%9$PeHy{R^BRVZs}P9xyk}fVPvZV5d*_Lg z$A6;vB>7t2>8P`OY1gIO$>pqrd%pB_ef)@HVsjJa+#x_o+@Ar6;3tAnfmUldX=pJ2 zmVuaZZ>7h_2gL8nDiY0=2@B5Ip@DfRx?*XVCvGj7nu|g)9mf_RwrJFSFJ3mGSIzwd z0zo7rfT9*2+Rtb;_S@t`edsKy`f}b19*ssTUUXmQ-_E3^Zsfn)J@dl?>(VidLymkw zbp&*abvjQ$3XbUT;927c)U-BT+QX`P{_+tHp_dNVFo5X}H(97V5z>8bY=#ijzE$KP zV)?|Cy!tdL>`_d-m)utZy|%O`db9OJ$cWle#EMU&y4Wd(s>1XNt%jpU8J-?BL+Af42B zQlw`}&00YMa6+5(^)CaOmO!|P0TuR+tv;FcYc#gL%J*^a3KV7LxUHuDxQDKl@Zsrh zHV|LwswUYZ)H+=<(5?SNjKS>;EBikU`xA)y0UcU9b@*oE$Y6DdK^8iZCl@feKjvLqs=h;h zdM0DI#UP;HhY|3a5=utoW4Bi)FGxLuI-7vRshroI4(KhcwLG*-zdrB{t$nJPI5V`G zXmVAzK=r2Wd~Ph?gNMI3j8vUEiRIjlklRM)$3NGomL7 zb4Qrm+}sKq@4W>{1on*t))WTQ4NBIHO*A$(3uL9Qp~5VXv))WH1> zJ6&i$R^H`1R~vF}EKy&KACQUD%z_(JML~-j%kdPTs3tIp5jowYZx?jin`*uO=(Xj- zl%?St&?MmI6S&87oX=MYq{55?`zK^meNPR^C2p_-T!P-C7SD7qWSH&44;Nvu$!0@R@7q$rJ6f<9yg z_XuvaN4uE*du@=kFn`InIyk9zvs~~}!jfqdY&lsFIq@oT&$B&BSDDemqotrxpH-(& zm66(q#&${%`Q#e>nYbXnBTnIkAUL)5UhWd62`Q+TO1jZH6{+7mf0mc9pRRR7n#FWi zUU<~O9}8DNggzo*lteR?!uL|u!?Kmn;wOnueYm9c-vYV7S3$a+>VpHogO8t7Uor%tK$k;J=jZDqJw>JZ@n68u9e$)6Yhy0Hl8zbCMflVmF8-e<{J0xzr!DEpull3|84Z zbz>VnL&sHq&$NuX@~8V)Q;McAe#}xDkjqx1$esB3-fD&uOzX3{Ta&z@e?I0lH+FKran9WiByHjXB z>4<9&ZrjGOML1q>$drAV8r!@$3S_(ZM3+% zMch+6BH+iE0FGYB!tD0e?AS=*&oX>RTEQaon?n6j=Mm@)Q&3kLJk3WZb!G<)ei?>8 z@XU8@oOAj~bYuGF_?!xM%iAiEx^~{Y#P$FI|+dl&N?IJ?)Ccp|Tg-Gzq17X0!D^!f{JS3}GZb zCGXpPcA18KGtb~&MS^vEkGdoIX(8|`H|ZvK9N1-LPatSc#RRIYP2|U1YwVOXimuvd z*@jqRAn{M~pB*Fwi)<&}^>FDF8Li|MbKBrFN`&6Z3Jw_fqW`WwiNCO|t&NB^6Z_)M zZASvHQo1VN)RkF|)O{dh&XxLy3t(`5RZcK|BRknuqHayb#@;gOE z`LgI|$VG{ZxmvPnVX>AE;b4eoR#MnhT|V@33@g7w{P!;=a%Y^~(7l<~O?>FV6XLZs z5LqLcX-?YfObMP_NQ!#3{PkjVm0pvQSYSW@nUmri^PtL^ykB_hhpcAl7O1vnkG}RA z5$|X?mBGOq*m+Dc^LG5f`b6G`+Mag?3OaO|6OChwhJx#gQ~L@BuN*8cZ%}=6x@je` zjqy*yg1UO#q>n?2t08F&(29pP+{Z1Bggg_iyu0Y>-eZT1Ii=d3D76!mkjLZ$I&Y@w zo(YhC_(dGn$o>-0!Ec=6i{`l_m=>fhW)Ct4EbIkOoBpqo4GnPAm-l+8pg`3E!foQg0`Le%o9Pr_-s>6MiR;m>mbwWR=LTQBr~FO_hl z;lEjuYzN~%7>o7{No_?zO?Rg3F-o)GqIOc=X~iP^7ZvH1S$y$7T7 z(~27>IcusPPrS7mLt$Z@gW~q;^zbnrh%CwgIO5I9o!n7%?8)wTx#@mA#2)N$*FMok z%kxD~1jjvK8;P62DrinV`Ky6&X)Wj3Ucj{_Coa7I>P;_lgO=($vIk$hN)}P~liM-# zZkpT9xx1ZOgl3BX4;Hp35O?p&YZHc3Yo8fcEL5@@Zg~x!Y7HrvHh(Z_+x_s46NQB{ z__AiI{w`}q9|P~BqjqccA#INH@NwOtKlyt1L}-6f8FMvy0Oez}8?$e{qFRHu8Qvye ze@MrGuAG|GCw;Z5u|^oNvSfKSv?G~Q?SyVa{$}T#_r)?9+u3GpCM}wo9k0-s9j_Zv zQOvs^FLAOL&73G=iT?5&96aBJEN+px6h0@L@Wq=yJOQ0h!sZY6>WYQYaAP|ePn~6S zWPerA*8?LzRT^^hEKF)`PERWcjwZ5xZP z7L}d`MefTxqWv!eiZv$zIn995+4Q!#lIR$=XtCD&xdx@Nz4{@5+O?^}!63%@0$yHP#;2OJ$G190;CDt|jKSCu}{r6Rz9wjD7pRs_zeqZ{s-VTxo+J@i>`jTYS)^feZ zmd_19bQQb>Ug{V4%~Lne^WlOCCyeBC(rQ(cS2PXKV}AZdW*vcYs<*I4)8{d*^4Mzu z=IJlpc2$2W5`&U-8|TQldZ@LbKucgc&i2MLVfsVVUyU|0N}(mFAm2#G&5m^N?+ul| z;L!-bsidEf+&J+grn>(3n@b0tmDFyGN*iQ>mLWf(=Sk$z)3#bkYD?Bh{3RdM*B`CQ zszGd(XH$d^1uXV&N@%^%J+C*@NX@2{w%IF1j$3u>8L&p>?os`Ev%9Ln%{Pd zn>zA;wfE)WP`>ZmW6M?