From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on finch.gentoo.org X-Spam-Level: X-Spam-Status: No, score=0.3 required=5.0 tests=DMARC_NONE,MAILING_LIST_MULTI, RDNS_DYNAMIC autolearn=no autolearn_force=no version=4.0.0 Received: from lark.theleaf.office (cable-213-132-142-63.upc.chello.be [213.132.142.63]) by chiba.3jane.net (Postfix) with SMTP id 8AB7D1A860 for ; Mon, 10 Dec 2001 05:29:09 -0600 (CST) Received: (qmail 30356 invoked from network); 10 Dec 2001 11:29:09 -0000 Received: from unknown (HELO willow.theleaf.office) (10.1.1.3) by 10.1.1.1 with SMTP; 10 Dec 2001 11:29:09 -0000 From: Geert Bevin To: gentoo-dev@gentoo.org Content-Type: multipart/mixed; boundary="=-GVmYnt4IAwTwRKUuvAUd" X-Mailer: Evolution/1.0 (Preview Release) Date: 10 Dec 2001 12:28:11 +0100 Message-Id: <1007983691.967.0.camel@willow.theleaf.office> Mime-Version: 1.0 Subject: [gentoo-dev] sandbox v0.2 Sender: gentoo-dev-admin@gentoo.org Errors-To: gentoo-dev-admin@gentoo.org X-BeenThere: gentoo-dev@gentoo.org X-Mailman-Version: 2.0.6 Precedence: bulk Reply-To: gentoo-dev@gentoo.org List-Help: List-Post: List-Subscribe: , List-Id: Developer discussion list List-Unsubscribe: , List-Archive: X-Archives-Salt: 3bcb6f3e-84e2-4b96-9ac4-f46fa638d832 X-Archives-Hash: dc0f7caafd5887693cb6deeb48ab4bca --=-GVmYnt4IAwTwRKUuvAUd Content-Type: text/plain Content-Transfer-Encoding: 7bit Hi all, this is the next release of the sandbox. It now integrates seamlessly into most ebuilds. The following features have been added : * Added an ebuild to install the correct dynamic bash executable. It supports safe unmerging, restoring the original static bash which is otherwise accessible as /bin/sbash. * Added env vars for customizing sandbox log labeling, number of beeps after failure report, forcebly disabling of the sandbox before running ebuild to make it possible to install a misbehaving package. The env vars are SANDBOX_LOG, SANDBOX_BEEP and SANDBOX_DISABLED. SANDBOX_LOG is automatically set to the full name of the package by portage. * Bumped up to version 0.2. Added support for path prefix predictions. This means that write is not allowed, but the request to do so is not considered an error. The ebuild.sh now also contains support functions which allows easy dynamic configuration of the sandbox inside an ebuild. The added functions are : "addread, addwrite, adddeny, addprediction'. Below is a short usage summary: ============================== 1. To have full sandbox protection, the dynbash-2.04.ebuild should be merged. 