From 239241a00b2060df7ce921993de2de99ee12c450 Mon Sep 17 00:00:00 2001 From: ColumPaget Date: Tue, 10 Dec 2024 11:15:17 +0000 Subject: [PATCH] v1.23 --- CHANGELOG | 4 + Makefile | 6 +- README.md | 26 + check.sh | 5 +- command-line-args.c | 2 + common.h | 3 +- files.c | 251 ++-- hashrat.1 | 38 +- libUseful-5/CGI.c | 15 + libUseful-5/CGI.h | 15 + libUseful-5/CHANGELOG | 91 +- libUseful-5/Compression.c | 16 +- libUseful-5/Compression.h | 2 +- libUseful-5/ConnectionChain.c | 11 +- libUseful-5/Container.c | 470 +++++++ libUseful-5/Container.h | 23 + libUseful-5/ContentType.h | 4 +- libUseful-5/DataParser.c | 56 +- libUseful-5/DataParser.h | 2 +- libUseful-5/DataProcessing.c | 561 +-------- libUseful-5/DataProcessing.h | 8 +- libUseful-5/Encodings.c | 180 ++- libUseful-5/Encodings.h | 19 +- libUseful-5/Encryption.c | 424 +++++++ libUseful-5/Encryption.h | 35 + libUseful-5/Errors.c | 13 +- libUseful-5/Errors.h | 23 +- libUseful-5/FileSystem.c | 125 +- libUseful-5/FileSystem.h | 15 + libUseful-5/GeneralFunctions.c | 10 +- libUseful-5/GeneralFunctions.h | 11 +- libUseful-5/Hash.c | 54 +- libUseful-5/Hash.h | 7 +- libUseful-5/HashOpenSSL.c | 24 +- libUseful-5/Http.c | 121 +- libUseful-5/Http.h | 4 - libUseful-5/HttpChunkedTransfer.c | 6 +- libUseful-5/HttpServer.c | 51 +- libUseful-5/HttpServer.h | 7 +- libUseful-5/IPAddress.c | 10 +- libUseful-5/Inet.c | 1 - libUseful-5/List.c | 6 +- libUseful-5/List.h | 36 +- libUseful-5/Log.c | 73 +- libUseful-5/Log.h | 12 +- libUseful-5/Makefile | 23 +- libUseful-5/Makefile.in | 19 +- libUseful-5/OAuth.c | 18 +- libUseful-5/OTP.c | 29 +- libUseful-5/OTP.h | 18 + libUseful-5/OpenSSL.c | 19 +- libUseful-5/PasswordFile.c | 32 +- libUseful-5/PasswordFile.h | 9 +- libUseful-5/PatternMatch.c | 4 +- libUseful-5/Process.c | 634 +++------- libUseful-5/Process.h | 102 +- libUseful-5/Pty.c | 1 + libUseful-5/Pty.h | 1 + libUseful-5/Seccomp.c | 985 +++++++++++++++ libUseful-5/Seccomp.h | 8 + libUseful-5/SecureMem.c | 2 +- libUseful-5/Server.c | 27 +- libUseful-5/Server.h | 4 +- libUseful-5/Smtp.c | 6 +- libUseful-5/Socket.c | 62 +- libUseful-5/Socket.h | 4 +- libUseful-5/SpawnPrograms.c | 30 +- libUseful-5/SpawnPrograms.h | 2 +- libUseful-5/Ssh.c | 112 +- libUseful-5/Ssh.h | 29 +- libUseful-5/Stream.c | 305 +++-- libUseful-5/Stream.h | 75 +- libUseful-5/StreamAuth.c | 23 +- libUseful-5/StreamAuth.h | 53 + libUseful-5/String.c | 6 +- libUseful-5/String.h | 4 +- libUseful-5/SysInfo.c | 4 + libUseful-5/SysInfo.h | 4 +- libUseful-5/Terminal.c | 60 +- libUseful-5/Terminal.h | 11 +- libUseful-5/TerminalBar.c | 3 +- libUseful-5/TerminalChoice.c | 46 +- libUseful-5/TerminalKeys.c | 2 +- libUseful-5/TerminalMenu.c | 46 +- libUseful-5/TerminalProgress.c | 28 +- libUseful-5/TerminalTheme.c | 34 +- libUseful-5/TerminalTheme.h | 2 +- libUseful-5/TerminalWidget.c | 19 +- libUseful-5/Time.c | 12 - libUseful-5/URL.c | 33 +- libUseful-5/URL.h | 11 +- libUseful-5/UnitsOfMeasure.h | 3 +- libUseful-5/UnixSocket.c | 5 +- libUseful-5/Vars.c | 14 +- libUseful-5/Vars.h | 5 +- libUseful-5/WebSocket.c | 11 +- libUseful-5/base32.c | 4 +- libUseful-5/base64.c | 6 +- libUseful-5/base64.h | 9 + libUseful-5/configure | 1724 +++++++++++--------------- libUseful-5/configure.ac | 66 +- libUseful-5/crc32.h | 2 +- libUseful-5/examples/Makefile | 16 + libUseful-5/examples/TermChoice.c | 19 + libUseful-5/examples/TermMenu.c | 21 + libUseful-5/examples/TermProgress.c | 4 +- libUseful-5/examples/chroot.c | 9 + libUseful-5/examples/decrypt.c | 24 + libUseful-5/examples/encrypt.c | 28 + libUseful-5/examples/movetest.c | 6 + libUseful-5/examples/nonewprivs.c | 10 + libUseful-5/examples/pbkdf2.c | 12 + libUseful-5/examples/seccomp.c | 36 + libUseful-5/examples/ssh-listfiles.c | 31 + libUseful-5/examples/ssh-time.c | 2 +- libUseful-5/examples/uudecode.c | 18 + libUseful-5/jh_ref.h | 65 + libUseful-5/libUseful.h | 2 + libUseful-5/libUseful.so.5 | 1 + libUseful-5/libUseful.so.5.30 | Bin 0 -> 1514372 bytes libUseful-5/md5-global.h | 14 + libUseful-5/md5.h | 14 + main.c | 7 +- 123 files changed, 5312 insertions(+), 2713 deletions(-) create mode 100644 libUseful-5/CGI.c create mode 100644 libUseful-5/CGI.h create mode 100644 libUseful-5/Container.c create mode 100644 libUseful-5/Container.h create mode 100644 libUseful-5/Encryption.c create mode 100644 libUseful-5/Encryption.h create mode 100644 libUseful-5/Seccomp.c create mode 100644 libUseful-5/Seccomp.h create mode 100644 libUseful-5/examples/TermChoice.c create mode 100644 libUseful-5/examples/TermMenu.c create mode 100644 libUseful-5/examples/chroot.c create mode 100644 libUseful-5/examples/decrypt.c create mode 100644 libUseful-5/examples/encrypt.c create mode 100644 libUseful-5/examples/movetest.c create mode 100644 libUseful-5/examples/nonewprivs.c create mode 100644 libUseful-5/examples/pbkdf2.c create mode 100644 libUseful-5/examples/seccomp.c create mode 100644 libUseful-5/examples/ssh-listfiles.c create mode 100644 libUseful-5/examples/uudecode.c create mode 120000 libUseful-5/libUseful.so.5 create mode 100755 libUseful-5/libUseful.so.5.30 diff --git a/CHANGELOG b/CHANGELOG index 4d2c380..1d98a9a 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +v1.23 (2024-12-10) + * Add '-rename' option that inserts a hash into filenames. + * Filenames in 'duplicates' option are now contained in '[]', to allow extracting them with 'cut'. + v1.22 (2024-07-18) * if '-cache' option is used with '-xattr', then do not update files where xattr hash matches the file (feature request from https://github.com/eatnumber1). diff --git a/Makefile b/Makefile index dc91cb4..c74a83f 100644 --- a/Makefile +++ b/Makefile @@ -1,10 +1,10 @@ CC = gcc CFLAGS = -g -O2 -LIBS = libUseful-5/libUseful.a -lssl -lcrypto -lz -lc -INSTALL=/usr/bin/install -c +LIBS = libUseful-5/libUseful.a -lssl -lcrypto -lz +INSTALL=/bin/install -c prefix=/usr/local bindir=$(prefix)${exec_prefix}/bin -FLAGS=$(LDFLAGS) $(CPPFLAGS) $(CFLAGS) -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DHAVE_STDIO_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_STRINGS_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_UNISTD_H=1 -DSTDC_HEADERS=1 -DHAVE_LIBC=1 -DUSE_XATTR=1 -DHAVE_LIBZ=1 -DHAVE_LIBCRYPTO=1 -DHAVE_LIBSSL=1 +FLAGS=$(LDFLAGS) $(CPPFLAGS) $(CFLAGS) -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DHAVE_STDIO_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_STRINGS_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_UNISTD_H=1 -DSTDC_HEADERS=1 -D_FILE_OFFSET_BITS=64 -DHAVE_LIBZ=1 -DHAVE_LIBCRYPTO=1 -DHAVE_LIBSSL=1 OBJ=common.o encodings.o command-line-args.o ssh.o http.o fingerprint.o include-exclude.o files.o filesigning.o xattr.o check-hash.o find.o otp.o memcached.o frontend.o cgi.o xdialog.o output.o EXE=hashrat diff --git a/README.md b/README.md index 63223ae..cb7ed3d 100644 --- a/README.md +++ b/README.md @@ -106,6 +106,7 @@ OPTIONS -myear Only hash items old. Has the same format as the find command, e.g. -10 is younger than ten years, +10 is older than ten, and 10 is ten years old -exec In CHECK or MATCH mode only examine executable files. -dups Search for duplicate files. + -rename Rename files to include a hash in their name. Filename format is '-.' -n Truncate hashes to bytes -segment Break hash up into segments of chars seperated by '-' -c CHECK hashes against list from file (or stdin) @@ -486,6 +487,31 @@ The default list of image viewers can be overridden using the `-viewcmd` option. +RENAME FILES +============ + +The '-rename' option allows renaming files to include a hash in their filename. The filename format is '-.'. For example: + + +``` +hashrat -p64 -md5 -rename main.c + +``` + +Will rename 'main.c' to 'main-gAmHI2oarRmpiXkE7MVK90.c', where 'gAmHI2oarRmpiXkE7MVK90' is it's MD5 has encoded with the 'p64' base-64 encoding scheme. + +The standard '-64' encoding scheme uses the '/' character, which is not allowed in a filename and results in renames failing. Thus the '-p64' or '-r64' encoding schemes should be used. + + +Using the '-r' flag entire directories of files can be renamed in this manner: + +``` +hashrat -p64 -md5 -rename -r myfiles + +``` + + + EXTENDED FILESYSTEM ATTRIBUTES (XATTR) ====================================== diff --git a/check.sh b/check.sh index 2c36fdb..98269a8 100755 --- a/check.sh +++ b/check.sh @@ -207,7 +207,7 @@ TestHash z85 "ZEROMQ85 encoding" "=SI2F3[n}kp9Zn?Ra>yK" Title "Testing Misc. Features" HR_OUT=`./hashrat -version` -if [ "$HR_OUT" = "version: 1.22" ] +if [ "$HR_OUT" = "version: 1.23" ] then OkayMessage "Version (-version) works" else @@ -269,7 +269,7 @@ else fi HR_OUT=`./hashrat -r -dups tests` -if [ "$HR_OUT" = "DUPLICATE: tests/quotes.txt of tests/duplicate.txt " ] +if [ "$HR_OUT" = "DUPLICATE: [tests/quotes.txt] of [tests/duplicate.txt] " ] then OkayMessage "Finding duplicate files works" else @@ -295,7 +295,6 @@ TestExitCodes "6ec9de513a8ff1768eb4768236198cf3" "tests/help.txt" "" "HashFile" TestExitCodes "tests" "libUseful-5" "-r -dups" "FindDuplicates" TestExitCodes "6ec9de513a8ff1768eb4768236198cf3" "tests/help.txt" "-cf" "CheckHash" TestExitCodes "6ec9de513a8ff1768eb4768236198cf3" "tests/help.txt" "-m -r ." "Locate" -TestExitCodes "tests" "libUseful-5" "-r -dups" "FindDuplicates" echo echo