From 48ecb80d6bfbe97b0a02614005961dae51f4257f Mon Sep 17 00:00:00 2001 From: evazion Date: Wed, 26 Oct 2022 19:59:38 -0500 Subject: [PATCH] Fix #5230: video upload 500 error (StatementInvalid) & empty error panel on page Fix StatementInvalid exception when uploading https://files.catbox.moe/vxoe2p.mp4. This was a result of multiple bugs: * First, generating thumbnails for the video failed. This was because the video uses the AV1 codec, which FFmpeg failed to decode. It failed because our version of FFmpeg was built without the `--enable-libdav1d` flag, so it uses the builtin AV1 decoder, which apparently can't handle this particular video (it spews a bunch of errors about "Failed to get pixel format" and "missing sequence header" and "failed to get reference frame"). * Because generating the thumbnails failed, an exception was raised. We tried to save the error message in the upload_media_assets.error field. However, this also failed because the error message was 77kb long (it contained the entire output of the ffmpeg command), but the `upload_media_assets` table had a btree index on the `error` column, which meant the maximum length of the error column was limited to ~2.7kb. This lead to a StatementInvalid exception being raised. * Because the StatementInvalid exception was raised while we were trying to set the upload media asset's status to `failed`, the upload was left stuck in the `processing` state rather than being set to the `failed` state. * Because the upload was stuck in the `processing` state, the upload page would hang forever waiting for the upload to complete. The fixes are to: * Build FFmpeg with `--enable-libdav1d` to use libdav1d for decoding AV1 videos instead of the builtin AV1 decoder. * Remove the index on the `upload_media_assets.error` column so that setting overly long error messages won't fail. * Catch unexpected exceptions in ProcessUploadMediaAssetJob so we can mark uploads as failed, even if `process_upload!` itself fails because it raises an unexpected exception inside its own exception handler. * Check that the video is playable with `MediaFile::Video#is_corrupt?` before allowing it to be uploaded. This way we can return a better error message if we can't generate thumbnails because the video isn't playable. This requires decoding the entire video, so it means uploads may take several seconds longer for long videos. It's also a security risk in case ffmpeg has any bugs. * Define `MediaAsset#preview!