From fbf6c5dc10ea628b68ec19a3dc407a0d3d378943 Mon Sep 17 00:00:00 2001 From: liujingang09 Date: Fri, 29 Jan 2021 11:41:12 +0800 Subject: [PATCH 01/11] add web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156. --- .../zh/blog/liujingang09/sudo-cve-2021-3156 | 77 +++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156 diff --git a/web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156 b/web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156 new file mode 100644 index 00000000..43e391d6 --- /dev/null +++ b/web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156 @@ -0,0 +1,77 @@ +--- +title: sudo堆溢出漏洞(CVE-2021-3156)分析 +date: 2021-01-29 +tags: + - CVE + - 漏洞分析 + - sudo +archives: 2021-01 +author: liujingang09 +summary: sudo堆溢出漏洞(CVE-2021-3156)分析 +--- +###1.1 概述 +近日,国外研究团队Qualys披露出sudo堆溢出漏洞(CVE-2021-3156), 攻击者可以通过“sudoedit -s”和以单个反斜杠字符结尾的命令行参数将特权提升到 root 用户。 +###1.2 漏洞详情 +在sudo解析命令行参数的方式中发现了基于堆的缓冲区溢出。任何本地用户(普通用户和系统用户,sudoers和非sudoers)都可以利用此漏洞,从而无需进行身份验证就能从普通账号权限提升获取到root权限。此漏洞带来的最大威胁是对数据机密性和完整性以及系统可用性的威胁。 +该漏洞在2011年7月被引入(commit 8255ed69),当执行sudoedit –s / 时,sudo的src/parse_args.c文件的parse_args函数会把字符“/” 设置为"\"。 + +漏洞代码位于plugins/sudoers/sudoers.c文件的set_cmnd函数中,关键代码如下: + +如果参数以单个反斜杠字符结尾 ("sudoedit –s /"会执行这段代码逻辑),则情况如下: +1) 在905行,"from[0]"是\ , "from[1]"是空的终止符 (不是空格字符) +2) 在906行,"from"指针加1并指向空的终止符 +3)在907行,空的终止符被拷贝到"user_args"缓冲区中,"from"指针再次加1,并指向空的终止符的下一个字符(此时已越界)。 +4)再次进行906-908行的while循环,并把已越界的字符拷贝到"user_args"缓冲区中。 + +漏洞修复方法: +修复在user_args中转义反斜杠时的缓冲区溢出问题;并且除非在"运行模式并且通过shell命令执行"的情况下,不要尝试转义反斜杠。同时拒绝不安全的-H和-P参数:执行sudoedit –H或sudoedit –P,会输出"usage:"开头的错误信息。 + + +排查方法: +以非root用户登录系统并执行命令: sudoedit -s / +- 如果输出以"sudoedit:"开头的错误信息,表明存在漏洞。 +- 如果输出以"usage:"开头的错误信息,表明补丁已生效。 + +###1.3 影响性分析 +受影响版本:从1.8.2到1.8.31p2的所有版本 + 从1.9.0到1.9.5p1的所有稳定版本 +openEuler使用的是1.9.2版本。 +###1.4 缓解措施 +使用 systemtap 进行临时缓解,使sudoedit命令不可用: +首先,安装所需的 systemtap 软件包、依赖包以及sudo的debuginfo软件包。 +# yum install systemtap kernel-devel-"$(uname -r)" +# debuginfo-install sudo +然后,创建以下 systemtap 脚本,并将文件命名为 sudoedit-block.stap: +probe process("/usr/bin/sudo").function("main") { + command = cmdline_args(0,0,""); + if (strpos(command, "edit") >= 0) { + raise(9); + } +} + +最终,使用root权限执行以下脚本: +# nohup stap -g sudoedit-block.stap & + +该脚本将使易受攻击的sudoedit二进制文件停止工作。sudo命令仍将照常工作。上述更改在重启后失效,每次重启后必须重新执行。 +一旦安装了补丁,就可以通过取消systemtap进程来删除systemtap脚本, 使sudoedit重新可用。 + 例如使用:# kill -s SIGTERM 26285 (其中26285是systemtap进程的PID) + +###1.5 漏洞修复方法 +• 下载openEuler发布最新的dnsmasq软件包: + 漏洞SA:https://openeuler.org/zh/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1001 + 20.03-LTS: + [aach64架构软件包](https://repo.openeuler.org/openEuler-20.03-LTS/update/aarch64/Packages) + [x86架构软件包](https://repo.openeuler.org/openEuler-20.03-LTS/update/x86_64/Packages) + 20.03-LTS-SP1: + [aach64架构软件包](https://repo.openeuler.org/openEuler-20.03-LTS-SP1/update/aarch64/Packages/) + [x86架构软件包](https://repo.openeuler.org/openEuler-20.03-LTS-SP1/update/x86_64/Packages/) + • 升级sudo软件包 + rpm -Uvh sudo-*.rpm +• 升级完成之后查看sudo软件包是否升级成功。 + rpm -qi sudo + 20.03-LTS在:sudo-1.9.2-2版本修复。 + 20.03-LTS-SP1在:sudo-1.9.2-3版本修复。 + +1.6 接口变更 +不再支持sudoedit -H,sudoedit –P命令。 +执行sudoedit –H 和sudoedit –P命令,都会输出"usage:"开头的错误信息。 \ No newline at end of file -- Gitee From 126f0fe47ae68111cf8749be1cf3c91b2bf17d34 Mon Sep 17 00:00:00 2001 From: liujingang09 Date: Fri, 29 Jan 2021 11:44:25 +0800 Subject: [PATCH 02/11] update web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156. --- web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156 b/web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156 index 43e391d6..4a50d4c3 100644 --- a/web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156 +++ b/web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156 @@ -12,6 +12,7 @@ summary: sudo堆溢出漏洞(CVE-2021-3156)分析 ###1.1 概述 近日,国外研究团队Qualys披露出sudo堆溢出漏洞(CVE-2021-3156), 攻击者可以通过“sudoedit -s”和以单个反斜杠字符结尾的命令行参数将特权提升到 root 用户。 ###1.2 漏洞详情 +1)技术分析 在sudo解析命令行参数的方式中发现了基于堆的缓冲区溢出。任何本地用户(普通用户和系统用户,sudoers和非sudoers)都可以利用此漏洞,从而无需进行身份验证就能从普通账号权限提升获取到root权限。此漏洞带来的最大威胁是对数据机密性和完整性以及系统可用性的威胁。 该漏洞在2011年7月被引入(commit 8255ed69),当执行sudoedit –s / 时,sudo的src/parse_args.c文件的parse_args函数会把字符“/” 设置为"\"。 @@ -23,11 +24,11 @@ summary: sudo堆溢出漏洞(CVE-2021-3156)分析 3)在907行,空的终止符被拷贝到"user_args"缓冲区中,"from"指针再次加1,并指向空的终止符的下一个字符(此时已越界)。 4)再次进行906-908行的while循环,并把已越界的字符拷贝到"user_args"缓冲区中。 -漏洞修复方法: +2)漏洞修复方法: 修复在user_args中转义反斜杠时的缓冲区溢出问题;并且除非在"运行模式并且通过shell命令执行"的情况下,不要尝试转义反斜杠。同时拒绝不安全的-H和-P参数:执行sudoedit –H或sudoedit –P,会输出"usage:"开头的错误信息。 -排查方法: +3)排查方法: 以非root用户登录系统并执行命令: sudoedit -s / - 如果输出以"sudoedit:"开头的错误信息,表明存在漏洞。 - 如果输出以"usage:"开头的错误信息,表明补丁已生效。 -- Gitee From da0cd2b17c0276c096ef7fff7483bbb2d6957237 Mon Sep 17 00:00:00 2001 From: liujingang09 Date: Fri, 29 Jan 2021 14:15:08 +0800 Subject: [PATCH 03/11] rename sudo-cve-2021-3156.md file name --- .../liujingang09/{sudo-cve-2021-3156 => sudo-cve-2021-3156.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename web-ui/docs/zh/blog/liujingang09/{sudo-cve-2021-3156 => sudo-cve-2021-3156.md} (100%) diff --git a/web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156 b/web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md similarity index 100% rename from web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156 rename to web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md -- Gitee From 5c6e789ca2ed0fc0a48842f64b8bf522abf26785 Mon Sep 17 00:00:00 2001 From: liujingang09 Date: Fri, 29 Jan 2021 14:17:09 +0800 Subject: [PATCH 04/11] update web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md. --- web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md b/web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md index 4a50d4c3..b64fc439 100644 --- a/web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md +++ b/web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md @@ -9,9 +9,9 @@ archives: 2021-01 author: liujingang09 summary: sudo堆溢出漏洞(CVE-2021-3156)分析 --- -###1.1 概述 +### 1.1 概述 近日,国外研究团队Qualys披露出sudo堆溢出漏洞(CVE-2021-3156), 攻击者可以通过“sudoedit -s”和以单个反斜杠字符结尾的命令行参数将特权提升到 root 用户。 -###1.2 漏洞详情 +### 1.2 漏洞详情 1)技术分析 在sudo解析命令行参数的方式中发现了基于堆的缓冲区溢出。任何本地用户(普通用户和系统用户,sudoers和非sudoers)都可以利用此漏洞,从而无需进行身份验证就能从普通账号权限提升获取到root权限。此漏洞带来的最大威胁是对数据机密性和完整性以及系统可用性的威胁。 该漏洞在2011年7月被引入(commit 8255ed69),当执行sudoedit –s / 时,sudo的src/parse_args.c文件的parse_args函数会把字符“/” 设置为"\"。 @@ -33,7 +33,7 @@ summary: sudo堆溢出漏洞(CVE-2021-3156)分析 - 如果输出以"sudoedit:"开头的错误信息,表明存在漏洞。 - 如果输出以"usage:"开头的错误信息,表明补丁已生效。 -###1.3 影响性分析 +### 1.3 影响性分析 受影响版本:从1.8.2到1.8.31p2的所有版本 从1.9.0到1.9.5p1的所有稳定版本 openEuler使用的是1.9.2版本。 -- Gitee From 3ea2c1236d0c316a3b8abaf6b71a5d94150941e2 Mon Sep 17 00:00:00 2001 From: liujingang09 Date: Fri, 29 Jan 2021 14:19:14 +0800 Subject: [PATCH 05/11] update web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md. --- web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md b/web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md index b64fc439..67070817 100644 --- a/web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md +++ b/web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md @@ -40,8 +40,8 @@ openEuler使用的是1.9.2版本。 ###1.4 缓解措施 使用 systemtap 进行临时缓解,使sudoedit命令不可用: 首先,安装所需的 systemtap 软件包、依赖包以及sudo的debuginfo软件包。 -# yum install systemtap kernel-devel-"$(uname -r)" -# debuginfo-install sudo +yum install systemtap kernel-devel-"$(uname -r)" +debuginfo-install sudo 然后,创建以下 systemtap 脚本,并将文件命名为 sudoedit-block.stap: probe process("/usr/bin/sudo").function("main") { command = cmdline_args(0,0,""); @@ -51,7 +51,7 @@ probe process("/usr/bin/sudo").function("main") { } 最终,使用root权限执行以下脚本: -# nohup stap -g sudoedit-block.stap & +nohup stap -g sudoedit-block.stap & 该脚本将使易受攻击的sudoedit二进制文件停止工作。