From ede8beb2278b26852141f1dc6a97ec699d49136d Mon Sep 17 00:00:00 2001
From: Nick Burch <nick@apache.org>
Date: Wed, 5 May 2010 17:49:59 +0000
Subject: [PATCH] Fix bug #49020 - Workaround Excel outputting invalid XML in
 button definitions by not closing BR tags

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@941399 13f79535-47bb-0310-9956-ffa450edef68
---
 src/documentation/content/xdocs/status.xml    |   1 +
 .../poi/xssf/usermodel/XSSFVMLDrawing.java    |  10 +-
 .../util/EvilUnclosedBRFixingInputStream.java | 116 ++++++++++++++++++
 .../poi/xssf/usermodel/TestXSSFBugs.java      |  10 ++
 .../TestEvilUnclosedBRFixingInputStream.java  |  79 ++++++++++++
 test-data/spreadsheet/BrNotClosed.xlsx        | Bin 0 -> 9625 bytes
 6 files changed, 215 insertions(+), 1 deletion(-)
 create mode 100644 src/ooxml/java/org/apache/poi/xssf/util/EvilUnclosedBRFixingInputStream.java
 create mode 100644 src/ooxml/testcases/org/apache/poi/xssf/util/TestEvilUnclosedBRFixingInputStream.java
 create mode 100644 test-data/spreadsheet/BrNotClosed.xlsx

diff --git a/src/documentation/content/xdocs/status.xml b/src/documentation/content/xdocs/status.xml
index 78cb7d240..6d8c5e58c 100644
--- a/src/documentation/content/xdocs/status.xml
+++ b/src/documentation/content/xdocs/status.xml
@@ -34,6 +34,7 @@
 
     <changes>
         <release version="3.7-SNAPSHOT" date="2010-??-??">
+           <action dev="POI-DEVELOPERS" type="fix">49020 - Workaround Excel outputting invalid XML in button definitions by not closing BR tags</action>
            <action dev="POI-DEVELOPERS" type="fix">49050 - Improve performance of AbstractEscherHolderRecord when there are lots of Continue Records</action>
            <action dev="POI-DEVELOPERS" type="fix">49194 - Correct text size limit for OOXML .xlsx files</action>
            <action dev="POI-DEVELOPERS" type="fix">49254 - Fix CellUtils.setFont to use the correct type internally</action>
diff --git a/src/ooxml/java/org/apache/poi/xssf/usermodel/XSSFVMLDrawing.java b/src/ooxml/java/org/apache/poi/xssf/usermodel/XSSFVMLDrawing.java
index a27d657bc..a1458662b 100644
--- a/src/ooxml/java/org/apache/poi/xssf/usermodel/XSSFVMLDrawing.java
+++ b/src/ooxml/java/org/apache/poi/xssf/usermodel/XSSFVMLDrawing.java
@@ -20,6 +20,7 @@ package org.apache.poi.xssf.usermodel;
 import org.apache.poi.POIXMLDocumentPart;
 import org.apache.poi.openxml4j.opc.PackagePart;
 import org.apache.poi.openxml4j.opc.PackageRelationship;
+import org.apache.poi.xssf.util.EvilUnclosedBRFixingInputStream;
 import org.apache.xmlbeans.XmlException;
 import org.apache.xmlbeans.XmlOptions;
 import org.apache.xmlbeans.XmlObject;
@@ -53,6 +54,11 @@ import schemasMicrosoftComOfficeExcel.STObjectType;
  * considered a deprecated format included in Office Open XML for legacy reasons only and new applications that
  * need a file format for drawings are strongly encouraged to use preferentially DrawingML
  * </p>
+ * 
+ * <p>
+ * Warning - Excel is known to put invalid XML into these files!
+ *  For example, &gt;br&lt; without being closed or escaped crops up.