` as raising an exception on error, so it's clear that generating thumbnails can fail. Define `MediaAsset#preview` as returning nil on error for when we don't care about the cause of the error. --- app/jobs/process_upload_media_asset_job.rb | 4 ++++ app/logical/iqdb_client.rb | 2 +- app/logical/media_file.rb | 10 ++++++++-- app/logical/media_file/image.rb | 16 +++++++++------- app/logical/media_file/ugoira.rb | 4 ++-- app/logical/media_file/video.rb | 9 +++++++-- app/models/media_asset.rb | 12 ++++++------ app/models/upload_media_asset.rb | 3 ++- config/docker/build-base-image.sh | 6 +++--- ...remove_error_index_on_upload_media_assets.rb | 5 +++++ db/structure.sql | 10 ++-------- test/files/mp4/test-corrupt.mp4 | Bin 0 -> 10240 bytes test/functional/uploads_controller_test.rb | 8 +++++++- test/unit/media_file_test.rb | 8 ++++++++ 14 files changed, 64 insertions(+), 33 deletions(-) create mode 100644 db/migrate/20221027000931_remove_error_index_on_upload_media_assets.rb create mode 100644 test/files/mp4/test-corrupt.mp4 diff --git a/app/jobs/process_upload_media_asset_job.rb b/app/jobs/process_upload_media_asset_job.rb index db5f2f1ed..3f0d1c173 100644 --- a/app/jobs/process_upload_media_asset_job.rb +++ b/app/jobs/process_upload_media_asset_job.rb @@ -5,5 +5,9 @@ class ProcessUploadMediaAssetJob < ApplicationJob def perform(upload_media_asset) upload_media_asset.process_upload! + rescue Exception => e + # This should never happen. It will only happen if `process_upload!` raises an unexpected exception inside its own exception handler. + upload_media_asset.update!(status: :failed, error: e.message) + raise end end diff --git a/app/logical/iqdb_client.rb b/app/logical/iqdb_client.rb index c0e0c7933..e17adc780 100644 --- a/app/logical/iqdb_client.rb +++ b/app/logical/iqdb_client.rb @@ -98,7 +98,7 @@ class IqdbClient # @param file [File] the image to search def query_file(file, limit: 20) media_file = MediaFile.open(file) - preview = media_file.preview(Danbooru.config.small_image_width, Danbooru.config.small_image_width) + preview = media_file.preview!(Danbooru.config.small_image_width, Danbooru.config.small_image_width) file = HTTP::FormData::File.new(preview) request(:post, "query", form: { file: file }, params: { limit: limit }) end diff --git a/app/logical/media_file.rb b/app/logical/media_file.rb index 3206e1b33..ebb145378 100644 --- a/app/logical/media_file.rb +++ b/app/logical/media_file.rb @@ -200,17 +200,23 @@ class MediaFile false end - # Return a preview of the file, sized to fit within the given width and - # height (preserving the aspect ratio). + # Return a preview of the file, sized to fit within the given width and height (preserving the aspect ratio). # # @param width [Integer] the max width of the image # @param height [Integer] the max height of the image # @param options [Hash] extra options when generating the preview # @return [MediaFile, nil] a preview file, or nil if we can't generate a preview for this file type (e.g. Flash files) def preview(width, height, **options) + preview!(width, height, **options) + rescue nil end + # Like `preview`, but raises an exception if generating the preview fails for any reason. + def preview!