3 # fexsrv : web server for F*EX service
5 # Author: Ulli Horlacher <framstag@rus.uni-stuttgart.de>
11 use Fcntl qw':flock :seek';
16 $SIG{CHLD} = "DEFAULT";
18 unshift @INC,(getpwuid($<))[7].'/perl';
20 $SIG{__DIE__} = $SIG{__WARN__} = sub {
22 my $url = $ENV{REQUEST_URL}||'';
23 my @d = localtime time;
24 my $time = sprintf('%d-%02d-%02d %02d:%02d:%02d',
25 $d[5]+1900,$d[4]+1,$d[3],$d[2],$d[1],$d[0]);
27 my $mailto = "mailto:$admin?subject=fex%20bug";
28 $info = "<h3>send this error to <a href=\"$mailto\">$admin</a></h3>";
36 "<h1>INTERNAL ERROR in $0</h1>",
37 "<pre>\n$_\n</pre>\n<p>",
44 unless ($HTTP_HEADER) {
45 print "HTTP/1.0 200 ERROR\r\n";
46 print "Content-Type: text/html\r\n";
47 print "Content-Length: $length\r\n";
58 # setrlimit(RLIMIT_CPU,999,999) or die "$0: $!\n";
60 # SSL remote address provided by stunnel
61 if (@ARGV and $ARGV[0] eq 'stunnel' and $ENV{REMOTE_HOST} =~ /(.+)/) {
65 # KEEP_ALIVE <== callback from CGI
66 if ($ENV{KEEP_ALIVE}) {
67 $keep_alive = $ENV{KEEP_ALIVE};
69 %ENV = ( PERLINIT => $ENV{PERLINIT} ); # clean environment
72 $ENV{HOME} = (getpwuid($<))[7] or die "no HOME";
74 # fexsrv MUST be run with full path!
75 if ($0 =~ m:^(/.+)/bin/fexsrv:) {
79 $ENV{FEXHOME} = $FEXHOME;
85 '/usr/local/share/fex',
88 $ENV{FEXLIB} = $FEXLIB = $lib and last if -f "$lib/fex.pp";
89 $ENV{FEXLIB} = $FEXLIB = "$lib/lib" and last if -f "$lib/lib/fex.pp";
93 our ($hostname,$debug,$timeout,$max_error,$max_error_handler);
94 our ($spooldir,@logdir,$docdir,$xkeydir,$akeydir,$lockdir);
95 our ($force_https,$default_locale,$bs,$MB,$adlm);
98 # load common code (local config: $FEXHOME/lib/fex.ph)
99 require "$FEXLIB/fex.pp" or die "cannot load $FEXLIB/fex.pp - $!\n";
101 chdir $spooldir or http_die("$0: $spooldir - $!\n");
103 our $log = 'fexsrv.log';
104 our $error = 'F*EX ERROR';
106 our $hid = ''; # header ID
111 $ENV{GATEWAY_INTERFACE} = 'CGI/1.1f';
112 $ENV{SERVER_NAME} = $hostname;
113 $ENV{REQUEST_METHOD} = '';
114 $ENV{QUERY_STRING} = '';
115 $ENV{HTTP_COOKIE} = '';
116 $ENV{PATH_INFO} = '';
117 $ENV{RANDOM} = randstring(8);
118 $ENV{FEATURES} = join(',',qw(
119 SID CHECKRECIPIENT GROUPS QUOTA FILEID MULTIPOST XKEY FILEQUERY FILESTREAM
120 JUP NOSTORE AXEL FEXMAIL FILELINK
127 if ($ENV{HTTP_HOST} =~ /(.+):(.+)/) {
131 $hostname = $ENV{HTTP_HOST};
132 if ($ENV{PROTO} eq 'https') { $port = 443 }
135 $ra = $ENV{REMOTE_ADDR};
136 $rh = $ENV{REMOTE_HOST};
145 $ENV{PROTO} = 'https';
146 $ENV{REMOTE_ADDR} = $ra = $ssl_ra;
147 if ($ssl_ra =~ /\w:\w/) {
148 # ($rh) = `host $ssl_ra 2>/dev/null` =~ /name pointer (.+)\.$/;
149 $^W = 0; eval 'use Socket6'; $^W = 1;