sudo命令仍将照常工作。上述更改在重启后失效,每次重启后必须重新执行。 一旦安装了补丁,就可以通过取消systemtap进程来删除systemtap脚本, 使sudoedit重新可用。 -- Gitee From 4995059ebac4e6519577e216a55cc853294006fc Mon Sep 17 00:00:00 2001 From: liujingang09 Date: Fri, 29 Jan 2021 14:20:28 +0800 Subject: [PATCH 06/11] update web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md. --- web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md b/web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md index 67070817..e52d8e82 100644 --- a/web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md +++ b/web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md @@ -57,7 +57,7 @@ nohup stap -g sudoedit-block.stap & 一旦安装了补丁,就可以通过取消systemtap进程来删除systemtap脚本, 使sudoedit重新可用。 例如使用:# kill -s SIGTERM 26285 (其中26285是systemtap进程的PID) -###1.5 漏洞修复方法 +### 1.5 漏洞修复方法 • 下载openEuler发布最新的dnsmasq软件包: 漏洞SA:https://openeuler.org/zh/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1001 20.03-LTS: @@ -73,6 +73,6 @@ nohup stap -g sudoedit-block.stap & 20.03-LTS在:sudo-1.9.2-2版本修复。 20.03-LTS-SP1在:sudo-1.9.2-3版本修复。 -1.6 接口变更 +### 1.6 接口变更 不再支持sudoedit -H,sudoedit –P命令。 执行sudoedit –H 和sudoedit –P命令,都会输出"usage:"开头的错误信息。 \ No newline at end of file -- Gitee From cd9636fbde47d667d776b8df572e4f5c4c0bc423 Mon Sep 17 00:00:00 2001 From: liujingang09 Date: Fri, 29 Jan 2021 14:22:20 +0800 Subject: [PATCH 07/11] =?UTF-8?q?=E6=96=B0=E5=BB=BA=202021-01-29-images?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- web-ui/docs/zh/blog/liujingang09/2021-01-29-images/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 web-ui/docs/zh/blog/liujingang09/2021-01-29-images/.keep diff --git a/web-ui/docs/zh/blog/liujingang09/2021-01-29-images/.keep b/web-ui/docs/zh/blog/liujingang09/2021-01-29-images/.keep new file mode 100644 index 00000000..e69de29b -- Gitee From 0f9c825556d7ec102276c34ba8561606a25ee040 Mon Sep 17 00:00:00 2001 From: liujingang09 Date: Fri, 29 Jan 2021 14:24:25 +0800 Subject: [PATCH 08/11] upload image --- .../liujingang09/2021-01-29-images/code1.png | Bin 0 -> 12556 bytes .../liujingang09/2021-01-29-images/code2.png | Bin 0 -> 31200 bytes .../liujingang09/2021-01-29-images/code3.png | Bin 0 -> 23150 bytes 3 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 web-ui/docs/zh/blog/liujingang09/2021-01-29-images/code1.png create mode 100644 web-ui/docs/zh/blog/liujingang09/2021-01-29-images/code2.png create mode 100644 web-ui/docs/zh/blog/liujingang09/2021-01-29-images/code3.png diff --git a/web-ui/docs/zh/blog/liujingang09/2021-01-29-images/code1.png b/web-ui/docs/zh/blog/liujingang09/2021-01-29-images/code1.png new file mode 100644 index 0000000000000000000000000000000000000000..020bec502ef8c8eb1a171aa0e56871f3bdece198 GIT binary patch literal 12556 zcmZ9y2{@Er_&@yEBGeEfWZEc{eaW6B>)?WY12r zj(x~77>qHP|D%5I|9yY&xvsgcd7kGy=iKK$pYypt_c>3@e+F7-7`Yh%063$gt#J9y8>R&I;-ld0zes@>Cm1IygvO*+uR!f&bFNV zsME2j8HQ88q`+0eaPtwWMea?Wyj3R@6Y z(vhC?eoL#|v;O04#-UJA?6ouN-nBLFF=X+;onk7b{Q))M( zuM%}eGk4ewP4nF_@5(%eA~N$;0+IVJ<%S>N7MW6>`|X#Bg3!~sk(1Xszp5O)I<1Lm zQaub=l6{Ttgr&clH^02sLUmF_E*xFq!Vg^i_kZ7=isl{p1Dtk9btAE4H*Tuce)p5) zD$|A3g-F@25tG-8H^?#*{wdkK)ukD}!h-!=<~Ym+D}zB6 zGd zX6!K>NXXkPZbt4<|3>aG1nh`+;eOBP2T~o%c2Xb$Ka{Z7f~Pg9Wmo8GaQf6&Ux4*C z^~*(&0MHK!fPags3=<@1FFpGy$FG)*)R_#2j zYM?#NK&S)ImknCuj%*EFInlr49kwV$eUu(9nk>o|Z8>ozo}}ZREQ})(D$s26l%}vE zl(I+)NZ7f;l2xY_f%krFc)F%IHCRZ7epYXnQNw@m; z4YG?&oQwYY;EN)W#fiSHdGa}&L#;HrsbLb|JKC(k`Z)z$m1n=UeO~*}W108VfP=zc zF3QxRslFBpt$Qo{JSq}$2Yq+$_NCC6-0?zL_K7FX?q=@r#b4E~wZs$-7)xkO(R_HL ziLA{oU7-#iIboD<&tgahI1PF@MIR`))1cN)AZpjUMZ~=L!-lx|?>4X;4Z6!S+=DxF zH`l+Wx1y}Y^#Qa_^ST#}cB_YeWqT-B0*&ld{JZC4v_N<$IBgf{f14?8>;!)+JA115 z@r>g;qV|yo1tl*nY29NfjXh9-bh^yh%K_nv+afC|g8u-MveW&;R3RsH7|o$`H zO!_k44V$y>O}P};N{gq%QODjjM-XM&BY}4n?_+E)g%+&c85mOb?$3}bz#f$QD?UNe zqkgpw2V~dps&z!oSG8wb{N9Q35kEXdUr7(DGl>nx9FX!+l1hv{ASJ!`$BU{o+c_zQA3f^0pQoLosJye_Zja== zJI#MRb!VY&r20vISG(w-jlhI{43q5p4?cyhsuvx%Ifu0H18$H{6>cL~Ph^|r(;k&M zj9y|N<4{NG{>9}7YGShVsufJzbAO z$n`SlSOerj%4ghu+akU_dd0o&+u<6@C;&t7D2=XFmf?L%=PvJ)`;&6tNgq-nQ^_xy zxLduouG|6%6SOAZt7=F1*X5=@Gw5qGn#0Bntzxq&?sD_~^VKWkn>(`hgR5ozOO1sA z2bX`obd`VvaJB~9ApDd{1@9pH22$Jp?0h3J_j;h>@ex@v8p`0&uz zH`jG$_U^>IDqQonf8yx?>MMpK!}Zjo6B$2(GvaP+GmC)2{&~d`NgIjGedNpeX9wCS(LEDKvIE(3BKV;>Fpw!sx9-Ijw zvjygEK!EKBeMFv(v6{?NMeaCC(7@2c1*E}S0rwbY`nBwlNCB?b(hv;yS!C5I|aetwg*28PRQnZfJ z4E`fyBLvw{bnYkk z6+f~o@2I~fnmCYjn9}*j00?K?7EyJkw!5({(m37yGS^j1dck^7lub5;J4ah&8MA^+!HgxB9mbZ0qQ(!^y@>roQIbRGVZUcbscT>P7!*0@ch_R`3Bs z?iQC~Q0teeNMfFoPQ0{?B4lR$fLb3@HhKcoH%s+50t<90lc+qZ z-??&OHe0Asla3zk3A&I5c{83u>73RO-G)ORO10kiF()Bgn)+P$lgFeB=z^k9WuKm~ z-+=!rI=EWTsoq!5>H4S?Po8K7_7-kFMFl6iYwu}+R$&dVzN`1C!@Sw&3G6yL3l$KTkfrM7k!s3m)LKvd$R2q)kQ=`HuvkTZY%SdSU z;qh)wT#|gxPi3adO;8`pPg1vX2=$A>bK9eb;+6iuH1)f?FVv0sK*TuTL5AuF^d@&b z$vxs6_6m0pWbn24OP{3dLn=15VeXZOJw=x-Pp_^B{H9eO4OiN?s32x zoGV*Vd{o&M6zM!q1>5F>ZP$Wvb)@-n7i{)^uy>!Vdsl>DX0-`nHAGCPOfEmo?hTzz z@H`D=&Ti?#*yUbJ2WNPh`sbs=NoA#dUexYHNT;L-9PbAWWo0j;V4vvND^%{C8vV)b zkomgcVqg0>+U=NCM0sywhwPYuGGK!o#w=atD3zUsh{8*ga>Ytl@Et89)qlRuNJ|-q zZ6KN#V>&_}Y_zVT@IQm|$M_z}C@);x5Jj@pyN&zFTqXn$ozf4$YmcgvZ_aJMwP`x5 zN?<!78o?eImHpZ;6{1V;H9 zL+)tX8O7I9xhkc_V_4@BR+w4-1^X1k#F?>z?gJ_SO6T7Hfj+bEk3zaXH#y{M5gmX( z<9-QYb8d%~3YfkCV!t9HCOWc0?uw1_L9!<4@r5_pE4F1vH>+Gkte($i z>U*}Nl-+@{0w3RWeEM$QypZhjkDiA=kCmcZ{Av0Jy{Y zf7jJtCT_Bm&<}W?yUp2JB|JXvD4Gtv_O>7k0KRK|Piz!1)7+ zcmJQRwod21u32GjX`}*XUV!ge2_ph;2EE%tvn>x%0pavl!65Xwiv|ETr8LgVwX5kc z<&ISUdcX5*vr)$_I^L3!GaFNBt7{)|3tUoVECCDYY_QrNU>DyTSpyb$Y5zvDE887% z47mwIjs?T5t;4bSCeczt5h2M!kWxda#p^WAanKiTP8ER}>8|54k~ zYM0aYa>6*niTH{V|gvsQrild*SGhKS%3?B@7R@g zNM~(lN(9k`8_GNM3}6d;Bq8*Os+smX7Z?Jc728Ri9yjtg`)`Zha!HnT>)Ip{Gm3CB z04!BaD_MWr7mb7}?ozbs6^mzFZT8j=1!1UUJwFuu+U}25 z$>Dex{pnkJYt`-N>4qLEJZPZ>STuPnMb5)uio6Y=uSO=s{}T(qydc7NvTz|}`$wvS zl{Uts(PjK76coyoJBS~tEjbh)A+V|ryFJ$w3y5&$Z5}Q?l#VONolfn0#oY>`g$NnV6n@+x~+T6`_;1ErcFz8>!7X z9Cd*;sK`dd>>1wt{9M7iQHN!#Nt4!eCM8%GC%Jz>?3ba$AC+DQKGNKZQ%o5`e0O~) z^->K@AM)5+KTfo}J_7=v-gI2WT>`NSC~~~h>Qxns>+V;saZMZl9y|1PJH zWO{{6Oc+#u$5~=ltd-QME!p31wj2amH-0oZ02z%w=^N=!;~{OjkN%WXBT?ClkKL zDGRXyt@~0p9>c8tBLuJh{*rz0DK}$2Ri&-iJl&4n2JZAxd7tpCSFsSTa=86MY0#tM z&eyGwO#)B$VT;r&(=Qi&LBgt841UER;PjhBvw7vUqF3)}frEtPltx5lgpTsJOSvWD zl`e!D2y4i4O;y9CTV17DWEb*d-XqpHyE6C6QwQtl<(9ExBaOEv$63&&rRtG1FZ}@V z44mIQ$%M{$@$glq3LyFdoF6Z4Hhy85!T$(FR*Eug;CE)AtaTsdNjcOx@~SPMy7JY zj1=4Hr1xMAkVVcm+f-Yx;B=cg3Ea|P5bnbz&-7%K<=ySdn*H!SfBllfh+QPsz2%mG zau>Y7iXw(?9KY#JoO&Ooyp22c{l~yyhj*FX!?^%mX_cCblBKr8uO8Shx%S2{obmK z`XssPmg}2R-9+f>2dFuR$~CipwoMI*lf%~>%D7eR6iYJ1*ma={$w8#Ukh$FIn!~NF zvP(Mir8PF=sJ=dku;)5~=KCYDxqM%_xYLSf#}OfTb^lw|&~a7f8xVi$8rzwqzhPs@ zJ4^o@xc3Z=`b!L%Oz!W+P+QkRT^GK zps~~akm&(31t}utOw~3;bFHy}4Z?`}1PZ zDL*!tM!j3>?e5SI$<3R$nsJAh+00)(GUvNt`lg-K^ox|~lecWJ?(F^`xGAHr8nh_g z&LSl7&Ouf}j^xst02nb^CX2Fw?RaCynA|D$17b$L^toFG!Ot`9C_>$=L0)>1;xB68 zs=DBu)uL&WAwE>2*n}l-x~i%k_qZ4wr;e{syeo%s@=UZZV+ecq3Gwspd;c$#=dl&JKZnXOzbXhRlCG*C+pIhFVXdD&LM0P za|l1GbqIcX(-2mQ<)%r;$7bMR>&}`E_mGF=HlHO?khE;YUbL%&ti?SSjUW55SgS>< zqwUEa?;d+|^1>m`#Z*ibb0HrFX#5sP={!-uJ5B-pOJB*P38G}G4&)ALjQ{VsT zn-ltTb1Pzm06?O~!aMIKI}7RQe8o?4NAJrb#_=d7?lOre0W;oq_6zl9Vy%(fPKD;FA!v2J2$vI*ozlG>{6TAFGrzuq4W@WF z95-&x``A`MZmGrH5yVptt3R?*w|U5*On?246v-ciLSW0z+#H~%9Gck( z?{gJP3*ZA0t*%}53ZMDuu9iOxqfOfe_JMygZDtFM0zrPmaC3NmH$Fip63i~XlP{e_ zlfR1iE;s}h*bse>IS^j0`PZjHB0*&bX2N{TsuX)+Jf9D;49^auIVCz=3pWn|0PTMg z^xCsG-8R3O1G&!ARkQY~OLXf$xca5QoE!u%z_owj^vzAtAk|qGT?l_aD6-e(ZrWUa?$*4}aTw|*r#ONb z7XyIhe-ln^XVtKq0RSJF{vw77RO~{a=7_Z8hVW^Ghn@$3nsa~2si11Dbp<03W1*sb zq1ccf0F>#@Yc_$>0PQHsRdsuVtlF)<-V26Sg%f97N0{w8ikj)?tG-}=t40Ha3!emp zrnX_{u~?a=-N^G&i(u6x(Ap9X7+6!JeC@7FYDAwCs7L`|6ocvTYqFyT)fHd-UpoDN zb=DM=`86oqss9QiW6v?B&KWfqF)PLP;pAd5tK`}5NeBx?0GPZ8S}oW7txzN?