diff --git a/command-line-args.c b/command-line-args.c index f6f3b49..dd582a6 100644 --- a/command-line-args.c +++ b/command-line-args.c @@ -238,6 +238,7 @@ HashratCtx *CommandLineParseArgs(int argc, char *argv[]) else if (strcmp(arg,"-m")==0) Ctx->Action = ACT_FINDMATCHES; else if (strcmp(arg,"-lm")==0) Ctx->Action = ACT_LOADMATCHES; else if (strcmp(arg,"-dups")==0) Ctx->Action = ACT_FINDDUPLICATES; + else if (strcmp(arg,"-rename")==0) Ctx->Action = ACT_RENAME; else if (strcmp(arg,"-B")==0) Ctx->Action = ACT_BACKUP; else if (strcmp(arg,"-cB")==0) Ctx->Action = ACT_CHECKBACKUP; else if (strcmp(arg,"-cgi")==0) Ctx->Action = ACT_CGI; @@ -503,6 +504,7 @@ void CommandLinePrintUsage() printf(" %-15s %s\n","-myear ", "Only hash items old. Has the same format as the find command, e.g. -10 is younger than ten years, +10 is older than ten, and 10 is ten years old"); printf(" %-15s %s\n","-exec", "In CHECK or MATCH mode only examine executable files."); printf(" %-15s %s\n","-dups", "Search for duplicate files."); + printf(" %-15s %s\n","-rename", "Rename files to -.."); printf(" %-15s %s\n","-n ", "Truncate hashes to bytes"); printf(" %-15s %s\n","-segment ", "Break hash up into segments of chars seperated by '-'"); printf(" %-15s %s\n","-c", "CHECK hashes against list from file (or stdin)"); diff --git a/common.h b/common.h index a729d12..5656d12 100644 --- a/common.h +++ b/common.h @@ -5,7 +5,7 @@ #include "libUseful-5/libUseful.h" #include "glob.h" -#define VERSION "1.22" +#define VERSION "1.23" #define ACT_NONE 0 #define ACT_HASH 1 @@ -28,6 +28,7 @@ #define ACT_CHECKBACKUP 25 #define ACT_OTP 26 #define ACT_LIST_TYPES 27 +#define ACT_RENAME 28 #define FLAG_NEXTARG 1 //Two flags with the same values, but used in different contexts diff --git a/files.c b/files.c index 7e730b7..5248af6 100644 --- a/files.c +++ b/files.c @@ -407,6 +407,139 @@ int HashItem(HashratCtx *Ctx, const char *HashType, const char *Path, struct sta } +static TFingerprint *HashratActionMemcached(HashratCtx *Ctx, const char *Path, struct stat *Stat) +{ + TFingerprint *FP=NULL; + char *HashStr=NULL; + int result; + + //result == TRUE by default (TRUE==Signficant event, here meaning 'check failed') + result=TRUE; + + HashItem(Ctx, Ctx->HashType, Path, Stat, &HashStr); + FP=(TFingerprint *) calloc(1,sizeof(TFingerprint)); + if (Flags & FLAG_NET) FP->Path=MCopyStr(FP->Path, Path); + else FP->Path=MCopyStr(FP->Path,"hashrat://",LocalHost,Path,NULL); + FP->Hash=MemcachedGet(FP->Hash, FP->Path); + + if (FP && HashratCheckFile(Ctx, Path, NULL, HashStr, FP)) result=FALSE; + else fprintf(stderr,"ERROR: No stored hash for '%s'\n",Path); + + Destroy(HashStr); + + return(FP); +} + + +static TFingerprint *HashratActionFindMatches(HashratCtx *Ctx, const char *Path, struct stat *Stat) +{ + char *HashStr=NULL; + TFingerprint *FP=NULL; + + HashItem(Ctx, Ctx->HashType, Path, Stat, &HashStr); + FP=CheckForMatch(Ctx, Path, Stat, HashStr); + if (FP) + { + if (StrValid(FP->Path) || StrValid(FP->Data)) printf("LOCATED: %s '%s %s' at %s\n",FP->Hash, FP->Path, FP->Data, Path); + else printf("LOCATED: [%s] at [%s]\n",FP->Hash, Path); + MatchCount++; + } + else DiffCount++; + + Destroy(HashStr); + return(FP); +} + + +static TFingerprint *HashratActionFindDuplicate(HashratCtx *Ctx, const char *Path, struct stat *Stat) +{ + char *HashStr=NULL; + TFingerprint *FP=NULL; + + if (HashItem(Ctx, Ctx->HashType, Path, Stat, &HashStr)) + { + FP=CheckForMatch(Ctx, Path, Stat, HashStr); + if (FP) + { + printf("DUPLICATE: [%s] of [%s] %s\n",Path,FP->Path,FP->Data); + MatchCount++; + } + else + { + FP=TFingerprintCreate(HashStr, Ctx->HashType, "", Path); + DiffCount++; + MatchAdd(FP, Path, 0); + //as we've added FP to an internal list we don't want it destroyed + //also we will return FP==NULL to signal no match found + FP=NULL; + } + } + + Destroy(HashStr); + + return(FP); +} + + +static TFingerprint *HashratActionRename(HashratCtx *Ctx, const char *Path, struct stat *Stat) +{ + char *HashStr=NULL, *Tempstr=NULL; + TFingerprint *FP=NULL; + const char *extn, *ptr; + + if (HashItem(Ctx, Ctx->HashType, Path, Stat, &HashStr)) + { + //remove padding characters, 'cos they look odd in a filename + StrTruncChar(HashStr,'='); + + extn=strrchr(Path, '.'); + if (extn) Tempstr=CopyStrLen(Tempstr, Path, extn-Path); + else Tempstr=CopyStr(Tempstr, Path); + + ptr=Tempstr + StrLen(Tempstr) - StrLen(HashStr); + if (strcmp(ptr, HashStr) != 0) + { + Tempstr=MCatStr(Tempstr, "-", HashStr, extn, NULL); + if (Flags & FLAG_VERBOSE) printf("RENAME: %s -> %s\n", Path, Tempstr); + if (rename(Path, Tempstr) != 0) fprintf(stderr, "ERROR: can't rename %s to %s\n", Path, Tempstr); + FP=TFingerprintCreate(HashStr, Ctx->HashType, "", Tempstr); + } + else printf("not renaming %s\n", Path); + + } + + Destroy(Tempstr); + Destroy(HashStr); + + return(FP); +} + + + +static int HashratFileMatchesAction(HashratCtx *Ctx, const char *Path, struct stat *Stat) +{ + //Check file type and size here, rather than having to do it in every action + if (S_ISREG(Stat->st_mode)) + { + if (Stat->st_size > 0) return(TRUE); + else if (Flags & FLAG_VERBOSE) fprintf(stderr,"ZERO LENGTH FILE: '%s'\n",Path); + } + else + { + switch (Ctx->Action) + { + //these actions can work on directories + case ACT_HASHDIR: + case ACT_HASH: + return(TRUE); + break; + } + } + + return(FALSE); +} + + //HashratAction returns true on a significant event, which is either an item found in search //or a check failing in hash-checking mode @@ -416,6 +549,8 @@ int HashratAction(HashratCtx *Ctx, const char *Path, struct stat *Stat) int Type, result=FALSE; TFingerprint *FP=NULL; + if (! HashratFileMatchesAction(Ctx, Path, Stat)) return(FALSE); + switch (Ctx->Action) { case ACT_HASHDIR: @@ -434,114 +569,52 @@ int HashratAction(HashratCtx *Ctx, const char *Path, struct stat *Stat) } break; + case ACT_CHECK: - if (S_ISREG(Stat->st_mode)) + HashItem(Ctx, Ctx->HashType, Path, Stat, &HashStr); + FP=CheckForMatch(Ctx, Path, Stat, HashStr); + if (FP && HashratCheckFile(Ctx, Path, Stat, HashStr, FP)) MatchCount++; + else { - if (Stat->st_size > 0) - { - HashItem(Ctx, Ctx->HashType, Path, Stat, &HashStr); - FP=CheckForMatch(Ctx, Path, Stat, HashStr); - if (FP && HashratCheckFile(Ctx, Path, Stat, HashStr, FP)) MatchCount++; - else - { - HandleCheckFail(Path, "Changed or new"); - //we return TRUE on FAILURE, as we are signaling a significant event - result=TRUE; - } - } - else if (Flags & FLAG_VERBOSE) fprintf(stderr,"ZERO LENGTH FILE: %s\n",Path); + HandleCheckFail(Path, "Changed or new"); + //we return TRUE on FAILURE, as we are signaling a significant event + result=TRUE; } break; case ACT_CHECK_XATTR: - if (S_ISREG(Stat->st_mode)) + //result == TRUE by default (TRUE==Signficant event, here meaning 'check failed') + //we set it here so we get the right result even if the stored hash fails to load + result=TRUE; + FP=XAttrLoadHash(Ctx, Path); + if (FP) { - //result == TRUE by default (TRUE==Signficant event, here meaning 'check failed') - //we set it here so we get the right result even if the stored hash fails to load - result=TRUE; - FP=XAttrLoadHash(Ctx, Path); - if (FP) - { - HashItem(Ctx, FP->HashType, Path, Stat, &HashStr); - if (HashratCheckFile(Ctx, Path, Stat, HashStr, FP)) result=FALSE; - } - else fprintf(stderr,"ERROR: No stored hash for '%s'\n",Path); + HashItem(Ctx, FP->HashType, Path, Stat, &HashStr); + if (HashratCheckFile(Ctx, Path, Stat, HashStr, FP)) result=FALSE; } - else fprintf(stderr,"ERROR: Not regular file '%s'. Not checking in xattr mode.\n",Path); + else fprintf(stderr,"ERROR: No stored hash for '%s'\n",Path); break; case ACT_CHECK_MEMCACHED: - if (S_ISREG(Stat->st_mode)) - { - //result == TRUE by default (TRUE==Signficant event, here meaning 'check failed') - result=TRUE; - - if (Stat->st_size > 0) - { - HashItem(Ctx, Ctx->HashType, Path, Stat, &HashStr); - FP=(TFingerprint *) calloc(1,sizeof(TFingerprint)); - if (Flags & FLAG_NET) FP->Path=MCopyStr(FP->Path, Path); - else FP->Path=MCopyStr(FP->Path,"hashrat://",LocalHost,Path,NULL); - FP->Hash=MemcachedGet(FP->Hash, FP->Path); - - if (FP && HashratCheckFile(Ctx, Path, NULL, HashStr, FP)) result=FALSE; - else fprintf(stderr,"ERROR: No stored hash for '%s'\n",Path); - } - else if (Flags & FLAG_VERBOSE) fprintf(stderr,"ZERO LENGTH FILE: %s\n",Path); - } - else fprintf(stderr,"ERROR: Not regular file '%s'. Not checking in memcached mode.