150 http_error(503) if $@;
151 $iaddr = inet_pton(AF_INET6,$ssl_ra) and
152 $rh = gethostbyaddr($iaddr,AF_INET6);
154 $rh = gethostbyaddr(inet_aton($ra),AF_INET);
158 # print {$log} "X-SSL-Remote-Host: $ssl_ra\n";
163 $ENV{PROTO} = 'http';
164 my $sa = getpeername(STDIN) or die "no network stream on STDIN\n";
165 if (sockaddr_family($sa) == AF_INET) {
166 ($ENV{REMOTE_PORT},$iaddr) = sockaddr_in($sa);
167 $ENV{REMOTE_ADDR} = $ra = inet_ntoa($iaddr);
168 $rh = gethostbyaddr($iaddr,AF_INET);
169 ($port) = sockaddr_in(getsockname(STDIN));
170 } elsif (sockaddr_family($sa) == AF_INET6) {
171 $^W = 0; eval 'use Socket6'; $^W = 1;
172 http_error(503) if $@;
173 ($ENV{REMOTE_PORT},$iaddr) = unpack_sockaddr_in6($sa);
174 $ENV{REMOTE_ADDR} = $ra = inet_ntop(AF_INET6,$iaddr);
175 $rh = gethostbyaddr($iaddr,AF_INET6);
176 ($port) = unpack_sockaddr_in6(getsockname(STDIN));
178 die "unknown IP version\n";
180 $port = 80 unless $port;
183 $ENV{REMOTE_HOST} = $rh || '';
185 $ENV{HTTP_HOST} = ($port == 80 or $port == 443)
186 ? $hostname : "$hostname:$port";
191 if ($reverse_proxy_ip and $reverse_proxy_ip eq $ra) {
192 $ENV{FEATURES} =~ s/SID,//;
195 if (@anonymous_upload and ipin($ra,@anonymous_upload)) {
196 $ENV{FEATURES} .= ',ANONYMOUS';
201 $SIG{CHLD} = "DEFAULT"; # stunnel workaround
204 # printf {$log} "\nTIMEOUT %s %s\n",isodate(time),$connect;
206 debuglog('TIMEOUT',isodate(time));
207 fexlog($connect,@log,"TIMEOUT");
212 REQUEST: while (*STDIN) {
214 if (defined $ENV{REQUESTCOUNT}) { $ENV{REQUESTCOUNT}++ }
215 else { $ENV{REQUESTCOUNT} = 0 }
217 $connect = sprintf "%s:%s %s %s %s [%s_%s]",
218 $keep_alive ? 'CONTINUE' : 'CONNECT',
223 $$,$ENV{REQUESTCOUNT};
224 $hid = sprintf("%s %s\n",$rh||'-',$ra);
229 # read complete HTTP header
230 while (defined ($_ = &getaline)) {
235 # URL-encode non-printable chars
236 s/([\x00-\x08\x0E-\x1F\x7F-\x9F])/sprintf "%%%02X",ord($1)/ge;
238 if (@header and s/^\s+/ /) {
242 $header{$1} = $2 if /(.+)\s*:\s*(.+)/;
246 fexlog($connect,@log,"OVERRUN");
250 if (/^(GET \/|\S*Forwarded|\S*Client-IP|\S*Coming-From|User-Agent)/i) {
255 # (only IPv4 support!)
256 if ($reverse_proxy_ip and $reverse_proxy_ip eq $ra and
257 /^\S*(Forwarded|Client-IP|Coming-From)\S*: ([\d.]+)/i
259 $ENV{REMOTE_ADDR} = $ra = $2;
260 $ENV{REMOTE_HOST} = $rh = gethostbyaddr(inet_aton($ra),AF_INET) || '';
261 $ENV{HTTP_HOST} = $hostname;
262 if ($ENV{PROTO} eq 'https') { $port = 443 }
268 exit if $header =~ /^\s*$/;
270 $ENV{HTTP_HEADER} = $header;
272 # http_die("<pre>$header</pre>");
274 $ENV{'HTTP_HEADER_LENGTH'} = $hl;
275 $ENV{REQUEST_URI} = $uri = '';
278 # is it a HTTP-request at all?