+ * </p>
  *
  * See 6.4 VML - SpreadsheetML Drawing in Office Open XML Part 4 - Markup Language Reference.pdf
  *
@@ -98,7 +104,9 @@ public final class XSSFVMLDrawing extends POIXMLDocumentPart {
 
 
     protected void read(InputStream is) throws IOException, XmlException {
-        XmlObject root = XmlObject.Factory.parse(is);
+        XmlObject root = XmlObject.Factory.parse(
+              new EvilUnclosedBRFixingInputStream(is)
+        );
 
         _qnames = new ArrayList<QName>();
         _items = new ArrayList<XmlObject>();
diff --git a/src/ooxml/java/org/apache/poi/xssf/util/EvilUnclosedBRFixingInputStream.java b/src/ooxml/java/org/apache/poi/xssf/util/EvilUnclosedBRFixingInputStream.java
new file mode 100644
index 000000000..7e373b393
--- /dev/null
+++ b/src/ooxml/java/org/apache/poi/xssf/util/EvilUnclosedBRFixingInputStream.java
@@ -0,0 +1,116 @@
+/* ====================================================================
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+==================================================================== */
+package org.apache.poi.xssf.util;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+
+/**
+ * This is a seriously sick fix for the fact that some .xlsx
+ *  files contain raw bits of HTML, without being escaped
+ *  or properly turned into XML.
+ * The result is that they contain things like &gt;br&lt;,
+ *  which breaks the XML parsing.
+ * This very sick InputStream wrapper attempts to spot
+ *  these go past, and fix them.
+ * Only works for UTF-8 and US-ASCII based streams!
+ * It should only be used where experience shows the problem
+ *  can occur...
+ */
+public class EvilUnclosedBRFixingInputStream extends InputStream {
+   private InputStream source;
+   private byte[] spare;
+   
+   private static byte[] detect = new byte[] {
+      (byte)'<', (byte)'b', (byte)'r', (byte)'>'
+   };
+   
+   public EvilUnclosedBRFixingInputStream(InputStream source) {
+      this.source = source;
+   }
+
+   /**
+    * Warning - doesn't fix!
+    */
+   @Override
+   public int read() throws IOException {
+      return source.read();
+   }
+
+   @Override
+   public int read(byte[] b, int off, int len) throws IOException {
+      if(spare != null) {
+         // This is risky, but spare is normally only a byte or two...
+         System.arraycopy(spare, 0, b, off, spare.length);
+         int ret = spare.length;
+         spare = null;
+         return ret;
+      }
+      
+      int read = source.read(b, off, len);
+      read = fixUp(b, off, read);
+      return read;
+   }
+
+   @Override
+   public int read(byte[] b) throws IOException {
+      return this.read(b, 0, b.length);
+   }
+
+   private int fixUp(byte[] b, int offset, int read) {
+      // Find places to fix
+      ArrayList<Integer> fixAt = new ArrayList<Integer>();
+      for(int i=offset; i<offset+read-4; i++) {
+         boolean going = true;
+         for(int j=0; j<detect.length && going; j++) {
+            if(b[i+j] != detect[j]) {
+               going = false;
+            }
+         }
+         if(going) {
+            fixAt.add(i);
+         }
+      }
+      
+      if(fixAt.size()==0) {
+         return read;
+      }
+      
+      // Save a bit, if needed to fit
+      int overshoot = offset+read+fixAt.size() - b.length;  
+      if(overshoot > 0) {
+         spare = new byte[overshoot];
+         System.arraycopy(b, b.length-overshoot, spare, 0, overshoot);
+         read -= overshoot;
+      }
+      
+      // Fix them, in reverse order so the
+      //  positions are valid
+      for(int j=fixAt.size()-1; j>=0; j--) {
+         int i = fixAt.get(j); 
+
+         byte[] tmp = new byte[read-i-3];
+         System.arraycopy(b, i+3, tmp, 0, tmp.length);
+         b[i+3] = (byte)'/';
+         System.arraycopy(tmp, 0, b, i+4, tmp.length);
+         // It got one longer
+         read++;
+      }
+      return read;
+   }
+}
diff --git a/src/ooxml/testcases/org/apache/poi/xssf/usermodel/TestXSSFBugs.java b/src/ooxml/testcases/org/apache/poi/xssf/usermodel/TestXSSFBugs.java
index 1d8a8fb54..7d3df7427 100644
--- a/src/ooxml/testcases/org/apache/poi/xssf/usermodel/TestXSSFBugs.java
+++ b/src/ooxml/testcases/org/apache/poi/xssf/usermodel/TestXSSFBugs.java
@@ -138,4 +138,14 @@ public final class TestXSSFBugs extends BaseTestBugzillaIssues {
         assertEquals(1, rels.size());
         assertEquals("Sheet1!A1", rels.get(0).getPackageRelationship().getTargetURI().getFragment());
     }
+    
+    /**
+     * Excel will sometimes write a button with a textbox
+     *  containing &gt;br&lt; (not closed!).