(width, height, **options) + raise NotImplementedError + end + # Return a set of AI-inferred tags for this image. Performs an API call to # the Autotagger service. The Autotagger service must be running, otherwise # it will return an empty list of tags. diff --git a/app/logical/media_file/image.rb b/app/logical/media_file/image.rb index 0b83c8473..8da9c066e 100644 --- a/app/logical/media_file/image.rb +++ b/app/logical/media_file/image.rb @@ -5,6 +5,8 @@ # @see https://github.com/libvips/ruby-vips # @see https://libvips.github.io/libvips/API/current class MediaFile::Image < MediaFile + delegate :thumbnail_image, to: :image + def dimensions image.size rescue Vips::Error @@ -61,21 +63,21 @@ class MediaFile::Image < MediaFile image.interpretation end - def resize(max_width, max_height, format: :jpeg, quality: 85, **options) + def resize!(max_width, max_height, format: :jpeg, quality: 85, **options) # @see https://www.libvips.org/API/current/Using-vipsthumbnail.md.html # @see https://www.libvips.org/API/current/libvips-resample.html#vips-thumbnail if colorspace.in?(%i[srgb rgb16]) - resized_image = preview_frame.image.thumbnail_image(max_width, height: max_height, import_profile: "srgb", export_profile: "srgb", **options) + resized_image = thumbnail_image(max_width, height: max_height, import_profile: "srgb", export_profile: "srgb", **options) elsif colorspace == :cmyk # Leave CMYK as CMYK for better color accuracy than sRGB. - resized_image = preview_frame.image.thumbnail_image(max_width, height: max_height, import_profile: "cmyk", export_profile: "cmyk", intent: :relative, **options) + resized_image = thumbnail_image(max_width, height: max_height, import_profile: "cmyk", export_profile: "cmyk", intent: :relative, **options) elsif colorspace.in?(%i[b-w grey16]) && has_embedded_profile? # Convert greyscale to sRGB so that the color profile is properly applied before we strip it. - resized_image = preview_frame.image.thumbnail_image(max_width, height: max_height, export_profile: "srgb", **options) + resized_image = thumbnail_image(max_width, height: max_height, export_profile: "srgb", **options) elsif colorspace.in?(%i[b-w grey16]) # Otherwise, leave greyscale without a profile as greyscale because # converting it to sRGB would change it from 1 channel to 3 channels. - resized_image = preview_frame.image.thumbnail_image(max_width, height: max_height, **options) + resized_image = thumbnail_image(max_width, height: max_height, **options) else raise NotImplementedError end @@ -102,9 +104,9 @@ class MediaFile::Image < MediaFile MediaFile::Image.new(output_file) end - def preview(max_width, max_height, **options) + def preview!(max_width, max_height, **options) w, h = MediaFile.scale_dimensions(width, height, max_width, max_height) - resize(w, h, size: :force, **options) + preview_frame.resize!