279 $request = shift @header;
280 if ($request !~ /^(GET|HEAD|POST|OPTIONS).*HTTP\/\d\.\d$/i) {
281 fexlog($connect,$request,"DISCONNECT: no HTTP request");
282 badlog("no HTTP request: $request");
286 if ($force_https and $port != 443
287 and $request =~ /^(GET|HEAD|POST)\s+(.+)\s+(HTTP\/[\d\.]+$)/i) {
290 "HTTP/1.1 301 Moved Permanently",
291 "Location: https://$hostname$request",
295 fexlog($connect,@log);
299 $request =~ s{^(GET|HEAD|POST) https?://$hostname(:\d+)?}{$1 }i;
301 if ($request =~ m"^(GET|HEAD) /fop/\w+/") {
302 # no header inquisition on regular fop request
305 &$header_hook($connect,$request,$ra) if $header_hook;
308 unless ($keep_alive) {
309 if ($request =~ m:(HTTP/1.(\d)): and $2) {
310 $ENV{KEEP_ALIVE} = $keep_alive = $ra
312 $ENV{KEEP_ALIVE} = $keep_alive = '';
316 if ($request =~ /^OPTIONS \/?FEX HTTP\/[\d\.]+$/i) {
317 fexlog($connect,@log);
320 "X-Features: $ENV{FEATURES}",
321 "X-Timeout: $timeout",
324 next REQUEST if $keep_alive;
328 if ($request =~ m:^GET /?SID HTTP/[\d\.]+$:i) {
329 if ($ENV{FEATURES} !~ /\bSID\b/) {
330 fexlog($connect,@log);
332 "HTTP/1.1 501 Not Available",
334 "X-Features: ".$ENV{FEATURES},
335 "X-Timeout: ".$timeout,
340 $ENV{SID} = randstring(8);
341 fexlog($connect,@log);
343 "HTTP/1.1 201 ".$ENV{SID},
345 "X-Features: ".$ENV{FEATURES},
347 "X-Timeout: ".$timeout,
352 next REQUEST if $keep_alive;
356 if ($request =~ /^(GET|HEAD|POST)\s+(.+)\s+(HTTP\/[\d\.]+$)/i) {
358 $ENV{REQUEST_METHOD} = uc($1);
359 $ENV{REQUEST_URI} = $uri = $cgi = $2;
360 $ENV{HTTP_VERSION} = $protocol = $3;
361 $ENV{QUERY_STRING} = $1 if $cgi =~ s/\?(.*)//;
362 $ENV{PATH_INFO} = $1 if $cgi =~ m:/.+?(/.+?)(\?|$):;
363 $ENV{KEEP_ALIVE} = $keep_alive = '' if $protocol =~ /1\.0/;
364 $ENV{REQUEST_URL} = "$ENV{PROTO}://$ENV{HTTP_HOST}$ENV{REQUEST_URI}";
365 if ($uri =~ /<|%3c/i) { badchar("<") }
366 if ($uri =~ />|%3e/i) { badchar(">") }
367 if ($uri =~ /\||%7c/i) { badchar("|") }
368 if ($uri =~ /\\|%5c/i) { badchar("\\") }
371 while ($_ = shift @header) {
373 # header inquisition!