+     * Clearly Excel shouldn't do this, but test that we can
+     *  read the file despite the naughtyness
+     */
+    public void test49020() throws Exception {
+       XSSFWorkbook wb = XSSFTestDataSamples.openSampleWorkbook("BrNotClosed.xlsx");
+    }
 }
diff --git a/src/ooxml/testcases/org/apache/poi/xssf/util/TestEvilUnclosedBRFixingInputStream.java b/src/ooxml/testcases/org/apache/poi/xssf/util/TestEvilUnclosedBRFixingInputStream.java
new file mode 100644
index 000000000..799d3df36
--- /dev/null
+++ b/src/ooxml/testcases/org/apache/poi/xssf/util/TestEvilUnclosedBRFixingInputStream.java
@@ -0,0 +1,79 @@
+/* ====================================================================
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+==================================================================== */
+
+package org.apache.poi.xssf.util;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+
+import junit.framework.TestCase;
+
+public final class TestEvilUnclosedBRFixingInputStream extends TestCase {
+   public void testOK() throws Exception {
+      byte[] ok = "<p><div>Hello There!</div> <div>Tags!</div></p>".getBytes("UTF-8");
+      
+      EvilUnclosedBRFixingInputStream inp = new EvilUnclosedBRFixingInputStream(
+            new ByteArrayInputStream(ok)
+      );
+      
+      ByteArrayOutputStream bout = new ByteArrayOutputStream();
+      boolean going = true;
+      while(going) {
+         byte[] b = new byte[1024];
+         int r = inp.read(b);
+         if(r > 0) {
+            bout.write(b, 0, r);
+         } else {
+            going = false;
+         }
+      }
+      
+      byte[] result = bout.toByteArray();
+      assertEquals(ok, result);
+   }
+   
+   public void testProblem() throws Exception {
+      byte[] orig = "<p><div>Hello<br>There!</div> <div>Tags!</div></p>".getBytes("UTF-8");
+      byte[] fixed = "<p><div>Hello<br/>There!</div> <div>Tags!</div></p>".getBytes("UTF-8");
+      
+      EvilUnclosedBRFixingInputStream inp = new EvilUnclosedBRFixingInputStream(
+            new ByteArrayInputStream(orig)
+      );
+      
+      ByteArrayOutputStream bout = new ByteArrayOutputStream();
+      boolean going = true;
+      while(going) {
+         byte[] b = new byte[1024];