^pj1HJN&E+{PZ!4CR()c(Ut}f;)S?MVJHxK!%Mo!!}K;1kH*STdm z!1fphghyZfxAY9@yG;NfGyMN&RHfY*co6CTKSl+NG07}Fft?#uWyLd`;sG;@$jhDQ zYRtq&k{iX6+a~sjwB2SWcfr5`CLdo8$~k{Np=7)r47x5RbOs#rTUM=Nf^_b5w~fZJ zAGLk}n9JDxl_R<1<(!|DR+Mx7Y;LgpZKK8BenG)j44gLrqP1W&U~WIcSR`8M5jv^% zqDVSpZ|lzMRC()b$J<}ht{r!~Jo>q~6GumXQXMQq5#N#u^*By|ds6lRjq5`4H%^XG z!4eMF@cHy95<^?}8+C%;Wr%AjQI#=UKwv8WI*F*hdL$ zZ!dbl!{#lWQcIJ@*I)bAKcS9x|3MuePn>%_;*~ud`1DZnAo=bVRptI^qxz;w|1X;h za|h2-$V_0TR=Yqu{YRXk;qNEqLbz45+ueEIB%OzW7=@|#_|Dc_CCQD&#~akzX{*&?w5sI zkbJn$Iz;v7#Ll^OlOKNR#@oh*;+!!at65ibVtQwP;zE?~P1|3<2ONc9f|(=naMRZh z%C?d|M+?KMv8b|=u#JO*;W>|W$GKoqXa;;)2^0uoRQYWdz6F>M?{6r5mZ~({4mD|6 zompbfjkrRWYY>eYHn!)R{PLjit-D~nFfuesF5kbZ(OBKG+2fN%lbWNH-*n9OK7ugc zP@&rqS)u~9Ec%L#C}lCf+j$=$!PvJDh|sJ%?z@M$IdTY2bGVkB$)|EXb^)_j+$%~f zDo8G(aPOBT%XP=Qsy5Ry@uSQ0p;KLvGb3EnEmA&QPEBh3Nvf9b`gXoQe$d&U)M-z+ zS(0Z<(oMP>Kd)P2pfYplqrBxA88Eqv){Bz=qdM5d0vV`a975O1zoST{occ6oC5_Ce zyICBj7`0MGmYm)#wZ>*`NpEE@(D%U9lw96AtVXwAboS6OQt z^06D-Vdr>2+RhPPLc@L?oM1!se;E8eY}dlHZgo+nM(n95EBF9B|9ov=;`1Nk`=irK zT}sX(yn!`j`72wcI6};+6)W!s&_0=RGAyY z@W&uyhr?g|a2)X!gk`YpeK8xwG3BbA}H&<>ce|=Xcc|N%ut+J}=oS`&ZnK6|>_BcbrK-mcy%+ z&8E*ytUFb>E+V^j!`@(iuqWj<%D;O*99(Jt#p7OP=$;L?y19Mb(XrB>Y#yCNYe-wLR_)12H>n~LOJsvyk-Tlk0Gl?f@ z!X0q$Sf)NP4L3KPYN&KVpC0t?Kbt@@0~>bQ&?X+jZ!2fI-ixKTlLz$%)7Y0?gM!`3 zgZodKlnWMvbDX+k&!Tz^pHzhQem*eBht&(-cf(sZ1>q=et+VDtqA7cBr!r+URAmki zYP;~VkN=FSV;4}!vf&BYOv)RVhmH8A0f>_^SeQMj?KCyZAFTMSd)D;Pb0k}ottu)M`+T{nTAi-;~uZ^vCUbZ`*If~KYSwp&mS1@N?@FEuNN?IV+M!3wo zA6!E5aX6KH6=-J-_NY~JJ=`JJ9(tJa?s#%mrg!4?_=3;w@dizy26tDDkEsucD*;I3 z3u7us*$=26#G2!fP+Mrr=w-sjaJ*=8pTs5!F9H=7<9&J*d~A|@Nk6U$3o(|tp$7oZ zprA|5FBjID*z4;2d_y+d6j3R3xe}Fs9`aq|qy9Ok{QG8ZOr9boiB@-!!hRtfxfTu3 zFuU8VPKlGLwlIrs_ z?xR+*^Ta7qpnd${R!C{k=hh?^jS8pi=Xn7# z8(C|kPqg}GZ!i*{6v#XY@r&{gQv5=&e;0?OHWr0~h*ca7M!Pud#p#+nw`LqFBn^1O zYb5-$bR8aCIK0;rBa|qwT>fcPm@nMr4)R(Nw54a!+Y!BUZ*&gdHTSXC&~`j&tdC-n4n_G$57!J&d4!6EzcXO%|VEA(+hjeEzHI8=dBr1j*%+Md&u(LBtM zuocHsWj^BlNHQ{Jm2N|H$T#e^RWa^~BS$V6A`Bs;NEJ~PLS8joy+IUAK`$R2Ni%T^X19P6cj$72|@((f1-K%LMY_xZDmtL z)t?S%XN%dbV7kv5B{!|1JQqXHCh<`ACq1pVZ2Y%9ORPb6*f6pQUTC78X|IsL=-yG+ z)&2P6^Fs8()>hPE(9vEMXjCfXWKBf@m?U@!Twi2TRFMOyTpeP?>e&nZ(0b-EBx2w(|I`eji|%X3h4pPRL=~7R zZ`|6Rj{S)z8X*o8(b9vs2{Fy6x#aB?heJOdm3fn`gs&D2s8Oy-!og&Oa@fJ~!t(vu zV38WMlJ4<&vOZ6RsJziY4kKGjqppehhgr=OW5vl1cssAa zW?jDkqvV@}kUh&ezQHU;w&pJNS#>1kM%u5Uoyd_;6V9r7l$@6Ol*E>z;w2X9^9K(m zd`ftwqqGk*NJKNlHTT&ApEhGUWiEqco^zZzMBzh8T|5*j#CiNofzsDEq}S4JOCkpc zD?Sq8D<73xDCJaowLn@C9=%@Eq-JX0rKF`)poE3_MMcb-O`B~xM;9^QfI?Sabv+|h zrKjAFDQJZ(TprD%U&Q*`KMRwtL0{aWA?=eDkY5tfUL>dDy{KLGihiX(hKj+a4V*ExM=xN&0YIB2O)=GR|f=2>D5%Qjag&MtxA7Atj|fK{!0J&v`)kRT*b_p zk@MqGu1Y!Wsb@G<9G;vncsR^)_HWqQ3)XfiXH)50kv~(E|8rr|wA+qZJ#dyk)V8QjVg%wwJBSsnuqya1bXAUS8BOR`SE3>UDd+EaVb zy1)NgU>Agl*i7F|sfpIH+>(pUx!83zZ@57fVw{>JVK(dS3A+WJ#e<5O`TvFmT1f4x zRgKx4_%%oa4HzJD4a%ZplK5?Q350pPfpFSC*&i{-t z9Ygy)59DR$2DTu_@gOg-gC-`vgMIE;@spJPQk0C7?LS$sd|~{gXCNG+F-reWAOXzR zGS$I70I=B5fPtn&&)!11DM?WQ)rldbh5Dx7L;o2L4)An))u3e7j&Jb?Y+e)%MDbSN zfGNEdfn`jOf-($DFgjLD2Ocx> zSg;8D(Ce-W!vd$SU38v{oUbgSnTsZ@u@> ze7Q=Hu}B@y&F91Hxh!S^UQ*&M(B*mF7kizyRsN=dVAd?J$uCqd5>;S)xlYyIYgKx2j%pcD z`nOjxQ}VANjm?Dm-Y8f8CU0#%L6hr#MKR7%r(;JWTwh@RA!_4fBq_!Sz+d30=LjLI z=Bw~OQzBXZYWDxx7g0XWd zGu->I^vRmM-b!C_Fn*rW z`{#~JNR*3eSAwz`h*eH{(cbwQ_aO%9Y_>ibT~FJn&YQe%GZjw8)F6G5Bz+QdshFh` z4(KhqEv)g0Va4WJ-|+1`a9-5ysgEu@uK1hK-}7>VB$|b%tEqRL6V_qEBR)pQ%$vU( zD~v)3;mFE(`!c{L1#mHi)!{$zrV>eLKHQ>R@S`y-DIq=WsFNReC{8hrq2$V6@nD? z$K-V(qp@zNy``9MKX~4KQl`28u>*s{sRoBxix@obdo9M1&Wo;xlg1-w$7o8aPttX; uZ2meKja<~}V444oO3}FgweSKCjVbgm)tXsmv{cC_FY4Si&?r%}i}*jL4t87s literal 0 HcmV?d00001 diff --git a/web-ui/docs/zh/blog/liujingang09/2021-01-29-images/code2.png b/web-ui/docs/zh/blog/liujingang09/2021-01-29-images/code2.png new file mode 100644 index 0000000000000000000000000000000000000000..6574f6127184747ff4cfc7ae7520504fa6b1b115 GIT binary patch literal 31200 zcmX_nbzGBg)cz2W6qFEyFhD?3L^=diV3agc0|Wt)?wk@*(lHuTLL`RN$c?T^$OvW9 zIdH^)0UH~?`F`K`_s8~mV$YuExzD-Jxz2T+JMM*^#$|?^3;+P&vXn~jdFs@$52BJP&3Mfq3m3AQq@%j0KO+Pp4rh*_USz}U-|$5%su};R0AGg z9RPqJKdq;##(_520^Qcn@>f3WUJBl9cEVRV$$RcFjQ-j9Xcfokd84NDSu+i6JY=yf zjomo@E)^BW*bJ#%!|;?p>NDM^lQB|dC+Za1YKq>nA$cLd)fbh1`we~$^{axzq3*=Z zo(61>Ynp)te==H_SA5uiEedP>F~Pf@4C`ZOj!#E+}PA?-u8MwHx`PuhTQ0ZSLK&V^~NTKjpnZ zIyEWS#b|Q(@F)GM<$kW1Y|qWx4coeg;ueG4R_O)B{2<=RR+A7vk2Zi4-JU7;uN!+T zd^C9A*SfmyE4QYL<5GLcWrlotZAI>{BfD6``wA<|uSy>?UtiK$N`5EbLLf`8(8VMB zk~>X!L?LbUGtYVjoqJPjUKj8*^~6?ce3=br=P8}pg_`DzA+(6taCJf@qmLp)b>HwB zounS`Fs4Q!QYb%4Nd8dWOJg)~Z|*d}PYGIeG14wC*H`3 zO0euC!>qodz(aHryj>3Yxb@iEN2=qZ9UP$LqPD%X2cOTZE@f&wi0wW^ZVdvpz4*}i z6M6MDl7%0IE*`LomDs%r82$HPaSMh!Mra0JyM81i}<%USae}b6k)MH>bp>KY=;i57BS9IG?RRnw4RixyN^#=Abx66so^#(Q%t?nO?{Av!O9#vMfrOF%~NJF$R zx!C*S(Hiy)UG2>(JL}FCVTEZ{=4MX3?y>gZ(QxjX9rNAv zhtak+-TlpLoVK^iuKYlP!!00hk1ERi={xu$Q;gc9ii+g8S>;p?Z{O&1X^C3b7c9^h z#$kM|Us$;A^nF97C3cebQLP7~5~D$%Y;GSq&Fd``oD=jsUQ4!Z&9=Xp-u)ewch8X4 zNPjnJX>&(SM9%BXDCo_N>eQ>-4rQyAxsK8AghJW+pKKD@{J#S)T-$!yy z+jR`jG`)o3o+W(5?^D$iNo2}=YrY=4oGVj$Ub)71;N_J!Tq@BK&5CRB{v%zwAx}SB z=I?ou_%PaI4Db5=fe_q4<6b-W?^{ae;muJpv*bCwqaSukMRo4$rTTgUuw@p=^K~52 zSM1M^Czrl<US3m&#l`1AQT1>Co$g*W?wu65kFBA82-n zA^A1U1l9)XqsHBe>-#2_6lSst+AjE<&qTw?5|CZhO5=-en634Ec4DUTD$rkb$a>y`JcX_|XwC7DUK{z{$I$})Hn^xWoA zbx)Xr-CBxB2DCA6X3vrGRU^9fd%u>9elHfs z3gu@6OvyM;%wUz*lCLHcb4K&U639u?#LhU)hK3?rAwO(vZ78)JJT-V^zFdrNLRP zlq%_Z7zS861Wyt3ty5&y1Qbswa`N^xQFO3T^CrwOD&ag z4G(xr2$$`Nc0HvEOsQ2Jo81%@##!}vyc}^9Ul$A#xxcYWCiPx_jZRlw9&`lU#3}v& zsb>l>%3X&duXtac(mEKlNFI`zdvIt$rD=T!X$~?c{Tp4auLs&sR<)C#sc?EVvYmulrW$U6Iw&QgteR}U}x59@_%G% zFNM4nD2FVyxf)5p4COYUJ&*Inn%Zgx#5TyfW{J;hdNMxXqASHkw_T1a{nY2*3te1H zr@N)-H;|j(gejm;-7DRjEvDLquIRV`wSOs{3ZxyXREUE_SgL z+olv3T7ZelH$IaVWO@giL$~*nLZ&UDP1BAmDv5-B)Hk$%L zkm`I`1*1XzT5y>L*6A$7Qw$&KeX`Z zX`Buk-8=Ut)ZjvI*jqvt7(6ib?{!03!jm9@3+3@Op;ltYj4;$2Xw*uJm9Py@jA76t zHkoBs%UmE6%li`=8|Col!E~tmw7N-UQjL77MqzM(4~AGt4)icJ(#s zacZta3h#K7Psw&n8uJObJw;fBr^AKBohMR?RvZaWEZ|8HY=hJzm*?ki3ce1gTcFn5 zX1SO1aJjWpDpq>A=YrjL3Xv;ky2KVP>s@X7TW42dd3M`g2mMyiyHj)Q{v>uZJofu3 z4SDev&PL}Kb4nk3gi!XD!`}xQgKc_E1_DbPSEK{&vO=}b3$kXV|K=;*%z}xnqW>-) zQQVmJCIi#$x3%{-KxyCI$a)#`>rRKPmL0<>ygn$)-5Bja;=I*2?cEQp&GK9*FXf!+ zfq}zP!g(J-Zmyb4#+Q*mvFUqC#zoQYejN?GYBgvr>?epx6=^xN4qiio3=#wj zKIYLIovgU4}*h4)z-{rrt$)-#4n(BVc>GZcJ|cB||FPq+<$O%}-D0-G{6%(;Sln0%5z z6&bT-riRe_3f8b?0P{6nW>$W8|4DA%#t>BP%lT80JT8%IMs%G5SEU18s;$~^Lx(v5 zJL-=X{#5UK@dwIzsf#x{io;y&0a;}L1;qR} z?S|BE5443|*N(U)yGH?l|K^Odt{8YBvUU}f2a553Fu2NTw7(t4lUEIzr9^4dZa zD@Ceo5e5gWt7YbLrtmvp$Cj2uTd#&_sFePoY6=rr!o%Bjq8m-PP z_N%&l*0P3EL*053rdWXjYo^L0_skyH+A~m{uPW~r*U@sXN5{pH4+5I0cL`xS`6Tt;0ni@!ZXpx;Oz8=b+Nx)*=~8Ya4j*)&!E8g; zkyC}*en->keL-&DTr>^2{!*`EjtdHYFM5$>V&f^5KL1FyuL%DPJp z2nVa_6e-fHp)M5tE$=4?@7CG`T`Br4Dgk%--*0bgMp`UnZJa4~{w_(O&PVP;$j%2y zDm`4QnBz**R^olSKsmdWxyP~~0tWKd=0+B#bFImOt$FPo(8T(|6R@K1XjpSFj`Vb*UA{pJ*$ z2f0SLL##(HKs77g>7<)6`G@~hW7%8pj7eH!7Jz;`M3zyzK~jiQk2@Q6M~}Rf5;=dr zarn$Vn9Gh8Se`S$~>>Od*9C7RO&Q^w%AK@oW7P?<(FOfa>~2*o~>E5gjr=_VS7%e_2Pl_<+pG? zZMlxq6_gEg6t(Mn(~NiC(TE>0C9*kUI0x6@vorv!Vqpr?}=_lu4mY#KNa+Y zryk(mom~uj>|+?2e>F!JXDZA5t|qT3E7Z?#ZrtXACF<(J@qPV53Gd?iw}R8*81FT4 zmKTYWKU$R}i+*^NZcpxw;t?LV#G57mB9qZmX2JUXq*)l4yX=b2MbU}6)nrM(pxsdu zmvG%=vP85;+~lNw`KuOpNCox$huS;h;^Yb3Ykf% zVm@(tmnZdK2EFsP9mxco@qSsc6f~_q8eV(3$kOxyYGbhUK-{u9@29fkOYG!iy+jgx zjWvI#mLB~_#W+bUvZtl4t?){CXNSRq+o)a^ya2)kWFclLX?OC(Gq}adgm-cE$$(>} zeBo=8G~bWfWA&m^*_$&u0)u@s)SK_U<+!V>D~JP`s7!IoLW`BI&_4iLp|ki|t9B${ zIo(Q`mrlezsH*>8ENY0}J$uSFZ`SoB_nklIzTVEgMK=z`*ne(MDUvP`PH1@J*JQ#( zOciE``(;a9L`r14gLR(|*RZrgFNScIi3@mcU_k3cg?5X6uj<47sYgN^ZV5*Z&W6uc zR|~;%))k61F!4G?g6L&WX{@g@V|@BxGuCV~U`Hcq1LUT*6-Zda3ZO2|pRU&>H2#_{ z5QMc|;yxdKzut2->w7-z2ypHZcG+(a8oN^GK;8}fycHaTX3&-!