{l}L7j5*a($MZ;LrVlT#;o$PDM+So=k$xeunC6S>;F@$W{ zsVtE#+sOXAA5-7&=lC4Q`yTI~?|U4te?9X&_j5n@cAeLGo|n?jH-_7uH^i5Ep{Z!Q z+q4l(nqfQYHMQ5?VhJfJDI5Wq9BQ|U1Z1?)3PMWrBzh?^0oh^LH3K`^co`fxtxG~F zWZKi2_*=ta@KL2Cq(#n25AUhg6P^j8TJX(Ejkb|_rusWSUJkp6=fxp~_VssvUT@R_ zS_~;q%e6>hY(FH+Ao>fKPfrW-X&M=eI>^V_If6Y(<4Hr#gOG!z=kR_4rof;aZ8)KY z@nwuKrwiwG+TMJouoHtaG7LtoynPJzOy+Unx9Xi1)3)6o_10i<>ZftZbWHfbO~l_b z1<`s)$$KGomES@-Yv65FNCTgce=foyi3(hI}P$)Mp_ECe>8l2+c(J{m+qKYIeKr4 z?}K7*uPg=ddtSJ=R)MGyS9Loul|7`{X9%fl z*>LFIQt8A}hW}5Y$4Vg$-1&wXmGsNzK2PkPWD55qHop-+^SDyBUYv~>0Dc(t3LFb8 zn9z@}dJ_yJ;vA;JQ7KWV75ZE}9&h?s5{?agD=!-2`GuqQ*A0(7Ew)yB1(9>O@W~__ zkzv73R}*S=yax~Ha%qS0`4;q(2j=zF_c$9a*Beg@v&KV5F8tQd;SwT(fYz z+MZI`aY#AOF6X}{c!XW%bDq^?#gp&lW4x?xuS8O9R9nt5VOk~uQ_+5NWvcorZS;+b z!^Z99JzY{srpe>*4-J9}+}HncNCyJ}Xc!EEnWXq;z-D5UIxm7Cdf1{h_-hz7Y7$`r zrZ#_b`RN+9b2ge;2koK7RUvt?647Tt(k?k8cx#pomwbXO+N#w%d8{RmvBMUf)V7@A zIQEVwKJV5=@A*fYT{E|hlGb%%f(Dyew>IoZl+HpaDx5GaZZatTm_t=+4O=2oG3&i( z#(&V=nMnM-Gv?DN`5qC)##Ma1Z(;aRZqks)Qf9W9m3wX~zIOao(5c|5`Xw5*}a7gnS|TahtoEhV%*~k(%)_pi*N6 zDmAzJ$~b}1ydZ7=13C?7RQ-eYwmtwzdCybGBw^En-t^}$<_)}Fv8$R;BEbY9d2_cR zHSvEZY+9A8O>IguwU2fToQ23$acR%JB2&&(`m1h4hsET%fmWJ_W6gJ`BSzojj|n1VwfSry~-7 z#P+mWp*eLJLa)wdF>R^i@O)5>zWbH~iAV7XPU0gVhEJ(FClEMj+zvekX`J|w%d_YIr23ddi0km?@+K}!7RvbEM2qc8_+KDD(4RwX!DBp^bu?$?k1ai`0 zR|b)%Z$|`m6ZIP|lGY#n^W+B@2kXz7^&3mz74Yll**;95$ph)O0Y;Dw2>GAu?#z9% z`G(I|n55xW0+?~p=!Wm|_e)r!1RJgjODiEi=sd0>By^mAUwT}dQ0MN=4u4QmoSZo0 zIAmX}Eq%VyvbL!x#`&N_^qnE5KKRi8eO|ln?N%mrI0oYS0%#(MQ5ueAue}&R6b7MT zPo~Gy$3W1>$ow9_#>0%SAvp)YGyM~gQjKPA9qW(JU-dLi`Y{|AiZFQStqTS_zZrk83haJ$b0QEfceq4oZrBZ)jc#kth1KL3BL)__|=X4I@}@s zQ7F0>6a02XO1IwK<3K0T7L9tlF5cAS&wrxMfs2ay1VuEc+*1ptOpDiT8_$w=A_%<) z`_&MnT?6d#-mbY9V>TIHYW!G$sYrIU&17fUFaFYytyO_5aJcDXNYTq<=;D7|jur7- zwa^TRzLAr1>2lcCgb6d=75tBA&>}&fG!tR45g%ohHosvj?M|rvK63kR#CQiH3gK$ zLhy+xe~{A7xo|$#44N8D&;IZ?)Xv~J=FGw5F&+nA9P?L(OUu?A(7|vFN)ebqSlDsg zEe?C45*^{8nl<>!i~E{d1ieD6Jue8!nc4QY_Lk#AP>oxCWuNYx_T5p>3fbRVE7A*! zY54s?^l=NayDe>Z{zO$wEVS6z236+zLTJXBsxBU^XyZ;rZESbnqgDR1goggZ+pqSb zJ*LzSaHo5YIFMzBzz3i?Uu)rw|9rh+<%B2okfzdBm%h6weynkK!L_|&3?$-bhR64$ z+JS8q*mH}zH%_0~;Ux#3wQWRte3xZl+a>$^8j0e={Ya-`1HB^MxOrsRB111^tEURY z?u;!?M3Fox<~D&0-@C!fv6i3dMeCI_e>Vxxby29Us@(+mMwQhEx}gdidIccjltk3t z?iVqs^Ah@V)=thOmwjnA-7rOCDxx!ClR;mSZ*N2z%7>Q-lYoHgw*^e zeqadxMX@!j7sBSPnH9u93FWY`HGr*kU_ZPB8=-at` zagnxS3PF;P-h;!+h2KvH?&pwZsZo!LDPX7hB}D~4ePcx=QenYD*!1OtjKCFSUGT2| z!h~Yb)@KkRIDoOK;`0jJif{qk3Vq(({NPq1j*EGI+VIWtc7=@*wZ^^mvKLhg9b@-v znzY9;QOex)*(KSDQ>Rb;*_<4-_8&g8V$_#zD&n z27*al9mFy_Y~DM9Tuni(1ld8_6_kbP#VOUB05Dujj1O!Yv5PD)qZweTuTbazpbA)G zf)-J!eu638{a2uVo8kSTky8U;Qmqx+J<-5#^e+A}*XmWi3Mg$x%O;26v15;#a6I0W zWx@so|1LtsdOMC{a)i-hT9$&{ZIu*KG5c!6U0*Lq3A;!BysER7lJC;76;=>P<3<^; zr@T75@OeW^w4 zyN$U$|D@>fmN9*^!Ky>FV|y8pbVcg{FP+3QxpS?oZX(F(^njR8`y93>bq{G!s*}&fyFl>@Be_fwahdhmb z%@0;SO`m9v?