374 &$header_hook($connect,$_,$ra) if $header_hook;
376 # mega stupid "Download Manager" FlashGet
377 if ($uri =~ m{^/fop/} and m{^Referer: https?://.*\Q$uri$}) {
378 fexlog($connect,@log,"NULL: FlashGet");
379 debuglog("NULL: FlashGet");
380 exec qw'cat /dev/zero' or sleep 30;
384 if ($header =~ /\nRange:/ and /^User-Agent: (FDM)/) {
385 disconnect($1,"499 Download Manager $1 Not Supported",30);
388 if (/^User-Agent: (Java\/[\d\.]+)/) {
389 disconnect($1,"499 User-Agent $1 Not Supported",30);
393 disconnect("Range a,b","416 Requested Range Not Satisfiable",30);
395 if (/^Range:.*(\d+)-(\d+)/) {
397 disconnect("Range a>b","416 Requested Range Not Satisfiable",0);
399 if (($header{'User-Agent'}||'') !~ /$adlm/ ) {
400 disconnect("Range a-b","416 Requested Range Not Satisfiable",30);
404 if (/^Range:.*\d+-$/ and $hid) {
405 my $lock = untaint($lockdir.'/'.md5_hex($hid));
406 if (open $lock,'+>>',$lock) {
407 if (flock($lock,LOCK_EX|LOCK_NB)) {
413 "multiple Range request",
414 "400 Multiple Requests Not Allowed",
421 # client signed int bug
422 if (/^Range:.*-\d+-/) {
423 disconnect("Range -a-","416 Requested Range Not Satisfiable",0);
426 # if (/^Range:/ and $protocol =~ /1\.0/) {
427 # &$header_hook($connect,$_,$ra) while ($header_hook and $_ = shift @header);
428 # fexlog($connect,@log,"DISCONNECT: Range + HTTP/1.0");
429 # debuglog("DISCONNECT: Range + HTTP/1.0");
434 if (/^Connection:\s*close/i) {
435 $ENV{KEEP_ALIVE} = $keep_alive = '';
438 # HTTP header ==> environment variables
439 if (/^([\w\-]+):\s*(.+)/s) {
442 $http_var =~ s/-/_/g;
443 $http_var = uc($http_var);
444 $http_val =~ s/^\s+//;
445 $http_val =~ s/\s+$//;
446 if ($http_var =~ /^X_(FEX_\w+|CONTENT_LENGTH)$/) {
449 $http_val =~ s/\s+/ /g;
450 if ($http_var =~ /^HTTP_(HOST|VERSION)$/) {
451 $http_var = 'X-'.$http_var;
452 } elsif ($http_var !~ /^CONTENT_/) {
453 $http_var = 'HTTP_'.$http_var;
456 $ENV{$http_var} = $http_val;
460 # multiline header inquisition
461 &$header_hook($connect,$header,$ra) if $header_hook;
465 # extra download request? (request http://fexserver//xkey)
466 if ($cgi =~ m{^//([^/]+)$}) {
469 if ($xkey =~ /^afex_\d/) {
470 $dkey = readlink "$xkeydir/$xkey" and $dkey =~ s/^\.\.\///;
472 $dkey = readlink "$xkeydir/$xkey/dkey" and $dkey .= "/$xkey";
475 # xkey downloads are only one time possible - besides afex
476 if ($xkey !~ /^afex_\d/) {
477 unlink "$xkeydir/$xkey/xkey";
478 unlink "$xkeydir/$xkey";
481 "HTTP/1.1 301 Moved Permanently",
482 "Location: $ENV{PROTO}://$ENV{HTTP_HOST}/fop/$dkey",
486 fexlog($connect,@log);
489 fexlog($connect,@log);
495 if (($ENV{QUERY_STRING} =~ /.*locale=([\w-]+)/ or
496 $ENV{HTTP_COOKIE} =~ /.*locale=([\w-]+)/)
497 and -d "$FEXHOME/locale/$1") {
498 $ENV{LOCALE} = $locale = $1;
500 $ENV{LOCALE} = $locale = $default_locale;
503 # for dynamic HTML documents
504 if ($ENV{HTTP_COOKIE} =~ /akey=(\w+)/) {
507 if ($user = readlink "$akeydir/$akey") {
509 $user = untaint($user);
510 if ($id = slurp("$spooldir/$user/@")) {
519 # check for name based virtual host
520 $vhost = vhost($ENV{'HTTP_HOST'});
524 foreach $var (sort keys %ENV) {
525 if (defined($ENV{$var})) {
526 debuglog(sprintf " %s = >%s<\n",$var,$ENV{$var});
532 # locale definitions in fex.ph?