2. When a package misbehaves and you don't feel like fixing it but still want to install it, set the SANDBOX_DISABLED to something and remerge. The previous error report will be in /tmp/sandbox-[package]-[pid].log. Please submit this file to gentoo-dev@gentoo.org. 3. When you don't want to hear beeps when a package fails, add SANDBOX_BEEP to /etc/make.conf and set it to 0. Setting it to another positive number configures the number of beeps that will sound. 4. The default writable path prefixes are now : "/dev/null:/dev/pts/:/dev/tty:/tmp/:/var/log/scrollkeeper.log: \ ~/.gconfd/lock:~/.bash_history:[$PORTAGE_TMP]" 5. The default predicted path prefixes are : "~/.:/usr/tmp/conftest:/usr/lib/conftest" 6. The above prefixes are now hardcoded into the sandbox executable but should in time migrate to '/etc/make.globals'. 7. If your package needs other permissions you have three options : a. try to figure out why it writes outside the image dir and fix the makefile, b. question yourself if it's a general path that should be integrated into the default settings, if this is the case send it together with your motivation to this mailinglist, c. configure the sandbox with the new ebuild functions. Generally you only need to use 'addwrite path' or 'addpredict path'. Note that these change the sandbox for the current ebuild execution and are thus not presistant across emerge stages (download,compile, install). That's it, Have fun and don't hesitate to contact me when questions arise, Geert -- Geert Bevin the Leaf sprl/bvba "Use what you need" Pierre Theunisstraat 1/47 http://www.theleaf.be 1030 Brussels gbevin@theleaf.be Tel & Fax +32 2 241 19 98 --=-GVmYnt4IAwTwRKUuvAUd Content-Type: application/x-bzip Content-Disposition: attachment; filename=sandbox-0.2-ebuild.tar.bz2 Content-Transfer-Encoding: base64 QlpoOTFBWSZTWQFghJcATSB/jf/7gcB//////+//7v/v//4oAIAAyAAACGAzvvoeX1sptimgYpPt 7vvXTn133e6Pt1Y97r3l93a0CpB7B951O+fHt3EQ59999V9WbZotuq9ffM+RvPXr7tffeL6Ogns3 