_(?AYZY(2h$$l4= zod*t3TkYQRKn7O@J}(PmE!!LDp}rzgSi8T~XBu`RSc?~U42yUhG=wj3!V83EC#a0m z)Jak0UMta9!CtG@W`P%{Be=+-8B2R=XzOVhxe!0fZsGCsAyq;&sJ+^srq|9WSlQf*_T}Q;s@V<~K zmMaio_N-Kt1NfeDjZx>X{KijtzO3V7_ThpEqlQ4BqBL!XaOMMPq$AlXOuYA>RZ1d) z@2?G2(i1=HW{6#esK5FANyo(q>8~S~e3_L3W%-8AjxW&4UcL_RedIl#Pn&VJrY*dY zj#27frNf}9Q&(rDA&83`yYUd}KR~kwAf%%TAFdgE6uwO&DeBzG2Jo0C-=!@}LJp}$ z{4=%l1?|AJQ);maTML~fba0kqS^IBl-o*dBz++(FB5-eViF7o;Ms(Z?P~koLR(YV* zwPeJmSw_FW6pk)Lo0?!a1y2%v@s}zWZkNMWk7(^3Z_dAl*5AY=N)!EqXZeqfz&4U;Q0yx?H)Lqm>yp5mf)+KYj;Y(US?LON)Cb{nmwo4Ibo!NJU){U$|cO>(`bPUOp*)FTHIvms(R#_*1-%rf)-dH7+Ic#z2n z^V-&#V?VgqJ-DC4qK>TI>*ahc2_#ju&jDKWQceUoa! z*UrL_Lln@&qi3XfnNIn`{XGmmAc>F`E*Hf1{xQAMY+3oow~PlKLroVwB83jmN~l0} z97h1!gf8}o3k~MOX_2rV_6X+UE=~=$lT{bBLQ@pdrA>#WuB+Pd%iCdJQH80sE>o~v z#XH(#>uMO8{m^^1hH5^#X{se(%(BCy#a8-XaX^Wq3Dp(}>GNF9z;RW!6r>|Wx>LZs z9-y3F``!0)Ql8xSzp}?jlSaGXt^-?iIaLn4{>DIkbdkw_PiN8R7DC34%TEE`rFxzBg_${<39d(oO{|NbpHYOAsRp8j)l$`b?LITl}R z%LE&O5&gR_ys`_fk&clu&|z9qd1`2gNf_8vec?+c+50dip$K%t@) z_`>wQcp^QZF!tI-{xHO)(h(lgi60%V73;WTYAi2C7L4k)*qv)qurt$}25MA|PR){b z5P9kH<-Oa!-V5Kci;cu3{S1h8rPkAI0=%1W>H$!~+e&HOx>bvK;GLv!%v*cpQzJ)Fm> z%Q|2C0UAX7!cg=|*0J$&(98~mUBi+-<_vuudSDbx(DAhfy=8=G1YBjuOO84svo`g~Q#QwNlO>AeSaW9@A9AQx^KTwY@m{gBL>1 zc*NXQ^k8p#cs~bTXeG%rB?~=CWiWrwy<+Ab7`zsGEuKg#v`;|h*%uwf^gSNZppy|m zNaOA*rBgGnTU0Q`k6{fqh*FRIrygjj?ho3oZyZ)`0 z>SQTf4RDPbKFb&`TXuym-bkZ+%j&}Hgs26a5smm>f_jGaOpPPD`i8tNo8)OdAZV>@ z(3D&-H219>M*eMG?+w~HV@oyCc)P(BHZ?hm*uy>__`H)vogDA=;$olAVpYUoR)#uh4sj6X!^F5c$26PXt5eJ!l2D6W&1bCr0P*KiKg=y z`{^$a=6Oq#{Zyj9V{@`_fd#>5@(s6l*KfrT() zG(RtrZV5-`KJEg0(fI@uN1x2>u4#qIS0T00uQHur1MUdZ3Hh*q(0XtjYe32c$nK=` z;s1>7f1y8x!Fe{SM$P+XAAyEOzD(oLB#?O(80%ELU0EL68k@x&<6}e*cz3trU8e6e zN42_m4>grifnAHe?#h83qFS?De*&jQe}Mvvh-R+MU7QOA?-TDIChX0iIklI(c=c(kS>ZHQ=3$07r(^&v4u}{>MfA z1S-Jd%aVvR;aS%h@l5^CFSBR?0FPv$ivU0^lg^zh?SDA1_ty01%A!@AN8T$yGkpCF z6skULXl93p3RM(Cg=ZhYv(Do_dOg$D9P@3MSne$nd(=Ih>t1c_aN2$;&pL05AFNn3 zW^?M0jZA5p8s69X>BeUAblTVt))!j}&ADN66~(LZ(r>}|oBI!IoauvDZI-tu|3WQd zMEQ%6>2}!J49Ln$plM7CQ=CfN3cbqHI9Ia@zLnaiJG?^Atd$4q$2coh_*&1)URX@t z|97ueW$Qx3yR?K$<$}LWs0XfE!9!V|NCtq-?R15BeozX0-l2Onwjlc1yt)Q5Kwpg> zSmW%cDDl#5cU>9)(D`_c-RkGJK-*flX=QWAe4AT&@4rM$8Os%ee}ikPsA*nM*~m`| zco#&0dH_I{>VskzwwB)7Lq^gTKj* zB67;nc+M3wrzWr3E$6%8KL>!m^J0vM2K)K?xx19YD6=<%7GOyGjW8rLp$dTY_R&D7gjl~AK4)@KW&?aWz}Vr9vo)L{@N^AZ$<2!cgJ~Rp z0eQDsg1Ent?&!nrk_hm&!vK(&ZX`R}DWfP2U+#|htqjwxBeni1;?J$13Fk@MNiN&T z3*4Ykxx*?)CqFZ`JO;`)@r_#^M~F9IFEE&|tk%dyJx(7vf7xDpbQ&`+Bq0R#sNPPO z?;r52P}Efb-z;;>F@xv}d|KGi)YsIuf)zDwOEQI8>1YGTW)TfxSR8+=iXU+VA17yB zR;i->f{3x-JMv3DT0{QCy255g$FO;C&Lpq|)R}zYflG53WeeYk_JHmFT-m3H__bHI z($`h{*J+XKQvdBifJugNcl+LnM+B5$F>^~R1cD_UsW$>w2e z2jL`hx$CYL&Fql~ky9UDP0z0^6smTWz;~}o?&WL5WtPBPx$%@_oROS`%O+0l2QV|` z2!nfUGxU^(ZM`beaFL*v`yBHktb)};xWbseY(E$*%l&1WH@E2Ph9kE%sqeHJ*WUmV zb_`PtyXh4g547S|N!lR8l03}NooI?r1sdTh1=clYR2q~{4;v?ThsF;V?-^Xc21^Hv zwiiZHR~6KEhh=lyzrQ;ni5vm|7O4#1A112RIJxNkLFVJKK#23zv3lJ&jKVV=ZUCTD zv*Afgp-GnPNTyM?=D~ZLP7_f8rJDU8Xr98b>dQddniASLdD-O9$e_6h4`C;NRx%=7 z7vE$F%bNhVbgXReUpq8#Ajj^rv#W@-&$C#NN(U0o#&LhR#AX?c**!05Mn`tY7o$Hlfm2do(F+HDKnKb4kFs>TLZ9{YF+r_KT^3u~um15<( zA3cmKD_5ltxre}1Rz1T5( z(Epcw4I!_+YgWunq2DKg zH6wim#aW>S4tNidFoKiT$}^D2x-xk!0o4WK``i4?mZ2-}g(dC+CR9Yx!M$84RS8qD zHes&ZBUC8$J@gSXKqAAq*yCIj8ofaTshEx0NpR1+s@FxzVggS%RL|_Tn)QlMS1LZU zRL1S(@E2pS$Nkaga-}@%;&bukFsK-bUvRGYL?)bg&BMtBeo_=U{B+R=NAqBqs5>-WF3x)SW%|x32fp!& zLOTole3{5~NnrlQN)WS6Ots=+_LC302qS2+d=*MyT;1$9ul(EM%-DRrWw@-B+6{S~ zF;)jkwXAw4-#*6}Z?`h67nc5V$qbcF8m9kyNLBuvQ-Mktmn z%=bV?#aF5it(evKw+kv)u5YQ+K`LeAc25)_z9|D}NaR)Pb4d zc_i(gYpv(3{NW5N?}Dlk%&z>SVH$R6M!&OIHzbgOmNCbAG!q_QqKr!6D$uYKOY`0! z{=)T*K-1x#%;q=x#=j)b&9EQEi;vBC^B%5D8NFC;A%|b37-a9_{Gw@l=de(q6C)_H zj@BcNm69h}9ilg~YTrAi*UM7@JTx9GT6z!~t$wCmD7Q>}G#v*PX+fh1)9D^sQ`m~a zo@qNVT7bk2ix(w)4_;fMM>gTZAp8p`f`_rLJ>?F`|rYNuQC-!@pQ*kfV zASL9OGx07BUwb$3FnaM>3I}m_+I$oMcyXI!6T^n>OWEi@vV3nV@7xNglmP&g9!9IV zlvBViu5BTFu6f~7dW0MZ&E@G+IFL~Wp_zdH}62`aG@<$O)?Jj zHbpawLkGqDPQHqbG(IPQ_K(Idyq{IBbe*NJILz}@_HMjGJM>WjUJtNe007J{0gJ7E zPJCl$kTDW)n`yYc_B%@gu&9yF&>(Cf&UvsPB_L*v@>U*S42!w$4FF_QiN2_DE~qQ> ze3jV4D*kYKi46c?>iqAoDxS1`KH6N1GPn5^w-(>{bjalIi_P_+*>wr-w#v4aEg&_( zoc-VZf^$q~<(XIw&8qgbWgCem++uC<+>AsTWGW|Ns2mpVY1+K5h>$t4K#&eaTX zjneb;A9DOhc2J@Sbyd^x7P0NyH20F+DOn!2R_Oz6MI39K=ea^(Dgzd|HECwrtk_1E z)~T;-2zPXyp7KW7_C5bQgFX3R{cW*f`EP~hfaLQy0pHcrA>bc*vUez8&)&h-#5&oo zt+ghNMa4M4JGAlJsKQm=73HL(MvFe|5q^u^-0G*@lj-eXah{vkGEV$?tL9omIi~qA z6(Tdz9->gSGjgT39i&V>&ZB}P3I4cp$PN+Yo0>N~)e34=PBb{@oZ21UkZM)=>Y;w? zFKs=Rtb_6}A^L^!|5y?4rv-RCc|e!tf8f79hse?La3RM5l?Fr2*GTL)qZ=!mwhLgr zaCs3Z)I+{2c}n_$N%cjPXS&$r9URBkOa~2e*~o>0`4^wV+l=BMNc~~gM*R|gizD7j zX!YM2|F9t%$;blu+=5FO|KAmlom&8?`o*XN78*BT(@zbW2$!zLh$NzlJbCTF(sp<-Qg2?qLvB zc8qbS&+@?6s<0EX&w6j9quW5^6@f$Lc{rOdlH7QC_*qPhUik?c9H1};Oxu1{T2ju) zs#(#Gxtztn_A^vDT4^L)06UVoJB~%_mCH^L@+1a)z$$Zd2K|Su4gMlMa3xY z7Ux65WnBwuzqXK;)Maf^UFG*mVqtDAZCDE}e4_(Di{O5q(dRmNf~)HmFaS`}J13sG zhC~rpi0g}6eA|{5e@C7PpDI^uBJW^PKz-B#D+?ckzXSMah=rf|(p~Dx=W+EDvm`TY z5(50!H{LN$#>H(beN^a9orH`*i&yBE-dhPe1J-&K?c&qE48k9!_w`iGTfKn}5?(4D zeLR#q`S@@?267U<<^(UxA8C|@k>6u)ed}!_YM`KqR^&DW@wJzcNE^;ocID#};mmwN&Xh5 zCtKmNc^W`R?}1>;=Z?1KqQ!XptJs6d*Iajac<|50hL{VKuRki^UKrv%v1NV7qH&2* zm*q9Q0>z#hyEovTR6XApzWPS{>`FItc=3!=t8MIr_7M+SL>=`t%+^^z#(!hEo9lfq@ne5142EE?!q3mCe2H;hKIUE95+?cBaNP5E7+6@ zCaRua0gk?SsyNrRc_RIsG|cLu8_frN**MVGIJ+_IDkeK8-s2f8rqT3CJMMT6WWEgG zi+%EwLsV!Fab(O`i?K1(+>R*qmgmE?+9DgEY1&)7UwhN>vCZpuQGx{N2FZI3nJA+$ zax_n>9%xdkN5l&du2^w6($H=znDH4cmD}WfZ2hS`geRMv(}1||JXUq+tdF@tcRi7b!Xc0ueAe1t z3oUP?6AWF_L&lFo3C*9m%X$}F&tE$=Oyt864XpV(LKCpR@Z)f_$}7*MV6FY|0$JmO zP0y0a!n9Pt^K=HvB_v<|QDLtOH2j4kEj|LZ;C)A)nfksdA*GJ%%!bR}=TT~m)2~Co zN927CLd8_(3|%4IbF zQTaZC)y2>J;&pxe@oC#@-3iFnEucv9@N%#(X^6a4>z=HqE%=*#ZSI2l(%JeKS zb;ao}zn;SYXZD2~g3X`(vRXj*b}|CLZ7L_I0{^0G zZ?>y%6Q`kV(oA`uu%H~mr6rt^@&n;XR85gX#jW>JKd?*6OQDVYJ70;epZANClbKa? zjF;Q6X6>7(X0KNZiABV$@Q?@lY9aSs#WyL$57jEi6b1PSwfB%81M#GsIz&T{1b6u3 zuvv9?p5j3#N@IzH++oujCF{k_M`pv~yhmD$oh+2jp`4&nN4ZJE&~k-DIgy{+Ga(_* z^Q+FMd}E8ApOU4^HP@fa9RDSNy3%(_3{{6Xsy9w(p>xTrnZR~<3shI#Q*_&8l?JRzSHi=FT9RU(Y`$P z zSkat%@m39J<##6jJy*smA@Qvz2hzPWSWd?)zezqWLZj-HX89sQ3&kAJEtFk>4NPN~ z#Vy1>1c*hno@{5~qL22qg73lS3U@s>)*Y5qJyTF#OA8Z$x;=S9Os)U0TS)RS7x0f- zON5)yzIsRg59Wc;j|xK=NX;JsLT7F4%HdFTQzg{8&^5jJ`iq<+nlH($sTk34?n+{j z4^taa928?9zn8kjUJVHG>=7s%R=2Y>I-ogED{`0z)i0CE3&Xh=!& zuOm#Y7_<$sjr-6bF#XJ{8KR%#++bt21toHDAp?M$$kblrW2-? z4(;1}{E12ty@w*BIX_Mj(Rz=K^GNUS-1LXldgj_P` zV_{`RTe!Q5NA{lwwpUkXUQwX`rJa&Np-#xb4wm|!%X%NLeeS;9{{j`d=l1h=Z@>(T z28+=>yb}U|AF)gs)<5mV+Ihu|mhJm`jGU)tR#d-ckMX?@9H;Kozss>|{d2-l{d~1T zkHxTEjg>hwA|k%#Spn-tAanf%oe2Tv9K%i3*GQ8}U+V{%-weXj7W!hKlQ8awT3fQh z9j41-R=F!EVCV zucapcJP?}Mtf?L~CHq-V!zPXz@GsdH);PbC9b%+|?pb7=fV&z6h32mFia0e5nh+xR z#d@?(`F#AOP&cqR0kdVTu=j+T;>avkGmMWL6`+AqQTK_wOvNzjCN-(w#*W#??2lo1HUoW)g1=zAumX}0lm`M&W0syHn-TTgwkV(EWjm&M0PZ-7rWsuE?-%vuKZI4Il<26n$%(>kd%vq30zE?wt3N z2w{IWlP^tyXCVor3r2UQNJ@SoiG(zqAlEkIO5{ZB{>t!i(Z&I$idcW%sIxUsnrk57kivPNbEZa=MM&&SVj z_izJm4?%|!vW%(94OJ^=T9yn0*xc*-UN&*Zf>3-lrHv(ysKFWMk|E1R)Q9aFl=5em z5euq1atMvAh`onXz&|8I>r--Jv&vVuoZ2#_`L6WT_YuMtz?G^4AFJ?_3MRwlB;P9u z>Ei`_whzoGcZJ4CX{FaGi#~qWw)>ewFmVD8OSxaiG0wpF61+rv$w8%? z;p*gH8V|z<52JSU^>)$42MK|XxGIRRKj61cN)#CeFd6x*Xrp|F`P;`Xc_H2{E0VW_Kdw%qSrCT?@V z0;c>s4zf-lwLho;wrWrR=?