\n",Path); + FP=HashratActionMemcached(Ctx, Path, Stat); + if (FP) result=TRUE; break; case ACT_FINDMATCHES: case ACT_FINDMATCHES_MEMCACHED: - if (S_ISREG(Stat->st_mode)) - { - if (Stat->st_size > 0) - { - HashItem(Ctx, Ctx->HashType, Path, Stat, &HashStr); - FP=CheckForMatch(Ctx, Path, Stat, HashStr); - if (FP) - { - if (StrValid(FP->Path) || StrValid(FP->Data)) printf("LOCATED: %s '%s %s' at %s\n",FP->Hash, FP->Path, FP->Data, Path); - else printf("LOCATED: %s at %s\n",FP->Hash, Path); - MatchCount++; - //here we return true if a match found - result=TRUE; - } - else DiffCount++; - } - else if (Flags & FLAG_VERBOSE) fprintf(stderr,"ZERO LENGTH FILE: %s\n",Path); - } + FP=HashratActionFindMatches(Ctx, Path, Stat); + if (FP) result=TRUE; break; case ACT_FINDDUPLICATES: - if (S_ISREG(Stat->st_mode)) - { - if (Stat->st_size > 0) - { - if (HashItem(Ctx, Ctx->HashType, Path, Stat, &HashStr)) - { - FP=CheckForMatch(Ctx, Path, Stat, HashStr); - if (FP) - { - printf("DUPLICATE: %s of %s %s\n",Path,FP->Path,FP->Data); - MatchCount++; - //here we return true if a match found - result=TRUE; - } - else - { - FP=TFingerprintCreate(HashStr, Ctx->HashType, "", Path); - DiffCount++; - MatchAdd(FP, Path, 0); - //as we've added FP to an internal list we don't want it destroyed - FP=NULL; - } - } - } - else if (Flags & FLAG_VERBOSE) fprintf(stderr,"ZERO LENGTH FILE: %s\n",Path); - } + FP=HashratActionFindDuplicate(Ctx, Path, Stat); + if (FP) result=TRUE; + break; + + case ACT_RENAME: + FP=HashratActionRename(Ctx, Path, Stat); + if (FP) result=TRUE; break; } diff --git a/hashrat.1 b/hashrat.1 index 3335d56..285d027 100644 --- a/hashrat.1 +++ b/hashrat.1 @@ -1,4 +1,4 @@ -.TH hashrat "1" "Jan 2015" "HASHRAT 1.19" "hashing tool supporting several hashes and recursivity" +.TH hashrat "1" "Dec 2024" "HASHRAT 1.23" "hashing tool supporting several hashes and recursivity" .\"Text automatically generated by txt2man .SH NAME \fBhashrat \fP- hashing tool supporting several hashes and recursivity @@ -213,6 +213,10 @@ In CHECK or MATCH mode only examine executable files. Search for duplicate files. .TP .B +\fB-rename\fP +Rename files to include hash at the end of their filename. Files will have format -.. +.TP +.B \fB-n\fP Truncate \fIhashes\fP to bytes. .TP @@ -734,6 +738,38 @@ The default list of image viewers can be overridden using the `-viewcmd` option. + + +.SH RENAME FILES + +The `-rename` option allows renaming files to include a hash in their filename. The filename format is `-.`. For example: + + +.PP +.nf +.fam C +hashrat -p64 -md5 -rename main.c +.fam T +.fi + + +Will rename `main.c` to `main-gAmHI2oarRmpiXkE7MVK90.c`, where `gAmHI2oarRmpiXkE7MVK90` is it`s MD5 has encoded with the `p64` base-64 encoding scheme. + +The standard `-64` encoding scheme uses the `/` character, which is not allowed in a filename and results in renames failing. Thus the `-p64` or `-r64` encoding schemes should be used. + + +Using the `-r` flag entire directories of files can be renamed in this manner: + + +.PP +.nf +.fam C +hashrat -p64 -md5 -rename -r myfiles +.fam T +.fi + + + .SH EXTENDED FILESYSTEM ATTRIBUTES Hashrat can use extended filesystem attributes where these are supported. This allows a \fIhash\fP to be stored in the filesystem metadata of the target \fIfile\fP. This can diff --git a/libUseful-5/CGI.c b/libUseful-5/CGI.c new file mode 100644 index 0000000..2152521 --- /dev/null +++ b/libUseful-5/CGI.c @@ -0,0 +1,15 @@ +#include "CGI.h" + +char *CGIReadDocument(char *RetStr, STREAM *S) +{ + const char *ptr; + + ptr=getenv("CONTENT_LENGTH"); + if (StrValid(ptr)) + { + S->Size=atoi(ptr); + } + + RetStr=STREAMReadDocument(RetStr, S); + return(RetStr); +} diff --git a/libUseful-5/CGI.h b/libUseful-5/CGI.h new file mode 100644 index 0000000..8c59f67 --- /dev/null +++ b/libUseful-5/CGI.h @@ -0,0 +1,15 @@ +/* +Copyright (c) 2015 Colum Paget +* SPDX-License-Identifier: GPL-3.0 +*/ + +#ifndef LIBUSEFUL_CGI_H +#define LIBUSEFUL_CGI_H + +#include "includes.h" + +//simple utility function that checks for a document size in +//the environment variable CONTENT_LENGTH, and then reads bytes up to that size +char *CGIReadDocument(char *RetStr, STREAM *S); + +#endif diff --git a/libUseful-5/CHANGELOG b/libUseful-5/CHANGELOG index ab3fae4..9b34f52 100644 --- a/libUseful-5/CHANGELOG +++ b/libUseful-5/CHANGELOG @@ -1,3 +1,92 @@ +v5.30 (2024-10-29) + * Fix crash if TerminalTextAlign has NULL for the Terminal + * Added HttpGet and HttpPost functions + * Improvements to httpserver authentication. + * Add 'extra' field to passwords file to allow storing data against a user. + +v5.29 (2024-10-29) + * much more seccomp work + * add 'data' option to pty config (PtyParseConfig) so if a pipe or pty is going to be used for raw data transfer, use FLUSH_ALWAYS not FLUSH_LINE + * support uuencoded data using either ' ' or '`' as 1st char of alphabet + * add support for yenc encoded data + +v5.28 (2024-10-21) + * added seccomp support, and process security levels + * change SS_ stream state values to LU_SS_ to prevent clashes with linux defines like SS_CONNECTING + * fixes for rbase64 encoding. added name 'rbase64' and decoding this encoding now works + +v5.27 (2024-10-16) + * honor timeout for connect, not just for read + * added 'autorecover' feature to file STREAMS + * fix issues with parsing RSS feeds (some tags could have whitespace or other text prepended to them) + +v5.26 (2024-09-07) + * Fix incorrect addition of 'progress' and 'remain' to options of non-progress-bar terminal widgets. + * Make sure all DataProcessorInit functions fit the new function prototype. + * TerminalChooser now honors the 'width' setting, and intelligently fits itself into that + +v5.25 (2024-08-31) + * Symmetric Encryption now supported for STREAMs + * Handle situation where logfile is rotated under an app that has it open + * Stop trying to rotate hardened logfiles. rotate is incompatible with append-only files + +v5.24 (2024-08-20) + * Move namespace/container code to Containers.c and make general improvements + * Exit out of TerminalReadText if escape or ctrl-c entered + * Added 'l' option (list files on remote server) to SSH streams + * CHANGED ARGUMENTS TO SSHConnect AND SSHOpen + * ssh streams can now accept config options bind=
and config= + * Rotate logfiles even if not open by app + +v5.23 (2024-07-26) + * Improve attribution of base64 and hashing functions + * fix -net/nonet (flag meaning was inverted) + * ProcessNoNewPrivs now handles 'already set' and is no longer static. + * Call setsid before setting controlling tty in PtySpawnFunction + * added CGIReadDocument + +v5.22 + * fix clash of flags between PROC_NO_NEW_PRIV and PROC_NOSHELL + +v5.21 + * replaced 'exit if can't chroot/chdir' with 'strict' option to ProcessApplyConfig + * Added ERRFLAG_ABORT to error handling functions, aborts the process after reporting the error + * Added ERRFLAG_SYSLOG to error handling functions, forces syslog even if library-wide syslog flag isn't set + * MakeShellSafeStr now quotes/blanks out '$' in addition to other dangerous characters + * MakeShellSafeStr can now report unsafe characters via syslog if the SHELLSAFE_REPORT flag is passed + * MakeShellSafeStr can now abort program if the SHELLSAFE_ABORT flag is passed and unsafe chars are found + * FileMoveToDir will now copy the file if a simple rename fails + * Negative values for width and height on TerminalMenu and TerminalProgress set width as 'terminal width minus that value' + + +v5.20 (2024-07-11) + * Added TOTPAtTime and TOTPPrevCurrNext + +v5.19 (2024-07-09) + * Added 'nosu', 'noprivs' options to 'ProcessApplyConfig' that prevent a process escalating priviledges via su/sudo/setuid + * check for prctl properly using './configure' + * Eliminate use of 'fopen' in 'GetHostARP' + * General cleanup of 'ProcessApplyConfig' + * If chdir or chroot fail in 'ProcessApplyConfig' print "too dangerous to continue" and exit + +v5.18 (2024-07-01) + * FindFileInPath now returns a real file, rather than symlink, unless a symlink is all it can find (now it really does). + * Clean up some errors revealed by -Wall + +v5.17 (2024-06-30) + * FindFileInPath now returns a real file, rather than symlink, unless a symlink is all it can find. + * Added TerminalPrint function. + +v5.16 (2024-06-26) + * handle http digest authentication + * add 'AppendVar' function + +v5.15 (2024-06-20) + * add/fix support for calling hmac functions via the Hash interface + * use of openssl hashing functions no longer experimental + * support sha384 hash + * Added 'UnpackURL' function + v5.14 (2024-06-03) * add ini file support to DataParser * fix/add 'bcast' socket type @@ -8,7 +97,7 @@ v5.13 (2024-04-17) v5.12 (2024-04-06) * Added TerminalProgress progress bars * Fix ~W escape sequence for setting white background - * Fixes to TerminalTheme + * Fixes to TerminalTheme v5.11 (2024-02-27) * Don't follow symbolic links in FileSystemRmDir diff --git a/libUseful-5/Compression.c b/libUseful-5/Compression.c index d03c7b2..456872f 100644 --- a/libUseful-5/Compression.c +++ b/libUseful-5/Compression.c @@ -40,9 +40,9 @@ int zlibProcessorWrite(TProcessingModule *ProcMod, const char *InData, unsigned ZData->z_out.avail_in=InLen; - ZData->z_out.next_in=(char *) InData; + ZData->z_out.next_in=(Bytef *) InData; ZData->z_out.avail_out=*OutLen; - ZData->z_out.next_out=*OutData; + ZData->z_out.next_out=(Bytef *) *OutData; while ((ZData->z_out.avail_in > 0) || Flush) { @@ -88,9 +88,9 @@ int zlibProcessorRead(TProcessingModule *ProcMod, const char *InData, unsigned l ZData->z_in.avail_in=InLen; - ZData->z_in.next_in=(char *) InData; + ZData->z_in.next_in=(Bytef *) InData; ZData->z_in.avail_out=*OutLen; - ZData->z_in.next_out=*OutData; + ZData->z_in.next_out=(Bytef *) *OutData; while ((ZData->z_in.avail_in > 0) || Flush) { @@ -119,7 +119,7 @@ int zlibProcessorRead(TProcessingModule *ProcMod, const char *InData, unsigned l { (*OutLen)+=BUFSIZ; *OutData=(char *) realloc(*OutData,*OutLen); - ZData->z_in.next_out=(*OutData) + bytes_read; + ZData->z_in.next_out=(Bytef *) (*OutData) + bytes_read; ZData->z_in.avail_out=(*OutLen) - bytes_read; } @@ -155,7 +155,7 @@ int zlibProcessorClose(TProcessingModule *ProcMod) #define COMP_ZLIB 0 #define COMP_GZIP 1 -int zlibProcessorInit(TProcessingModule *ProcMod, const char *Args) +int zlibProcessorInit(TProcessingModule *ProcMod, const char *Args, unsigned char **Header, int *HeadLen) { int result=FALSE; @@ -219,7 +219,7 @@ int CompressBytes(char **Out, const char *Alg, const char *In, unsigned long Len int result; Tempstr=FormatStr(Tempstr,"CompressionLevel=%d",Level); - Mod=StandardDataProcessorCreate("compress",Alg,Tempstr); + Mod=StandardDataProcessorCreate("compress",Alg,Tempstr, NULL, NULL); if (! Mod) return(-1); val=Len *2; @@ -239,7 +239,7 @@ int DeCompressBytes(char **Out, const char *Alg, const char *In, unsigned long L int result; unsigned long val; - Mod=StandardDataProcessorCreate("decompress",Alg,""); + Mod=StandardDataProcessorCreate("decompress",Alg,"",NULL, NULL); if (! Mod) return(-1); val=Len *2; diff --git a/libUseful-5/Compression.h b/libUseful-5/Compression.h index 75002c4..7feaf85 100644 --- a/libUseful-5/Compression.h +++ b/libUseful-5/Compression.h @@ -52,7 +52,7 @@ The return value of Both CompressBytes and DecompressBytes is the length of data extern "C" { #endif -int zlibProcessorInit(TProcessingModule *ProcMod, const char *Args); +int zlibProcessorInit(TProcessingModule *ProcMod, const char *Args, unsigned char **Header, int *HeadLen); int CompressBytes(char **Out, const char *Alg, const char *In, unsigned long Len, int Level); int DeCompressBytes(char **Out, const char *Alg, const char *In, unsigned long Len); diff --git a/libUseful-5/ConnectionChain.c b/libUseful-5/ConnectionChain.c index 3fb8587..66f641a 100644 --- a/libUseful-5/ConnectionChain.c +++ b/libUseful-5/ConnectionChain.c @@ -65,7 +65,7 @@ int ConnectHopHTTPSProxy(STREAM *S, const char *Proxy, const char *Destination) ParseConnectDetails(Proxy, &Token, &Host, &Token, &User, &Pass, NULL); Port=atoi(Token); - if (! (S->State & SS_INITIAL_CONNECT_DONE)) + if (! (S->State & LU_SS_INITIAL_CONNECT_DONE)) { if (Port==0) Port=443; S->in_fd=TCPConnect(Host, Port, ""); @@ -311,13 +311,12 @@ int ConnectHopSocks(STREAM *S, int SocksLevel, const char *ProxyURL, const char char *Tempstr=NULL; char *Token=NULL, *Host=NULL, *User=NULL, *Pass=NULL; uint8_t *ptr; - uint32_t IP; const char *tptr; int result, RetVal=FALSE, val; uint8_t HostType=HT_IP4; ParseConnectDetails(ProxyURL, NULL, &Host, &Token, &User, &Pass, NULL); - if (! (S->State & SS_INITIAL_CONNECT_DONE)) + if (! (S->State & LU_SS_INITIAL_CONNECT_DONE)) { val=atoi(Token); S->in_fd=TCPConnect(Host, val, ""); @@ -368,7 +367,7 @@ int ConnectHopSocks(STREAM *S, int SocksLevel, const char *ProxyURL, const char //Socks 5 has a 'reserved' byte after the connection type *ptr=0; ptr++; - ptr=ConnectHopSocks5WriteAddress(ptr, HostType, Token); + ptr=(uint8_t *) ConnectHopSocks5WriteAddress( (char *) ptr, HostType, Token); } @@ -490,7 +489,7 @@ static STREAM *ConnectHopSSHSpawnHelper(const char *ProxyURL, const char *Fmt, c LocalPort=(rand() % (0xFFFF - 9000)) +9000; if (strncmp(Fmt,"stdin:",6)==0) Tempstr=FormatStr(Tempstr, Fmt, RemoteHost, RemotePort); else Tempstr=FormatStr(Tempstr, Fmt, LocalPort, RemoteHost, RemotePort); - tmpS=SSHConnect(SshHost, SshPort, SshUser, SshPassword, Tempstr, 0); + tmpS=SSHConnect(SshHost, SshPort, SshUser, SshPassword, Tempstr, ""); if (tmpS) { Tempstr=FormatStr(Tempstr, "%d", LocalPort); @@ -652,7 +651,7 @@ int STREAMProcessConnectHops(STREAM *S, const char *HopList) break; } - S->State=SS_INITIAL_CONNECT_DONE; + S->State=LU_SS_INITIAL_CONNECT_DONE; count++; HopURL=CopyStr(HopURL, NextHop); } diff --git a/libUseful-5/Container.c b/libUseful-5/Container.c new file mode 100644 index 0000000..a7db9e4 --- /dev/null +++ b/libUseful-5/Container.c @@ -0,0 +1,470 @@ +#include "Container.h" +#include "libUseful.h" +#include + +#ifdef HAVE_UNSHARE +#define _GNU_SOURCE +#include +#endif + +static void InitSigHandler(int sig) +{ +} + + +static void ContainerInitProcess(int tunfd, int linkfd, pid_t Child, int RemoveRootDir) +{ + struct sigaction sa; + + //this process is init, the child will carry on execution + //if (chroot(".") == -1) RaiseError(ERRFLAG_ERRNO, "chroot", "failed to chroot to curr directory"); + ProcessSetTitle("init"); + + memset(&sa,0,sizeof(sa)); + sa.sa_handler=InitSigHandler; + sa.sa_flags=SA_NOCLDSTOP; + sigaction(SIGCHLD, &sa,NULL); + + + /* + FileSystemUnMount("/proc","rmdir"); + if (RemoveRootDir) FileSystemUnMount("/","recurse,rmdir"); + else + { + FileSystemUnMount("/","subdirs,rmdir"); + FileSystemUnMount("/","recurse"); + } + */ + + //must do proc after the fork so that CLONE_NEWPID takes effect + mkdir("/proc",0755); + FileSystemMount("","/proc","proc",""); + + while (waitpid(-1,NULL,0) != -1); +} + + +static int ContainerJoinNamespace(const char *Namespace, int type) +{ + char *Tempstr=NULL; + struct stat Stat; + glob_t Glob; + int i, fd, result=FALSE; + +#ifdef HAVE_UNSHARE +#ifdef HAVE_SETNS + stat(Namespace,&Stat); + if (S_ISDIR(Stat.st_mode)) + { + Tempstr=MCopyStr(Tempstr,Namespace,"/*",NULL); + glob(Tempstr,0,0,&Glob); + if (Glob.gl_pathc ==0) RaiseError(ERRFLAG_ERRNO, "namespaces", "namespace dir %s empty", Tempstr); + for (i=0; i < Glob.gl_pathc; i++) + { + fd=open(Glob.gl_pathv[i],O_RDONLY); + if (fd > -1) + { + result=TRUE; + setns(fd, type); + close(fd); + } + else RaiseError(ERRFLAG_ERRNO, "namespaces", "couldn't open namespace %s", Glob.gl_pathv[i]); + } + } + else + { + fd=open(Namespace,O_RDONLY); + if (fd > -1) + { + result=TRUE; + setns(fd, type); + close(fd); + } + else RaiseError(ERRFLAG_ERRNO, "namespaces", "couldn't open namespace %s", Namespace); + } +#else + RaiseError(0, "namespaces", "setns unavailable"); +#endif + RaiseError(0, "namespaces", "setns unavailable"); +#endif + + Destroy(Tempstr); + return(result); +} + + + +static void ContainerFilesys(const char *Config, const char *Dir, int Flags) +{ + pid_t pid; + char *Tempstr=NULL, *Name=NULL, *Value=NULL; + char *ROMounts=NULL, *RWMounts=NULL; + char *Links=NULL, *PLinks=NULL, *FileClones=NULL; + const char *ptr, *tptr; + struct stat Stat; + + + ptr=GetNameValuePair(Config,"\\S","=",&Name,&Value); + while (ptr) + { + if (strcasecmp(Name,"+mnt")==0) ROMounts=MCatStr(ROMounts,",",Value,NULL); + else if (strcasecmp(Name,"+mnt")==0) ROMounts=MCatStr(ROMounts,",",Value,NULL); + else if (strcasecmp(Name,"mnt")==0) ROMounts=CopyStr(ROMounts,Value); + else if (strcasecmp(Name,"+wmnt")==0) RWMounts=MCatStr(RWMounts,",",Value,NULL); + else if (strcasecmp(Name,"wmnt")==0) RWMounts=CopyStr(RWMounts,Value); + else if (strcasecmp(Name,"+link")==0) Links=MCatStr(Links,",",Value,NULL); + else if (strcasecmp(Name,"link")==0) Links=CopyStr(Links,Value); + else if (strcasecmp(Name,"+plink")==0) PLinks=MCatStr(PLinks,",",Value,NULL); + else if (strcasecmp(Name,"plink")==0) PLinks=CopyStr(PLinks,Value); + else if (strcasecmp(Name,"pclone")==0) FileClones=CopyStr(FileClones,Value); + ptr=GetNameValuePair(ptr,"\\S","=",&Name,&Value); + } + + pid=getpid(); + + if (StrValid(Dir)) Tempstr=FormatStr(Tempstr,Dir,pid); + else Tempstr=FormatStr(Tempstr,"%d.container",pid); + + mkdir(Tempstr,0755); + if (Flags & PROC_ISOCUBE) FileSystemMount("",Tempstr,"tmpfs",""); + if (chdir(Tempstr) !=0) RaiseError(ERRFLAG_ERRNO, "ContainerFilesys", "failed to chdir to %s", Tempstr); + + //always make a tmp directory + mkdir("tmp",0777); + + ptr=GetToken(ROMounts,",",&Value,GETTOKEN_QUOTES); + while (ptr) + { + FileSystemMount(Value,"","bind","ro perms=755"); + ptr=GetToken(ptr,",",&Value,GETTOKEN_QUOTES); + } + + ptr=GetToken(RWMounts,",",&Value,GETTOKEN_QUOTES); + while (ptr) + { + FileSystemMount(Value,"","bind","perms=777"); + ptr=GetToken(ptr,",",&Value,GETTOKEN_QUOTES); + } + + ptr=GetToken(Links,",",&Value,GETTOKEN_QUOTES); + while (ptr) + { + if (link(Value,GetBasename(Value)) !