vr7PX3rCb712One5wPWsq9U+6mK9ezdXLuNnu7tTc7uqCt7Aevvn2cdl3FLb6s+7u99e9BXvm++9 t6+r32s9b03mO21u7hO0JIhATJkyTaAmgCnoCek00MapHpG9TJHlH6ptE009R+lA9QepkAlNCBBM kaJppqeiPUymj1Ghppj1QGho0AyAAAaAAAkFE1NJlU/UnqPSP1DKGmhk9QYmmE2gR6gZDJkNMeqA aGnqaGgJNQkKMUYmqnpk9E8qfghI9E/UE9TIyeoAwgPUMQaBhohmiCJJCaaCjJT/Uym1T2j0gT9R M1NpT9JGaTT0gxNPUemQjQBhDIBoIkiBNAmIAjUTamCbSeonpNpHqZqZqaNPUaA00DTRoaBoBkfO D6T1Zb5PlPlO4/buQ77otjNAMokIiywCOEVQ6Pw0D9ff8Veur1re8yB5hoDASzdDDErNyyq4XITb NEaKSgYFBBSRNVUCQG1IBUEGlBgCOkjaIAUAxgRVaooFqCFRFKYKUxUtFQUG4Au7rvWFRaIiB4hK oEZSQC1JKhVBJQUgCgowYQSbRBEEMRhhFQithUxQaDviPjEfOgKAwS8HERIQVSCt9ChR4OnQ8pBg gUMkMZ68P2itGSRGMZBVwSGrqDGCBRFWEiKOmUJD3D4fw+779xgYEg2mD3aQiD3YNhAJEoKjJvAU dhdFksERi/i6XtEcklLskoVIxiIsR2LsLjhROnTbDBhpakNmVwcXNZG3W5ZgqhmGWskBV1MbRnLV jRE5NIYMREYqIiKopsUXZWmraIIAMCDAEASCAwZEQihYShIMBEwCK0RH9My9FHm9NBf72FjNohvS JtibTYbOcQYfB14DBe/UCOlhgafEqytyS2ArEoaWUlWkKMqShiQYMRiIRidTGMtsVJFBK1mSBijB EWRCMYiMFUiIChYxqQERjabEDXTc4WEFGAoWIByShxIsCmELRQYTEkoMQFFAs1lySIIGkNMKzs0Y uCQoIySRUYJAYCkSQWAEZEnD9Hsl1vdlE6i+Mqqlo/Z8uGaJ5apRqzZ1lKKwYy9WWiC6SlAMbGIq eTyiwWCxVrZiICkeK33SkTCVF3rFtykypl0tFUCiC277wYxVJQTQxF1EGVVG21EMy7uLAdjYBNYL BTNmzZqzDLky6pqS9jZkb0xRWakKhZgYWpj3pdKYQzWtCobN5kjeWFRnKzViMy7XgzaYWLbYR6BM +NJb/gzxH0xZwGNzUY4h56IGCwWDWc1RZqjW4jYI8yHGRjG2kK1U2QtxVY3qcmRUQDDTHm0jTI0m xp8uSCTgmuN4mIpNgJgRLTocsDJkRJWnHMcG5JirW0re0l2aCuVSycVRqqFrRDv580ZIsWDZDUDS LGKiKr/fVG7SxZ2W+1/4PBhXM3dk8P02sMIGsgbEQsfxy8X9PQy9Y7ddML+Sbm1Zte986PuLiamZ iTcR8+WTsZz1U214kpsRgowYx7CHLpm6VJghe2ye1xrd9OSFs822zSgdneLIkIygmjE2qiKAohul RhFEWIqCs47sOyTuXSgQjK6GQfZ6InTQg6qS2EnKF7iWn9UbDQg6VCNkxdlh0uxB0+/+zqtiOq3w KL3IMTPnv5L14Q6Ltm/6OVcOmn/aa4fsOsYt52yaDPpHOTy4Vc/QAUlZ2G8y6SQhAkJIfUnfEPTN B0g3+8WO8Ow3nMMTnlLBg6R+et24mULx+aaD63mH2BshZRxndRH2HrGJm11BIOhVZEW1sdjM1RWz l1lUMmHHSYeu0Hv8XLkQ0T2tqisEV3QwIO7C8KBeiiqowVVRTRBJM6xuBotCxtwrKXN5hYET0HhI d0HSC+viZI9t5IbbMqocb9GbCnbUCgjJoGAeTpZyEpRh6dctbhikX9ue2fHDRX3DaFjyoMTCGdiE kIsnmoWxK2PMG6Oi8n9gMPaYel4iIuPSxc/5FCdacMVjBT/N2ywbIi6/qfpQSCVs/unTMWZt3cRM zZmulQ1GvT5PFW2qdj4jQAvTkaoQt/d8gKlgmQlI+cQaCFggsgjJmsBO9HRQIJJv2uj5SbzXc+gr lofxwdhQeb8YKdlNM61tTdaf3fH6m/T9ecr+n0DmzymPmivNhI0Veu9FLAwyQ6nOBpMv+eggbetu M2Y7H9ejh+XQsO0qo6PyuhDVWhmTIGYQwdyPFen3Kup8XRMREV8VD2WD3PLuHmGTCEyTZ+OXQnpQ phUnRSIpoEkVhBJEfimFwOicZ305uqZgM5CQkSTJDEdzu0h1yuA3B2c1ujyPc7Q+aWfRPv/PvvGQ kGRY9iFkfacrj0SAnht4z1tJm9UZ6iYgySsqyO2powKBOjMIj1eYeSE0NE917SHmsDOVQldWu5ii pWO7iMO3ky1S0xHlSOZqENotptvXhYNNPpJs1wYaoaBvTTjQYc4btWbgyDAxsVTap53Iso7+/drn bM+mUQzh/Y73dDWg1qCtJWmQbGxoAjRqL5VVjZ2LD1S4+nr/w/fo9YU9Zkj8Yh5SXknn+U3E4fET ZkP43p+rFOO8edNQ8XV/ge9ibxv52wskkDvj9Jo0bjBJInZlH20XMd4mIlYEy/raJp6PZ8RiH8m6 RL5nj8ibGtUeev13pnW4T5XJkCB+uFB7CBqZHOZE8MvHapbhq2FtXng3vlEJjQZ0Mw099moHnyjg WbRM/y5mx9nMharLXrL3Myh24483HGDBxFbUEzjCSatn7RNJWyjj6MeMXNBkCRAOQTZJZfXmV2+A /m3IcIRiiCixiLwR41vZ3lhGp88IuRlGh/BL1QlZxmhmWqen6siowi+x9MK9AXWAHb7dCvP0cYkl 4M+hH2N9NcFA1BySZQI7HhQlIiKMRUVFr2KvGhRV5GwFFMmtYECczSWvTa9KhYJH5ji3Os61nNQF mJUkboJjW9VGqriuUmM2ZCrZCzDWDkiolZmCBbSrNyYamHYaW4r++R4IHSyUoUTqYK9GuGGmdDj0 x4ZdMM2Q6NJNNLvn6Hf0ltckK3WS/KNzLl0DUOWXNhrvs3Mm34eO0xdrOHhKDRQ1HzS1vc1rr1lx 5rDPliAL7e8cTGTMXEwZAwmGLjEcM38F7HMTRTtlkMU9Fgu3IRW+CozqmSgo1RjiDO1hcaaHGxAW DakOdR3DXqwe0qmEfEXSe7Yy7rvXiOp7OEqkGsZKgnYjlCVBHp36rOUqKYml4GV6eA3hg6oCQTXt foh9eCFi2axSqpDnOjJmJKtZhtpJqCh4iHERkX1wZnlv5CLGbp0xFy6ibCOGZ+F6oxvSL2GZ+FmG JjXj9Tq85L7Jq40PqtU1V3tM1VSJhTyY1NKMM1lUQmQhCOCHGFfKGN8lTCIvk7QmHhwLtdxxcqc0 ngt1dO1KFHHG5QZXZVrZ82vqtDGdzryzTZq8iU5UpjW2Ql0JzVBWo2KD6ktrikcNtlxRjY4W28mf OdtKUtXSLa6aYEQO5ZmTsU17UlSR0KgHwcIOOos6kG+ukZGevKc6Nj41oS2iUuP3+Q0EXCK80QnS 8GM93qFsTxnL2Cyp7aj2022Y+/9e/p32e7L0ddWG7f8vr+7+f+j3+Pvazm+dudmcMPJpyOXOUL/o xj1DIGEyOZuxvey+3Vu8Z5/E5vff1TS8i43HJt1Qf9NdNOrZPG6bv+Z74Ju7eej4+7Gc5KbGhoZz XGaBYw407xGGg7jEHHTMy649lbrqYol2dkwVWT1McnoygvFp7Z9akbMrIuuFk0SFZAIMjOyj3VjM MdwZdZ2dgQ+xyL1LBI3Q6pViIaaYxG2SsBFGeyMkWVeqcZWVQ2qygx99LV+x4Pko8nj2nWDIbnUV 1tMLFEhhmXBPg6T96EPlBDYL+qKMzc8FG69FMgSFgO2HFSRk0RlHsieoQs+OavaVCk8nIu1R8cZ8 Uhch9noUQgSERhmDHq5uLBvPw5GIXBDwh1jlTanLgD5Ht3F8sdsEhBCHMsQzql9xoExTXuoo8+af 4prHqPQRnceNvrcsskVUSqZmsERl+v382PWToUII5GkD759EhvqodxKIT2NHUxzHuVgjtgnVzenW HNDuIJsIRjJAgZIacO2Wv2V9+5mtLu2aBKrN1Am5SctKacK1JrVsZ8LNKYyAMoqlVqMw18PYZpd2 zE2/1IyK1H35c625QdEmmRmlbMIbLrKs5yBB7BQi1uYRNRzaKF2oWIw4NFm54uqgaBY1Rub9msAU ESFvLqIGJosMJyo0LLejreJylLKeZQfJmJd2yPJllkeLZL3sqdL5ZsrqtTzMyI2kK4jsoPnaCaZx 7IeBEJyIjSS+kmmdiO5WLs4Gyqh+elmOukbXbeeKNrb660IWezmeeUae1Fp7MISEJJ7+K/qb+KlA sNdITIpPPtD13d6STmN5S/8wX5qi7/nuo3iD5nlCPDlDUuBhYrdzaEEAFzSuVwjduMuAD6r/zcsP DwhGEIannmvDm2Z4bnJMobMZNpi1hZaTSlzInL+GXUsoz27ItAaMYjlxWiqfjsEbw3pqyvhBRUTh