`oycSjjOmj9~le-+id^*>EO^OVp(Ne@`8$X45cIpnjB8bcb}>IG2NS!d)9U4;rLIYd4syg>5RR zppNuy3wt#0M&YRYlMR+}ssu~HeTjK&GmlP##3HTmeuVJsbnCv9xO2Lt0DN|SZuckR z`YK1O0)1rN!jw2;^n!J*`^Uh`)=Zn-OFhda_(+S5T|wyl&YQ8}#+DU6dcOcz@`2k* z-00dq+09H3kJVcZG|=u=E)qO{kEaoSXd+ctU5ejWne#ea+fhRVG>%2Px=xj9Wn?i! zUI5$8L27LsR@aV;#>5HfJ^n#YXJJEuzI>;N_^gb;Iu&bTo*bDs{$G^bk`P3>*v+|k{zh3|4#)TMb0)>8iv!HR8+R>~*bf&@f;%G$du!8v&tm+`cYeeJ9;~}jT zk!suTPmv`X#k!PrVe&;9=?2S5e2Aa( z4q&D<5@vRxX62xTB9_;k)uyjTH)P5K7>wxN(d&}Nu_D9|RDgCaN^Rt@CtCYqy$lo4 z3G3C@_>)9kYip<)SPc&vQI>7rVvdwdfODI&(_~9G0zRV;~j(1mM z-z^1aAAxnJr;A{o!EsLyKkynBWj=~@Vn@60n{m`>yJ%U${^l}>NF*J z;p+H+ux@%%(va|Y<; z=zfQo%8S_r-UOk)we5Bkz2~R#6Yn7iPcQLgIVx--W7z0WE-tzI;n1S^H8e_C9={ZeqBoH0$In|FA}>1ovuZFO65 zI&zm{bZVHOfl(Li`TN!|5|A;L+gO6}=}j}pUBzgO$6+(M#AFllKnqCnXZ$aS%{}O(m5xclzEep4$G(h%F ziDaDct%|yR>Q&I2z3-N1Q1euaejF8c9<@*-E(BsjereB#u6;9k;AMbdp24`Fg>T-2 z-|KLwsheXss(sJ=A*`#iFT*3gfjz?` zrXR@I)gzvUS1O8s!G1bwJ9G)du2dxJ=fZ_lR$X~j+;6pcyYYeoW^5ZTw?CpZmciDi z;-CN1x?Tr=It+OzrF3FUVUj)K!cSLz`*ws*z?6O;zF1y-_{*r3|^UZy41-G<4OUjy2T5V-cr7dEBTsDs84mCxOK(u>sV6|y9bKxN$ z)%|8;_m*&fRL_T+;b+IY%dilTU;%40sqMEHi=koN)J)10=uP_>tU`?TMq#?HpL`U- zotk}V5@>W>&J5WK*-o%gdHMv(w!3Ff$6t8QWI5a!;!}@&;c@G0WTO(*2eKu+{YpD<^_sn9}$f$jZi0 zOx{}D9%T3uuGoQqcj$GsxG7UAOw6-tF^Uk)Lt*%yKN@7^bfas?4CF3H-|A_wmLHX4 zjhAUA?K|eXKdxa& z9W4n=rHmxBj)`Z%Z_>S&$@t8q0@LL=5}PIxDd?pk8Ghez`7$X9GJn293aM&0G&hO| z0m`nlr?}{SJ-!?88CY6x+X=33f)U+3)x&bJrHZP#ocXf3To>;Q5t%w2o<>72aLMj7gdMFL3 z1lFE1$!7$r6-hBvKS7~?`|2HC4e#XQ1MEi8HJBQi*Esh?DhTdlC=$uVuV z!LE79)TcG6ESZ_C0U}YWM5+EB?BZGidGNb3vVxXL)fZu z&OFj)nX3468sfj(E&XROomV zkG{b#R_&el{3`mR*>d|^C?kbg)B!#iZ2ip9$y!7Ur(X6utza!zxC@V!=EW52ukY_K zV%Q7AzZXMZiUi$8jGF70H)J&D)_gw+2>Sa;2+-Nf9wF05a-rzwy9q>8nl5GCy+=G{ zg9s2Dt>>0s8+{_2uzUegFUCtx_SBVysCeDPxV0sg%kZDvB|d zYzf&i)={!AW6P3dsF3ViWE({@vSydvO!gRK9kc%Kcz=GM$Mp3!jasaIN9Tkb5iWYg-y8HU5Z)tWgC{d85QNlIhACQWcfr5M~+?tWeWddak! zI_Txc*@LON!q*~jr6&wKi+0wYT9y>8)Fl zfxGhCM3+J~op3UJ8?X=9qM#RWzjz{}`soSDe<(MeEQHkTgcz)gOrTTrl8P;*rAbeJ zO7sPlU+sEZs4D%ad;H@@+oCakO8#V-NkMqQ#piPpAC2?vwiOJ*BQuXs4h8)?VCMLONy#mMfJU!Wo$Z_;9fxiABYZ;Ul4)6izq>2!PV%svkm>2!% z=YdGfZ|aY4dH6!Q5?thEJaj)RVEk zYL0jECG}kYqw*F}i5ZA9egCOVojQ&MlC_hLoxI%a!ThZU zxO&tXDW#BC^6{TCr&Au(=7|}{$tY`KX;?duB{@yvQ$7;{Q2cy8f(r? z)wqfT97V~v8>o04IR)I_hcVvBOEJFw8JRo<>)UC8gSf7OW+Z^!d~=2$Nq?dWvO4~b;+0IWC;O06bFkY;Un1`@36ITGf0AkcrrlK+XnePBzC1bBb|-q3n- zwZTIb_PLGYi!r{iHShFF(OK#x@be)zjSHgl7pn&~i`6-x*{mJta*9B+O5~i(TZD!F z&2eMW_CtK&z01U|X9APiaYM2uwLHN*lB|uwSg2sscU9F4)K@>ZE~rbBR{)UgmnWaN zieGYHZw2gtOK(CdX>4To|JsoPH+Z;Ku098WE+nzEua<^o13JlR;UgPJJPuH{AG{jg zhYGart@BWUo`VG2uYWsPqRY-Nme?Rt2$R+OwXsHQt)gb!~Fp=R&@gvv{%&*hgsyN3S&oHnAhHnw7C%!KXP>>iusf~pnemB{S;PbY#nRG2eb9|x!?|Jd4KO5BTMFK__AUjI<_wKRN$QYvZ30W0F+D>aQ3D#znD9ZxkM#Y&geJg;_L@u9 zMjqCjn8hX_Vs?p3D%M|HXo$Qmj22_^bNwSH4YT98XH3{bs&cr`kRLH_(a*Hxiw^{T zRqL-alHb>FhP$c3!MP;ljf5+^mPliA?gD059H?C+zdVe~$t7YWYe~BrfMT;GC>zBglRx#ff z$b0>r5KOV{T`K=I%BweiNsT_QNO{CpUz zfnt7oS$}Oc<$30 zLt&e&^4!s{$XxjHi+ozKgl0L?zZNstjAy*PkcyecR*F^^-$XS%Wd^*94<}sJXI{B? zlpvKT1082x+kxi#~V?A6j%WvmLTIqA2!P>Ec3!(@H*X zW}jN8I1Mh>>-UzS=3f*t=q9+Vr?nbnj=M zP0wusP!31FTz}Ble&OK}M=mZ>)IV<0oM#1RwquihwdVRQGBQfALv~s(UP;>ziiX5c zx(n;+4G%aZT?t%O8H&U0R@7Zo44ZdFG&Zw9Su*I8theR-qpT|m-Pm47cUt#bl7_7d z43r*J(AK?VX!*Ei9BPs5mc3-u^ zu!*S+L0{u5#8#X-VznDn8=BRA?&yyoKX897H*3&h#(m{;rxSO6qeE1DinsPuev*ay znj^73h0JK2)Q46O2r6cBp&k6>+x-FYt-@+|gBD)6+-%*KSciHes(IFj5fPMoW|M>^ zDuH7$^B{NF*6N>_vNnXPiBj?k7bO!t9@CN$4vs1Yw`Vu#eR~q7JHp?IP60R-yNNg#8qvB`j^GNDuAn zDY|rc6mb}kTq{oDKe~Qxli=C@^)t3H1Y*wx^@}0VT#7yBscazukG;Tn`O@D0WTUXU z5c}l8gUO@ow(j_sMp(aqkKH8YKE!6#12qF-n%`1up&GyI;rzU5A$NrX)vx+ECXv-$ zIWPk`$86WTXTwza#uKU`$bj$N*ZmruZHpdie#4qeb_zeXiRmNz7ceAgCz9*5HL4!b z`bZ`=pGh@~q}bmtK-a~9-PP=U=mOELUlZ%5a)l7+`#YsQW!41SM(O}Z_A8%pH8wu`Zf zpayQudHprT^7ihadKbQ*$sUlJd+N{%6AQ{+8{W~}9 zxP)@8`?U=lGD{yFgjn?qep-z1{PfC`4a_#815LLp`P4Sh; z+1a4)1U=hS_xaQ8(fACtn^|hG$j4lyW-2jOkDx7S>}vjE+8+GD^JBMTn&G6W7x{7r zph-dKI*5F&L>yuFn;G$+yE>#3>uUt(wN2+!i%ka$OxKJH+I_$QG)+>}mvJ>%H9UO1 z<2U<7&0Ky+FoO*$Vj>s`aX!i}lMWXB+bmbF^+vu~WD$YQDBp=e$hE8>>=$DY^EVA3 z7p`Qhw^xN3f7y=qiyMwHHS;&e`ETjQ{_!YF|Ltr+YGPkmUXCGdeoiqMIE54Ln;$O<_tfrqtjqDN1Tzy<+9vHu7pNM5k`SA*9-M?y+ zf8@A;eb+aCg(8Wm&DVNWaG0}E1El)uIem8&Tx3AGQu+a0dg`L0orEH=*Ywucy%c&l z%zD3=n>va+VZ?Eo5Qflkr9FuegH|$cH@u@S)iP1S>3Ix!ygnt*KQCxe76Wg*y+lTd ziAUy&#*&)k+PJm+WVL7sjD(m0IEx$^Jq`c9*?BCJuLoVc8=*Y2iy7KW>p>7RXZ4$Z zTt%vVI5s65^gXvv#m1J~odedz&2HZchn;oBC)D4O<&1BOE>Pk1%52W56^|8<3j3z` z7%N07CEN*1)do!ii3=*gJ>l@1>iV{>&!Naolo!lj#Cnjo7GX zg4|`?!#2lUfqZuk12c0Q5wzZ(20?t-?%RTmwJ>rKb)h6(8`E6N0MZEw5qHhO_!^1H z0hFrm#Eize-V9Y^{Eif(M{6MF9D7o1=pkeqSkaC3f zGSNB0Hc+hzc~6geeTTZxf#2Dq*KUSWK4G{}M_?-ACg3x$Ie&$yt&y)by`P@)5`$Jh z6VU$NOdwEY>O$Nhk5%O`Jj?=i<;3z`ONEuzv)j8$)l+_t@_&clas^*_s&v*;`44A+ z475s?+5%94wtrhE{mip~oR#&bYM1+T5V&S@pclBoojs~M7sLAdxxQSm)fE;^nRH#{UPwG z2esF0RXk~usYlhBJ03Wex+?y5q+>etIoi?3 z;3%NK5a(xF7F`Hp560OitUPrUgnfCN2j4Z)gOC#&x0=;nH&R;cEw=tyF4ti-Kyt%lvhD}85 z^VN{l7%R84;Y#W{RZT(y%{g8E@SIE9L-71TD5DOnV%D46%8Oe2yBzJ9Nm76e#?Y~pyICWAyCQp}$v!)isV5@F<*qlX?D2RTsd zFZ@L&_Do@n0}2E8NRw58fmEFQC*~Zvf@`U6@-gEVO%!LCUwedZsKU1AHM!MSMl3>J zW1WJqj;~zW&P8#gH_-BK27TJpe&VNiFlQEVd{ z-Pa3rX#E5?X?Tpx^8v?5;A2Eoh)nIc*&8+3zY@R9@}&hMfr(62{?VEGC#rnsov|1E z6Fr7qE?LVvS3ra=Icx5%=A@NrK}o>H$LG6mFGPf?&KNKZ2=GbeLm7h=0~|l=5{O2>=gTmmt6!Y{ZiAPON7WPagwI$F8+`qIN#m7 zwv_F%`dIVlCCQ3W#&rjJ9s?ZwRVmMH4@SjljOM>F3R4AoB`2IOXVr}`SGb{I>v}(m zBPSOnku9IC6K2&H9~dSv)k^-LR^s(zhhrlQaTO_E&rK4W^I3(*x{HJv%eA2^u)t|D zkQ^|u8zI+NW;~w#TF~B6APT@g&I5dOPn1b;_@>3c3@Jx){K?-URlg z8vG;mlY`+}D0SeqzgW=M>0twA4`v&`H%+G4>5e<=bWY})nHpr9^sK+DRNYv~+_&ai*wenhBh;{96Q7?b zL=03Nj4A(3In8T!IDFZQ6EgViG~hS`!7c{?D@$==-zMe(Y+@e=FZ6gAVwVHiV%!qL z8eLG!A7Cq@Rpwu53zcY6XBwnrE%NM;!P`}7Mn2YLKDd}%+x{!h1IFhJNgPOT)l+LS z+^fL)FGvvJANC8Nu4w54r@#4QeqNT=nL3I1D++qT@VGkat~(>WD!w(>DXYX?9 zJ5--jHZ_mcmTnfvF!7FrFa1zG0Od6qEkA)S_o;5oK1)K<{npRR7K0ZWl@X6OTOAup zM50^{kD~7z_PZQ2cop6IVZdQ(P73cyda6`u(SlW~`57hUWsbIQZ{c;DAxJ?ZiBMDG zQ*Yr3!Q<#&%-3q~@j()1slr51ys14Fx-vkiWa@0EYIeh;1kwn*lhoP~hTWLJ@4A=d zz%v%YhTg)Q6sa%JC6z>OFjH4d{B;F|=tMaYyxRugEP%-mQSFU6wjG5ZV3zcd<_yX~ zi--;G2hQ3Wf-^t$Pswj-7a?vO7HCU(FXo?15~w^Pdn?^9F`9cHMg9ybJAI znBEwZk#%@P`*9GOWWCW&zElmFP1sOhywWBxfyvu>Ogb+LG@N;cDl3g?d5y(=w5wTM zgoA>P<=?-aZIDS4jV;C&AYwej(il00d9j{`B``{Me_{|M{9B{J;TYp-1X3b; zLx}o4Q@Krj+)%);V*3Rf(4UG4kCO=njmkwB-nYr%icDpN=g6V^avx5?+_)a5W9=bLGn#QVT}@E z6sewDo%EH~o22>4f+_>ulr$3w_V=S82_t2o0FC_e zZ{R79*gBd;;PqlY3^3WaFBSUDZ4I%i>&@#Yj>R_f2|GuqFTVd(9~>H;k-eR8bR0tG zb#hIuj(OgQiC1>_79za9-*`W5wSe=%2xZ`KjbWR3ah{YnHS3k!UVkz|BELCeE}#13 zB4(o5%c(;eCMA-qHV|-a9arXZS1IgFsN$+A4nq{0mpG*LlJ+<(UiH`yN+9E9fD7+i z{6Q2L&mUyX+!@1c>?LG=aOHw89yzse5?3l4GCr~_u7HQVVvoy|3n$4cDkD1Ae8C3^Rv%&tPdQrl0xd^o6}>&F^7^*ebizWxw1eNz@c~)D zHCERhget}wE=SW%HBNaZWBBKn;p@-ztXmBNzE8PhK5tLnqfIXdJ%ZQ(3`Sb;EMP*J zMsU{{{R80J!gahVdfq`P9qHygzvOE=;O`mfb^$5yVf0%dnC$2a2J#}H>EU0B;msdY z6+=go5~<(C*0|XOafCI_)$N5FOa52khqE>|=WuGnMM`wP>8{KKo=xCHQ3o7b>j|-c zBf@z96!t0az3k9*LEr;1+!A;oo32F%chs4h`xGC7-F<|6ma#?r6&Q}BV{^qt*hs81{T1+%X^zf-cqxjSGX4kG`Bd1roi`e1}_pm^tI z!vc9l0}7VC)0u8e`#|>aojw4J@EC@xiDLTEP55;lDg7!Y>h7e(eFDY=>H&srr&4OY z0{rB6D01^O4$klVM}rYFuD_J(a*W*s#x;c2oE0Ju&2=Zz!?})PK2pfdv1YTy36C8)4}W>hks5F@%LVPyf18B$L|g$@J^f)O4B> zLzOz2|1}NN&>^|1k27-VcLe6XQ4Qa?PhP3!#Ek$_P|$-GJa>&+wnmY&3$ zTvHJFjispSe?^KurKa*yUBof{>O zrDttbj9xd^0DW-Bs$yPjDR-e%XW^Bf;WK>#MDnm7J&_m8SZI4On_5jim^nnb)Zc&@ zxl(U**xJwi!r(&d6z}ovq+UBajTjerO76BWDLY0Y-33{U@qHCF2An9E+md_GFhR7V zqJ0NXZ|_+!8*GUyD7#;p>zeZ@_}LL;;28Sb$h5Mi{}vKW2^51K8w!dQMN2wi-vm5X z7GVz}m5q>=z6+^%UGi;0pc&o6%r#0u%P;!K_HH}6;1@D*2P4ObrbBkihLB~~pe^Rs zM}yCeQov(L4jOo?`JVx~_pww;gydGzH0 z=C$RrUDNhw7NR_;-ikK*czwlwWcfS%zOYaAfO?b}j1|_!=q{r4pV3(T+2`x;};`|jCgB0k8-kn85HdEoqzZ*%c~4+kOU8#z57Qq+zWfA%kl5z z?QvXE;zty0(B0sk%#RE-pOK=NJNDeeKkpg%n8EcOJMa?>-*hrzM{(!X$3ezM=x~BG zx`LZ@lPR@SKl#D?%s6CBpV}3eJc-QrWKzChgn?|;)7K=kSC~QDopk*dbGyRmzBHk7 zINeI}^6=8`NazpMCGP;WBZT}ZpGoKs#^u5356ntjtrzVU^396~q6SkmgyOKsSfTj; z=`~));2EhnWHS>d4qvwgytd%46|zdbe}=Z%L6$f}C^MJYLS-@Bo&ci>TEA!&p~ZaV z!^${U^+Lzj5GA@~WH)^WO>B?9Qwz;v6TtT%GtIKlb>YkbG5U1DaIh@-w%FW8wmzM~8(-COL2x$G64XK`p zYYLijp1?Blv^mOtyG&|pV{Up`1P-Kln++Vo*0WC;w_N($7%k20@3z_vT@v0^j?BgP z|IJAMhJE{py(xaPMnG{nu37t9Qx0K#EjQyxUr;CL8QA!a5wU5kzFBZM$RmB5%&;4W ze0?*1WVm4{gZ;3y5-S%jm z=;;qVz_I)XY2PF0H_%bBn`8F{mfB~AvFdDEB6`PQPbWgVU>XSR3AowT!G^naX0@>k zWDn@75RSZIZ|kKQ(@9j%$9k! znX$n*G2b5nY%p~7!|BY&+vbE{CKr*<16p+{m