+         int r = inp.read(b);
+         if(r > 0) {
+            bout.write(b, 0, r);
+         } else {
+            going = false;
+         }
+      }
+      
+      byte[] result = bout.toByteArray();
+      assertEquals(fixed, result);
+   }
+   
+   protected void assertEquals(byte[] a, byte[] b) {
+      assertEquals(a.length, b.length);
+      for(int i=0; i<a.length; i++) {
+         assertEquals("Wrong byte at index " + i, a[i], b[i]);
+      }
+   }
+}
diff --git a/test-data/spreadsheet/BrNotClosed.xlsx b/test-data/spreadsheet/BrNotClosed.xlsx
new file mode 100644
index 0000000000000000000000000000000000000000..fdb501a0183b4672ca72d25a9c8226fc2ec185ec
GIT binary patch
literal 9625
zcmeHtby!qu*ZvGCC0!CjgLH!uBHbMV(%nN1NJ)2h36j!XQW6pZlG4(kbO;PBztMBv
zpXYFVzw7<```$g*?7g4snRU<1dRE-eT3cBT9sv)41h@wP04M=fkSLNsAONt32ms&$
z7J#~94)!i)_AUnMFTiHbdaUktwiLOuK!(=<IN0a^d;D+Hz>vC}Qh*3nd&W7aUmwF(
z7uN)RG+;81xB9y;i$J1+ky~x8_l+lVm4Y=xVP^p0y_mFv>Lq!>1ue5G#E^l_z^FWI
zG!Y9)#x~iRud6&>ra+IJ0*0vIKr+BAcUxN+Au<|~a(!<g{^C6SFbC6X93o=0^!D{$
zjjoA2T}P&x`e(rGNJ&gVuDJkcPNioRch*x@-U3X0=t;9#je0ub$lgmH^{&ABf`LH#
zT(8m%%-GTOw*w;SwrVOn_sZcZs{w}^#M*D}jd}Z?(V!D6t-0asB?cO@X1>J5r#$rj
zAoS1|`Z!v;n*v9nwxxN{Oynd42h9HI?P9|g_S<fKWLkaty(<89iR~}|&8!+ZXQ{<U
z3DR4h(pz>rm-HAzg*H+6+de8#!g4=SLeY;z9<VJg7n@U%yxi)aV4*jI*P-KytGoWu
zjx)9U1-IhOmEh*G<E@fAdiH?9^=4}FUWbs#DHlDY&V!Z3Uu~0fZQ0{ZOt-d{n|Ku8
z;Nu&ZOWoeW1C;;fk@Xtv)Tb~rlZVZs0fvDFPG+{wY^*=d6uATc^~C=*9vB%vqS(!j
z-g_Y3Dz<*LZ7+Q<r=Ue%x`k4myn|*RR3DW`BXR}}g!h*<nID6G9eJX=xc|jU9Yku(
zrr6!g@U)uC*mK(2y*yhJ^R+RRg%w`kgJ@DCt%XHf1NZ#I4CCpmqMC?^2hEAs)W+Oo
zN_c2TyG{jh>?#9BmSYLTMP{E9H-v)Ukt?$ZPIg+~L-s^25xx|>sA=R@aBye);%%Iw
z7%7s4D=-Mz5Hm+B9+@vn7af!dz(3BM!2WPWWdff?H}_oW<hFs|kxDLXRC@VXa4Fnb
zWM{{ZHQTcIylq%;^-bW4g6X+YXAh>j0c_d+Y3nV1;&X?v87X)G-~r$s(A}2p4|8{O
zaI!IWaIpE2fBrOmgde64%T)ijkJk8)*4^w_fd@gY0W+Sh4HL;YR9{t5-zJ{`1KYk+
zHqg|~gWh=uq1nTCwgo;%$dlj#mCo+H3)c5mULMxQ(2n<~(rqrOjS6mD8@xopi>OZ8
zdPR#t&9NIXxv-z)L4AbX_{subkJ-jj;+i0CFd3;k?AUZIA7aFgV`e#;@y+x>m!JZO
z<NDNhbx4hj5o1N!PJ~PflyG|naa~9{*&R6ZD|;T=p+u<o8ApbjCx>#3-GD<eK>;TW
z$kx5i7yKc`u!f}DRE`~UI?#ytYNqxg#^*%!`i5tXwjsr5f<A2GQ6*qx+rSHE5&yK8
zi#2UteV7e^VX+YtW(Y8Q`KzTwst&?D3agd+2s8PBJBBw%Q-P6E<itOgVQ=<*MsJCU
zRD;;uJBvNWf_wKfAr@|&X|GJH1-awB{HsMvGwJeDag+<bi0(OEw)-@{&3pg2kUv4^