TdBz3Pb9vhPUrcRxkma6aEQ/RES+zzHReuXPQsjpcdupME2dmQmMIlAneB39G2ty/zfR2udfi7ry vS0aOOi7N5lG1wfWz727G6MU9Ih+dNza4htVnisUTYfV4bPk+ijKsS2buRwkicoftLeXeZPGmKmh lwclg3NvDV0VKPWIFL6GsaWMAw9bK2y4JFYsYLDapCkTBwswQthzlTf1UbIq7jJzgiNs3Ukk9AQ0 MAdGAx1g2AZmWIB5LU9h2RZASQzEZE0Z1OY8N1kqFfpeGJkgF/jNj0ullfYjR5eGZQVRWYTCkhxg Nf3Jrt3e/atWeGtn2Svgee5c3OMYS5YkYkfZAqHve/Rn7KXpHuSBgCcfPsJVlwEvobbnL/jy9xOZ yZeZVlGOafBU4XW5xyY7hY2j9ecMxyFJcI1Oqa9PgePByE3LtDfm+OAmCAYIFanewxsVW7HOsSIJ WU0THYmanqxHYo6l8rppTTQ1WUOFDTTblim62jZMyz8IbzXHtIckOUaKakDPWedubMlrpCTIGU18 Dms1p53lqTYk4psnc8PHz4PrVD+e3ZDdVieV9040WsGML6qn2vhVjKU46ziwLKFSKuP7D7sht2yU 4t9sM2tdofmXc2FNxAX0nGZpEVKl1ITeOQvsCjCKmLxLbrvzaJQ2homwM8Ds6gZyoQzhMWNj8LUz ozs9+U58z18rFjzNDE1F3ozZiFufqmNvfTOgij5GL1ftYzgtzH7ILG/fi4/RHpIyNd+9HcgYCiLN bnJ6FQ56vs6izZn37Nj9j1TZqJpxp8ssoSZcPHXzNL8mMxsAmSm1TmkASc/x9QTqLS7ASP5tJpuJ xifIXWfQdpzL7/pH/D4PJMRhKZmi0j8GIKHwg5BrLFCPjFzo6UXTroMmAbecN3a0eMP7GyGuUHJl IU0O5dW2ZGYlTeZ+WQ9TzJJTCYiPgPGSST0epPdPdzTb8SIdSuZpV9fuk9ZOFcgNGEilQqbtRkWX NlmewmtYs6VwQkFi5w1PaeSwxk6tiXpQGBMdYxC7SiyZB5UAmNyO84kWysIhVCXWM6xAPPBkcHmF v/ehzJxCDoOoEDCXh8/30oKEE4l7n+GXz/tns+W0RNJKNfxphuwhqcUbuEshq6R7WDoBzv3deAKn mXQyKSmpBNJw+2eJbsEtrawnRzCMVu/eDHcET2TXIp66wQt4jZEmo0sJLCBRAXPLZErRqUCZQQcn JhxdwUwY0I10aJTGIKmU3J6qooguKmas3mPgJYiKsioCIqRdw9l1Doa5T3TD8hzOsD3hwc1JCwdr tQppjIUFBUCA9liHVmjwYbkrfiFRCutvyuHDph00GOKS4/yzFZO1CpqoiU4Ldgic095IGdyIcgMD AwbLuNWFgUW4w0DoZrgV9yJRhTVqMJT6aZamnEG3gucbZg0NXRHzKFHz3rsHqdEtTG77nu4baeHB A2hET4+XyL8a62lma1rgEWy6NnEmDZg59Iq8tf1VtYb3ZUFFBmz0ua81ConVppgpS+ExobFrJwVe j26aZ7ps1CzZRmv2k+isgSKNOw35uB52FoBm6fz7fTFLtA/R7vq6a17er5hezy+7bv27F26vSpKR umPoEfqQwMmBhktaEjTCw96FBoRL1VyFEQZJHssU/Wj5DO1iA9Q7bXaZumwZmLNLSIH6NgqYaUTG NG8MVWrDonIi2J1xJ/ltRlpRkpmCCiFbtzTANX0uWhaKbVSI2tWBtIN85tsHbeyzjKbo5DF2WEYu cwqe9HUJRPrq1auNWvCZlfoq5FnKLzL6CM001t9S/nsxq6LsyLWp3TGzVyt3AxIHCszZ49zn6FjU v7Do1UnlnWzHVh7FtwAHkCAkCJIJCBB+NKCEFkAFEUkU/koqMIwYEBpJtuORQakSEyA4QIwkig1U lISVQsqFVVDBpX9v83wfB6HP4Dzz+yYrE8sv0SXJynV2F0SA4Z0kCzOHUQJQ1KXPvk5q5DyR4vvU DRNxkbcUSAQJBDxrfLAkgpQpzEEMeL5gPLmD3w04ps4XrmFPPGSPnOs3cYGYRfg+U/P8TkZzdXzG vQcRDspHJPr7Ii4pel47T4AwHoH7B+fYDoTpGS4JkaiHVITLejOuiddPGzUEXVyYvebIYrY692Nj 89iQrhmbMXMzUbAcENruSbC6uYd4SEgcGc99LkX3Cdjz253Xh+rm28EzKOTE6bEv59eO7fISSSEh ISEhgsAs9RZo6uTY4pTvNq9OZgE1GtoG8NTJw7giU9OsKTAyf0MDl2p2mi5FaWmCKSwVeswwWibl