65beDzg0B}iQ8VnufNjr7!adT=I<4h*)~FF4i)Q$xW}Y!DDFjXbIdEYnT#!n&(+3dbkA%G zfaFf*-#)n)YbV}>QfxEDS14V3WGGwzra`p> z@gywCGD2&7udi}%5mWAU9Wr@We05>BY?L9=AJ2Cvtk^JhdWso55k6?OQlXS*uyU76 z^mlDyT0yGB`HmdMk|R>!H(mS*=BlRO8LYM1sSbh+hWQoo`{mCh3N*#gcR6r`Dn-fj z4mjhh)p$QB7umT0XVBJs7+B4}<8Gkf-2Lbd+gu*RpyJrK9N(>cmxSaU^)+!ad>ASWR#x;32l4cS$T$Uo z#2h}2@ca1|I$!?RX&sOceU&IqdXIM3ACKp-66q0K5QuB`2x@Dk+-H&EAP_=Q&zima z*@&eHOfm#GBDR!QpWowZ` z7-Zad;h33I@XuL~BG-ag@a_@4N~BFdpa;B3KEM3ca9|bN19}PY?GGIja$8f!GyrV0 zuQaXxx?O2l1zEQ`@_K5ZMC|~aWR@6<11EZwpuhc|^y7~v&=h*E-e!f*C-DB6| ztb)TcRBtFq%DNqx96f{Cz6W;ig8hi8w~aT#Tz#n0`Dn`$FfeoSY%HVA^g~7L^wOCI#khQjm#!W%E3*l>^ zq~q6Kk-*In1xxs%o&HY zevnP!x$aG+d=DKKb|_)|+!A-W^C9=@p$94LNq>`!EE84U?h3&bG|HKceJ8lj#(IY& zoO6yq-6DE&y3=CF;Z)O|f_OteO^4i!>keD$gp9b8t7wdS&!pp0^YWN@cU4al8vt7O z-XQpNF}`LT=}!vjJtB8*U-kHtV-SoGD9EgFl$R(c_w4TPcRJOxf9Pbl`7?N zkoETr$#&3!GCsWqkBURTD-QA<fpx_hpcFqghin1e*eSupvAS{ zA4a4goIvguPzQ_H$tY^dZ?CDZW_+o~rV`p65JMFysWGvD`KI>64+ffg^+OO}t=;Db zE-o8+O%ob&2u@7^{u^)sKsv#P`(Q4^F~X zuPR?y(Z66D;puA;<5h9UDDj)qe-#7qbwT{%bx<2;+47C2Ow6j( znWb@k@l&E9*6Y9elMe&+ouwh>GVXc&xOeC(YPyiiU13YTC&NoyBQs>g6Kja%AaM0@ zaFYa6(R@UQ2$b?i+&l}qwEqrp-RHm4S=eJsjM>O^D9h41F$)9~19w1ahkyuOb6!9l z%kcpru~(95{ikpS&7JZuxP9NGxOtVHn9ls%dAX6Sisi=Jwm}B2ZF$$17h@MhE3hJs zDHWEUDc5&sp2_%yr{0Xu&1KGtYlR}aL$w2*GBU0g8eFy?t`^mtRFT-48^c%D@eG&c z(TPLQYcGJX)q{X7?l`FepOJYYUKGo=7wJxqq|VIc2L0@^ZA?DY!a)GqIMDx6MlG2p zv`iBs?Jap=?iPREWXJ>s(TeI_)m6`b z6u;Z|9M;6VYJmo@2B|4`GuF+7G76-g>rjtn&y(JU7? zZck~hj+Yd6kLT%=}dUmIl z-T_oR<>jHm74dp2M7oZ7{ryJ8qM`;&hv0Y~Iea!q$~F-dDZ-gYX8h_u;m@T^a?#3M zF7V4DSqt%nk{v&J#TiDQZML--79>5|3t8shQfSK}UF6mU8*0mfQym;==dtd>{!T~d zdXuM%81kfZF|;4!-2L6dD0N4R?F5FQZ zhA`s8tc2Q3fl2ELx%Q`YZU!1f)pi63DtuvPH$dLxkvZ0>Qry>(F`3^)?D7zghs~aA zY1o;lVoMNEh5}&#rLLA@bLk7-bAkKEF4!}$LmuxB#-}3=cE=%CwnTQzC9;dq8{^vt zv#ldi$L>^(-y{lc@5;Ar5_UJaN&S1{3p81lT(R(+HX-+of`GwJy-dFN$C5!BOj6a1 zH^AD0(6K;}_I3#Ry3^K)f(jrYD*0sr+xBAU>leONCm=IWXl41HV9_`A2T z808aYU0MA7iO~CgT`iBf{!Ut9-^J9dc4nnsLf8gRF?wSqPttEmXQ4mUa?9-9nE?Tc z)YA0bK3)`|*nGFKB52!CkRU{wctXkyy1WV?Ka~G;YhT>}Co2$dCW#FVJnHYPvy*ui)Z*Z$&!D?XGsmoUoV{9gZ!${u>MTbTKI6c6 zQXXcalVz&5I0J-NPnv6EzUl{x#sn`hh68jdm}7dm)-vpb8&Qh%yOx3z!n2-a!L=_J zrhir*r{Bo#@8^#y=*4riW>|cex;7hL=$1Q_Z^WA>^yHoV+RKSN{F{zs-;H9`5|Z})df&>Crp&!sHC*b|BSe+P6+1n+Bg^AET)f3zAjLK9J$gWPz?j zTi`gv20PIwxSGx&(N|nS0gcpa?nroJ=WSU`DPfioO?{Of0CWlXnBM>OJMWKR8wys9 z4uaxa!MOqsTUQB54sTRA9Fot6efi+2ooQ*z6;z*8-8aM8+#pPNfM2=TR^Z)zqnC~f zdv2OhA3GDkOm3`iL^6SaFazzIaSgoCAQmL2~jeU`;3?~FO+1DArj=wE6{6y_V zZx;N5CKDJ9^={%&pMUKKO@0%>3x2nAQ{@4;l&m0Ckz{G)SEq7drs?;C@PWMgJ#V~# zLrk>5m8F3{XGbiK-D3=#D^>KFu*lq&-t6zpDGPe+WvQhRAQw42OHd>NO$idrmwQhS z!trdByTgRX&WM7?02I5Or^TEQv)-Afc9oFf(8dxDseR#~-G>2@@dMiJ7hIH7R|IZw z2f#wf)v~NUT>|*ddkO^DJ3bb^T&^mn)Mht!)xOQTowb&Ll+M8ScBTNTR(we4#k;wl z5KCZo@qesn)-6`-6rdhf_SM4>y-^46oBYiR^B5L{J~DL(KqHkaC*2&9 znOCEfUIF~1=BHaLTO_a_tD(kv)@_U&R6}AdgeKSa?T@M?&7;tuhdd7^b$~@h;HaSe5lzkC z`mThf0^)HaXre-iRe2fs`V)) literal 0 HcmV?d00001 diff --git a/web-ui/docs/zh/blog/liujingang09/2021-01-29-images/code3.png b/web-ui/docs/zh/blog/liujingang09/2021-01-29-images/code3.png new file mode 100644 index 0000000000000000000000000000000000000000..477178a3485d7e0dff00bafd3d601ca23e16e9d4 GIT binary patch literal 23150 zcmaHSbzGBg^!8AZQlvw=K^l<~m>`WZLOKQ_BGTPVX$0v|i3x&3DHV`rk`s`S27yV8 zlp4K!hkk#*&-?!K{xLr6dG67 zd71RrwU||`f|xtjF z005hd`dS(fLL9aW2Ye4yhvSi#zx+@c`19qUb`Mk2WoWr{!8CqNoL9Rst}dPXkWrBD zIi23-lL7SLYj=+qt_+v>HV?tea}Xk)VioPd6)KbJ87&#OGHx`hwN^crk+8ZOCYKs) zyj%m@Bl@i;0J&^4zr!BWaGha&58=ALf7aB#5ropu+~KqX9f8|qNp_Sw--m1ILnszF z!APfUWY7Nf2Vi^G*OphUb91Ji@Mh3_o=6qk;6H^2+F|?=Gtz0-a%N3bKME+iTY*qN z8T7frS~!1vf-U{zYT_8lpn0BZmlz&c>LQT(nImcLMgfgD7q~#zaAp4b?3d_`yQ<9s z!CjLonSzG|(`G>W_qdP;x&|Kx^qua@iP=e8{TW6n2R-Nb5hRG7!(s6XsZ*Vab|I4U z(LTEBPdPjlJ#_h@1>wOf>Gn|A-1lc%QkPWx_(-FEMx{#3Gvop)>_v;#!{3fP;;~C{sbcrLopG z`(Of8YO|S0g9@6H#!r3t-~C@MP71z}Z&{=-)H`-`Z*8unQ5PTCFNzNjD0#5b6073t zS$O)Sutnu0T`Rim^JFoT)ZlB`^;S3EMdu3I6*ZNN>tjZ44Gfv!%-`baZVr^Ee2( zntAxtX0y9WkN-XpbF_y0vh>r@3vU~v^7G0x8~CJ|K8kug=_FUHy-Nc*u{XRSjv24Ewpdugxb(DJdpWJ-Dd^)p) z<^=-#H40Ul1?(|yZE!%7Sq<#w&1d>@h8Q+VU#rSyzW|G4@Bz=!Rr3&g`$d_o%5e= z1FyykN&y1-m2c8L3ukcoN!xl8O?F{xLgf%}0pE{!^t5JU|4gg?-sVjIl#0}tn^M$~ zEgP&N4Y6O-kPqQZAec2uf!3yenKPxW>otNKi2?1|Mh(`TX&Z;LIZZUCh~==aN9G%s zcT;t&>nXA5X4QWp$07N6wnC0fI zBU(>##HN%3Qf}YpK7q$9dJgpm!J@ZBc&xMa$cl-FdL^nu8)e2mR+$Q`AjG4_Bj|5G zr4&dLvG>^h7j(bDa#u9Dqn7co{i}ORs9l$$$iV`3q++E2vaPiCYnA71cpa+wsV@cU5giy$}3(CpMP(i+`Z)?{$szP?MQc?!Y4R1k+kaQ33h=1<&SwQ z0z>kKxJohQNFek!c;qN^y@0*(=Ir41Ru5b_6}Nag=>2xa%HT1N1;gj`c{pLoYo`?eTuxj`V80bOKW$C1$*UtfSS)$1cwI`7}QJK#j2j4@I zhLOnQMPW04?ZG$U7w+-oVS}^V!wX{yA>nqYcgtG=qtc;RX;qBKFJzqZOO9Kghv4%m zmf{yquJMe$36-mk*!}U%5)mjD*v|eqo$<0vI;s1EO-o1l(c?$O5>&AEXfmC1pPb`! zmY-iLcke$DcD3+`Kc7VKpkDO%Pe4|ky)OfZb>^#_I*7W#NrI&UKP(Gxh){mH6Ra+E zFz%#0o%;^Vo`MNM4!;cE`Qbs^7DILG<3ju%`ZFD*fI(WzU`cYX`~R7M-SsvSu_ z+RT;Q%6rTF%$xS@a@fHe?~X5*`c;Zr=%ewItBpV}JNk_MK$VTW2%VQVehnL|NM+#* zKs!2=Gr*!Uuh{ZMQb+#-_CnJhn(|uF`6>HkDK0{S8j5_xg~yCR|_9W zv0L-T07`f9`7}D2*XbH+b5a^}kU)vhE)fvvVU9vlV zB?%@wHW4EHQg7F|E>${}^~&<8%@2uPFT5PR^3Ph;EMA7F_cV|X8DY;Z2PQgtM99Rr z(rdBYVCaV1S_O?Nd7a(Ldl6$8zBj-}V{v+Q-y5Q+tEBFxPd2b8AH9BQ)sIRctv=g6 z=Y8cOJpER0{Dm#FL^Ng4kT_)tu4IgDsQ0rZKm1-V{`x71NxtHp zA+8k$XJ8Q}Of3EwM$AxQK-htO{kQ9Rv@G+Kk};6IMAgmk0~p_p&YpWiKCJHvGmuPrlZX#=dub@#h6X<0HcB zEW5TuvFPvLgY@Gk-2<)Y2EU0!bBlk!FR1qRx$^-^{to0D%uTB#vL*KD$KigFT;nZ}Rbxi{e1J;=#k zzX4Xs3<);y4%~&o2dBWbmPfS~F?%XklsJs?S8}4t{sGPxwxK)Pz3bx{%}e`?yyOzx z_Q~Gu_}FjrF^83>R?MpI(N(?TRQz6BvobaOiFds&j{UAKxQ#ZrZW8_Ln?i2|HUBgl zoz^F+W5L8=wSkKR7hX~-kX@qpxInq&&+kq1i(De{5qNv17b8EbW65&*Rh%pL9Sc;t z$~UyxF)^|G=&#xR~C(;dxsm@pM?lr`5+(aW2LZJ575nfIA+j5S9k~eU*s!Gc_x@s_1nc&bweAoQtvph&JxMk`lT`Ab%8lqL6r zgXSgmiBWE115lR(hWZM8TR549gaCO)RF`vJke$p$O8)6f(n5&@30d69b))!sGKm>- z2W>he`v^;v+e1mFht+kk|q z<}h^4Jy6t(S~rekX7c@Q+%|a}F2FM{ZS7LVQZ0137EJSaTZ!s&;U!f6vOMPy%2x%0 zX9&7+_6y8cUQmSRgg)c-dgF6d`N~&5Ugr1joqOLyZ5LL3JfHJMBf6p+6WHUko{Pkj z|GaYPx5FK}4&mu!-XVPB;$!vH(~p151yPlc*k13ZlmT8kt@=s+c@|#>HCSX zNMGQg+nnsMV4@@9?}IVCLv1B!56eeEq2zAT*E4nsqAVNs#!j@q1UEe@?^$bk+SqCr z5f(z|imNBEfhNs>_+u20_Bu|&M~)lSMGWroy0o9aQ?PM4GcM+`(L%5JJK@9#Tb8`M z0q7;8)iLUlk1(yZ1JkLY6aGY7KFEO{%3P>ssG8hlo=$~))WJ3?>mo9;O*Pnyhi0i3 zdAZm7XQn~{4i!@Dzszy1+ZQtBe>gz)o#x?-d!Ti{EFa&3pZo3zpD*+Qv2c;#->HjntiM}-P;Mg{&5 z)$<5)u%`>{yBGB`q}$%3%#!>%y+^b?)k9TlUV}HDl6xx6?0Usl@DSG;C#A(c0-yNSB4l zX->4Lw2-=FIDPkxwcW@o(+;8R8kc^pzP@BK`_R$#jzIK%fX1bKKs2R7M=fPZl+gF1 z-Bskby_1tX-mzyQOYFBE(ly@oZz&3MGW&Kg%JG|>oc<3TgH{mTcc)XqC|r4p`WZgUlJ9N86Gl-s?b{Tnsei$MODYZj zQ`i*ey&v3C8YNq95yj9X7N~aAWlNUC*ysJE2|0EvTls4{%<%gzzi>&4^g(TZMe)HJ z6|f#Zo~O8poQ|4b_=Otjy-K{M&Z8_`c094E>r)_M(C53L&-px;)jp`YeFfemV@fT8 zk)9nI$BgaXJ^Pd%G!nuk)vkJ+H>)TJoQJj%%u)KHJDzVPX!-vw;qaM0pP3@tb3~RufghqkjPfEYw;JvG zW6)#ULPXT>Ssxmd-&tvS;}28px>Z$FcCX69L#wFKnxAJT_N72eFpmzNexRZcMHiov zSMB{F((FL|>{k7riB{w~SN4*)5BkDPi3C%AOj^shdDZskljGnO-vrqHn||Knur;TK8)v6mfl}o17)4cgscAMWyvdBgZSgFB^~t-Lo;ByP zG3i2hD8_uci|>?)``JAGQE{;Gi-8fZFx{S?H(JX>^qlrL+$%!t*v{^9N2pjT)dw1g z!(@^&O~+x$xu%uY)eck~2(pl{67@q`1A4$7`rn*`&ImW)!N1qQCpWlCSm5zLc5yTE zx{!M-XN0kWGvWnf_DRS9^!8-QmcrZW9^B3|Zs0bAvKskhZcwIU7r1-`Vov4R>Z{P5 zvhRB)1>Dz-T(^fYr4jCXzO`=q*wX+! z;@+FpEC*kRS35Fwa5x<4T_$Ff+2B1zasQwzvK-e&2qn^b%LUYtvT1>Ai+GVxwx~i# zjjBB`p%Nn5Rt=JdXmeEKIl=Wv1byH^ql)2~wW))P-3DmIJO_GeKVeH@xZl)w|5Pm9 zoGm+vnVV(sRt|rL)%$pe_!A*nX0<58RG6;#3yM**%$w}uHO;v0-Fl}0;}^d)+N~%3 zamUHt8xuW!;q4UN(u+gFG*JE9nAYGUq05J?j&oM^MmMw@%1h}x@Ow2QI~ZgkRVc)5 z6k`cN5G^7w2G`GGmab%F!