(w, h, size: :force, **options) end def preview_frame diff --git a/app/logical/media_file/ugoira.rb b/app/logical/media_file/ugoira.rb index 2f9015083..3c7f1e925 100644 --- a/app/logical/media_file/ugoira.rb +++ b/app/logical/media_file/ugoira.rb @@ -30,8 +30,8 @@ class MediaFile::Ugoira < MediaFile preview_frame.dimensions end - def preview(width, height, **options) - preview_frame.preview(width, height, **options) + def preview!(width, height, **options) + preview_frame.preview!(width, height, **options) end def duration diff --git a/app/logical/media_file/video.rb b/app/logical/media_file/video.rb index 197f01b3d..badab7be6 100644 --- a/app/logical/media_file/video.rb +++ b/app/logical/media_file/video.rb @@ -11,8 +11,8 @@ class MediaFile::Video < MediaFile [video.width, video.height] end - def preview(max_width, max_height, **options) - preview_frame.preview(max_width, max_height, **options) + def preview!(max_width, max_height, **options) + preview_frame.preview!(max_width, max_height, **options) end def is_supported? @@ -26,6 +26,11 @@ class MediaFile::Video < MediaFile end end + # True if decoding the video fails. + def is_corrupt? + video.playback_info.blank? + end + private def video diff --git a/app/models/media_asset.rb b/app/models/media_asset.rb index cd28760e3..84b73184a 100644 --- a/app/models/media_asset.rb +++ b/app/models/media_asset.rb @@ -86,17 +86,17 @@ class MediaAsset < ApplicationRecord def convert_file(media_file) case type in :preview - media_file.preview(width, height, format: :jpeg, quality: 85) + media_file.preview!(width, height, format: :jpeg, quality: 85) in :"180x180" - media_file.preview(width, height, format: :jpeg, quality: 85) + media_file.preview!(width, height, format: :jpeg, quality: 85) in :"360x360" - media_file.preview(width, height, format: :jpeg, quality: 85) + media_file.preview!(width, height, format: :jpeg, quality: 85) in :"720x720" - media_file.preview(width, height, format: :webp, quality: 75) + media_file.preview!(width, height, format: :webp, quality: 75) in :sample if media_asset.is_ugoira? media_file.convert in :sample | :full if media_asset.is_static_image? - media_file.preview(width, height, format: :jpeg, quality: 85) + media_file.preview!(width, height, format: :jpeg, quality: 85) in :original media_file end @@ -235,7 +235,7 @@ class MediaAsset < ApplicationRecord # XXX should do this in parallel with thumbnail generation. # XXX shouldn't generate thumbnail twice (very slow for ugoira) - media_asset.update!(ai_tags: media_file.preview(360, 360).ai_tags) + media_asset.update!(ai_tags: media_file.preview!(360, 360).ai_tags) media_asset.update!(media_metadata: MediaMetadata.new(file: media_file)) media_asset.distribute_files!