zsbY-bR!vj8&dJ>Fle$G*JZ0WD_0D^O;kMdh-Mi9_ufb|o6YL?QyHxWJ3_ni+D&kZg
z^i32QiH;?7eZH0w(@J7kd77dJKk!N%UHZ#td%1*-RdrEd;Kwbht~qEB&*l}y!?>Yl
zDOS?MOhv41avya0=|wluOFIG!ZpLA$_6J=##;;s#1Ra$7TE}J56@@0Gs<B7s4?+ZK
zLdun&pJj!Qkt1_UjD~#F1Z%B%5RB9qLD7x1S~3@-9fMcLf;{>$mv9(WR+{*-t^7d)
z)A*Nti$jRK<~_KThY_#ztE!*WPCS`iL*s>7K>3@{RxOK7Yu@L3q0o)XBoD!voNI@(
z!4&<^rPwN@ZSqF~0Mtl+5XYZO;bLiKXU6vP%<;o<ceRxq=6UhnVa~WwxH#C+H;^E^
zhR;-Ilq-<Dw+|t=N=tsGmMbzY<4rQR<_qj@HcA1u?6KQ2jl#9KWYg(}l*3=*L#1VF
zhz8}xkw~T{L&T|GdfhIqQM;bb1%&2^QPFHT&X?*{c!a(e22Jo=db$PQ$dQo8qxP8$
zxy#QjW=bE-O<f)6^<*&8U_Y%APR?lB3zDVHND4nOA{rbNq~sV<XbP?J*TPosg#!T>
zLN%sJCe3NPxS`6C)D)hcoH@cz#T3Tp2SU$?T6<-;f!SexbPAdHNCH_?+@ix~DJU+X
z+Vk+jCO+IWn28}o$*6R5`jgkK15=Zzi}HjV^~QEadP~>iu3P>`E*}r^IvFf<cBXZ;
zAWoM^9iKQWrgvOD>oc=}hD*o_<;)W4r{5*Z6ULZ*ch@-g?CVv^Th8HbPHEG0Un#yB
zlQpXr$LJTHN;xE%H23!W*hv!G!<T$`It*!?cR55dJ^D!Nbt_w{?RJEO$N4}hWppm*
z#z$5tM4o@1CCCBbm6zT{$PgMV*vuV)5;IxyEaK3c^%5{D5{w@emrif$?;X0z8ZGH>
z{1M=Q^E|a$to`|e@z&TAL<RNvEB4M<Y&4I`te3aj7iuTl7YS=2BhjGmF4vo5N8KP6
z7K;_u=z!I(lqDbN*J)7RlPsU(Z%2e1?%MBfFT3gAU0=U=gvDt|ITpc|eGT3H5K$?7
zbJNmCduZn;C2<}rDW0plevj<%o(os7BP~6(V>^B~mYN0PeLo1wRu(GRa`_{3v!?rw
zQEplyM-1@#*$Zx_WP!$omMC9IjMf2X{1#-avKU~oW5#Fh{1E|8UyL>1lNowF>urfJ
z>8o$khST6elkI~p#PS>ObCEKU#-=jle?3o(#o60e*`9HYx%8J4R@o$%Ad{C<;LN9{
zk0pqJSRweNrEH;BKx}K>2wnM^COkq&o28}i4ao+AaK5A-J<fVaniNO68j6qMgIii9
z-{1NCT;jPB<DrWPkyIN;T#fBVJK!ZjrVqSW8>8zLd4?3LD#K%zycf96`r`YCR($VO
zRD;Pz`I(KM#H!s>iG;po3^;J)6FU(&2lg>7c&Fg>ExaN07vKhq>mY<?rJ?M}F?>?I
ziL$(Q>q%89>g7dR#9wP@#L!jKmfg)_=qv@_c6PM{SR4uaJu_HzUz}WUbDj3w+1W37
zE^Je;hxe?gt@%ZjclB0$UXsGMKu%s|XGwe633|C1=3Z~2Pdh`vxb=`in!vugCV?gq
z!&)Si3gKKv(m;Mc@|G`FRDSX@$T+mmyJm;cQ^u#<Hz$&Wh<Q)aI;Y^nCdonbE3QJB
zWEf7I=7T6h7hEQF6)2fWvzJMU3`IAOhpcsqxSUIg$K;Ehn>H8&FjF)FIzOk622pJ4
zbqpx*=h{qxc{?K`>lgNrGT-*NuTbgHhzZga$J8wj3YQSmn^haL!c#zGz4Aw1ym?mM
zQC{$&9oSgQU)*2O?yvWyjqga6pc9R4t5qm2nwgc3K4MH|-iBxD0r@w_aVQ<QEU1qG
zSShz~ZbZ<r5L+3Daix|pYkJX@Q7+HHhhhy@Gums<uTn$Cp`5&*oP&YEl@tt!;Gt)_
z)qx-KP(huMeu?pLijRWmJI}+8=n9(;rlMXNE)XN}`Qi4$g2WL#>;SM=prkF`efB1U
z5XMceLL7T~d5KXra8hBpUE$}|Ogg<IxWVOJesh`738zvu?m<&Dz89H;hKs1He)a`5
zBpbt(;W8I!ss%*7w_F-0K5)~BJ0^QTki8S4<YR+*aze&+<)HZ3OK)IQKrtB>3z!UT
z0!tm7ZTlU~spxh-vzA+4r@L5*Y!rZkdKHI?NO`54EPwJ!v@CgFFPTOTB`uUOlnIv!