%KB)gotZCt}@$GlemgjXBz@k^r*OTN~K_j{R_w6>O*7ZLuLn4D=6rOWR zzGt@71W1a=L9MX0TV`#vQ&|b#;thAasXmUJfR7)3M8M*Y-0Hx+F1dfC*)1^%H{LYi zT~aNdi{b0t?cfcxuwh5Tb$zvfO!$p;Xj~#@6-L z*gp{z#SZ;#rZj*wnl3MGRIRS9zQ(sDJy1Kkg;_r>xOR8(i&`7*0hVeuYlX;NpC*Eh zPTvp2KS|4))!h(*4y8?7mZIH;C#Zjsd*N&-$|%{?2uY?mT2{`}@QT@*9Db0o#f|KS zGNzef#3}rEEXM(Z!qsJtAMy1Y$lkBndbjMaekBfOU^1b5?jGT}u^v1czGdLvyrX@m z2M!YMA5F(m?(p|4gz*qhHZCJ*2Sc5KQ*Ehb7MUL9ri_wk4_@YE!U@nS@fQRec~)Ch zQjovzo=%;L1J^EolS(?b*uO@%)*~}Q0@-jZn zri0R{aQ4f&qylB#2h&PFbl|{s%rXWkTGlcbF>_g9cYP+fE=Hl zo_V%MVUM1ggifKmB3cDBxGpD*xdJ%%*&kcEN*juiQ+CqbA}^e{P1*r}{+qn$FRhAvD6S`M7R^ zucrFI&2588uI>6R+7CuV=Znf!nYXJR)z8{~gikDt3Ra_P@OPK;P6IY@jg4kOVYX@9 zke5cX za=QmSb=Y_1bF7u6foq$}{f9ZateI9~S3khH#bVQe|SA^}R>5UR!9jJV`LQ*-rQjOisn zt18JYMRNF$1A^|je<*t*?s3)6QhiD@PXsj6#%xG*hJ2b3tC}xqt%w@mX!2;kP(85h z6H0DZvNaUdUQ&T?LZg^}&oaureYS-ldCN`=fg9YQ%ZXEI{c}QOMzdTk1af6D&i6~- z2TRuk4ZO6F@Z_X@*C-psA$%-}5Y;X$!WWv}8*txxk9G=}pMhd0P+LCilb8;l0?u<7 z;^n)U1dX$7*DK!@mzcMtVj{T_MOow3?@OnaVXpxIN40a(f(`$Ae)6(X2Jr30f7Eq{ zcyW*S-z~tiJdwY-fCepQs5X%Ee+bfcab%7_c(e5ZD}(2W{G?7;yY_S7+JbwTx#`10 zzKGSZFH465Q#?~dY)d^cFw#rvk5AJr5eyHo8eG9s)`K|e5dJSZHDAON-G#bIP=kUd zTfC_JLun7?5ZfD@;NkelqM&@N{3lAp+ir%h7F<>4kZUqBJ^mpI{S3h{b-d*-?aVijUELF>|}u-q3!Tv zqy^qEuq( zcKdl))S`G?5Zm;>4LN;$A;DYm08pxI07Q#4hXs;Hh%RNdM zTl2i*?IEmzPl5U1$EF+uBf76?2lB*I^JsvSh5OfedX(c2(RWP`f!XZ+2e7*R!qn1F z5z1ctKXnHqBV?08G;^5pQ-%Z4fqW2;niTPYJlIr$`Z(O(`vc)|coybK|Je!t=rlCd zq4>L+y&55M6s_brMMPmnENJl}Atn>cV`YjfBHZqXv~mv~Rp#pLDiZLrRC?Gve`)Z! z@D4kiDE-#wO-QL$3^27SQQ9)ho|`9&=Y3w*tL41xk`!;gF&mVj;i?(V)!<0+m-|Y` zIC?6of*6RqAzO7XuXf=NdZ-G0-4xP>ki_0y14S7Oqn%BzV_{u?0s6`}m53yA6m!Vt zvCiM5aO>0Y>pOi67ahmW_u2>wrU=E9f)w3=sZrLK*H7?z;r0R+ka~m`YX1W_AYZt= z>-SqGFvSO^(BYTNc@~*w*(JF==(}RkFkaFv5(7|l=1k@y!6<0URBaFepvoqKIA0;# z(q_pDH#X3J*Ont$3S{%9)B{ia3LLdHDm7K8!88YOa(ju5Zrq)TAkXPk;>tm|_1PRF zm^p_wPJ#CHUvW*C;6){~a8WM_8-zgyMN&D^l{~k%Sx6J}OBZJY32Szr|5BXM-}OQ| zCwmCV!?+O`dDML9X-*P{3s7u z!iyBJghQl>@@-}ELZyzPZNpt>Rj2x)v1Zhqy#`6g>Rq45NBN%`$X4YU?Dl6y*>lIy zcS-h4w-bljp>^OqIQf7bB#oh28uvhy31g2#D*;~%oa~FkD+86E$o`- z;#Lem>0hL)5eU`W#4V&G4rp(yEw3Z?C0eLjD= zhm~-<6AD?{d12Af{^3r&K zma`@F`aF?>85gw*RrWrl7A?V=Vck)ZU!VQ$Bb~aGC#CDdc0lv3_}KE~8oGvwPv9F` zh0qnBCZUF@b)P1ic>OiuteUOj+dFYtc``>v7v`8-&PniV4EWwx;b0~_u9xjRNrP+}QF-kcunTFJer`xVO?qV^6+HF<; z+?;5dLUNyd?MC#5%cJiLG*l}ijlsy-k1PNk;66a}Q!EM?ZY4)s z{P@5!Y;XAp@RgL18YjAEm?To&T@tO6GXPnSs+Eh)c@AHGCP{z(wC1U;>JkJZ^fJ2; zsTE}5*wVCH+3KG%2MlXB zG)zT%ImZ;l_rh#;g{i(puLJfY;)SP4RD#o)x zQRaElcoQB?KCd^<2M1nUu61|Dm!|X%+|}p1LvD+NN>$OJVn?#N-bj>DjYpIPjzuMh zGWtn{;Wim@+?DU?xCYm(PxEptOB%k3hTb1wCH$R2ujunoqFZX;XL-U|ty?>?g=+U8 zhvdYyG2hnD{p&DXDfk3_KdTkjqHF_Ij$|FF$L{BR2fo|{v5j5)uv2KMQ z<xXSu> zwX?Wxd7M7vOOLRG1mV7<7VNuvv+N`)IEouK)Hz1Y|KVB!)!8EE^@g@xHHZP&o3rQp zm2M1&*;ZtJIJ)41nt+)E?uvEWL3Bw-d%9w!smLYr!z-?#>-5S)`#8NoJyx=9B&8e{uz}-Dcw}8u&P+fBPhf4Ip8+R67aEO zti1z=-cfPEuJ@AQEbt#Q-efaQ#9NCheX}e}ks1)Pw5j+Z4L+~e&Ih4iQ-dQSVc~N1 zr!GT-h|dQQ9IlzFu;{UbTE{O84?I7Z{XIUTu1&1Cy)b%|pgwTSnp2kJUIjPU{`~zo zuj_h^3)UUc7!(d;UYaJmFt8}{z@3jf2KwDvrmu7zA+jY~bSo4{gR{Md-M~SS$Q?G2 zjdDi|arCMEeZEmhPQx+Qnf#11v)y@vKs`sgL=^N6Z_VARDO~QIxowf?jda>$ze#UZ zc$nSvu%iId`N&g$83r4B*f~=AvOk*;yx)E4WKkDbyi)35!zbK$ENGE-%v#)>fEoSp zlqCIFe}eP7i+5j|0lwbvzgY$kx*~Sh?-N}^k7(Rng@JB1dBzfBU&8iN=nm`ZHFF)T{n-y?`Q zdPXOlZtd_L`!J49Nv}!MNu@VZacx!NBXhTFf^glh#xd?+$@npd>op9^=f?6qAnl#U zRnNsMpF2DG6 zd|t0FXMJHQjNr3E%{||=HHEaan|SVDsv&;y0R_R06J2>G&2RacQil;|@Q0Z6v}$k) z$AA~H1v9gOJ@nQ`ArH%qXiAV3;Gs(%~X1m9r^#lFp0d2CI8c>Q^k6^LVoN{cC{4z zpw?yFI>bgp@Muw{c%&)naTtBxIR^O(MHEPO%fq9v_v2pGHAHaGO^F=cV67}SFs?JXbSEq+w8moxAP_tpD*!94NjcZ1HnXPh}40z5rN;^ z3+@H223l7vlmsD^QnjXZ5!Y&_gMH;tan7hT8T!M|;#*2T%@TWXKJN(gKF-@*;@u6q zyb>v|DJzY_Uf6!7L%FKpbzfm%2uyYp_Px%DMoDF7RYo=st}wdjH3Y=Bd3Q;`nG*4WF zOtnYh2dFc$4b!)ssAX}|N3Pc}{6$;N_-&V@o#cm6v_BBH7we1tZTO;f`HV7bE1bS@ zm%MT$Fb!Lab=064VRfqeXW0k#ViU68(Ntiaf|XjM*IaYl7W{5l%u$VXq6&};36*2* z&oT(3ZugET`aFDj^Aazegx;TDZGz{Xc>!?e+##eB7ZA-N&I3`8 z?8ASkx-48wI#O)_ejSIJ@EkMo8?hb_FK4GTQVK{}tVm0gvU)yAOWTRpTV^t5)p}f8 zOm#1^80#82UUdAO@Ts>Z$YjIoud8s(t?YG%UD3P|o5TE;wSBp1t)bV>!RI$|adYD{ z^Fx&d2a`Zl%T#Wa-AX$@XP&|yvo12zc65PjYr67dlqT&@u0^oy0DLXK# zY69HQUI zL?-BNumD>_jNa#D@p0&=2P&?D54+Ffo_h z76yqaONlXHB&XoW1>-d~m{7tGDp|>*Zh)s4ao&R5=PEo zXo0c7^-nh8mICE>?H-Vw^t?F~>g`3cx{%}k9D=>}zmcQ@604{_8mx!iOZ}i|MtV&a z6~l_?D+ne9|CRcwjKN}W*}qB>38@7}!u1BsX1y;s-YQZ5Bc??u_(?ekR`-Z+GnsDX zB>xaSv$Q`f2eag|f1Nh_h@vJg%WT(*ZxnT6@tf;0|K1WM%}?XR2yI2t&j+RX@rwQ& zmqR4=*fV3|DC5m665D=R2#ad9A6;IKL2PcNUaVtpO$;eahiOP_5h%3JqPEF5hUIa}L>+bZgs~8an z*?p%U-tdFO(kN_jd^SW^V`cTF`;QTUp|S-LDEVa62~q;AoInm%PLU@$<_hbK=hcn_ z9b-K6op7+*;nrRWkdP-RZ8LHr*@_=F0q`J{4A%!EADp!H?RAPkRyR`jetMQnCk!@Y@SZN4wU4Yu8IM;JY*)X3`p8G*?OAsPk z6DOb@s3c_IQr@X-=QW5#f|HqHmhGmAuq~+Nn?ImU|3>+|nA^u|n}3#k3;gi3)vd{U zf2Cj&TeBr;3p1CPDdE63GKxuh$_MRf%S6vt)u6*M;vy*zfBCl_&P}pl#jaT;j){tD zC48lWiE3FTIx_xU0QYx&>(aj`Hvgl)bdwh+GjA910Dg!5B|)d$`L2tAIg)Ra3eH~e z6B&|Tqj2vWm}z1v-v5<&HTk5j7`-M7(L8rtyX=c3^9<{qxA=dI)hJi5=m^Ac+>k!H znzwxN1sckg&ZB<)m?R66j2se&&*aP>t_>_uR^-v$I&CvXK_Njz`}HPj18LrRoD8%m z_U{yg3wfF2)|p0Zw}Sio5Ng5(`XD8Y3O|g>>1KOZCW#N*zND?WozZNGiDpD$1Ms95 zU|2=K7L>QYMwa|lE9k+4AS|4sequ1ml&elt0;LPCxrbr(V6C}Y7^7*&QdIf;h2{g8 z9Ta{jHjNZC%7i8(Z31>6*qP}cZo3F?RMrFu$%;O3VsC#K z`WR;uno)2e{B{cl_mRBw&WW~3hYD%#mqaW{38K`1Xx#b}?63Pz-lTZv=ByHfb2DhM zIHR;QK6YF*vZ^ue+QkF#fGA4#V& zjgK?}1eKad@v(pQ-TKanW2Lrra!mu-WVDn{#+Pi^a1Et(r6ADo5HZSfa(91rL|L?Z zZ8?Mbvl{;9@de414SxIB;v~_o0?*bT!9o&7|#9omX8^LFgh396;r>q-0x=*e4-?2&=YO^JZj`Icd%+RzGQ-%bQAe&&ua_zvr?$7~&=KhKqb zNy&>X?1x-Ix{K|p>e8#N{i#C)wm`Jh1|LrSlaHkN*Pvht>;CU27Y3JRx4B56ExyR4 z6^CuqJ zC22Cj-$`f*0ShQdCkOuuq8kA`c3~-Asku=A1(K+3oOoLUE;WE$5q}j9nVvnnxMy5& zC7dFzQSHarkEHOhw8wwUUANrQEQ`IJVp{$VcRBQx<_~q<76zTrZSGQBX{L^ov#?O03 z;#ya}FH;U*Zqa9C1_1LnMbga@4?ndXHZZ#e0qz#jQL?EkT3fVkl3y{zQ{uI-lYMwsy&C&58Jl5hML8}M#W9MUjp&YqgpDqGg|5h(j-#7d`30_mbfp(;yL&3itt)$sk zEA9dl~pE@-xDlfSY_gsu8f67{LLq%@S}W|1fw zfK}mns7;l=rBfaI?!Iv)1vxD_3X%$80H9Urr_?>p6s>fWk6U#^h@#-UgIA9= z`)tlV?sSq$94ES&cXb`^iVA4k#ylP6-)2PDzixl=@A>?@{=OG*dKargW-tMPSz83} zalqTeJVT*|01saQfgi(a*QNX3g^7QyiLm{#e1x1e2G-29w;_Y%8zS@nK%cM*)9Uc+ zB_&@IcQdnYQQF_vigxfTW^RH4EPaJ{*viu9tS1NMF5vg2hFPM1#={)o6Q4G#QetBc zf<1Y)tC)K_j*u_#;YuF}8`9ke-(sinIc&eul%Ha>*8SML51T`G2@!(;++3Q`5nOLd40q;4UpxlPu0#5SI#wEpM zPCC1naWTnrUJMq&c?Q&n#7;P#bIyI|WjXl1x^CZY!Ljn) zyu+1s<Lo4}Ls|J?$lw6>?7z>z3DpG2Q$|o?8`MHEnaKtOg7HXE+0c(KwV8 zOpE0;pwyTqIkxptp3!6&-l9jW>ez2;E{Nmx6Gx7+zaJ&2cPnQ9W<`N9z&<( z+~bf~Z|6!L=kI+F&fLT{^D+q>BXDK>%`v@JisT>CGecKEYD9{<8XXxqL<7XU#Qv2M zTN2=zNr9Bt{tCII#QS%wjY}75#xHCr#N_deXg}sa_$uN^)PzDY`M%8S4?6oXi+s`nMTVWEtALf;I zk-n~__cuYiOj$=K+qAtEyU=M0PhziXbK~;W4P(XY0(1VC007Y4e{=MBF)5>bYwDNe z+?>Qq<^i8RwntehS`bw>Wh!TBjx{vvo>2+2Lbsm$)hQd|cOTyfeSwU=Ns>VK?Ktr- z97I%d!rl>^c-6%g#jfcKAxRMZtWiaT%}!?pf$GF$-``XAgyF_fvxC@UcC zb|JvQnUsrPjm!zbcYF!TPZ!<4ye2@1)<#67!sBp?LLUOoGYXjc*lHm4$h`_bLjjg1 z^l5H7ersKlzkbi@UJX*cyq-9Lg`uckYL%!){hFvDtUOx_`hXP21ZGCG@Q0Id5I_w) zn_H1#{r%Q%*5`30!{Chpr!y=SL2M|NtFY7XWg>Wrqyb4!u?MLaTv0`vwepmG@-wJ} zsJ1Ncr|9s1PA|4H8?|P+0oVB&rF|B>yxke|gU%>^VNCVK;^!SCk9~obdSpRuCRnW@ zwR*?7)11&fuKqRE46=_~@tL6j4@s{XmJy%gp_`P7toGnkG57+|D|HRcqvaG4KVG9k zxP@nxMfhxC%j#a|GgGp}DGafzc@`y6BT;L6RPZ!VOtKo##?K?w|G zzR=*@UCT3h=!r1~LWN35VlOE* zTx8ta&I-lI709xtO?0|A`1hq&JPYbEaGs+%L0hJSq`~sJnk?aqWubQ$?>_R<{N&RFM-%QU}WmczC<$|9Zc!~CHfq`5TngRXXx8u?wOK(PpFuastvO~{+w;OjSK zS?c$mPs=^XBfe{V@Mpjh#nSZ-mm{UPb-1>G8tO#-xEB)Ebj!2=l4{q;ao~Y}h-G+f zDQCI^42~8mIjDz*Gj_4zMN-e zJ&<+h#ilX|*#POTqwLC`K1eOReQ{fCJ!m%ivzh!W0Gq)-j5v?I-#!0j4>B)(ZaMX` z@r@UXq!IJHT zXIbS<=v$!?m*sTZvcJuc?{*XT~A6 ze4+KbvHG^EdXysA*Y|ikIoShJ?aJZ{b&%w3`g+f*`)*;m=YRg7Y=EhHkA1q>ovtL@ zo@Sr#hc=<%>DECRn&t~It{6UiIoySE@5bFgfmfu^7jMsNyyj=MLMT+ZyR$UUoS)Xa+JAasw-_8e^mS+^_7_={`h@_30U1La^R5o>g?8Y zY#(VI|6$*BDYe;6uy5|#RJXQjyh&SEiRbp=58Lj$1P>|z*8o;1JSaty|E}o&-ekag<91H?wWqh+(&nfZ z?h&V?XwozssvR;;pkyZk&CPW@lU5%iW2}Q=^^*h*yxHAD9w|#8l~-lhIi!7C+CTA7 z%eBFR+aNYYBYJ}U%dA(b5cZda1%9@>jzKva>sy|-TI|f&*|y69i|D+WZ&=DP$bJX3 zO3j?