(media_file) diff --git a/app/models/upload_media_asset.rb b/app/models/upload_media_asset.rb index 9c3d9809d..a2e6dfb91 100644 --- a/app/models/upload_media_asset.rb +++ b/app/models/upload_media_asset.rb @@ -86,9 +86,10 @@ class UploadMediaAsset < ApplicationRecord Source::Extractor.find(source_url, page_url) end + # Calls `process_upload!` def async_process_upload! if file.present? - process_upload! + ProcessUploadMediaAssetJob.perform_now(self) else ProcessUploadMediaAssetJob.perform_later(self) end diff --git a/config/docker/build-base-image.sh b/config/docker/build-base-image.sh index a14a09fbd..9d83ecf13 100755 --- a/config/docker/build-base-image.sh +++ b/config/docker/build-base-image.sh @@ -14,7 +14,7 @@ COMMON_BUILD_DEPS=" curl ca-certificates build-essential pkg-config git " RUBY_BUILD_DEPS="libssl-dev zlib1g-dev libgmp-dev" -FFMPEG_BUILD_DEPS="libvpx-dev nasm" +FFMPEG_BUILD_DEPS="libvpx-dev libdav1d-dev nasm" MOZJPEG_BUILD_DEPS="cmake nasm libpng-dev zlib1g-dev" VIPS_BUILD_DEPS=" libfftw3-dev libwebp-dev liborc-dev liblcms2-dev libpng-dev @@ -24,7 +24,7 @@ EXIFTOOL_RUNTIME_DEPS="perl perl-modules libarchive-zip-perl" DANBOORU_RUNTIME_DEPS=" ca-certificates mkvtoolnix rclone libpq5 openssl libgmpxx4ldbl zlib1g libfftw3-3 libwebp7 libwebpmux3 libwebpdemux2 liborc-0.4.0 liblcms2-2 - libpng16-16 libexpat1 libglib2.0 libgif7 libexif12 libheif1 libvpx7 + libpng16-16 libexpat1 libglib2.0 libgif7 libexif12 libheif1 libvpx7 libdav1d6 libseccomp2 libseccomp-dev libjemalloc2 " COMMON_RUNTIME_DEPS=" @@ -77,7 +77,7 @@ install_ffmpeg() { curl -L "$FFMPEG_URL" | tar -C /usr/local/src -xzvf - cd /usr/local/src/FFmpeg-n${FFMPEG_VERSION} - ./configure --disable-ffplay --disable-network --disable-doc --enable-libvpx + ./configure --disable-ffplay --disable-network --disable-doc --enable-libvpx --enable-libdav1d make -j "$(nproc)" cp ffmpeg ffprobe /usr/local/bin diff --git a/db/migrate/20221027000931_remove_error_index_on_upload_media_assets.rb b/db/migrate/20221027000931_remove_error_index_on_upload_media_assets.rb new file mode 100644 index 000000000..2fefd8233 --- /dev/null +++ b/db/migrate/20221027000931_remove_error_index_on_upload_media_assets.rb @@ -0,0 +1,5 @@ +class RemoveErrorIndexOnUploadMediaAssets < ActiveRecord::Migration[7.0] + def change + remove_index :upload_media_assets, :error, where: "error IS NOT NULL" + end +end diff --git a/db/structure.sql b/db/structure.sql index 0f8aa3851..634de42cc 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -5500,13 +5500,6 @@ CREATE INDEX index_upgrade_codes_on_status ON public.upgrade_codes USING btree ( CREATE INDEX index_upgrade_codes_on_user_upgrade_id ON public.upgrade_codes USING btree (user_upgrade_id) WHERE (user_upgrade_id IS NOT NULL); --- --- Name: index_upload_media_assets_on_error; Type: INDEX; Schema: public; Owner: - --- - -CREATE INDEX index_upload_media_assets_on_error ON public.upload_media_assets