=0) + ptr=GetToken(ptr,",",&Value,GETTOKEN_QUOTES); + } + + ptr=GetToken(PLinks,",",&Value,GETTOKEN_QUOTES); + while (ptr) + { + tptr=Value; + if (*tptr=='/') tptr++; + MakeDirPath(tptr,0755); + if (link(Value, tptr) != 0) RaiseError(ERRFLAG_ERRNO, "ContainerFilesys", "Failed to link Value tptr."); + ptr=GetToken(ptr,",",&Value,GETTOKEN_QUOTES); + } + + ptr=GetToken(FileClones,",",&Value,GETTOKEN_QUOTES); + while (ptr) + { + tptr=Value; + if (*tptr=='/') tptr++; + MakeDirPath(tptr,0755); + stat(Value, &Stat); + if (S_ISCHR(Stat.st_mode) || S_ISBLK(Stat.st_mode)) mknod(tptr, Stat.st_mode, Stat.st_rdev); + else + { + FileCopy(Value, tptr); + chmod(tptr, Stat.st_mode); + } + ptr=GetToken(ptr,",",&Value,GETTOKEN_QUOTES); + } + + + Destroy(Name); + Destroy(Value); + Destroy(Tempstr); + Destroy(ROMounts); + Destroy(RWMounts); + Destroy(Links); + Destroy(PLinks); + Destroy(FileClones); +} + + +static void ContainerNamespace(const char *Namespace, const char *HostName, int Flags) +{ + int val, result; + +#ifdef HAVE_UNSHARE + +#ifdef CLONE_NEWNET + if (StrValid(Namespace)) ContainerJoinNamespace(Namespace, CLONE_NEWNET); + else if (Flags & PROC_CONTAINER_NET) unshare(CLONE_NEWNET); +#endif + + if (Flags & PROC_CONTAINER_FS) + { + //do these all individually because any one of them might be rejected +#ifdef CLONE_NEWIPC +// if (StrValid(Namespace)) JoinNamespace(Namespace, CLONE_NEWIPC); +// else unshare(CLONE_NEWIPC); +#endif + +#ifdef CLONE_FS + if (StrValid(Namespace)) ContainerJoinNamespace(Namespace, CLONE_FS); + else unshare(CLONE_FS); +#endif + +#ifdef CLONE_NEWNS + if (StrValid(Namespace)) ContainerJoinNamespace(Namespace, CLONE_NEWNS); + else unshare(CLONE_NEWNS); +#endif + } + +#else + RaiseError(0, "namespaces", "containers/unshare unavailable"); +#endif +} + + +static void ContainerSetHostname(const char *Namespace, const char *HostName) +{ + int val, result; + +#ifdef HAVE_UNSHARE +#ifdef CLONE_NEWUTS + if (StrValid(Namespace)) ContainerJoinNamespace(Namespace, CLONE_NEWUTS); + else + { + unshare(CLONE_NEWUTS); + val=StrLen(HostName); + if (val != 0) result=sethostname(HostName, val); + else result=sethostname("container", 9); + if (result != 0) RaiseError(ERRFLAG_ERRNO, "ContainerNamespace", "Failed to sethostname for container."); + } +#endif +#else + RaiseError(0, "namespaces", "containers/unshare unavailable"); +#endif +} + + + +static void ContainerSetEnvs(const char *Envs) +{ + char *Name=NULL, *Value=NULL; + const char *ptr; + +#ifdef HAVE_CLEARENV + clearenv(); +#endif + + setenv("LD_LIBRARY_PATH","/lib:/usr/lib",TRUE); + + ptr=GetNameValuePair(Envs, ",","=", &Name, &Value); + while (ptr) + { + setenv(Name, Value, TRUE); + ptr=GetNameValuePair(ptr, ",","=", &Name, &Value); + } + Destroy(Name); + Destroy(Value); +} + + +//if we are even unsharing our PIDS namespace, then we will need a +//new 'init' process to look after pids in the namespace +//(this is mostly just to reap exited/zombie processes) +static pid_t ContainerLaunchInit(int Flags, const char *Dir) +{ + pid_t child, parent; + + //as we are going to create an init for a namespace it needs to be session leader + //setsid(); + + //fork off a process that will be our 'init' process + child=fork(); + if (child == 0) + { + setsid(); + child=fork(); + if (child !=0) + { + if ((! (Flags & PROC_ISOCUBE)) && StrValid(Dir)) ContainerInitProcess(-1, -1, child, FALSE); + else ContainerInitProcess(-1, -1, child, TRUE); + //ContainerInitProcess should never return, but we'll have this here anyway + _exit(0); + } + } + else _exit(0); + + return(child); +} + + + + +static int ContainerUnsharePID(int Flags, const char *Namespace, const char *Dir) +{ + pid_t pid, init_pid=0; + +#ifdef HAVE_UNSHARE +#ifdef CLONE_NEWPID + + + // NEWPID requires NEWNS which creates a new mount namespace, because we need to remount /proc + // within the new PID container + if (StrValid(Namespace)) ContainerJoinNamespace(Namespace, CLONE_NEWPID | CLONE_NEWNS); + else unshare(CLONE_NEWPID | CLONE_NEWNS); + + //if we are given a namespace we assume there is already an init for it + //otherwise launch and init from the NEWPID process + if (! StrValid(Namespace)) + { + init_pid=ContainerLaunchInit(Flags, Dir); + setpgid(init_pid, init_pid); + } + + return(TRUE); + +#endif +#else + RaiseError(0, "namespaces", "containers/unshare unavailable"); +#endif + return(FALSE); +} + + +static int ContainerParseConfig(const char *Config, char **HostName, char **Dir, char **Namespace, char **ChRoot, char **Envs) +{ + char *Tempstr=NULL, *Name=NULL, *Value=NULL; + const char *ptr; + int Flags=0; + + ptr=GetNameValuePair(Config,"\\S","=",&Name,&Value); + while (ptr) + { + if (strcasecmp(Name,"hostname")==0) *HostName=CopyStr(*HostName, Value); + else if (strcasecmp(Name,"dir")==0) *Dir=CopyStr(*Dir, Value); + else if (strcasecmp(Name,"nonet")==0) Flags |= PROC_CONTAINER_NET; + else if (strcasecmp(Name,"-net")==0) Flags |= PROC_CONTAINER_NET; + else if (strcasecmp(Name,"+net")==0) Flags &= ~PROC_CONTAINER_NET; + else if (strcasecmp(Name,"-pid")==0) Flags |= PROC_CONTAINER_PID; + else if (strcasecmp(Name,"nopid")==0) Flags |= PROC_CONTAINER_PID; + //else if (strcasecmp(Name,"jailsetup")==0) SetupScript=CopyStr(SetupScript, Value); + else if ( + (strcasecmp(Name,"ns")==0) || + (strcasecmp(Name,"namespace")==0) + ) + { + *Namespace=CopyStr(*Namespace, Value); + Flags |= PROC_CONTAINER_FS; + } + else if (strcasecmp(Name,"container")==0) + { + if (StrValid(Value)) *ChRoot=CopyStr(*ChRoot, Value); + Flags |= PROC_CONTAINER_FS; + } + else if (strcasecmp(Name,"container-net")==0) + { + if (StrValid(Value)) *ChRoot=CopyStr(*ChRoot, Value); + Flags |= PROC_CONTAINER_FS | PROC_CONTAINER_NET; + } + else if (strcasecmp(Name,"isocube")==0) + { + if (StrValid(Value)) *ChRoot=CopyStr(*ChRoot, Value); + Flags |= PROC_ISOCUBE | PROC_CONTAINER_FS; + } + else if (strcasecmp(Name,"setenv")==0) + { + Tempstr=QuoteCharsInStr(Tempstr, Value, ","); + *Envs=MCatStr(*Envs, Tempstr, ",",NULL); + } + + ptr=GetNameValuePair(ptr,"\\S","=",&Name,&Value); + } + + Destroy(Tempstr); + Destroy(Name); + Destroy(Value); + + return(Flags); +} + + +int ContainerApplyConfig(const char *Config) +{ + char *HostName=NULL, *SetupScript=NULL, *Namespace=NULL, *Envs=NULL; + char *Dir=NULL, *ChRoot=NULL; + char *Name=NULL, *Value=NULL; + char *Tempstr=NULL; + const char *ptr; + int Flags=0; + int result=TRUE; + pid_t child; + + + Flags=ContainerParseConfig(Config, &HostName, &Dir, &Namespace, &ChRoot, &Envs); + + if (Flags) + { + if (Flags & PROC_CONTAINER_FS) + { + if (! StrValid(ChRoot)) + { + ChRoot=CopyStr(ChRoot, Dir); + Dir=CopyStr(Dir,""); + } + ContainerFilesys(Config, ChRoot, Flags); + + //we do not call CredsStoreOnFork here becausee it's assumed that we want to take the creds store with us, as + //these forks are in order to change aspects of our program, rather than spawn a new process + + if (StrValid(SetupScript)) + { + if (system(SetupScript) < 1) RaiseError(ERRFLAG_ERRNO, "ContainerApplyConfig", "failed to exec %s", SetupScript); + } + } + + + if (Flags & PROC_CONTAINER_PID) ContainerUnsharePID(Flags, Namespace, Dir); + if (StrValid(HostName)) ContainerSetHostname(Namespace, HostName); + + //ContainerNamespace(Namespace, HostName, Flags); + + + ContainerSetEnvs(Envs); + + if (Flags & PROC_CONTAINER_FS) + { + if (chroot(".") == -1) + { + RaiseError(ERRFLAG_ERRNO, "ContainerApplyConfig", "failed to chroot to curr directory"); + result=FALSE; + } + } + + if (result) + { + LibUsefulSetupAtExit(); + LibUsefulFlags |= LU_CONTAINER; + + if (StrValid(Dir)) + { + if (chdir(Dir) !=0) RaiseError(ERRFLAG_ERRNO, "ContainerApplyConfig", "failed to chdir to %s", Dir); + } + } + } + + Destroy(Tempstr); + Destroy(SetupScript); + Destroy(HostName); + Destroy(Namespace); + Destroy(Name); + Destroy(Value); + Destroy(ChRoot); + Destroy(Dir); + + return(result); +} + diff --git a/libUseful-5/Container.h b/libUseful-5/Container.h new file mode 100644 index 0000000..396c8e9 --- /dev/null +++ b/libUseful-5/Container.h @@ -0,0 +1,23 @@ +/* +Copyright (c) 2015 Colum Paget +* SPDX-License-Identifier: GPL-3.0 +*/ + + +#ifndef LIBUSEFUL_CONTAINER_H +#define LIBUSEFUL_CONTAINER_H + +#define _GNU_SOURCE +#include +#include + +//this module relates to namespaces/containers. Much of this is pretty linux specific, and would be called +//via 'ProcessApplyConfig' rather than calling this function directly. + +int ContainerApplyConfig(const char *Config); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libUseful-5/ContentType.h b/libUseful-5/ContentType.h index 6ace476..40835c1 100644 --- a/libUseful-5/ContentType.h +++ b/libUseful-5/ContentType.h @@ -3,8 +3,8 @@ Copyright (c) 2015 Colum Paget * SPDX-License-Identifier: GPL-3.0 */ -#ifndef CONTENT_TYPE_H -#define CONTENT_TYPE_H +#ifndef LIBUSEFUL_CONTENT_TYPE_H +#define LIBUSEFUL_CONTENT_TYPE_H #include "includes.h" diff --git a/libUseful-5/DataParser.c b/libUseful-5/DataParser.c index 072cc27..c4ba272 100644 --- a/libUseful-5/DataParser.c +++ b/libUseful-5/DataParser.c @@ -538,6 +538,12 @@ static const char *ParserRSSItems(int ParserType, const char *Doc, ListNode *Par while (isspace(*ptr)) ptr++; break; + + //we must be careful with PrevToken here. If the tag starts with '/', then it's a close tag, and PrevToken will contain all + //the data enclosed by the tag. But anything else is a starting tag, and in that case we don't want to carry PrevToken forwards + //as it will result in crap (most probably whitespace and linefeed in indented RSS XML) stuck on the front of the data. + //Thus we have to clear out PrevToken in each of our matches, except the '/' match + //unfortunately we can't just clear PrevToken out ad the end of a tag, because of the 0) - { - Destroy(PrevToken); - Destroy(Token); - return(p_prev); - } + if (IndentLevel > 0) + { + Destroy(PrevToken); + Destroy(Token); + return(p_prev); + } if (! StrValid(PrevToken)) { @@ -1154,7 +1169,6 @@ char *ParserExportYAML(char *RetStr, int Type, int Indent, ListNode *Item) char *ParserExportCMON(char *RetStr, int Type, int Indent, ListNode *Item) { char *Token=NULL; - const char *ptr; if (Indent > 0) RetStr=PadStr(RetStr, ' ', Indent); switch (Item->ItemType) diff --git a/libUseful-5/DataParser.h b/libUseful-5/DataParser.h index a4a95ab..85cff28 100644 --- a/libUseful-5/DataParser.h +++ b/libUseful-5/DataParser.h @@ -1,5 +1,5 @@ /* -Copyright (c) 2015 Colum Paget +* Copyright (c) 2015 Colum Paget * SPDX-License-Identifier: GPL-3.0 */ diff --git a/libUseful-5/DataProcessing.c