@vO*j6*jqTgrRLz8T?bn%v+`*VL*yCM+gp^t)hUnoN)v>ln&Z&P-e_;-=H@gi z%QMDX&O)qSTzNW72?OeHgGZ^H-%dj6383K2g5pJt-@UUVg74*fQbY}=UROQ*$7LRu zDK1v%^fpJtDqDX$WBG9o>0OQ$%y8aD?|4EB(i?52Dss@rw(_!@B{POyr(`}#L$XzG zU3dB#C_byFXiVp!Uv5droHaA)04iNdR4f$h=h}Gh_-LC&$NzanEJ9n}nlnKn-ZRA0 z_f}^WPB%yF6N?3V!)&_^F>nP7Pba=bufpgE)>{PPka*$m(#5A!MIE>;tQV zjh$G;_fADY9)URYB5=RWtjuJgV=XZc0c&2J})tW>isgornq2Y-tPYza62P>Rwv zrBVW}3Ds}%%r%npZ2DdCI)UML7HjZn)^f_oJbVH7C;dm<9l_O2s^-{F+;`^x*XbNi zwxaig-74=l7p)p1ci6xZCaN5_Bed(YZVu(hDYv*^t=8cSjf))aG^H+1*bbRGBGJe> z7D&%W-T_&Igx$^qSClSRsnH<0mh_wo7hISDfj;ez`V2Q@mAV%`fQBbMsg5p*FZh5{ zM?lj1jw(>b-9fe-Si<(X{+Cv}ZZJ0|2&68$2N1YZk^-SN@2J$DZ}GXVA1KB1xvJ50 zw`Izg=8>`P5s9B;*lD-QN{zyH$?We3i5d`vAM`~pjx`|rV&{EBbwX949QYjw?1x{$ zo-KHi!!Pp5M#{M|LMorX{+lLL=iyl`(`80DPiF_NvlJbk6avb^ z9|Ou_d~&Nq>y;%=z?T8#GwuQ915bc_5c_Y!xcGyzfsfj1?U!~|hPawBzS|pZz}C^n zN;~P_S?5SXP7T9cxO4^$>gkBOjIaq`tFT9G9jB9~ODWFKNRt66qeq&2(dJ6$FP~I; zpI=;Uq{@+Ou9+VN_x{6kl5(Po5seE6PDSJ>5i?Ulh}k6ac=J%;S`gZ%t%%>&Clp0%1ry_ zbO>>USzLLfK;|CmcqBgidgwr!B2R(mMeBDh;agmi#HQ9rB94}k^{lh-@b_9{N~d#1 zz9Wwo=^XTU7sBPol3Po>%|L)exb-OU)$AN0b9W(QZUb zxz|*2Wy5nLuh5R2pFD7amVOHydg=f;K|V z9GpoH%o12{I{hWiv6Fq_SNw93Dy47CAk?5LHR;|?==sPZx!L7Kfsa<@6%&@1tZPT0 zgKXFixij!3+t&5X3v(igBcfm8P^K1>e}%;rX*s1F%|jDIS|(z|GPb71RjHabet7C_ zYaJ?EaQ_rGfqo&#;^oDQP`Hgo(%n@03kh@)%mt=HT17fQgdD$%=b|ar!20B}W)WvC z-XfK9`_>r)1ofxKknU>QT%>thh8QUD{8(+NoNv$%)5|xSbabxey^LtGzvILDMj*Zr zCb1KAO>fZZw}uYQ(u_OmH(B5ocEIq9@cppMg*QDd)?f&cRumq|Vppj(?D_>F@8n0? zz~T;NU_hPuNHL+>8?;iytMwekmtVW|4!b4HkL(nkf9Ky#6v)Zi5_j!-`gz${GJ_V? ztEqYpKNE@g+z-?&E*}bbjH|vy;F1&O?;9QU0tQ5*#k1+OrK;y%r*{l&9T$vLWR6~O z1yk&w=%f8n;Kdh*WlDePsB=K**L5Ds(z${0kBOXPt(G1#XDeu!OrSS3_qW*}Q=AuS z4H1~I`$3m=%#cvNXEl3LOUZhO*UB}H-yNWv$2y`R_G_JP+3nkD69reM0H**NrD0G9 zJUx0AM|<>x(IVqiJB4J4BG$_EhLvTkJ0?{(4wG zM#A~i$fGg&Q)1ur}l%CI2fHuyqDl0^2cIVhxVrdVYVJ5cn6*7ettfRW-0H7uB9 z0&&^kE?pO3Q!Zl$S-shJ@bIVSb>5@3#D&6tk1g9hsS1VG)TO&hkWyxe9mMt){$>Y+ zvci|eDHkU;&_W{oR5pX5;7_N)p^%3D@pM}z5H9nNbeACRU8#!k&Fqz0T{~I{xu?h@ zxG{7+e^#@Q&5MT#R4tqooD0+ih?U=TJsbZf{x#WK@c;-{$^+OJ!@skPb9#B~s5P{z zb!hnABM;64g9KOOY+X8_U*VdK6V1a$p;gt0sGN-17$q+$Sk#t*5=d%)bbwD_-lKG# z38f|K@BF7Pp`dAMgxDzS^-?<;^qY@`;($cx6I~Q>xINJot*%h!NWN{0{7zbE_ABei zua<9oHfEC_di=RrMNS{hZ0j;P-4t}HrPZbruzPk%P}Hb&t&9`$nJTsHlj+O%s2R;b z7`tKkakGjqC}U}CWWS*1ta41XV2K&E`htv;_Tf*+fBXyrqN*wvdvpTC**Foh`G9yI4Pp;;>w6YoK_? z_XQP@JX21XuYo|Q75pcH(_$S2cYYk^cXmWh8tsPu9o~u*e#&eEr+K!S3FobG+2D)T zI@#Nr{2geO>k5@>=-D9D=#$Ukj%!g*+7$4*KjxV?vTl_~%4pQ=kOYivAqZSO ziT5_d3Qc?d8D(my`4WRt5vE&gn}s8UV?4h{Z=on$LfHE{56iHBO$kt~1wv2QeUal( z?gjueu|Z34DBx3Y{}AjZQQ?y%Nc!(RfM5be2}_^G^cZ1BMrstJc^~*!s7bL0)^ueNZ9U?vBd4m!})3T~ZnBPktjFj}c%F^mnUA^&?MQ2xyo(709Hb zy1m=UV+yH_4>eQZt;IjL;1lVC9@4o&M$m-PvTw{&_zge{Eruuar z0;z+Rf$lqMyC*~)h@Ken+j%9>rLYS=Z}$yJDH_S(n0>hmB=A)e$Td-9&t^dwQQFxu z7nd&euX>A;%s@gfEqTt{i~tY#`)|w(I)|vZ&_4`Y*&tO|zI|~L5Uy|@`$mBSsPSTd ztl&Cvb}l^A(c^Qy*Od|~UGQy~;<1%6AeZz%e&DT^N0miN3Q?q5O>3qrSWtGXV%k@) z8&+7Zv@l(tZ&}vU8*Hgfcw@Hddtyi^qTvG>YE>0GGaqnLJtDH>o%CwdBFsK@%WdP? z7_C+*kvWH}Z5}&tbRiH}F|{v22R8EQ-m{NZX?X43eN^0D{;bYBNOi2wxcQ@ z2t;syi;aLp$mQ{*C!h~94+}-)Tcj-?G^<1gp}^aBPm^}ah(L1zTSNAQwj`W3#JD-F z{J5QmCS+DY=Y5-F1dSPJzkTHvcfnvhW;PDr-r0T!f|6M6WQQPR<8o{<%pjaT&%Wox zoVE$CzYNSOME(o$4vSfIG+wd=+6gE4M^Fr6V|>9tb?&_khNpg5xQsEefx{T7-t1Ma z&ZLfk){F&1yXq`F54Vf2zqI#t&4~5juJW*@&yRsbAnAQYmhu0euNqXayiOh7*;Y+? zkUrtPLK(h5Pd!cFrn(UFRZbF+Z>LwBLV7>;EpjCF1Qc5mkO3)0i~8X|1baK$C~dCsWuGTAVFWayUq(-d>; zy$mc!IudvaaM4LGM@4*?&&r;!NvndNE*onbNNWVD5w8$Lu%N)43D}NfcRk*jVm(#{ zvuy)XqB6rhJU#Nvb+Hy_ZhQT0k8;Fn7S1o~4$U@?8n2bl-JB3<#;OG{ZxQEfg-ULd z!G2fVHS%b)cso_3`5MOj>UGok+p-s}cH9_t!Z6U#@WkvLe*7NMBG% zsjPpw-9I!EyF4|LtR6bZDh+-LBX+py9GoVf3{rSRSmvKZrvI%=Z#z^NvQlAk?v$dNKQAWsY~u`sh7R zgraJ69e=o1p_0zugt8s;)_T;kEX5yghv5nKJzhFT!fmnO>Z6T6TDI!4jMBd9JM+{W z>$u1xXyXPB8yGIHNWI2s^HBHh94P`Um>r?uU%68Kw3E-#G3JpbWIjoDx{&LyM8|tg zd_wMigte)G@lEbET84Gt%-$@+mFADM%wbYeslGC=Yen-GdhL#T*=1@FDmf7b!s(7! zkauOYVv(6MI4_bcID9~X8I=Doo$f&K`S@q0Uicw$KyQFxJw#6V#Z4nj*4X!DCd$aU zJ>S+CQ3sO7>GLZlvsv#@AJ2}W7+zBsf!GC0S92_ ztW0|Uq-0R*SwjOlz(*NM;;CgN?tcuPSzBoxsHm85JpqM$65js&w z1(h26m~g&;ZBp&o%VU7Irj$tpw zSDEB4kEAOFG|Il{$)+l2Q*V?VVNSLc+wv)U-bSrkqVnpe-k4SC*+LF%&MELWM*h@@I>(y+?Mc4IP zcWeeNsU*+rs(T<0;j5ZWMtt9fC@%`m|71T1oWwFN$DaTuhKvHx&4}Ah20dJ`eEiT0 zX+oVN1M8^S##fzo!?T>OEXAr5v(uDPKGU@{hJX^b&xi1+AHS{-LDA0=7*11n4;KFU zz~rM8gh;BnWByD&sA2Zis#3vIRJ9?F#&Kl__sQL zXe=QEnD&A5@7V$iNJA?48P8hQ%j8x9BMq-@ zJbd#-54uwmLoWAjsQD-1Oj2sR(^nXcEPVF9%{bdHHUTDr?m~`XL$By{&U>=R%pH+U4TmM@2B2@z zZn!8286ic@0~RvmjG_JFp~@f+ZlSlxLjUmZ+3PA99!~Z0Ot+7EG5H!NF)zj-sp#ZfNwvNI`GL_b^Gt;()1TQhC%@fl%h3j3sihETnJV&<0ekuvEVyFq$ zi2z}WboVG~Q=nm3zkqSqGy>omAY>qCL77KBaQ+HSygJgt$RIzebcGR1@GOW0T{}Qw zVC62B0LmSc&uPjA9+>_G!5{ofUj^>}mrnp;@Bh|m6w4fK2hQ_jEHtecc{@J~Xq8n; z!1mk-QY4jXnG&m^6w|X-1Z>c-0~>R~QYxo3t7yRE>96;YYv4?W5k{rq_hJ#H+A{4Q z2e29|1QnjCX@BR;SES0t#1v=gf(K$T54NwZDG9&m*Ne5bge;A2PXPib6?mgj^j`cK zR8X%TYGT@_t6`Cf$c?;h(Ev7U*u}2&n7x94xful?N7;}7FrRnS&~?9aewq)&88E%i ta-%1K$!3m39MA#_asLkorB+}o^aBU~p;9w0GujJu{i=a>;T3q$e*lRJ@jw6o literal 0 HcmV?d00001 -- Gitee From dc59e73c4ed550086607bb6dbf30ec2e297a53b4 Mon Sep 17 00:00:00 2001 From: liujingang09 Date: Fri, 29 Jan 2021 14:25:18 +0800 Subject: [PATCH 09/11] update web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md. --- web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md b/web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md index e52d8e82..4338b643 100644 --- a/web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md +++ b/web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md @@ -26,7 +26,7 @@ summary: sudo堆溢出漏洞(CVE-2021-3156)分析 2)漏洞修复方法: 修复在user_args中转义反斜杠时的缓冲区溢出问题;并且除非在"运行模式并且通过shell命令执行"的情况下,不要尝试转义反斜杠。同时拒绝不安全的-H和-P参数:执行sudoedit –H或sudoedit –P,会输出"usage:"开头的错误信息。 - + 3)排查方法: 以非root用户登录系统并执行命令: sudoedit -s / -- Gitee From c751a08af24238d7625a164c029c4a93776a303e Mon Sep 17 00:00:00 2001 From: liujingang09 Date: Fri, 29 Jan 2021 14:26:16 +0800 Subject: [PATCH 10/11] update web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md. --- web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md b/web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md index 4338b643..0721e32c 100644 --- a/web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md +++ b/web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md @@ -16,8 +16,10 @@ summary: sudo堆溢出漏洞(CVE-2021-3156)分析 在sudo解析命令行参数的方式中发现了基于堆的缓冲区溢出。任何本地用户(普通用户和系统用户,sudoers和非sudoers)都可以利用此漏洞,从而无需进行身份验证就能从普通账号权限提升获取到root权限。此漏洞带来的最大威胁是对数据机密性和完整性以及系统可用性的威胁。 该漏洞在2011年7月被引入(commit 8255ed69),当执行sudoedit –s / 时,sudo的src/parse_args.c文件的parse_args函数会把字符“/” 设置为"\"。 + 漏洞代码位于plugins/sudoers/sudoers.c文件的set_cmnd函数中,关键代码如下: + 如果参数以单个反斜杠字符结尾 ("sudoedit –s /"会执行这段代码逻辑),则情况如下: 1) 在905行,"from[0]"是\ , "from[1]"是空的终止符 (不是空格字符) 2) 在906行,"from"指针加1并指向空的终止符 -- Gitee From 60e5f660ad9648b99a8d0b128240a196f1fd8239 Mon Sep 17 00:00:00 2001 From: liujingang09 Date: Fri, 29 Jan 2021 14:27:38 +0800 Subject: [PATCH 11/11] rename --- .../{sudo-cve-2021-3156.md => 2021-01-29-sudo-cve-2021-3156.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename web-ui/docs/zh/blog/liujingang09/{sudo-cve-2021-3156.md => 2021-01-29-sudo-cve-2021-3156.md} (100%) diff --git a/web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md b/web-ui/docs/zh/blog/liujingang09/2021-01-29-sudo-cve-2021-3156.md similarity index 100% rename from web-ui/docs/zh/blog/liujingang09/sudo-cve-2021-3156.md rename to web-ui/docs/zh/blog/liujingang09/2021-01-29-sudo-cve-2021-3156.md -- Gitee