USING btree (error) WHERE (error IS NOT NULL); - - -- -- Name: index_upload_media_assets_on_media_asset_id; Type: INDEX; Schema: public; Owner: - -- @@ -6907,6 +6900,7 @@ INSERT INTO "schema_migrations" (version) VALUES ('20221003080342'), ('20221010035855'), ('20221026084655'), -('20221026084656'); +('20221026084656'), +('20221027000931'); diff --git a/test/files/mp4/test-corrupt.mp4 b/test/files/mp4/test-corrupt.mp4 new file mode 100644 index 0000000000000000000000000000000000000000..3062e18c1b80333738316ea9aea81395005f2914 GIT binary patch literal 10240 zcmZQzV30{GsVvAXFfn3aU|;~zxdkSMnZ^0J3=GUhx%v5J3=9l8xn&tCAo;5w1J8jl z0|Qe80|Rdi10w?nfutaq5kkR9G`<5|0xN@wfq_9WGe4ymBrDL+&>+Cz|NsC0`u}_l z4Gk;|V7r*+mJ}ssGcYj3lw^Y)#SU^12t(vST6tqYBnn1z2&$_Y7(fnV)L~!%VFm^! z%iNUALw! zQi~MI4D}3j%}veC%?*;wlPyv$Q_L+BO^wWwQ_|AR%~Q=y%*@P;EzFF}P0~`*K%Us0 zo0$h#(C`SRLnSp_^y0|1Mhk=1%a&bv9INBiM z49$sU$%Y^eP(G9ip%`@-br?Jt7{C}L#K`3s=B(hHpOTrE4&r0M|Nk>EFz644lVmP2*#1Q-~Y83Y&@YB@e8y<%iw$vDUMiGhK^p}3?39J>q*3~Uf* zuwP(cU;xED$f=AB4BR^y7#Kj24dpW=L)3wzOr*G^7^WZOZ4fpoE-4170XdKvNi9eY zWG+k$L__UluqiGnt^#R*VlD;-9czd)n7tSnm@Y9eFdboFU_Q&hz|6$Jz;u9tfdypN zYfz3UE=kUZ>SJbLV2)#8(4Wb`V7`@sfq^5fC^eOV!F7IaN@58E1Ct{g>;M0@cU)iY zeRk7h`!t;!3OAMCy{|AbGf~i0NX{=xRWLNMP|#KI&@(bK(f18-b=Ngf0EK&UeoAVx zg06ydenDkUYFdeck%57+u91PEnS!oDMoCG5mA-y?dAS}a(dFkP=IP}ZrR#&t)ypW! z%~8-*$S)|#%+D*fQby zQIwyX7@wPJYp76Cl$w*1S!`>dU{PU_l3ZeIppaacYipp8lA4%Om7kYtYhfcP@J7vU~337ps*l5KP{~|6{M*oqbM~orP$U`AtygSJ24|QF(n=$R-BWWoQe=I zP{=C+TalcZn^*#JMrK|~YEe#Na%zgLfkIMFX;ETjd~$wnK_bZP%BU6RqSNLa#5N>Zc<56YAVS0MQOH126_exg&_NF4fMd41BM0$2F*{Y9W7k{|NpTS zVPHwx|NrlT7E1=!x)&arWe%;sX8kE&+g!L?^rXbnvS$otXFe&PC~`6pV4M8lkn*f; z`e!ARX5Owh+3%P8&)nvyoaD-~=xadj>z{GD$p`K~Q88P_;QJ<}lT}=nI_J=zC?fX0bVz5uN~_anIDJeepT>Z|`Mio%JW0if8`s+b+A}{QsnN_m|v%z5W0HKS~_O8KnID z|6G3QQ6R{`{>AFaga-i)xAPBt-En`%{1t^^61S?vc7t&i@0t`~M2_aW3oN z$zo`ok#pdI!2Y`r&%N9H@s%e*(N``z;t4y#GHwAukjezJay=oqR?zPfCx{o!xOyul;ec zXK6U7xNg_$rAycC`oH`?7t7v1j0_zPTPi$veC3ci6Li+Axurp^k}V{2@8%MFKC6f? z)qD(+lY?~+%s+6Yh~aUw^NC;fCeojHmj@V4`{1cwx8Y1wXnfk8Tf4(69Jep_+wta~ zRLi84xc`^`zfm*)Rbdj%vYt!8{pY=lR~(%61J0KIVch@hK^Mc5GQqA>oXVdh5L*4hW|+ACkb>cJLH@ozf| zC7&($p!omV{Qg5N@nPb=vrQMD`_8<3ioH~~PC8G^4vSwK66H9V*WO!@9GE*%?cs!& zIlJE}uUMCT{MdJ=L+#h^x}04&)iGN&!}wt7EV&uV|NptXuW%45U~_obrOmzm5kr+X z!yS&mmj@W5{;pXczt8^pKexoEp37U8nZLdA^*_^X?ts#+_#Y|HA6Q@b-@oqH?)9>4 zhtx#v)Y^(qvzcE$!O}UgVM4i`+x{ia7eyu={TRAXD_$f%*rqV*;{F>>mu_dPu9?2= ze!#B_zvV9(&-<%v&cOaKa@D5o?CKR4g=>zkyx(Ab$J(^SeBalDzmETEihBM3PsfG^ zr3dUQ1=tGGrDj_&^sv>7R9XZ|H*l^v*V^~JQsU!m-Y@$1Z-2PGp|gh7MB>k<4^m(D z->Ll@<}b24>6z=3t8@6wqCPNipW5+2xZ|yR(sc*XM7iP`*E4n#RIFr{n^}J>@cg!G z+kEyNvp@SB4gJB%+)#94wP>=I^!i`zXEnX$55C(I_9ef+Qn{Bah4D*aM#hBlZOuRG z_o%D9J1igeL#5R3;rf63_&B^QzW#rkpRLT7@aT=bjd7uD?E;VT84R{>mKnw0FsPAP zJM)&%ANH!F%1swJii+leQiL!LR_WYJP)gR? z_9)f=|1*M&Zp7}lvstm|oa&x{w`NCU=fAc8zu|*RSexxl{mu7eol39&U3>B3Y?iqp z4gyQh2fnQKzqsI=uVl@W` z>)ga`{~HqSqzSkxr7vw&E)XuB{OiE}s(?