*ZZ)oxwYEU-~e|SEe?2ZUYw7Q^j%9wyyW!Xo5Rz%43P*mJ=tNu44~l z2PkY8#x>=uCJ#37eG`bbKiPqUKrYxfUZ2DzZ?X54uzc`B`%7Stk;v#a8}wy|5XP@) zpB2Flm0KmSn~7LGV{Ip)$$hD+tvQ7c^>>?i(M zv>0k?Msj0NW4^PGa+6jhVstwmOBSCDo2+1;#S)>NFIG!SzH5fB4M+lAFd(B)O>2n{ z!o2JlDOH!0)jAu%bswT7R5gzwxyz}67uBirm|MEX4V0CwKiRkFhn{6&;=o z4pkXE%sskvi^04;4Y>;1VD1DU21-L7%+3-J!SvH)jEct1xXZ$Ct18N__-?M)R4%Om zCQp8KM(XZUYa5d`V!8SvmPJkyie3S7B-Wal6ip(ep7$Or;ThSmJX7 zHIezm>zu^{rSZg@<0&&1UV|nnk2XDx&yF>QD2b^|&~Sx7K{+#SGE(pAs)g2AreNCy zq(a#~WAo_}FQz@EcJ30~IsHDW)$o;Y^Qwi;m^iEXbcVDmhx2INLvWyX@O&&^H(nVN z4B!Q*;fFKD7Ii>qbuckOyPtHMz4mr?>BqJhK4w2VA`>s2V=TATv}>2nKSgFcLn>KB27hHRZNEzu8QGHd9Vkp`Ab;H zMesdqhx?S1$WKzcefN*EkcIRUY7AmENy>2MuMU}OmBo^=H{2CA?`J5RJFM%nGNt3p^{yJI~~~)jGRCs z=O?WXWp;C6X@O?sx=;&RFTwn<);3=uzUpH)+L9%tW4rSAzAD^C7E?x@Sgh*AV=LqRsM^+go*65cUbET~aFLMfmNr?zh~uB52>`-2dIIgVxZk zSUDklOzeftz`}ClW(*bx>da?ygUKPNL?TX3@ zQq@m!;j2K4?q61q?YnvGtzWU<_~($F=8#9)VSb`XBLTLVE>*){>jDK#)*Ryyn($l! z?cBV?7mVaDfzY9H2?^8`F|4E7tdS_hG=Rx+vVhJZ5Uy>#GI4h}0dE2UWEg=l;G|Fm zCFHD9XrB&Pj3fs|&C%TYm_eYVkjcvNb)Z5E7yhIoKUg_gZa&o~M*Bvo}g|qB?$PV7H zutl&c7(dg2-~S{Y{bPF$O^^dI)N_Dc`IhTw9(XJlHtf|iX-7v$9X%vDuc|ZSo!Z z%cWA(x9yGjsLCD2#C#X_H^>V&C`4mY!ASTjQc~Ig>9(?uKH&`mV>Q%C18&2~DXI`M zZ_Qb3b0aDVDQk2qHZG|dgzZ7F@Up%_D|Cec`pb{}UCPp@7RRx9a+7$vd*D#JyK;FS zI4=PW$&O~-+ktryBd!?uabmtaK()?VHN5}SFkaG?frO_Y!^KROV6@>=XW3t7&p$7D zmw{Y19(+A8?+@n;8WBhjWOr5kmiwF@aF>e~JhR&lbSc2Oj0a0AeBHH^@A{7`U%HIU zh&KI6J}<`{Tr9p%<6TwhrqJ%LAPdm?E$ZuP?grqsR*Su3AE#G|Cn=5j=SJI z?5@*0T&?Fm++xyEtx)mv%K8>y9HaZ1mAm(DLqA1sFK7e8jis=Gn1ZjqtzXWMk1Oy% zV=w1xEa(a`Rqv;~4Ygd0?*rmMieSN7NyrUdP)%sa?L1a@+Lw1+lKDuj`lto=v4fvHOT#T6RJGt1>fKQXG9 zr8P`~f0^vJ!?CJoSFe%I-jaW|fKqCHW^uUhlm0+p05u(_2X{t^Y<_E;%NM93@TFqu z+w44mx!uPWa8a-lKoBo;oydT;}!t{vydmD`fknI*Q z1PVyd>L=Pi)vH{}t^JXEU1`~w_Q_^srOqWJeupa|?HC_I=y%ApcxE=FaeP{uzSMxz zeLTKx%h2Ai0jGcU+lqF7?Lc$9$9-BaS1S=If8P9}Z(XWm@;O-@Q@?(snoN$|GJTr( z>aRYv(lS;L1;Jd0vmdS{?Qdo7&1TN*?>6phf+!KbB@nOki!T6^UXf51_`Mm9?P{?S zM+gZaCK3oBpOL7}e@PQ=IKsfKhs;eH>G-EW+bsL7-&beD*&z;*-L&0=vU-0AMyu?~ zU((S2)_HODunx4nA!>qbSg@#uv~}QLFgMLCaz}4CrIUDhSb$|cG?xB&+hD{21Eo*y zAvabe%Al`>PyWs|@-h3HuQ-x1AooaXVKQxF10OK3n&-u#$9jQ5@EX&D^BL# zl(O9hsPF)ZYz2fTY{4eIpcb5!B6yzS%DUohb-1%tYp^(wPr5jNc#BvWAdFzShIO2e|Q_|`dAb2Sdy9YJmMcVpe zIig2^Q9^u?P@xf~h20LZ|)d(n!*XVCz=wWx<`W2~! z0xq2v55j)t4S|Eg0tmuHRn*G6A1wa4K)sdmP2O*3>S=YConZEe*Rm7#rGk5+XfuY`tS1J1Ol*B)N| z;Yr&ez)Ulj!;Ye2|5fW3eKi1Z8rCVTx9#e)K%DC8t2~IzImfyxu(j#Zg$Q=iA&C0U#UsQ15SH* ze-3D~)?!ZEJ>mxYvP=Nc34?K9C)=Gx#=5j(H&F(U#@7m|XHCH-;s$(ff z*S?^3K~Zx9RrluohSaa_l~L8tozj#Cip_C1OtBt+3mOm12_9E~+t2W0%f|phJOVaK z9ZF|wjp4Y{xZ`L1mbjQXYkMwib&CKEr95M+g-BHZd|_L$hh2(pG{e{7zKhCC8OTLI zn=mHroZmw(>^c!8#e;PqqK42Fz?F8sa#Db8AqM<>5jV+F%-;IdX7N=ba?n(0Tf|sk za9e0UCFn`LX7UuEK5)r zG;CVbk{UE&3UrKY$edIn$#z9x{tH8rN$dlGCK)vXzuudkKnH}Hu>yw2kU(u(zHD;OL|~GI?vJ*;8?{xz zz_cpjLPcrUx!c_urW3!dEQnFOr)~UsU;%H=g(@QsUg7~7Pb`pV$y0h+m<;zj(rPbJ zZD7kDXV!W`-vGgiKb|4}<=47OJ#`-(>vW;E4U4qLzt^@h+E&yfwDM9HJu1|a2hJcR zvnTMY5}hsn7R18jEAsQg^WPXz5?5(SkI=_ZfyBTRdB1#_3PJlLaIBi{l~W?FYpd@4 z{_YnHGA7#Ev3naCwhsA3eylyEG*n}Yzy@ZfDkRN>R)lE4h@sN3Ff_@a zh~U4V=a7I5aWW9n0X?ROMH*|>RMNlbny@t{$CY$25^e_?QLC&~Ig+l=9s)M<&>6_b zBD`V@Q8Us-NI<$cM;mJCdJ^RB&gJJE7bhS#01F(|+Y3+dj`=i$@R86u z8|3D^S3m#Fr1M!7b%4=_?wNvfq_J?_*S>}VQG}711kxL}WYo|fsJ4j-C@jY}JA7u= z`z@uZ-6vsj`1wzfPGiB_&Xqq5R&rK3kcyN&^RT$|qDzZ&PE|E8fK$x2ZkN!Nr@bN% zQ`a7N6bcN9_PZpfDwxd~KP29ae|Cdy*X#blZ2U&Yu;8r>uV#v@HzV*#yI3AUXAZqw z&HLeS2#yK#odyy89r&T^6tdxnsEA+Pbnj65-Mpj*$8+iA(Y2sK>4AY0>#Oy&2EnWN4fxbKcQBfGPlmYKzTZ8x9dpdQ#4t z&d^)_RxKP*T{=VqkVU0z$OaF9uvczQ(gN!*1+k{g-cW^|3hJt5&I9D0f-*(eSe0|LMf208(Z3H?2K;Dw!gA(} z%GX3qj%=tz#LuFFP>d#IUDR?))*^lCx@h(hMz_e&|A@~0z(RYr4~Zddn?Kvomq%(#bX_|^iqKW7AO1zAZ91TOBMx(4p397$ z$tqaxCIYs;N+W>N56;GVf!~?Qh&dx?f$2qCLwTenF;oiTtbwKFcf4275xf94M@rO> zQ_d^O7q@oKa+3~oN{qaz+q%q}oWN?Q`$Xo}OQBCsWSO;xIfm(h`NGGre|Ne7wnUM$ z^;_~CB>?WvUT@q2)4oGK`@4ld9$1O!Wp4Er%*0ym@aSYJo{4n6SR?ZfJGiVPjK5Bi z9my%+es3KWaP|Bn;PDJ=?mMl^#v+sqOb40X01z1#<_H!;B4qHWkbu+^rWROlV$|og zr@Rn%SBf*4n!E_01lw!~LkfMjO9_O#N4UO!%gZ=L?nsG&eKhzy9lipU+hMb|RMT*T z(UsC5jLXTC;R<4~UO_7INAudZG`z@Z_%xKQ=K=j;#9a?K>26s?rMd7pz1nCxrO$hV z^1>kXZ8^cClnCyFcA&|#-?VaJsqVVQMqvG|XbPDm$WLjiq%pKofZ|2=4}y-c7Lf_Q z;%Py@J@f`qBXB5`Egy{eAfZoDx=`_(gDaxt7m-vTd^#LvYzq3rS!M z@PV^!B;zZCWNR10taj?DFl9%uvNS|I=!G3OV?tNlqyY7NtYC!( zbf8aD-#wV2WW4+!^y2{FsJ)uVFoNOMJ}}CJPLLXUPhzkUX!d)7*%wg8=1GtFhF>cM zNB1?*_~S7LzcLVvV!aoRvW0cpT$L$;X2?}08VB}trH~Ae1B8qVdj|(WA6_lE)R@k7 z&{!F=+)xc=I6VxXaapEFAR?4ag_p5g=AaA$uwC&2Nmsc5V#(${@TImNt-B*>RSQxh zCe@A)Ul0JZIC{>@%j+{x+O*sKQQCBMq{|lpMTg4pQSkkRNne*_M2JqDF|GJJ7L^4j zAc<|k|Ct&$s!jApc_`3c-kK-X5&(&SGgS*&7a3dbk~)kk9C9K%8LiloCorRiso=T* z1Tu1-(+@UAzs-FAQ&hog=eIjEE_sGWlhsj3?qXjHc40&ME@Agy*LXgi7YDhoUO4LGYBIU@TO>UtXU^X;V-hL{ ztzM$0ebO7itfE4y4_0{L;Clb1JvYN89ZD+F)miUozA79+%;LA-Bk|Hq;0>WVVPSN< zp&Q`bw6Vw_us)^^Iu%9+?sE14Y^;Y1JN8=X|B4$6-07|v^N;;URgup?HIHB7{qq)N zT#RSQk>fqtL~+cRG_XgzlV21i=fZUPXWoy_%mQF0$R_6{2#lowVMCJIgyP`U$+$ir z3CmlWJ^Pj#F&kZtl{@fj{CCxkOJJKSW@>|qYJp4+ia|j4$z`*G+}v=8$FC^wF-Zel zrDH+u4J5#V*C}ZW52}5^$d%tHQ6@DM?9QnKvxT9iBb{?nurjlN5w7<~_)-U=Wk}!# z^j2B`4$1>nSXdDt3FY=Z|JSYe5lpF;AZ^zENbLQL#6e*WFqzUXTOJ2B!w#yl>GM-2 z)fW`squ)4z?q-gS=Tyo7OjTy>({UmkB&$Gez}A;eL`I8vNF=2;;EYzRH3d4;<*#o) z$V~>?8ObDBFja3<7|{Hw4X1p9>6Ek!dpbZWV$5BK?0_R8^*_L$E#p)G9GDwBZd`Tv}>9kkDBZH7)S|eT;38uj~WBo;fr_qtE*1 z@qY@Z-Qzn8YFa>aax#iTr$~h@C_!Nh3YiMM6`;zPPS61YW(Q#0H~sl24;IO&Y5e!m z%30FD0{j~%se@pY2eaq@*WCMCTk!w+B86f53^=2zcWKOC^)T> Date: Tue, 22 Feb 2022 20:08:44 +0200 Subject: [PATCH 3/8] Fix join membership auth rules when `join_rule` is knock (#3737) Fixes #3736 --- changelogs/room_versions/newsfragments/3737.clarification | 1 + content/rooms/fragments/v8-auth-rules.md | 4 ++-- content/rooms/v7.md | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-) create mode 100644 changelogs/room_versions/newsfragments/3737.clarification diff --git