z8cK@8`-!Kj_zZ#>gtc9mo^RH%tk|1<m1RE4Fsh))v6T5B{-BK)`TN#z9~~FN#+1>-
zs3~+rf_YYB&!bjw-ZLV6GfW~wW26Qy6~Dn>GaXv_u<KEyj&5}_x4w;OmmgsYPjF`|
zrR?%J^4628Ta^{AD@Rd>A~7F8J$`2+k^*`cQtoBEonS0$ECh@Yl|WY4nJ=R~QCObP
zpwpmj0DhBkEM#QMGOK;<t!VP~W7^>Ghn@&-h_zAQ6vVcmxU-gC4KJ8(_GvGFuh%4_
zkNaxg)$%4;(`q&ctpa<e1+8DsDQT*p?|LKY$MN!azfD<X(YP2(u$d_sgP{H+W&L0e
z&X#6oF3x`v&!2;z+3P3mEQ{;>!O??%a&!U57I;z1Emqv|3KKyQ=>^_g$6S7r-941m
z8pVVraNX_sv4vUN1#0bM6#~$#NGXZ(dsb+c6ud)7N(jBOD)Sj6S{`YbrfO^dV9GPy
zu2_uof~G|E8M=HyzJ<6WE+W%oy47@a4rE>HG%5Kh@0mF8BzH_I8}TShs`WHUe~S;|
zHdxX1cxjg(eQ}Jp*@S|XPjmU<(7f%F9mgc=W9c5>shL~oI+cT~H=6r=@r}}(L?Oa~
zN_E-O_@Eh$U@h0uC81mC)m6S`hu`X_Nmh;p7p9v=*qi7d`uV9D&L4R_Qn^$1Jv&w#
z+IO+k76mQsq=G#v<_K~G?9(hedb=4K+<0xR+r>IF!p?}s7cU(2zqDE3Y?Ph9Pes3Y
zKp=qv=Pmc@$Q$FpVZPK8D=g_Ckv4|M%f#Q+`GpGE!~F^0eky@;_3jQ*P1Qn($Q#wC
zKyPzyi8uV+GlO_kCH6W_n))dl<t_v6sbrc*PssD@tsKSnI&;3x(&TDn9w-H%prn^@
zrIEmgg*FF=Aodrgx8Jb4%fB<{D4fCGlUgk<%^@xL76TC|a1YBBE5Dy?uyr0<2;$dj
z5NvV4D{UoLj~QWv_R<@vSSV<J_6x1`Nl)uKX-24~Hg}@uUiW7wR3YG_;Kt7GaG!en
z?F;hnxY2*0NUr}X@;^}Iisw?(5RB`;fmJ7AJo5+NH+3>{v$D5vW`o$-ivMxX!3w*N
zR9A4AXGd?toOwC=NsLv-#KLa8xWTVNthzgVPkC1rFNk?C?145n^CQQr9VzW$LS;Oz
z*cmzy=!4XNjFy%E6O&oG0y~pbd?sy2f#O8V4$&<-IL3xz?we~XkuE7|202<9v_>)c
zGZ04&uIdE(F-^yA__XS=mL=IN`|R7q0nxXMdp9LT?%u1Eh;D)f9Iv2w6S&dLvk0<h
zI&!(;iNbE!`XlxPJ&E^x3#+yj3S9_B@+?2!s`-=hm_vz}BR+jDSJjDfJ>&zHc9$oJ
zIi`N#sY+f)OswA5ptdQ<v=uc&kUJ7b&}BA6+eu6o#)Zz*Y5EZ}`<c2wOq%k{2bko8
z+mjM`&+Dj>3ZIrKX>0|dj{;NVW9nwmoSDO;@@8piDYtjUi$_O_kV;9X2HfqRHY)0S
zdNVFEC#6|xKPHemJ|3LY!{kNgX*r+LZ72aVLF)Mp+;3$|HU_FCK3y%+4dB(7I4;++
z&+@irooJ^W_hZW@H4gj96z9E1qZScM7&mNN6OHe?SPhGRy}Z0Y#bFClHapQ5JUxET