-N?-sOud-AXRfMl@3laD_|cXoV8`Tgia zarVRw?~MCj)rSbr|1j&9q}KJCiwzPloZcD!+Pjj2G4EHI+3kaNx6~8`)-ku8{XO;h zf;UwUT8?yzr4)cvI9Nh2@E?o}pkwsR+X#hxZqLT}jS)@PBuc zd@-wsW}V%eg})|-tZ4S>Jv1$Mp{vzInYumu-f{YW-)nEQTYm2jhH&*o3c5zp>(XNT zwDtAvw|e}UekDhE8tdQhKO2q-ymhoVua}WlweKyp$gK9ZZ7Yt68f*p3NQ%Dull$D{{y~@ zTXep5uJQ5VO;{$yki5FI`klJAtN(*Xd*_|hzh|d(w6h}Y!F!9ln}V4Gr|#p^xSO3D z{-;a#*Nt?gZ5=%_KDtL;Dpx;cZ(DNeZ%6gFxlgVbE6i5z{(P{(eaFqTl?$YPF8e*j zHH^=nCBE&|616D(Pan88Coy_f|2)=h)9_!Xj!!dwqH*6O^Bt;NE!AsyJ1#JNE^ktB zGx`~ur@rum*s-@PrdzV^Kf0=NlBYQ--1_&rH2qh%&n`J+aDDGy&ev_7O72W05kKR- zk{V6#cdB*duhQrL@bTd33x%_GTQ64K&lc_NQMXM!z0j6r;T`$O)it6*+s_wm+@yWH zqwY~^K_t%;zo=%_0@J5+e%{aiXb{osm&Illc4zm8{IEY?eRrk`CDp%?oqN-f^8<^D z<1UUFAJR|E^W3+q>&bzu9~AeyF?buSwkoX<=j8I8|0CA%{^uz6Idu#j{Q4hrZC=!C zmCRRn`uMg{s#RqBf%ogZ?^b@z|0`(F{`c6C2;S|>a%P?kX@8-=vHn}9j{K9%N_Gv& zg-RmJ6-pd3q^>-8%B&K(;rpD&r+h3vfAp0+_#;l3_ujQvJ@M>YQ}QyKO}JL=>U#BR zMt#urc>ew*6>*jcn&yH#S+6|!Fva5YJ*Ozc>4zNGT{geEms9us0*|t5<>%Yu<3t@F z^!^R|zu)UyMIKAcb+2HyB36M|M5m-eq~!lQKmZ#KOlxmR&&(WUP-1!Xx*+b@`} z2+S|D-p9%+6LPabMUrLya~BTB-1~lY)yGBm|7W~&qRh$Sv~4Z_@~VAn-)~sBaMGkz zvUzR~TW;m=DpT9QSMm0TW?rU+gDB(HW5yx%-xB&4Z|%|GZ#>&HO`Ab|^Yp2Xd&&}NxuU>$cb`hL#8+38oUT+%P(P5-~^rGR>7^4SmPQc@hB zzhugd>Ct9--^>zr-f3>Z0mEOi2_;=q_yS|}LhpQLovQoaN9aFyjXEFuLOE~VNQ=Lc z?lK1yrcE*YvgCX1S?1Ee<;(sjegAXPqids#pqaB~R*RA8o5Wicp_Q5+7Ccol!PW1*q7&zDq z)cB7YMX^_Qo@=kOF=BU$m;TEKJqq)tL5?f-JhRbPIOe3{r~@mHW%v+3AS#>84QP* zwzD2)=Xj!J-~0W@7Z-=BmY@5)9dhD!E?=+p?P^{l_r}xZHWs&4jHg)zt`Ge4Pv!^j zyR^+K(kjh!4#~T$^AGtFEUOlJZr1Eg*ZQ{qF7dZL0-gb>+HP6@N09Tv+J>P2pR}FM z8$Nrv`28RG|MR|a2MQ(bf5`u%ri3G-eYe;_Tf_gqeV=2V2I6 zmW`T%pBT>{UtE0SwxZdFjL;vP*OizTrp>5*R~fBzZ$-i=6MZgQm|BkxVr+58(?vQ?&cSlN)hfMu9hc~k)xcRfn zuYck7RFhTg;>?Y#`ODtkmu1M<;^Kct@kJN2``S-^J6fm78E>=+`#p8T)ocm>Ihos@ zTwPGL@z!jszjqdYFPLZZIj`a&16$rM9`OfGTEz^qlWKSmxN+`}?_a3=`(@#(ujeE} zSdRDX=KNlT=e&Mz8Vin=W-JQ?`KB&b!#}H?V{j zeCFQiX5;-c#!$#Aw5aa2SvV_ig;H4!b7tC`o%!;!m%L24Ui-4l-dRun6odGgJ(pM( zihaK?*YvV^`tCFL_Ag|4{`Sey+`WR6Og>-oGq68(-hN608_WAgy4xoFt1>yL5h{J= z(hINErZ?QTi_B|ln0LjjFxBA1qy%>B1@~-qjd=RbsH>_*eK?vX-(-GWXQol=B3J#N z-^^t7*Br3@F!^o5djE#IZ#F(+2%f>fz5nN*t^W^6t=pk-Ao1U_doOBKc3ex{|1To& z;iUaPVmlJ#;}Z>L=pXP(7HZs^Bd~Yf$Da#Jum83GBEsv?e?#v7{SOS!ezeZ{)26|8 zK4;4e22tj%zv6%7y{Mf2e*U`pvlT3_7>+nsW^R_RVo0ibAAMMXyTg6WLQ_MRHKu`A zHZ1?YW_SIcr4wTgt30&v{>hrT<+ZMs;QDzWIC+z~!u)j6pz|2GOAZ+khfHvi-P{pxbEJL}Ie{R-Bp&6xh5O{(TcDaWIm zdxaPO7N}m#psT!>O>9PD{_lg+J^z2;=?v?6$)d*d&*xkM>oZ@Q0}GZ2-pD3&c1YJ`xa3qQK^hi$KSu%s=;6eO`Jb41d2cb!zp$ zRy*0Y`~Nb|?Dbz#>ie1>G-$=BUgEAYo$=|0xroP4yYsT5k_=hj{zhfaS^aD8#O400 zY7czkx__?g6T{~MGnH$ZQf~2ek3aif&Y$$e>XfnQUOkgNACj{AcCjcfYYLkFKg|E3 z`j=>t^V9ZiH!Qgy{$)A$i5GUVr+!>`mVNWuj2T%6_(F^L?!1kgWyKNypgO~5+3Ho+ zM^7C+x4uGe!s0*s1EN>iI@?x#?0aN#>&^y-7ks zzWL1kpXQdPq#A3J(Qq_iE7VSAhZ6&nfvJ; z%pw1mab&Om692uz!9-9x=KufS8~-Fs%VYhz|8D&UHoq@3OO$VXeCgLZ`|I+5e@?yM zSr_`+>6PWXu!;#Yr5iuQe*azj;!et(fVhK;FG@}i{m=O3P(PE{(*Jc!?