a/changelogs/room_versions/newsfragments/3737.clarification b/changelogs/room_versions/newsfragments/3737.clarification new file mode 100644 index 000000000..c3b516797 --- /dev/null +++ b/changelogs/room_versions/newsfragments/3737.clarification @@ -0,0 +1 @@ +Fix join membership auth rules when `join_rule` is `knock`. diff --git a/content/rooms/fragments/v8-auth-rules.md b/content/rooms/fragments/v8-auth-rules.md index 67fb1aae0..4b14762da 100644 --- a/content/rooms/fragments/v8-auth-rules.md +++ b/content/rooms/fragments/v8-auth-rules.md @@ -53,8 +53,8 @@ The rules are as follows: `state_key` is the creator, allow. 2. If the `sender` does not match `state_key`, reject. 3. If the `sender` is banned, reject. - 4. If the `join_rule` is `invite` then allow if membership - state is `invite` or `join`. + 4. If the `join_rule` is `invite` or `knock` then allow if + membership state is `invite` or `join`. 5. If the `join_rule` is `restricted`: 1. If membership state is `join` or `invite`, allow. 2. If the `join_authorised_via_users_server` key in `content` diff --git a/content/rooms/v7.md b/content/rooms/v7.md index 424ad7394..07e092383 100644 --- a/content/rooms/v7.md +++ b/content/rooms/v7.md @@ -82,8 +82,8 @@ The rules are as follows: `state_key` is the creator, allow. 2. If the `sender` does not match `state_key`, reject. 3. If the `sender` is banned, reject. - 4. If the `join_rule` is `invite` then allow if membership - state is `invite` or `join`. + 4. If the `join_rule` is `invite` or `knock` then allow if + membership state is `invite` or `join`. 5. If the `join_rule` is `public`, allow. 6. Otherwise, reject. 3. If `membership` is `invite`: From d0abc470acb4e5883c575be36b79334da175ae03 Mon Sep 17 00:00:00 2001 From: Alexandre Franke Date: Tue, 22 Feb 2022 19:09:41 +0100 Subject: [PATCH 4/8] =?UTF-8?q?=E2=9C=A8=20Warn=20of=20untagged=20operatio?= =?UTF-8?q?ns=20(#3699)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Alexandre Franke Co-authored-by: Alexandre Franke --- scripts/dump-swagger.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/scripts/dump-swagger.py b/scripts/dump-swagger.py index e536ea858..82de87631 100755 --- a/scripts/dump-swagger.py +++ b/scripts/dump-swagger.py @@ -168,6 +168,7 @@ def edit_links(node, base_url): except FileNotFoundError: print("No security definitions available for this API") +untagged = 0 for filename in os.listdir(selected_api_dir): if not filename.endswith(".yaml"): continue @@ -185,6 +186,11 @@ def edit_links(node, base_url): if path not in output["paths"]: output["paths"][path] = {} output["paths"][path][method] = spec + if "tags" not in spec.keys(): + print("Warning: {} {} is not tagged ({}).".format(method.upper(), path, filename)) + untagged +=1 +if untagged != 0: + print("{} untagged operations, you may want to look into fixing