535 $locale = $locales[0];
536 } elsif (not grep /^$locale$/,@locales) {
537 $locale = $default_locale;
541 # prepare document file name
542 if ($ENV{REQUEST_METHOD} =~ /^GET|HEAD$/) {
544 foreach my $r (keys %redirect) {
545 if ($uri =~ /^\Q$r/) {
551 $doc = untaint($uri);
552 $doc =~ s/%([\dA-F]{2})/unpack("a",pack("H2",$1))/ge;
553 $doc =~ m:/\.\./: and http_error(403);
556 if ($locale and $locale ne 'english' and -e "$docdir/locale/$locale/$doc") {
557 $doc = "$docdir/locale/$locale/$doc";
559 $doc = "$docdir/$doc";
563 # CGI or document request?
564 if ($cgi =~ s:^/+::) {
567 my $login = "$FEXHOME/cgi-bin/login";
569 $cgi = untaint(readlink($login) || $login);
574 $ENV{SCRIPT_NAME} = $cgi;
576 # locale CGIs? (vhost comes already with own FEXLIB)
577 if ($locale and $locale ne 'english'
578 and -f "$FEXHOME/locale/$locale/cgi-bin/$cgi") {
579 $ENV{SCRIPT_FILENAME} = $cgi = "$FEXHOME/locale/$locale/cgi-bin/$cgi";
580 $ENV{FEXLIB} = $FEXLIB = "$FEXHOME/locale/$locale/lib" unless $vhost;
582 $ENV{SCRIPT_FILENAME} = $cgi = "$FEXHOME/cgi-bin/$cgi";
583 $ENV{FEXLIB} = $FEXLIB = "$FEXHOME/lib" unless $vhost;
587 if (-x $cgi and -f $cgi) {
588 if (@forbidden_hosts and ipin($ra,@forbidden_hosts)) {
589 fexlog($connect,@log,"FORBIDDEN");
592 unlink "$spooldir/.error/$ra";
593 # push @log,"DEBUG: locale=$locale locales=(@locales)";
594 fexlog($connect,@log,"EXEC $cgi");
595 eval { local $^W = 0; exec $cgi };
596 $status = "$! or bad interpreter";
597 fexlog($connect,@log,"FAILED to exec $cgi : $status");
600 if (-f "$doc/.htindex") {
601 require "$FEXLIB/dop";
602 fexlog($connect,@log);
606 next REQUEST if $keep_alive;
609 if (-f "$doc/index.html") {
610 # force redirect if trailing / is missing
611 # this is mandatory for processing further HTTP request!
614 "HTTP/1.1 301 Moved Permanently",
615 "Location: $ENV{REQUEST_URL}/",
619 fexlog($connect,@log);
620 next REQUEST if $keep_alive;
623 $doc .= '/index.html';
626 $doc =~ s/#.*//; # ignore HTML anchors (stupid msnbot)
628 # special request for F*EX UNIX clients
629 if ($ENV{SCRIPT_NAME} eq 'xx.tar') {
630 bintar(qw'fexget fexsend xx zz ezz');
632 if ($ENV{SCRIPT_NAME} eq 'sex.tar') {
633 bintar(qw'sexsend sexget sexxx');
635 if ($ENV{SCRIPT_NAME} eq 'afex.tar') {
636 bintar(qw'afex asex fexget fexsend sexsend sexget');
638 if ($ENV{SCRIPT_NAME} eq 'afs.tar') {
639 bintar(qw'afex asex fexget fexsend xx sexsend sexget sexxx zz ezz');
641 # URL ends with ".html!" or ".html?!"
642 if ($doc =~ s/(\.html)!$/$1/ or
643 $doc =~ /\.html$/ and $ENV{'QUERY_STRING'} eq '!')