z!>QSfii#KCcpr*;QrCpvFW?zM^o){hTmPv|!Kmyq`V&%7_-N0!(S{^ns**_`Gf!0Z
z7j>DVZS;k8piD<!gnPAUrWGu1JQRzfdHBhka664%lm!EKe7P{HCLdu<I?Oo#gh1~_
zo^ou}N^Q}B@JY%z*GsJ2P;;5Ag~qvJ8i#A_?Mj1z{xvr?L(Y%2rrWs77=xRgKBd9Y
zU7mgR^<CCJ%hfdRjtOmdbCzZfZcZR}F1x*<_`96Ly)^Aa36&<CpoBv(51k69P!BEH
z)da&DoCBn<K8f7fc2`$q8Dqdb<XG@EG?{F@V*EO5jgZYVGOIlhZq1_1piF3|vkmQ#
z^SbpY+@i5<l^kL!*n8uR$wwqK973Lt3aVTQ%xyn+9sUjry#L&30ZCJen_)APuq`ph
zA5P%x^1{~4`9}!JS5t_Xhs9#TOHkmx-mD+1U3F`SzmbtHYKCZK4Xps2H<1<T>i5fN
z)4njHEi>=fY)P(zk0I(pdS#Rr__@&NiElZt#orFg?I9_?1Z5~0FoaQL;`IvjY?V=Y
zmpt()q8gHH%Swdv$76N!fFpXxLC}&=LnVB!@<?#Yy9y3Wf<(~wIxzBK{{sj^xRiMi
zq^`o_fFgca={~<uS#Wds%MaQ_L#6p;6^|XfD11*+r5pH-CRdO2h!&7uefBV_Pa{00
zBzBT4&7K?%F*TKO!mcRgebJVKADlc<`0!gw?jl>ND>bT(2^2psr$Q3=+TR8&rs<U_
zRW@yOmC{;kfO;EqhV}kAx$qKV6?168C57YXY5kO$ogQ^9$x~k*B%#c4&~>QI4zN{%
zqMoP~7m2b(vJ5b|mB>-KC40T)_Bkc1=>so87VR7Nx2n^XSaQ!+x*Bb9ZiVK%ZeY1)
z>+HJUJq60TrI3~X!ugVG!AOh`bzE`I7vkCVT-a$~upCh$9S};8Eo(ho=>ICVgfPKx
z4bs1bajUGV1l{>^Dwi!}imK>vPODJjHKZ0j?^$;H+eOayaHIZF*${_CyML2=f3lKD
zRRtv&A!(yN0#Pk#3t)lLrzj0YcYOniz-Ky*QPOMi?j%=d?!+VlPPJ<(XV?0i?Kk_G
z+A5*R-oWms_k+DYB%LY%4;*4F_zZJjSB_S{f#bznfjD_^>N}rDvcwUY9aj5l=7Y?%
znRU0>?>Es`CZvmn<l0%*%pi9$>TN%VWPR1r4w>qXHp2Vf-RWv4m+tg-w|_92CRS|h
z#>D38UV@{UYXgrd+$7>>49bkigx!z=SHY5~Wn;x?*&Nx0fZ1jp_Lug4TtWj$taKg8
z_vNaYJSe`RHoY4+Y>)R%W{f4ni{5FQGZ|Q+O%1nx{`kelDei0`eo~v@E}z8Hg6--Y
z3-qYdG5!+#1k8%gKr-RUF7L-}2(^aT`%t}7>;%a)OxBK1Lp2UQFTT<YE`qBb7|53U
zW(6SB<)TuT7Iv4(#yzsG`YaD$amsi7aX4YV`%1~@w|r<WFW!;`wkF&N008|Tjt6$K
zg0;t-)XZF5ekP$iV-8khEBoDq5k*)_rT2-B$tUjW7(*}kD7M##=ot63DK^6QW^6^>
zP!`fRsXb11anAwz^V+sDZNx&`Smz&yhxm+cC1O)^{d(h<kcl#LMEn!CoJ_;<2`Gwq