b/libUseful-5/DataProcessing.c index a1b57b0..21fd394 100644 --- a/libUseful-5/DataProcessing.c +++ b/libUseful-5/DataProcessing.c @@ -3,29 +3,10 @@ #include "Compression.h" #include "FileSystem.h" #include "Hash.h" +#include "Entropy.h" #include "Stream.h" +#include "Encryption.h" -#ifdef HAVE_LIBSSL - -#include -#include -#include -#include -#include -#include - -typedef struct -{ - char *Key; - int KeyLen; - char *InputVector; - int InputVectorLen; - int BlockSize; - const EVP_CIPHER *Cipher; - EVP_CIPHER_CTX *enc_ctx; - EVP_CIPHER_CTX *dec_ctx; -} libCryptoProcessorData; -#endif @@ -98,7 +79,7 @@ void DataProcessorUpdateBuffer(char **Buffer, int *Used, int *Size, const char * } -int PipeCommandProcessorInit(TProcessingModule *ProcMod, const char *Args) +int PipeCommandProcessorInit(TProcessingModule *ProcMod, const char *Args, unsigned char **Header, int *HeadLen) { int result=FALSE; char *Tempstr=NULL; @@ -114,30 +95,19 @@ int PipeCommandProcessorInit(TProcessingModule *ProcMod, const char *Args) ptr=GetNameValuePair(ptr,"\\S","=",&Name,&Value); } - if (! StrValid(Tempstr) ) - { - DestroyString(Name); - DestroyString(Value); - DestroyString(Tempstr); - return(FALSE); - } - - GetToken(Tempstr,"\\S",&Name,0); - Value=FindFileInPath(Value,Name,getenv("PATH")); - - if (! StrValid(Value) ) + if (StrValid(Tempstr) ) { - DestroyString(Name); - DestroyString(Value); - DestroyString(Tempstr); - return(FALSE); - } - + GetToken(Tempstr,"\\S",&Name,0); + Value=FindFileInPath(Value,Name,getenv("PATH")); //by pipe - S=STREAMSpawnCommand(Value, ""); - ProcMod->Data=(void *) S; - result=TRUE; + if (StrValid(Value) ) + { + S=STREAMSpawnCommand(Value, ""); + ProcMod->Data=(void *) S; + result=TRUE; + } + } DestroyString(Name); DestroyString(Value); @@ -178,462 +148,15 @@ int PipeCommandProcessorClose(TProcessingModule *ProcMod) -void InitialiseEncryptionComponents(const char *Args, char **Cipher, char **InputVector, int *IVLen, char **Key, int *KeyLen, int *Flags) -{ - char *TmpKey=NULL, *Tempstr=NULL; - int klen=0, slen=0; - char *Name=NULL, *Value=NULL, *Salt=NULL; - const char *ptr; - - *IVLen=0; - ptr=GetNameValuePair(Args,"\\S","=",&Name,&Value); - while (ptr) - { - if (StrValid(Name)) - { - if (strcasecmp(Name,"Cipher")==0) - { - *Cipher=CopyStr(*Cipher,Value); - } - - - if (strcasecmp(Name,"Key")==0) - { - TmpKey=CopyStr(TmpKey,Value); - klen=StrLen(TmpKey); - } - - if (strcasecmp(Name,"Salt")==0) - { - Salt=CopyStr(Salt,Value); - slen=StrLen(Salt); - } - - - - if ( - (strcasecmp(Name,"iv")==0) || - (strcasecmp(Name,"InputVector")==0) - ) - { - *InputVector=CopyStr(*InputVector,Value); - *IVLen=StrLen(*InputVector); - } - - if (strcasecmp(Name,"HexKey")==0) - { - klen=DecodeBytes(&TmpKey, Value, ENCODE_HEX); - } - - if ( - (strcasecmp(Name,"HexIV")==0) || - (strcasecmp(Name,"HexInputVector")==0) - ) - - { - *IVLen=DecodeBytes(InputVector, Value, ENCODE_HEX); - } - - if (strcasecmp(Name,"PadBlock")==0) - { - if (strcasecmp(Value,"N")==0) *Flags |= DPM_NOPAD_DATA; - } - - } - - ptr=GetNameValuePair(ptr,"\\S","=",&Name,&Value); - } - - - Tempstr=SetStrLen(Tempstr,klen+slen); - memcpy(Tempstr,Salt,slen); - memcpy(Tempstr+slen,TmpKey,klen); - - *KeyLen=HashBytes(Key,"md5",Tempstr,slen+klen,0); - - - DestroyString(Name); - DestroyString(Value); - DestroyString(Tempstr); - DestroyString(TmpKey); - DestroyString(Salt); -} - - - -#ifdef HAVE_LIBCRYPTO - -typedef enum {CI_BLOWFISH, CI_RC2, CI_RC4, CI_RC5, CI_DES, CI_DESX, CI_CAST,CI_IDEA,CI_AES, CI_AES_256} LIBUSEFUL_CRYPT_CIPHERS; - -int libCryptoCipherAvailable(int CipherNum) -{ - switch(CipherNum) - { - case CI_BLOWFISH: -#ifdef HAVE_EVP_BF_CBC - return(TRUE); -#endif - break; - - case CI_RC2: -#ifdef HAVE_EVP_RC2_CBC - return(TRUE); -#endif - break; - - case CI_RC4: -#ifdef HAVE_EVP_RC4_CBC - return(TRUE); -#endif - break; - - case CI_RC5: -#ifdef HAVE_EVP_RC5_CBC - return(TRUE); -#endif - break; - - case CI_DES: -#ifdef HAVE_EVP_DES_CBC - return(TRUE); -#endif - break; - - case CI_DESX: -#ifdef HAVE_EVP_DESX_CBC - return(TRUE); -#endif - break; - - case CI_CAST: -#ifdef HAVE_EVP_CAST5_CBC - return(TRUE); -#endif - break; - - case CI_IDEA: -#ifdef HAVE_EVP_IDEA_CBC - return(TRUE); -#endif - break; - - case CI_AES: -#ifdef HAVE_EVP_AES_129_CBC - return(TRUE); -#endif - break; - - case CI_AES_256: -#ifdef HAVE_EVP_AES_256_CBC - return(TRUE); -#endif - break; - } - return(FALSE); -} - - -int libCryptoProcessorInit(TProcessingModule *ProcMod, const char *Args) -{ - int result=FALSE; - -#ifdef HAVE_LIBSSL - libCryptoProcessorData *Data; - EVP_CIPHER_CTX *ctx; - const char *CipherList[]= {"blowfish","rc2","rc4","rc5","des","desx","cast","idea","aes","aes-256",NULL}; - int val; - char *Tempstr=NULL; - - val=MatchTokenFromList(ProcMod->Name,CipherList,0); - if (val==-1) return(FALSE); - if (! libCryptoCipherAvailable(val)) return(FALSE); - Data=(libCryptoProcessorData *) calloc(1,sizeof(libCryptoProcessorData)); - -//Tempstr here holds the cipher name - InitialiseEncryptionComponents(Args, &Tempstr, &Data->InputVector, &Data->InputVectorLen, & Data->Key, &Data->KeyLen,&ProcMod->Flags); - - if (! StrValid(ProcMod->Name)) ProcMod->Name=CopyStr(ProcMod->Name,Tempstr); - - switch(val) - { - /* - case CI_NONE: - Data->Cipher=EVP_enc_null(); - break; - */ - - case CI_BLOWFISH: -#ifdef HAVE_EVP_BF_CBC - Data->Cipher=EVP_bf_cbc(); -#endif - break; - - case CI_RC2: -#ifdef HAVE_EVP_RC2_CBC - Data->Cipher=EVP_rc2_cbc(); -#endif - break; - - case CI_RC4: -#ifdef HAVE_EVP_RC4_CBC - Data->Cipher=EVP_rc4(); -#endif - break; - - case CI_RC5: -#ifdef HAVE_EVP_RC5_32_12_16_CBC - //Data->Cipher=EVP_rc5_32_12_16_cbc(); -#endif - break; - - case CI_DES: -#ifdef HAVE_EVP_DES_CBC - Data->Cipher=EVP_des_cbc(); -#endif - break; - - case CI_DESX: -#ifdef HAVE_EVP_DESX_CBC - Data->Cipher=EVP_desx_cbc(); -#endif - break; - - case CI_CAST: -#ifdef HAVE_EVP_CAST5_CBC - Data->Cipher=EVP_cast5_cbc(); -#endif - break; - - case CI_IDEA: -#ifdef HAVE_EVP_IDEA_CBC - Data->Cipher=EVP_idea_cbc(); -#endif - break; - - case CI_AES: -#ifdef HAVE_EVP_AES_128_CBC - Data->Cipher=EVP_aes_128_cbc(); -#endif - break; - - case CI_AES_256: -#ifdef HAVE_EVP_AES_256_CBC - Data->Cipher=EVP_aes_256_cbc(); -#endif - break; - } - - - if (Data->Cipher) - { - Data->enc_ctx=EVP_CIPHER_CTX_new(); - Data->dec_ctx=EVP_CIPHER_CTX_new(); - EVP_CIPHER_CTX_init(Data->enc_ctx); - EVP_CIPHER_CTX_init(Data->dec_ctx); - Data->BlockSize=EVP_CIPHER_block_size(Data->Cipher); - - EVP_EncryptInit_ex(Data->enc_ctx,Data->Cipher,NULL,Data->Key,Data->InputVector); - EVP_DecryptInit_ex(Data->dec_ctx,Data->Cipher,NULL,Data->Key,Data->InputVector); - - if (ProcMod->Flags & DPM_NOPAD_DATA) EVP_CIPHER_CTX_set_padding(Data->enc_ctx,FALSE); - - ProcMod->Data=Data; - result=TRUE; - - DataProcessorSetValue(ProcMod,"Cipher",Tempstr); - Tempstr=FormatStr(Tempstr,"%d",Data->BlockSize); - DataProcessorSetValue(ProcMod,"BlockSize",Tempstr); - } - - DestroyString(Tempstr); -#endif - return(result); -} - - -int libCryptoProcessorClose(TProcessingModule *ProcMod) -{ -#ifdef HAVE_LIBSSL - libCryptoProcessorData *Data; - EVP_CIPHER_CTX *ctx; - - Data=(libCryptoProcessorData *) ProcMod->Data; - if (Data) - { - EVP_CIPHER_CTX_cleanup(Data->enc_ctx); - EVP_CIPHER_CTX_cleanup(Data->dec_ctx); - - DestroyString(Data->Key); - DestroyString(Data->InputVector); - free(Data); - } - ProcMod->Data=NULL; -#endif - return(TRUE); -} - - - - - - - -int libCryptoProcessorWrite(TProcessingModule *ProcMod, const char *InData, unsigned long InLen, char **OutData, unsigned long *OutLen, int Flush) -{ - int wrote=0; - -#ifdef HAVE_LIBSSL - /* - int len, result=0, val; - libCryptoProcessorData *Data; - EVP_CIPHER_CTX *ctx; - char *ptr, *Tempstr=NULL; - - if (ProcMod->Flags & DPM_WRITE_FINAL) return(0); - ptr=OutData; - - Data=(libCryptoProcessorData *) ProcMod->Data; - ctx=Data->enc_ctx; - - ProcMod->Flags = ProcMod->Flags & ~DPM_WRITE_FINAL; - - if (ProcMod->Flags & DPM_NOPAD_DATA) - { - val=InLen % Data->BlockSize; - Tempstr=CopyStrLen(Tempstr,InData,InLen); - if (val !