*9~j_|H{P zK7p}kRn<-Z_e=~d+a?^hkvvj1`PuY|#}ybFVnrB|isvzPDjt1e`9O-JN@nBJ%LmFl zQyUX*)M_Mj=KL<~%6=H%IJ;JJ8T;QQ@%kHO8JI*3KKnO%UfZ}-{ofbfo@1tr$G?B{ z>z@@F{ZDgtdvkfeLT^Q-;9HYv)0#Do=>FZ-h(XY4Chl1 z$IrO@(q}8Heqv$z{;mIGt^9v$e<=9f-Jn?!+^)XqXLFar(V4fLJ|AY#`Nw@N@kfLC zgEzShu1>z$U(%d-EB~H;?<06U{{M#-4WS3jdnfW<=wE%|!{v|DXKUA;xyf}=XoX9k z(fy>Fd-ozGCw-f)eE*{N8<7wh?r(ov!d^V)sQ;V!He>qjrgKLxKIFPtT<*}gwB2T7 zdH#=;4;L=jI{yPJOWT~I{cK)xEnHc9{(oSs=dRP45itL+ruE7b>s~9~y{TM%^7UPo z1ji>&OU*Q|BxVF~_079KfkATR^T^-VZ!BAN*0*wodZzh*hR4ByPE`q+0iu?zGwXDX zE(bsBI4*weYk2uH2@j4N$K&%^qRwuAD0tC*NoMXdquO~V*;DL!n*S%(9Gi4D_~Lor zNn!mP7M+kkuF~?OG~oY12^W^b7H2*P)jo2my#Kf9!T$HhEBIE+J5T%1;5*y%_yuNx zemfQpL4U?cn=&023#jbs;dp;2@@8f7|IhL_?lGU}idbfJ`Oq<)&&p~6hqfn#y=Jn$ z`g;BU|9mn}6`I9PF$$WoIVLophuYiGN`&RX~j2{f8 zQtJ-v=&$|7apDWJKw3@b-F^A>oQ4Y+1%Iu7{r~?D#@HMy=emb?|3AES!Apquw3QkE z^d%LyZl&j5UuC0zR_5$kdmFYz;TInnEjtyyD}j4v*D{@|EoOO9N-HG|R_mGAR=$YT zDZ5|B6~R*GuzpTqny~#MExzynE@;$QNF>(zbB7*$m;G*aC!5!mKb-oVHy;`Ajjt6j zw%KG|ps{D=UjP61eJg*wVxP^pQ?bDzcE0*GU(a^FT?~(woHVNXB3V3F_-|D$@A-EJ zeFfB*w%snV5Y|`N{u;jkxW6I`}^7csa@RNSDXLg(dH(`Cbj)rn-B8uJ;AgpKJCEfy9ef9syBA(N4Kf| z|JBkBFYa)(r5Fp|Zus{0_qzFi_y0X4Xq>_E@PdSkX;)H=RN9QG?_YIj>TmKjWSqZf z!TV}q*6fKoPL<{dmwWboseb=qa_5pgrP|7Gnl4m-mDJO}c;U`JFQNLkO6hBS{(9B0 z1!vFwTeso=zmFQ{h5r?9xtvjx_eo?5nZ+Y z;HAY{o1a7;%x|B#T8(jgWLIRs`tw;_ znT>tDWqIF@KihC9K{jy0yR~HwEC0wG4m)GhT>9p`{qi464wt*fcsRJs-pa9YYw>A; zcku~UrZ=zePgT3aDA)EmTS{d^{EMj9S1pu94Sox{Fidrw*&@A9Y01lGu1lX&#l+6G z}JCb%+${9eKFg~hje<a7L{;hIc$GG^z{cC&ylXqS3 zsc==D61)F+DD#1YFG_|QhSRSz#mx*J|uT9_5T#^}Pn{~!Kc zNbIT6vr6G)d$_|=Q=mX%+00(!_;0`SuQ=46y3%rAiJyyeiPp9mTetTt*srL)hg~?B z&wNkblLP#o_w`->zx^YTT&NlI8?#YjBC}Zoq zaLSJHmRVE8=M$&dmCq_K)akjLCKSr&$mwi${O6=Q6VxVz{E?oXS8Qd)xKJ=xe_?B1 zq~*WPs=WT?51Br9-ZPjmZMACO{r~;dnW2w&o2_R(Q+TTGabt(T0p$r#4m}fkpL&CsPhxn z{`@I_&~rm^{MV1)^E`I{KA0uFZr6WH+qG^M4uYn}OZ9&&-XVU%wbtEh+b=2};GNoX_1VVR z$pU}txe{N@JDi$spw%w->Osc9fM4arn9Akp86`Gt5jjW^^~GE;HNN_p`#PG2zQ^ zqjQpJO&#TTuRchVS+%fzDxc2FU$?JSeC-K)eV9A!ed6p*q5uExJM?kmGqe6OYlY`e z`YYZh-a8#z^WvFJ_}$tbg=a)!`+N#&_uY9ttqJ_#&a=)pYojvCY4S*l&T zHNqO3-n?R!%Iaj=7q$B1!oCG9W`8%Q{{Md~e8wZC1R>#qX?AKq6+UZZwOCZ%X|N4< z-&xemUCz^AVc7oNM7=*mY(jaPi0k4l`WfodmVc6Ch4=r@U0dnI!ex0dZRzHRDd)tS zr!?j_Zc|`;eBq(oEQZJN^8eFP*(;RnRwT&1_(Hr4ld&+KKhKCKVt@|k;E$gA4#>XVcW*EwPjxMv=D*|_72uSDA7 zJ$~2k&a;^^nf+e-|IPAgZxk7?a%Dw)(bY*>^ZSn^OTjgs^EdPxwB0UReB&%s-SCey z|M%DRPg-W4|6e^#IDg5`XIs1f^e^5lEG>BdncMFA;~%n@^5{-UT>eP$lS$%#tEu}I z+XSbGXx&@-cd z{~esS{p62VZ2$kZoSyf^vs<9&^0M^%jM`hY_Z@22XPk2B+B1g9+4omXTA^}MREe*q z=W71_IbPEQvJdopyJ@nXXF z?n`?Gx&JD=bNH`WCv$&q-}0icQYE)~xq|q=_FaAv8bOO^2>t%!y4E^kuEVvJtcw3X ze*bT`^WlN4-~X4*e6#q}jl1*z|9y1!z}Z_L!tI|ovDz9>eCJyEYwha?M!SmR>la>Y zH)pU*yJ&aU_-}ar|D}_;YL=dK(6pPvP!Qnce}E(8hQv*)$hd2dKQv#_=P}~lQ*`1P)1>m>%{;w3bJLqIPheBpkP}y