that.".format(untagged)) edit_links(output, base_url) From e1ffd34d319430e7cc8dff2a9db99efee953a087 Mon Sep 17 00:00:00 2001 From: Jonas Platte Date: Tue, 22 Feb 2022 19:12:04 +0100 Subject: [PATCH 5/8] Fix broken link in end_to_end_encryption.md (#3708) --- changelogs/client_server/newsfragments/3708.clarification | 1 + content/client-server-api/modules/end_to_end_encryption.md | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 changelogs/client_server/newsfragments/3708.clarification diff --git a/changelogs/client_server/newsfragments/3708.clarification b/changelogs/client_server/newsfragments/3708.clarification new file mode 100644 index 000000000..3ccb23339 --- /dev/null +++ b/changelogs/client_server/newsfragments/3708.clarification @@ -0,0 +1 @@ +Fix various typos throughout the specification. diff --git a/content/client-server-api/modules/end_to_end_encryption.md b/content/client-server-api/modules/end_to_end_encryption.md index 24ca3b962..fb94f03f7 100644 --- a/content/client-server-api/modules/end_to_end_encryption.md +++ b/content/client-server-api/modules/end_to_end_encryption.md @@ -1171,7 +1171,7 @@ originally sent the key request to; a device that receives a `request` message with the same `request_id` and `requesting_device_id`. If a device does not wish to share keys with that device, it can -indicate this by sending an [m.room\_key.withheld](#mroom_key.withheld) to-device message, +indicate this by sending an [m.room\_key.withheld](#mroom_keywithheld) to-device message, as described in [Reporting that decryption keys are withheld](#reporting-that-decryption-keys-are-withheld). From 2658e299df0da0cc6cca67af561400352cec7451 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Tue, 22 Feb 2022 12:36:31 -0600 Subject: [PATCH 6/8] Remove unenforced size limit on room names (#3669) Fixes #3641 The spec says the name field in m.room.name events must not exceed 255 bytes but no servers actually enforce this over the C-S API. Clients should probably already be truncating room names to an appropriate length for their user interface. Signed-off-by: Aaron Raimist --- changelogs/client_server/newsfragments/3669.clarification | 1 + data/event-schemas/schema/m.room.name.yaml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 changelogs/client_server/newsfragments/3669.clarification diff --git a/changelogs/client_server/newsfragments/3669.clarification b/changelogs/client_server/newsfragments/3669.clarification new file mode 100644 index 000000000..795c0de90 --- /dev/null +++ b/changelogs/client_server/newsfragments/3669.clarification @@ -0,0 +1 @@ +Remove unenforced size limit on the `name` field of `m.room.name` events. \ No newline at end of file diff --git a/data/event-schemas/schema/m.room.name.yaml b/data/event-schemas/schema/m.room.name.yaml index bbc5fc9aa..c9236de09 100644 --- a/data/event-schemas/schema/m.room.name.yaml +++ b/data/event-schemas/schema/m.room.name.yaml @@ -17,7 +17,7 @@ properties: content: properties: name: - description: The name of the room. This MUST NOT exceed 255 bytes. + description: The name of the room. type: string required: - name From b7dc8b008aca05ab0b6141c3960314b532165fcc Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Tue, 22 Feb 2022 13:41:29 -0600 Subject: [PATCH 7/8] Update the default room version to 9 (#3739) * Update the default room version to 9 Spec PR for [MSC3589](https://github.com/matrix-org/matrix-doc/pull/3589) Signed-off-by: Aaron Raimist * Add changelog Signed-off-by: Aaron Raimist --- changelogs/room_versions/3739.feature | 1 + content/rooms/_index.md | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 changelogs/room_versions/3739.feature diff --git a/changelogs/room_versions/3739.feature b/changelogs/room_versions/3739.feature new file mode 100644 index 000000000..c20ec3ada --- /dev/null +++ b/changelogs/room_versions/3739.feature @@ -0,0 +1 @@ +Update the default room version to 9. \ No newline at end of file diff --git a/content/rooms/_index.md b/content/rooms/_index.md index 4c6faae14..f946cb611 100644 --- a/content/rooms/_index.md +++ b/content/rooms/_index.md @@ -51,7 +51,7 @@ stable and unstable periodically for a variety of reasons, including discovered security vulnerabilities and age. Clients should not ask room administrators to upgrade their rooms if the -room is running a stable version. Servers SHOULD use **room version 6** as +room is running a stable version. Servers SHOULD use **room version 9** as the default room version when creating new rooms. The available room versions are: From 209c57fb3185ddb119bf20b515e9f83cdf2e9e1e Mon Sep 17 00:00:00 2001 From: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Date: Tue, 1 Mar 2022 16:18:56 +0000 Subject: [PATCH 8/8] Remove 'room_id' field from `m.typing`, `m.receipt` and `m.fully_read` examples and schema (#3679) The spec had an erroneous `room_id` field in a m.typing EDU entry of /sync, `m.read` receipts in `/sync`, and `m.fully_read` room account data objects in the spec. None of these are necessary nor used in practice. Checking part of the ecosystem for whether clients look for, or homeservers include, these room_id fields, I found that: Element does not require them, nor does Synapse include them. Ruma does not include them. Dendrite does not include them. nheko/mtxclient does not look for them. This change removes room_id from the example and OpenAPI schema in each case mentioned above. It only affects the Client-Server spec - the Server-Server spec text remains unchanged. The field was initially introduced in 0f28f83. --- changelogs/client_server/newsfragments/3679.clarification | 1 + data/event-schemas/examples/core/room_edu.json | 3 +-- data/event-schemas/examples/m.fully_read.yaml | 1 - data/event-schemas/schema/m.fully_read.yaml | 6 +----- data/event-schemas/schema/m.receipt.yaml | 5 +---- data/event-schemas/schema/m.typing.yaml | 5 +---- 6 files changed, 5 insertions(+), 16 deletions(-) create mode 100644 changelogs/client_server/newsfragments/3679.clarification diff --git a/changelogs/client_server/newsfragments/3679.clarification b/changelogs/client_server/newsfragments/3679.clarification new file mode 100644 index 000000000..93f416fce --- /dev/null +++ b/changelogs/client_server/newsfragments/3679.clarification @@ -0,0 +1 @@ +Remove erroneous `room_id` field from examples of `m.read`, `m.typing` in `/sync` and `m.fully_read` in room account data. \ No newline at end of file diff --git a/data/event-schemas/examples/core/room_edu.json b/data/event-schemas/examples/core/room_edu.json index 30ad80818..dc57b506b 100644 --- a/data/event-schemas/examples/core/room_edu.json +++ b/data/event-schemas/examples/core/room_edu.json @@ -1,4 +1,3 @@ { - "$ref": "event.json", - "room_id": "!jEsUZKDJdhlrceRyVU:example.org" + "$ref": "event.json" } diff --git a/data/event-schemas/examples/m.fully_read.yaml b/data/event-schemas/examples/m.fully_read.yaml index 0af2a6ea6..f314c803d 100644 --- a/data/event-schemas/examples/m.fully_read.yaml +++ b/data/event-schemas/examples/m.fully_read.yaml @@ -1,7 +1,6 @@ { "$ref": "core/event.json", "type": "m.fully_read", - "room_id": "!somewhere:example.org", "content": { "event_id": "$someplace:example.org" } diff --git a/data/event-schemas/schema/m.fully_read.yaml b/data/event-schemas/schema/m.fully_read.yaml index 51a1942f0..6f8c832d5 100644 --- a/data/event-schemas/schema/m.fully_read.yaml +++ b/data/event-schemas/schema/m.fully_read.yaml @@ -19,11 +19,7 @@ "type": { "type": "string", "enum": ["m.fully_read"] - }, - "room_id": { - "type": "string", - "description": "The room ID the read marker applies to." } }, - "required": ["type", "room_id", "content"] + "required": ["type", "content"] } diff --git a/data/event-schemas/schema/m.receipt.yaml b/data/event-schemas/schema/m.receipt.yaml index 4b04e6d68..56d4b3417 100644 --- a/data/event-schemas/schema/m.receipt.yaml +++ b/data/event-schemas/schema/m.receipt.yaml @@ -42,10 +42,7 @@ "type": { "type": "string", "enum": ["m.receipt"] - }, - "room_id": { - "type": "string" } }, - "required": ["room_id", "type", "content"] + "required": ["type", "content"] } diff --git a/data/event-schemas/schema/m.typing.yaml b/data/event-schemas/schema/m.typing.yaml index 705b3b6c7..1613334f2 100644 --- a/data/event-schemas/schema/m.typing.yaml +++ b/data/event-schemas/schema/m.typing.yaml @@ -22,10 +22,7 @@ "type": { "type": "string", "enum": ["m.typing"] - }, - "room_id": { - "type": "string" } }, - "required": ["type", "room_id", "content"] + "required": ["type", "content"] }