RUYCNKWKNNAaDeIVX5Z1UaLyYuVltkbg3lzrpIRN6AnLma883suAeEE2pdNyAnZtSwl/OJQbcTon 224PHv8fy7TlBhpyz++z0GCYJAN4HFMxFlSyTEwwt1WrvXP0osZkqli6r8facjw606EE6uvMCym/ 8zyqIQzM32zzcdC/keZs8hF/RzjGR3rkYfRt+Fsk0pJjUuchsNIlpOJSbSakWG2dLXcalpOixBqW hJ2SonImtLeXWkFNZJYwwmLCAqB03Qvp2qonfvVt99XZRUYxMBoS7qxLurELWyWNjR2BRocDF25e KdxUhqSE2v5+Xk5lGhL348C95edrgvPEznWYdW3TyKHezvM+zFfJPydAIiRpRmNjDmyycrYBZrSf EoEX8ChPpRI4CLnyhvwkOSnMVJ4gNsIeQ8XreDylT8yX+d5o8uP8ZP0+pjJuhimpy4XjUMqtFnbB z9/2mdbSfWJ9kEgnaUkE/aJVCSd/7EjZD/AlbBkhCpW35MkLNJ1gUQZrGP0mRhrkowMZYKpJ/moO fh9jyjtd/x/daO6PHX6xtEVx0fBQamzDq+idG8IdcP0U976R/U/Ue79b2KbZ9xMEzkaUqL1gZQZK b7UE+l9h95+g+Us/IXR+kaPmPTH5wrslDZI9X1mm3moDREblS17AC4neNRHA2U3m/0Pf+/Pxw9BP EH1PTasVYiLAVF+GB/rDyuAeyWQ+I7obhgWojGegkC5X1TOLB65Czyc6qotNPK1VVVamQJgJS0kb kUJBsicCSONjbY3CEWeg2WlwAMpgl6JoXIFT3Es8QZzjMOuRWEQ2VxzIc+XOOMmylo2frFwNg2SN cOE8CuyuuSWOWlKUtpWVy10uhaR6i0C6VuDzJ0nVz37OqqyrzNzRtEUREREQYuQQVjJvCcgniVWB aHbVCJOKngtVIyEZJAmKZ3SOpG1/aPaB4UT59LR5kIkl3ffYHjtzQYcgbpxUDuG0CWrY2pLA/vSA wIMYoMEghmGaT2QjcS4x/ERG5wDWMgBjYuG6NbByioRD3shlMK84XjtppgGt++V/Ed/B/UPcIoBw MFgPSHgGHsmtE5nPK7uJmq3ARztbIgGJZbh8Z3X8VLQkEFL+GTmGJTnDkBwO76iGaBkDzoUWClEo Yf7Z546L25NvQJcgQIBEgEEHQUhRXaWlC2z6im1zpcsjFANXUuDSXnBKK7RZBF9WSXdSDxtzCRhG RSEBi1CETtKNjcKPQhdfskQHEvcMCZ3fesaFKAP97E7AB+HU6VJ0obJj8cnZlA8Nv7m4upDDuJNe CD8KkPFJFQNcDG9RORAiaGjHbJXewLC2jITke4JkHR9NKn0BpkISLuHMjTvoANwauXzd7VeDmXHf ei9GqJKMH9G0FsXuY+PWeqFQ6GR8NT3Cx2oZj/jnWlZJPVoh4tiKMIwmcGjUzLGKIXSHoQ1iyRkj Pn/BMNIhs4ptZmgSLIwqFBdANgYa5HionYsSD00zMxkyHkCmkkVkucDDC2Qvph0DsdlkvE7pYagt XoGDEjVpG1gIgGY4UmEJLfHb2r+92B7171facuBMh5M5KUkKJQUlBx4eUKVRPwHXYqeXtoUdziI7 iJBW4fGHM0NLPZ7iUWNkIkJEDZRQFU0QiJHVRtZnQsXwDQrsvkT1DlJ0XuROTSchqJMdTYV4YYIn FOw7ixsPbx8ebOoKHZrdswngIAhV4F2JvrB1haays89SkmmsOOGgo+SuICm3WUTZEosvfOz5FCr4 TPHFhDE0C6WgpggwBuAMRgxFIGgCpUDN+hUACWc2HI7hGKccDy/tACz0CEHOdLUf6E8LZjqO4CxY DWoQyWXOEeBZOfJerAeltTWeSSCMXItM7qz15h5GvdijfLHadQXxOnpg28ZsMfAkVJCRgySRuIQX bOW6a+UQFKGQ2nsCqJKUnbvcRJk8ccDc3pT2zusuQjACxMYFxKoIzopiPdQUkIeqU3JpZ7r5bSm+ +vls0MZIGkDCYhrIMOEMs6cNbNhWYl39a+C2Pkl8rssGYsYp1aonUyFWVY4zQxZNGPh3s2c8HLYq M6F4Y4DlzDSwma4uNycaBZJJhRvDlCFCTSa1eXcShoGZcSGueV2uMQgxZOjXCYWEoIJFNMEi+DlY HMTXU6kNIFJRQn0ZZmfBLafcTDZvHVIgaom0DaNkdJcX+sYv0hqhQoRA2Uhn9Q8pO4hCM7wfwB4L +E8jxfES48TbJSJ4leRjgWOdFHZYlZntuJO7fgq+NzgtWIwdEyXJI5Ad4ZRDw/CnW0xQMkRLimOh uNwGG9DMEKBFh0No8o9cPSek8fh9GKprRh0jb82u89Jw7yHYHMsQiBokgsgWaVMPQZ9kjcUWMhTg uQCCcDoFKYntT9bgOoCekOkDDukgJIpcEDsbypTdBngpQusmtT3Ect9TTSZ1y7zcbz13ZgRmQzBS +w0G0eS69TQPxdNpfCCGgHhyRgPU+ssJSkkhiKHs07h3Q7uRlJ6BnhtsFhVcOeGiTUFUYQYVWF3A iNkwgyABu5PBTvAA2nd7aYEhylIyT3pIHsHP3s0yMVVVXkw9RBBQAiKLn+tGwRs85FLvyZhmBu53 5XNrQTDreOHcd08SK9Lr87BmgkR28hpFqJuzggQHoPeCid4orJ51aiICik3PIEKFIWFOJVURbexi jheXA5tQmmdovrAQ5zQHw6BDk2eBm67fVqBbuFaQG0KCCQH4YU1SXs4eooWQiNbPvTJZiAriFpBN DUllMO+ez6/81lwXQUntTMuvnDzz9lnFTc+GZ1e3gYHd0qHCSTIsFCdvAwViITZUEQkAgEDkhKgK nBG1otyCUECIHAETTmTiTMpkb96oXmtP55NlcImqI4YgqAQZD5mCS+RJQDxtBWKmxwyM0nTJmTYo GhMWIGZH30PaizyIhVUUEIQKoalAMBSREgixjAZhCcVaJGQSJkXooFNBZCFqFOcIgEIgSIFCRC55 8LKfaygGNhtl53Q4pkYOmQ7zsLDZg5hiV2B1w4cQ0l+GZORvOCKaWRpHtsL+ME6OWh6lU2BAC4wa sbPtj7vxImp9hCEIQZBgQQ6jzKRQuBkeQG/OSG4naSepnazz/DRDD01CUrQjdaZb7K9SXSCiKrzP ePhQ4VTPOHhRFk91GJl5vJZIs9oGh6xV5guCTIQD1ridgz8BuOMw0NEOmhZ4Dg2KNnpARBTYRFCE 23nawLlI2AyDa+sPkEva3u0SSqipdLvfuMH5pBFVUUWJ1hDqT1pCgT1Z6uDu+cb1Dkc50wohC4tV QkQ8E0kNcwOrzI4HvHv75mZAPcVn0aqlBgtXZL5+m5MMzWXIa4tMbJLxoiDvYamYAYfW7JMA+qcA 5HcnMQxgGhcEPBI4D3VR2GxZJJISQ2l3DYfa4Ey+QaM0O2BQ41ajFaNqKZh6ULmU2TEt3oicUfaD A0ppjziyS1ToUFoMLsM0sJqlHrIm6OS4YHtocKLGJt305rpQVIgiPfW97odbBIMDAoqTi8/YvKMl DEdEbu3UDNIfWm02gRHzRbMAoHBB47yztiIQkgpIIwYJrjUQCoA4MlSgggMxhfqxSRtt1j7iDv3G YDEZWsmiuyFutzclbHNWl9suHMvRIHX56jY6BNA1zO/w0xq1DvevgHbpTrCiVFSoWIsGHdEG4IvF MQfa06ptkhCTwErEh8R0QxgHbnXbJJYxasm48VdrDcb2yQ31LKpmX6+Kj1EEILmI6AeWw2SPMr7v zHk7NoO9sbGigxuGZiUEIpMH5yJg2s5tChwe/Ep8H8pUDt8Qvk7EeeSbzcraAgSIkOAk58S4yZBk 55izYsnDqjYSSXLU0DQdvIFG7yIWubpk9qIQQMw1l6IbR2/pg/Q7adrSyt4Fy4G733aKdirDQmih hMgnUUkMuixhlyQSyrLyisXu0XlDnpH4hYIKyLAPbONOSkDdkN2BaTdRwrspUsmGJZJk0ZF4XrBt YoZj17omWsXDjIhKlgj5jEfXESWiIIvQcQEdYw2OPJyWCdELdESPDyGWCQKgQhkEZfNqyO4l3XEY YWCDdIEAW4J4DHMsJeAUvjl/BhINwNgjcyAoV9Z4lwPzTFingJm6yJoOBRZECLEtSA2KIUyhiKxB CM6CUCkiIEWXQgzCHQQXwVEFBC6ReAb9mtHhdHlfeveNTJ9h2yulwSQkhI3CB0rkLkCQRfZXYO54 qOoRO8oKT5iZtR3CV7W4WG7bJm2SDqFclrEEsg7kFdsFyYA8d0kVucYdAB6CPYDm6aKJt9imZ8JZ D1o8E1E62A7OBqBTzE8UMHIPpIrRDbjRb82KnOxgmAXVQ3A2RYnVgPCHORJCNVXPWsJeUvwDmMtT ro845ZhbgvovGJSoWJla8NVInrqcxMxP8hPMSrS1q0xeNabAez8dCha+z+58FcHgkPEB8Dug0mZW 82GScyQ3oeD9HEwet0odbE4bxcIEiqJ0jxpkcc44PbK0226brXhozKSw+dUuQDvTLWw7sgkYagIE 