zxmIL9kaIlw_^4xrB;4mE2LE+y_GTXOF`h(aU!4JkY0yRP{J={Di_)691(s>sc`!0x
z)8Gh)OV@V*TP3K)VE^0Iup{4$>jB*DFi6|)<`w80MO01otIOD!8HatD*V{>N<4}E=
zbGe6m`U4JC`OxE-W=F?8{5U_Us|(BWNbO$TBiP8Sd6Ukr*g79-9!erJkSJ*#L_?6)
zbe}WQMI$L#C+u}Wg{GZw1q*9zA`efo7hRx!@{6vi9lCL@u8m1=z4;68KBVV(`1|iy
zTxWl)@v_$zgyJxbTfw{l8&(fCbudwOasWHCnK(F^{Rnpyx&JK#!!!qoj8{?WroanY
zQn<#%IA9s2vzDHxwT7<a;5H7OOD@|}6UYMgpa%teyrsvTQv6?iGM&X9&F|1%Abi!Z
zVHD@`$6?P+8n9)m(;1!+NIdU|T34`nEsA_-scB%4)WtdW*d0=iNQie%6CY{OrD;j%
zZ${)<4gb-bfQ&9YW6Fwrb<D1MWA&8-@N3{_LkvGTa{hh4Vj<iy?1w$XR!^RD0rERW
zeUWel3yFJ{76FP^Pmqz!RzES4+U~kU3Yf`pgj<{~meyA9G?y_26LCE0sf>7&l4D&W
z|BeY*#9Cn31;i{bogV0KIQ}pYz;q<OnKA<g5jZZ9Ab$IPIOtg{wXbXv7$9%V&O62b
zaA$SJ@sX6PB7=-f9D%8fvm^?2kM8Yt%!Tl#drl1Hcd4O=OsL6AilOu(daDs5DldN<
zfHMVKo<;m{c376h`m5;~fx-W^ydO6A$B~)vRB4SJE9gM_3YLM2C;YKWNU0Gb_?dH6
zb)mMIGA1i?aTcLEK0*oN1zR<qvzfieSy{p{^xNi*r`l*Jdgwu^icWD)tEyd$)Iv|U
zSFUwTrRfrT`v5^R@ZlskYw|3rwiI#jL;O^Rl-9ZCth93v8j$Fjku^(F8-mYMc{w$c
zYQdnrD+0I=+F1rNGuVMR1IJ&Ol+nYElfU!TMK-K;r%bjR8J62;^a|L7IuvJTDqx#P
z%#OT5tXzMlF5if7l|{PeTCsj!lsx6$v}UMB9P@g;I)}W|MNF3{MY%Nj3(K?chhk@)
zCK+M7lN2ueL6!<mbXX>?4J)J5?N4Pd-Q*pf!DBIg2+o;JF*#_0q+I6mfgP=P;gGNh
z6tT6U1(%)c*~7kzdU4S06C*7GEoP4t`n(MC+qkb9xnrXpCNaY=zEfOobdgkKXteSn
zgoI`DPS)_E$ok|5_}CUnkwd=e_3PPnAq@n4Z5iF`8$86_+_H^7p04c4d9&`gaQY(`
z{Xr9fa4dj-_bkW17VKZw-#po&EcbVSzqg+MCHUhS5A%w@G@|bc{=JX)S3w_Gi{RgP
z_3q-_?eF|Ts(?MNa;MvKSNLv6;+OCv)Zg|e?gHGc5B&nz#rpr>{y$ZV?gHMe1N;I+
z$GHpmtGx1`qiDbyFMlfK&!6@4^0T&Z7v=6&`qyvC!uyHx?>5$Vf$nZcegWkX{sj89
zIk_u(m*oBu4JH2VKlw>{@1oqLWxr5JVKoAnKJJjRyW^iE?Jnrwna3|k03eza0Qd(F
mxhwwn?D1D|6wqJ9|I8)Ia)>au008d8UT<NZH9+}e^#1_#@^MxG

literal 0
HcmV?d00001