644 { $htmlsource = $doc } else { $htmlsource = '' }
647 or $doc =~ /(.+)\.(tar|tgz|zip)$/ and lstat("$1.stream")
648 or $doc =~ /(.+)\.tgz$/ and -f "$1.tar"
649 or $doc =~ /(.+)\.gz$/ and -f $1)
651 unlink "$spooldir/.error/$ra";
652 delete $ENV{SCRIPT_FILENAME};
653 $ENV{DOCUMENT_FILENAME} = $doc;
654 require "$FEXLIB/dop";
655 fexlog($connect,@log);
658 next REQUEST if $keep_alive;
660 } elsif ($uri eq '/bunny') {
661 fexlog($connect,@log);
665 "Content-Type: text/plain",
670 } elsif ($uri eq '/camel') {
671 fexlog($connect,@log);
675 "Content-Type: text/plain",
679 print unpack('u',<DATA>);
682 $status = 'not executable';
689 # neither document nor CGI ==> error
692 fexlog($connect,@log,"FAILED to exec $cgi : $status");
695 fexlog($connect,@log,"UNKNOWN URL");
703 # read one text line unbuffered from STDIN
711 # must use sysread to avoid perl line buffering
712 # (later exec would destroy line buffer)
713 while (sysread STDIN,$c,1) {
718 fexlog($connect,@log,$line,"OVERRUN");
732 foreach my $logdir (@logdir) {
733 if (open $log,'>>',"$logdir/$log") {
735 seek $log,0,SEEK_END;
736 print {$log} "\n",join("\n",@log),"\n";
739 http_die("$0: cannot write to $logdir/$log - $!\n");
748 fexlog($connect,@log,"DISCONNECT: bad characters in URL");
749 debuglog("DISCONNECT: bad characters in URL $uri");
751 http_die("\"$bc\" is not allowed in URL");
756 my $tmpdir = "$FEXHOME/tmp";
757 my $fs = "$ENV{PROTO}://$ENV{HTTP_HOST}";
759 if (chdir "$FEXHOME/bin") {
760 fexlog($connect,@log);
761 chdir $fstb if $fstb;
764 copy($f,"$tmpdir/$f","s#fexserver = ''#fexserver = '$fs'#");
765 chmod 0755,"$tmpdir/$f";
767 chdir $tmpdir or http_die("internal error: $tmpdir - $!");
768 my $tar = `tar cf - @_ 2>/dev/null`;
773 "Content-Length: ".length($tar),
774 "Content-Type: application/x-tar",
785 my $URL = $ENV{REQUEST_URL}||'';
786 my $URI = $ENV{REQUEST_URI}||'';
789 http_error_header("400 Bad Request");
790 nvt_print("Your request $URL is not acceptable.");
791 } elsif ($error eq 403) {
792 http_error_header("403 Forbidden");
793 nvt_print("You have no permission to request $URL");
794 } elsif ($error eq 404) {
795 http_error_header("404 Not Found");
796 nvt_print("The requested URI $URI was not found on this server.");
797 } elsif ($error eq 413) {
798 http_error_header("413 Payload Too Large");
799 nvt_print("Your HTTP header is too large.");
800 } elsif ($error eq 416) {
801 http_error_header("416 Requested Range Not Satisfiable");
802 } elsif ($error eq 503) {
803 http_error_header("503 Service Unavailable");
804 # nvt_print("No Perl ipv6 support on this server.");
806 http_error_header("555 Unknown Error");
807 nvt_print("The requested URL $URL produced an internal error.");
811 "<address>fexsrv at <a href=\"/index.html\">$hostname:$port</a></address>",
823 # &$header_hook($connect,$_,$ra) while ($header_hook and $_ = shift @header);