7OZ9go3d5fzYEYRH1RKgHn9mxYMIfVJb1ng8AuQJMs5L2HgzN7Pb4eEYxd5SdvY/suZlNDzs5OTx x4PFDaQ72Qg2kOsLxhqXaFIdhNhrhgTJszquUkngA4pDpawtDWHbA5FpOwoPG0rkGpYetREYyTmV OexU7TzQPLH3b3T3B43qQ9nxbaNHonxG8JLQD4IFBpF2qrUXzEAdDLqKP9M7Ygt5E7ocZQO2nZA7 8JZifJXeLWoy1xMwN6NSOEyKcDGoS0oPBffXF7TnR3efpyQMP4E+0p1I7kkwoh7KBeI7UVgGeMFB gQnz7JOgMM9+yoiaTAFuiFRItedPJCqLhQvJhROXCiGK4t7YK7dNWVRztiFkEphKV5UxKmORJlpO IkRrskFxuGGfAtLimiqHQ3HnbcoZq8ZpQDVrOGHVWcEogRmqAe+8ThpLqpMWjB2l0qmiRZCKe1lN vY5xuaNeXkhksUeYzpJbgO/ZhodGSRzImvb5gWREtARZ3zPKJhZMFJxidcnuUlEgkekRoPcCBCNR Aj2Vl6V4eBAVJAeIRBOaEiJRZEfYOhRdFyEDoZopduqaJMycs7AeQpIjBJqRrmYpbmAuu0ZzcR4g /qB9KcUM1EyzPYZgLEAWX2iiAC+61yLDO5EkVoRd3iJIyBoSwnNC97CRUNmczNCA4GRKCDlO4lG7 IX7nmtvgT0CYL20N7Fmd0kmkO6dXcIAQz4l6LA2MsUvUyPzhEOaF8Oe96cVZg4D4K6zOF8MbPOS1 BCITzDV1NbEFjKxq32GFCcYGIEqDnvCUrvga4V6HZTpfqLE0HMaho+p1WWIGLIaVFwQmCqTKDY3F gQSIkHW0rqTRZ5ANhIAzrFG9b/f6fxf4Py/J+r939evd65z6UewtrVSJA81nz186FMRiTyRyjaIO SNMZLO4gwBh2QTmB0C0awDiAHvBf1LuFBOyO26yUUbVbjsjL4Wq4rjSPFmCkHoT3Op0ELnQJn9ba fnDuevgUQkYQUhIEV6JuxEzmBV6TQFVYPa3iCYk5UhmpZz1Vq9khEsktGU7suzUWnxt83zvkIdiZ J7aaBV2Q4nd0xVhLEGWSktOhnBMLSwuCWAyMxZLhSa6IpOFWCFEk0wNYxCrePecpPGjARKSOxJzZ I5eVGqCkcNKuQxQ2kNRubmJ8EQkOogmiQ4JoWnGNhuQZJfMjWesOrbirWKaYBUjMCQyt5cULhcPb exDuRMAG44QDoA5iJ5J8caHKUUQ+EPmB0NbVh0kxVVgoTYk9Z1HGrZ6CSRldflsNxU2FZZvwfYw2 CG5U6hIbBig0JsP7LFXYs2pqilYE9DF7XK+6IitqvJMKGECudp2kKxiRLThEGLaTEIRcRIOkcN7n bIrBLNjMSJArFwIaliIwLLJJMgTSmSIWHACiA9wgAa5qhsIWVo0LVRGBIyEiF1ipfUw2GLMRzpND JHqMlS2QHwVuUvgPUDtDE2ADf3ViMyVBYSlQhQykEQNhAK0PtRt1me9TCLxVJxikruJLsZTUXr0l Ep4FLIIhgLEeZoOSeDuFabK8sFnXZn1CgQ7Ro1YatJolKRiSBr1FYefTIvkDyThA6p9w7jong4mG JHMiouYDAUMgqxAcJeHMrHJGycuBZUOLNmJrq5GjobBrA++NAD3GkHhEfWBMiAB9qasBMmhxVehE bAC3CKkUzAIcJh0j6yIuc53FpJxbdhHK1BVyB8u9luDg8GuioW9IHGx2TZ/4RO4RoG+ZPU4V4R+A cdk6dVqDfHyeJKS0FJE3yDIV6AxG12RSIFvzM5YdYpzhTw8jkayGeDFKZFQrTxC1sbCgApKPBDoq sm54dVzo4zp5pul/X+5mifThuTxS52KK9EDzcu6Gy860Xae8OZSOLUkJGSQSRm8mdMhPj0yjcx7p ECEhFuRLERGLBB+IiKdgoWQQgPzpLEFLmw9R6GehT4Mb0Qjc67Qt4e/L2Z54q5pcISJGBPesONi4 44iepQx+CMELVsTNMGw4ArRH8kQoeX1TZzR8hTvEirxqnGicwO1TnHkXnDnfezqLxBoRizrh9i2g HJE8IgfJ7j8f6/YnJ2fiKOSWqJtO4V09B5y8QGIkY8W4IXBAcEjgBwFwDgHBcK0BoBBA9UkENSxq GurscVPchkizebziH9sUdvL3vHPv5RkT+LQkC//F3JFOFCQAWCElwC== --=-GVmYnt4IAwTwRKUuvAUd--