824 fexlog($connect,@log,"DISCONNECT: $info");
825 debuglog("DISCONNECT: $info");
826 errorlog("$ENV{REQUEST_URI} ==> $error");
827 badlog("$ENV{REQUEST_URI} ==> $error ($info)");
830 nvt_print("HTTP/1.0 $error");
835 sub http_error_header {
837 my $uri = $ENV{REQUEST_URI};
839 errorlog("$uri ==> $error") if $uri;
843 "Content-Type: text/html; charset=iso-8859-1",
845 '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">',
847 "<head><title>$error</title></head>",
857 my $rr = $redirect{$r};
865 "HTTP/1.1 301 Moved Permanently",
871 if ($rr =~ /^http/) {
874 $newurl = "$ENV{PROTO}://$ENV{HTTP_HOST}$rr$uri";
877 http_header("200 OK");
878 print html_header("$hostname page has moved");
880 '<h3>Please use new URL: <a href="$newurl">$newurl</a></h3>'
884 if ($rr =~ /^http/) {
895 my $ed = "$spooldir/.error";
899 foreach (@ignore_error) {
900 return if $request =~ /$_/;
904 if ($ra and $max_error and $max_error_handler) {
905 mkdir($ed) unless -d $ed;
907 if (open $ra,"+>>$ed/$ra") {
911 printf {$ra} "%s %s\n",isodate(time),$request;
913 &$max_error_handler($ra,@n) if scalar(@n) > $max_error;
920 M("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("PM)R(G+5P*("`@
921 M("`@("`@("`@("`@("`@("`@("`@("]@8&`M+B`@(&!<("`@("Q=+B`@("`@
922 M("`@("`@("`@("`@("`@("`L+BY?"B`@("`@("`@("`@("`@("`@("`@("`@
923 M+&`@("`@(&`B+B`@72X@("`@(&`N("`@("`@("`@("`@("`@7U]?+BY>(&!?
924 M)V`B(B(*("`@("`@("`@("`@("`@("`@("`@("`I("`@("`@("`G+"TG+2T@
925 M+B`@("!@+B`@("`@(%]?7RPN+2<@("XN("T@("`G("TP("Y?"B`@("`@("`@
926 M("`@+"X@("`@("`@("`@?%]?+"Y?("!?("`N+5\@("!<("`\("Y@(B<G)V`L
927 M7R`@("`@("`@+2!?("TN("`@("`@("<M+BX*("`@("`@("`@('P@(&8M+2TM
928 M+2TM+2<O("`@("!@)RTM+BXL("`@("`M("`@("`@("`@("T@("`@("`@("`@
929 M("`@("`G("XL7U\N7%\N)PH@("`@("`@("`@8"TM)R<G)R<G8"TM7"`@("`@
930 M("`@("`@("!@)RTM+B`@("`@("`@("`@("`@("`@("`@7RPN)RTM)R<*("`@
931 M("`@("`@("`@("`@("`@("`@("\@("`@("`@("`@("`@("`@("!@8#T@+2`@
932 M+2`@("!?+2`@7RXM)PH@("`@("`@("`@("`@("`@("`@("!\("`@("`@("`@
933 M("`@("`@("`@("`@("!?)V`@("`G)U\M+2<*("`@("`@("`@("`@("`@("`@
934 M("`@?"`@("`@("`@("`@("`@("`@("`O("`@?"T]+BXM+2<*("`@("`@("`@
935 M("`@("`@(%\@("`@("<N("`@("`@("`N7R`@(%\N+2=@)R`@(&!?7PH@("`@
936 M("`@("`@("`@("PG("`N("PG("TL3%]?+WP@(%P@8"<G+&\N("`@+5\@("`@
937 M)V`M+2X*("`@("`@("`@("`@("`@+BPG(BT@("`O("`@("`@("`@?"`@8'8@
938 M+R`N("PG8"TM+BXG7R`G+@H@("`@("`@("`@("`@("`@("TN+E\L)R`@("`@
939 M('P@("!\("`@)RTM+E]@("!?+R`@('P@("!\"B`@("`@("`@("`@("`@("`@
940 M("`@("`@("`@("=@8"<@6R`@("`@("`@("=@)R`@("`L+RXN+PH@("`@("`@
941 M("`@("`@("`@("`@("`@("`@('P@("`M+B<@("`@("`@("`@("`@("Y;("`@
942 M+PH@("`@("`@("`@("`@("`@("`@(%]?7U]?7RX@("`L.E]?7U]?7U]?7U]?
943 M7U]?7RQ@("PG"B`@("TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2T@+2(M+2TM
944 M+2TM+2TM+2TM+2TM+2T]+0H@+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM
945 6+2TM+2TM+2TM+2TM+2TM+2TM+2TM"@``