=0) - { - Tempstr=SetStrLen(Tempstr,InLen + (Data->BlockSize-val)); - memset(Tempstr+InLen,' ', (Data->BlockSize-val)); - val=InLen+(Data->BlockSize-val); - } - else val=InLen; - - result=EVP_EncryptUpdate(ctx, ptr, &len, Tempstr, val); - } - else - { - result=EVP_EncryptUpdate(ctx, ptr, &len, InData, InLen); - } - - - if (! result) wrote=0; - else wrote=len; - - DestroyString(Tempstr); - */ -#endif - return(wrote); -} - - - -int libCryptoProcessorFlush(TProcessingModule *ProcMod, const char *InData, unsigned long InLen, char *OutData, unsigned long OutLen) -{ - int wrote=0; - - /* - int result=0, len; - libCryptoProcessorData *Data; - - if (ProcMod->Flags & DPM_WRITE_FINAL) return(0); - Data=(libCryptoProcessorData *) ProcMod->Data; - - if (Data) - { - if (InLen > 0) - { - result=libCryptoProcessorWrite(ProcMod, InData, InLen, OutData, OutLen,TRUE); - if (result > 0) return(result); - } - - len=OutLen; - result=EVP_EncryptFinal_ex(Data->enc_ctx, OutData, &len); - ProcMod->Flags |= DPM_WRITE_FINAL; - } - if (! result) wrote=0; - else wrote=len; - - */ - - return(wrote); -} - - -int libCryptoProcessorRead(TProcessingModule *ProcMod, const char *InData, unsigned long InLen, char **OutData, unsigned long *OutLen, int Flush) -{ - int bytes_read=0; -#ifdef HAVE_LIBSSL - /* - int len, ivlen, result, val; - libCryptoProcessorData *Data; - EVP_CIPHER_CTX *ctx; - char *ptr; - - ptr=OutData; - - Data=(libCryptoProcessorData *) ProcMod->Data; - if (!Data) return(0); - - if (ProcMod->Flags & DPM_READ_FINAL) - { - if (InLen==0) return(0); - EVP_DecryptInit_ex(Data->dec_ctx,Data->Cipher,NULL,Data->Key,Data->InputVector); - - } - - ctx=Data->dec_ctx; - - if (InLen==0) - { - len=0; - result=EVP_DecryptFinal_ex(ctx, ptr, &len); - ProcMod->Flags |= DPM_READ_FINAL; //this so we don't try - //another read - - } - else - { - len=OutLen; - result=EVP_DecryptUpdate(ctx, ptr, &len, InData, InLen); - } - - if (! result) bytes_read=-1; - else bytes_read+=InLen; //should be 'len' but DecryptUpdate returns the - //number of bytes output, not the number consumed - */ - -#endif - return(bytes_read); -} - -#endif - - - - -TProcessingModule *StandardDataProcessorCreate(const char *Class, const char *Name, const char *iArgs) +TProcessingModule *StandardDataProcessorCreate(const char *Class, const char *Name, const char *iArgs, unsigned char **Header, int *HeadLen) { char *Args=NULL; TProcessingModule *Mod=NULL; Args=CopyStr(Args,iArgs); -#ifdef HAVE_LIBSSL -#ifdef HAVE_LIBCRYPTO - if (strcasecmp(Class,"crypto")==0) - { - Mod=(TProcessingModule *) calloc(1,sizeof(TProcessingModule)); - Mod->Args=CopyStr(Mod->Args,Args); - Mod->Name=CopyStr(Mod->Name,Name); - Mod->Init=libCryptoProcessorInit; - Mod->Write=libCryptoProcessorWrite; - Mod->Read=libCryptoProcessorRead; - Mod->Close=libCryptoProcessorClose; - } -#endif -#endif + if (strcasecmp(Class,"crypto")==0) Mod=libCryptoProcessorCreate(); if (strcasecmp(Class,"compress")==0) @@ -731,7 +254,7 @@ TProcessingModule *StandardDataProcessorCreate(const char *Class, const char *Na - if (Mod && Mod->Init && Mod->Init(Mod, Args)) return(Mod); + if (Mod && Mod->Init && Mod->Init(Mod, Args, Header, HeadLen)) return(Mod); DestroyString(Args); @@ -743,7 +266,7 @@ TProcessingModule *StandardDataProcessorCreate(const char *Class, const char *Na -int STREAMAddDataProcessor(STREAM *S, TProcessingModule *Mod, const char *Args) +int STREAMAddDataProcessor(STREAM *S, TProcessingModule *Mod) { ListNode *Curr; char *Tempstr=NULL; @@ -811,7 +334,7 @@ int DataProcessorAvailable(const char *Class, const char *Name) int result=FALSE; TProcessingModule *Mod; - Mod=StandardDataProcessorCreate(Class,Name,""); + Mod=StandardDataProcessorCreate(Class,Name,"",NULL,NULL); if (Mod) result=TRUE; DataProcessorDestroy(Mod); @@ -819,19 +342,53 @@ int DataProcessorAvailable(const char *Class, const char *Name) } -int STREAMAddStandardDataProcessor(STREAM *S, const char *Class, const char *Name, const char *Args) +int STREAMAddStandardDataProcessor(STREAM *S, const char *Class, const char *Name, const char *iArgs) { TProcessingModule *Mod=NULL; + char *Args=NULL, *Tempstr=NULL; + unsigned char *Header=NULL; + int HeadLen=0, RetVal=FALSE, ReadOffset=0; - Mod=StandardDataProcessorCreate(Class,Name,Args); + Args=CopyStr(Args, iArgs); + if ( (S->Flags & SF_RDONLY) && (strcasecmp(Class, "crypto")==0) ) + { + if (S->Flags & SF_WRONLY) + { + RaiseError(0, "STREAMAddStandardDataProcessor", "attempt to use encryption on a read+write file, only read or write is supported"); + Destroy(Args); + return(FALSE); + } + + Header=SetStrLen(Header, 16); + STREAMReadBytes(S, Header, 16); + if (strncmp(Header, "Salted__", 8)==0) + { + Tempstr=EncodeBytes(Tempstr, Header+8, 8, ENCODE_HEX); + Args=MCatStr(Args, " encrypt_hexsalt=", Tempstr, NULL); + ReadOffset=16; + } + + STREAMSeek(S, ReadOffset, SEEK_SET); + } + + Mod=StandardDataProcessorCreate(Class,Name,Args,&Header,&HeadLen); if (Mod) { - STREAMAddDataProcessor(S, Mod, Args); - if (Mod->Flags & DPM_COMPRESS) S->State |= SS_COMPRESSED; - return(TRUE); + if ( (S->Flags & SF_WRONLY) && (HeadLen > 0) ) + { + STREAMWriteBytes(S, Header, HeadLen); + STREAMFlush(S); + } + STREAMAddDataProcessor(S, Mod); + if (Mod->Flags & DPM_COMPRESS) S->State |= LU_SS_COMPRESSED; + RetVal=TRUE; } - return(FALSE); + Destroy(Tempstr); + Destroy(Header); + Destroy(Args); + + return(RetVal); } @@ -853,7 +410,7 @@ int STREAMAddProgressCallback(STREAM *S, DATA_PROGRESS_CALLBACK Callback) Mod->Flags |= DPM_PROGRESS; Mod->Data=Callback; Mod->Read=ProgressProcessorRead; - STREAMAddDataProcessor(S, Mod, NULL); + STREAMAddDataProcessor(S, Mod); return(TRUE); } diff --git a/libUseful-5/DataProcessing.h b/libUseful-5/DataProcessing.h index 3a85853..8a5a6a5 100644 --- a/libUseful-5/DataProcessing.h +++ b/libUseful-5/DataProcessing.h @@ -1,5 +1,5 @@ /* -Copyright (c) 2015 Colum Paget +* Copyright (c) 2015 Colum Paget * SPDX-License-Identifier: GPL-3.0 */ @@ -45,7 +45,7 @@ extern "C" { typedef struct t_dpmod TProcessingModule; -typedef int (*DATA_PROCESS_INIT_FUNC)(TProcessingModule *Mod, const char *Args); +typedef int (*DATA_PROCESS_INIT_FUNC)(TProcessingModule *Mod, const char *Args, unsigned char **Header, int *HeadLen); typedef int (*DATA_PROCESS_RW_FUNC)(TProcessingModule *Mod, const char *Data, unsigned long InLen, char **OutBuff, unsigned long *OutBuffLen, int Flush); typedef int (*DATA_PROCESS_CLOSE_FUNC)(TProcessingModule *Mod); typedef void (*DATA_PROGRESS_CALLBACK)(const char *Path, int bytes, int total); @@ -74,7 +74,7 @@ struct t_dpmod }; -TProcessingModule *StandardDataProcessorCreate(const char *Class, const char *Name, const char *Arg); +TProcessingModule *StandardDataProcessorCreate(const char *Class, const char *Name, const char *Arg, unsigned char **Header, int *HeadLen); int DataProcessorInit(TProcessingModule *ProcMod, const char *Key, const char *InputVector); void DataProcessorDestroy(void *ProcMod); char *DataProcessorGetValue(TProcessingModule *M, const char *Name); @@ -85,7 +85,7 @@ int DataProcessorAvailable(const char *Class, const char *Name); int STREAMAddStandardDataProcessor(STREAM *S, const char *Class, const char *Name, const char *Args); int STREAMAddProgressCallback(STREAM *S, DATA_PROGRESS_CALLBACK CallBack); void STREAMClearDataProcessors(STREAM *S); -int STREAMAddDataProcessor(STREAM *S, TProcessingModule *Mod, const char *Args); +int STREAMAddDataProcessor(STREAM *S, TProcessingModule *Mod); int STREAMReBuildDataProcessors(STREAM *S); int STREAMDeleteDataProcessor(STREAM *S, char *Class, char *Name); diff --git a/libUseful-5/Encodings.c b/libUseful-5/Encodings.c index 2ba5662..aa10de7 100644 --- a/libUseful-5/Encodings.c +++ b/libUseful-5/Encodings.c @@ -5,6 +5,109 @@ +char *EncodeQuoted(char *Return, const char *Input, int len, char QuoteChar) +{ + const char *ptr; + char Hex[4]; + + for (ptr=Input; ptr < (Input + len); ptr++) + { + if ( (*ptr < 32) || (*ptr > 127) || (*ptr == '=') ) + { + snprintf(Hex, 3, "%02x", (*ptr) & 0xFF); + Return=MCatStr(Return, "=", Hex, NULL); + } + else Return=AddCharToStr(Return, *ptr); + } + + return(Return); +} + + +int DecodeQuoted(char **Return, const char *Text, char QuoteChar) +{ + const char *ptr; + char Hex[3]; + int len=0; + + for (ptr=Text; *ptr != '\0'; ptr++) + { + if (*ptr==QuoteChar) + { + ptr++; + if (*ptr=='\0') break; + else if (*ptr =='\r') ptr++; + + if (*ptr=='\0') break; + else if (*ptr !='\n') + { + strncpy(Hex, ptr, 2); + *Return=AddCharToBuffer(*Return, len, strtol(Hex, NULL, 16)); + len++; + ptr++; + if (*ptr=='\0') break; + } + } + else + { + *Return=AddCharToBuffer(*Return, len, *ptr); + len++; + } + } + + return(len); +} + + + +char *EncodeYenc(char *Return, const char *Input, int len, char QuoteChar) +{ + const char *ptr; + char echar; + + for (ptr=Input; ptr < (Input + len); ptr++) + { + //shift the character up some bytes, because the null byte is a common occurance + //in binary files, and we don't want to escape it, increasing the size of the + //file. We'll escape some less common byte in it's place + echar = (*ptr + 42) % 256; //of course it's 42 + if ( (echar==0) || (echar=='\r') || (echar=='\n') || (echar==QuoteChar)) + { + Return=AddCharToStr(Return, QuoteChar); + Return=AddCharToStr(Return, (echar + 62) % 256); + } + else Return=AddCharToStr(Return, echar); + } + + return(Return); +} + + +int DecodeYenc(char **Return, const char *Text, char QuoteChar) +{ + const char *ptr; + int len=0, echar; + + for (ptr=Text; *ptr != '\0'; ptr++) + { + if (*ptr==QuoteChar) + { + ptr++; + if (*ptr=='\0') break; + echar=*ptr - 62; + } + else echar=*ptr; + + *Return=AddCharToBuffer(*Return, len, echar - 42); + len++; + } + + return(len); +} + + + + //mostly a helper function for environments where integer constants are not convinient int EncodingParse(const char *Str) { @@ -68,6 +171,13 @@ int EncodingParse(const char *Str) else if (strcasecmp(Str,"hbase32")==0) Encode=ENCODE_HBASE32; break; + case 'm': + case 'M': + if (strcasecmp(Str,"mime")==0) Encode=ENCODE_QUOTED_MIME; + else if (strcasecmp(Str,"mime")==0) Encode=ENCODE_QUOTED_MIME; + break; + + case 'o': case 'O': if (strcasecmp(Str,"oct")==0) Encode=ENCODE_OCTAL; @@ -89,14 +199,16 @@ int EncodingParse(const char *Str) case 'q': case 'Q': if (CompareStr(Str,"quoted-printable")==0) Encode=ENCODE_QUOTED_MIME; - if (CompareStr(Str,"quoted-http")==0) Encode=ENCODE_QUOTED_HTTP; + else if (CompareStr(Str,"quoted")==0) Encode=ENCODE_QUOTED_MIME; + else if (CompareStr(Str,"quoted-http")==0) Encode=ENCODE_QUOTED_HTTP; break; case 'r': case 'R': if (CompareStr(Str,"r64")==0) Encode=ENCODE_RBASE64; - if (CompareStr(Str,"rfc4648")==0) Encode=ENCODE_RBASE64; + else if (CompareStr(Str,"rbase64")==0) Encode=ENCODE_RBASE64; + else if (CompareStr(Str,"rfc4648")==0) Encode=ENCODE_RBASE64; break; case 'u': @@ -119,6 +231,12 @@ int EncodingParse(const char *Str) else if (strcasecmp(Str,"xxenc")==0) Encode=ENCODE_XXENC; break; + case 'y': + case 'Y': + if (strcasecmp(Str,"yenc")==0) Encode=ENCODE_YENCODE; + else if (strcasecmp(Str,"yencode")==0) Encode=ENCODE_YENCODE; + break; + case 'z': case 'Z': if (strcasecmp(Str,"z85")==0) Encode=ENCODE_Z85; @@ -190,6 +308,14 @@ char *EncodeBytes(char *Buffer, const char *Bytes, int len, int Encoding) RetStr=CopyStr(Buffer,""); switch (Encoding) { + case ENCODE_QUOTED_MIME: + RetStr=EncodeQuoted(RetStr, Bytes, len, '='); + break; + + case ENCODE_YENCODE: + RetStr=EncodeYenc(RetStr, Bytes, len, '='); + break; + case ENCODE_BASE32: RetStr=base32encode(RetStr, Bytes, len, BASE32_RFC4648_CHARS, '='); break; @@ -242,7 +368,9 @@ char *EncodeBytes(char *Buffer, const char *Bytes, int len, int Encoding) case ENCODE_UUENC: RetStr=SetStrLen(RetStr,len * 4); - Radix64frombits((unsigned char *) RetStr,(unsigned char *) Bytes,len,UUENC_CHARS,'\''); + Tempstr=CopyStr(Tempstr, Bytes); + strrep(Tempstr, ' ', '`'); + Radix64frombits((unsigned char *) RetStr,(unsigned char *) Bytes,len,UUENC_CHARS,'`'); break; case ENCODE_ASCII85: @@ -297,33 +425,7 @@ char *EncodeBytes(char *Buffer, const char *Bytes, int len, int Encoding) return(RetStr); } -int DecodeQuoted(char **Return, const char *Text, char QuoteChar) -{ - const char *ptr; - char Hex[3]; - - for (ptr=Text; *ptr != '\0'; ptr++) - { - if (*ptr==QuoteChar) - { - ptr++; - if (*ptr=='\0') break; - else if (*ptr =='\r') ptr++; - if (*ptr=='\0') break; - else if (*ptr !='\n') - { - strncpy(Hex, ptr, 2); - ptr++; - if (*ptr=='\0') break; - *Return=AddCharToStr(*Return, strtol(Hex, NULL, 16)); - } - } - else *Return=AddCharToStr(*Return, *ptr); - } - - return(StrLen(*Return)); -} int DecodeBytes(char **Return, const char *Text, int Encoding) @@ -342,29 +444,33 @@ int DecodeBytes(char **Return, const char *Text, int Encoding) len=DecodeQuoted(Return,Text,'='); break; + case ENCODE_YENCODE: + len=DecodeYenc(Return,Text,'='); + break; + case ENCODE_QUOTED_HTTP: *Return=HTTPUnQuote(*Return, Text); len=StrLen(*Return); break; case ENCODE_BASE32: - len=base32decode(*Return, Text, BASE32_RFC4648_CHARS); + len=base32decode((unsigned char *) *Return, Text, BASE32_RFC4648_CHARS); break; case ENCODE_CBASE32: - len=base32decode(*Return, Text, BASE32_CROCKFORD_CHARS); + len=base32decode((unsigned char *) *Return, Text, BASE32_CROCKFORD_CHARS); break; case ENCODE_HBASE32: - len=base32decode(*Return, Text, BASE32_HEX_CHARS); + len=base32decode((unsigned char *) *Return, Text, BASE32_HEX_CHARS); break; case ENCODE_WBASE32: - len=base32decode(*Return, Text, BASE32_WORDSAFE_CHARS); + len=base32decode((unsigned char *) *Return, Text, BASE32_WORDSAFE_CHARS); break; case ENCODE_ZBASE32: - len=base32decode(*Return, Text, BASE32_ZBASE32_CHARS); + len=base32decode((unsigned char *) *Return, Text, BASE32_ZBASE32_CHARS); break; case ENCODE_BASE64: @@ -379,6 +485,10 @@ int DecodeBytes(char **Return, const char *Text, int Encoding) len=Radix64tobits(*Return,Text,PBASE64_CHARS,'\0'); break; + case ENCODE_RBASE64: + len=Radix64tobits(*Return,Text,RBASE64_CHARS,'\0'); + break; + case ENCODE_CRYPT: len=Radix64tobits(*Return,Text,CRYPT_CHARS,'\0'); break; @@ -388,7 +498,7 @@ int DecodeBytes(char **Return, const char *Text, int Encoding) break; case ENCODE_UUENC: - len=Radix64tobits(*Return,Text,UUENC_CHARS,'\''); + len=Radix64tobits(*Return,Text,UUENC_CHARS,'\0'); break; case ENCODE_ASCII85: diff --git a/libUseful-5/Encodings.h b/libUseful-5/Encodings.h index 2d770f2..94e5cb9 100644 --- a/libUseful-5/Encodings.h +++ b/libUseful-5/Encodings.h @@ -12,7 +12,11 @@ Copyright (c) 2015 Colum Paget These functions encode and decode between different encodings. 'EncodingParse' is not important to C programmers, it's used when binding to languages that have poor -support for bit flags, and converts and encoding name to one of the #defined balues below. +support for bit flags, and converts and encoding name to one of the #defined values below. + +None of these encodings do things like add headers (as in uuencode and yencode) or splitting the output +into lines, they simply do the core encoding as one giant encoded string. + Please note that ASCII85 and Z85 are currently ENCODE ONLY. All other encodings can be used in either encode or decode. @@ -57,13 +61,14 @@ If you *KNOW* that your output of DecodeBytes is going to be null-terminated tex 'DecodeToText' which works exactly like EncodeBytes */ -#define ENCODE_NONE 0 +#define ENCODE_NONE 0 #define ENCODE_QUOTED_MIME 1 #define ENCODE_QUOTED_HTTP 2 -#define ENCODE_OCTAL 8 -#define ENCODE_DECIMAL 10 -#define ENCODE_HEX 16 -#define ENCODE_HEXUPPER 17 +#define ENCODE_YENCODE 3 +#define ENCODE_OCTAL 8 +#define ENCODE_DECIMAL 10 +#define ENCODE_HEX 16 +#define ENCODE_HEXUPPER 17 #define ENCODE_BASE32 32 //rfc4648 base 32 #define ENCODE_CBASE32 33 //crockford base32 #define ENCODE_HBASE32 34 //'extended hex' base32 @@ -89,7 +94,7 @@ If you *KNOW* that your output of DecodeBytes is going to be null-terminated tex #define IBASE64_CHARS "AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz0123456789+/" #define PBASE64_CHARS "0123456789-ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz" #define CRYPT_CHARS "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" -#define UUENC_CHARS " !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_" +#define UUENC_CHARS "`!\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_" #define XXENC_CHARS "+-0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" #define ASCII85_CHARS "!\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstu" #define Z85_CHARS "01234567899abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.-:+=^!/*?&<>()[]{}@%$#." diff --git a/libUseful-5/Encryption.c b/libUseful-5/Encryption.c new file mode 100644 index 0000000..ad731f7 --- /dev/null +++ b/libUseful-5/Encryption.c @@ -0,0 +1,424 @@ +#include "Encryption.h" +#include "Encodings.h" +#include "Entropy.h" + +//require both these libraries, as we shouldn't find libcrypto without libssl +#ifdef HAVE_LIBSSL +#ifdef HAVE_LIBCRYPTO + +#include +#include +#include +#include +#include +#include + +typedef struct +{ + char *Password; + int PasswordLen; + char *Key; + int KeyLen; + char *Salt; + int SaltLen; + char *InputVector; + int InputVectorLen; + int BlockSize; + int KeyStretchIter; + char *CipherName; + EVP_CIPHER *Cipher; + EVP_CIPHER_CTX *enc_ctx; + EVP_CIPHER_CTX *dec_ctx; +} libCryptoProcessorData; + + + +void libCryptoDataDestroy(libCryptoProcessorData *Data) +{ + Destroy(Data->Password); + Destroy(Data->Key); + Destroy(Data->Salt); + Destroy(Data->InputVector); + Destroy(Data->CipherName); + +//if we have the EVP_CIPHER_FETCH function, then the cipher object +//will have been allocated, and needs to be freed. But if we don't have +//this function, then maybe the we don't have EVP_CIPHER_free either, and +//we certainly don't want to free the cipher object returned by getbyname, +//because it will be shared object +#ifdef HAVE_EVP_CIPHER_FETCH + if (Data->Cipher) EVP_CIPHER_free(Data->Cipher); +#endif + + if (Data->enc_ctx) EVP_CIPHER_CTX_free(Data->enc_ctx); + if (Data->dec_ctx) EVP_CIPHER_CTX_free(Data->dec_ctx); + free(Data); +} + + +//generate openssl-compatible key and iv from salt and password +static int OpenSSLGenIVKey(EVP_CIPHER *Cipher, const char *Pass, int PassLen, const char *Salt, int SaltLen, int Iter, char **IV, int *IVLen, char **Key, int *KeyLen) +{ + char *PKOutput=NULL; + int OutLen; + + *KeyLen=0; + *IVLen=0; + if (PassLen==0) return(FALSE); + + *KeyLen = EVP_CIPHER_key_length(Cipher); + *IVLen = EVP_CIPHER_iv_length(Cipher); + OutLen=*KeyLen + *IVLen; + + PKOutput=SetStrLen(PKOutput, OutLen); + PKCS5_PBKDF2_HMAC(Pass, PassLen, Salt, SaltLen, Iter, EVP_sha256(), OutLen, PKOutput); + + *Key=SetStrLen(*Key, *KeyLen); + memcpy(*Key, PKOutput, *KeyLen); + *IV=SetStrLen(*IV, *IVLen); + memcpy(*IV, PKOutput + *KeyLen, *IVLen); + + Destroy(PKOutput); + + return(TRUE); +} + + +static libCryptoProcessorData *InitialiseEncryptionComponents(const char *Args) +{ + char *Name=NULL, *Value=NULL; + const char *ptr; + libCryptoProcessorData *Data; + + Data=(libCryptoProcessorData *) calloc(1,sizeof(libCryptoProcessorData)); + Data->KeyStretchIter=10000; //openssl default iterations + Data->CipherName=CopyStr(Data->CipherName, "aes-256-cbc"); //default cipher + + ptr=GetNameValuePair(Args,"\\S","=",&Name,&Value); + while (ptr) + { + if (StrValid(Name)) + { + if (strcasecmp(Name,"encrypt")==0) + { + Data->Password=CopyStr(Data->Password, Value); + Data->PasswordLen=StrLen(Data->Password); + } + else if (strcasecmp(Name,"encrypt_key")==0) + { + Data->Key=CopyStr(Data->Key, Value); + Data->KeyLen=StrLen(Data->Key); + } + else if (strcasecmp(Name,"encrypt_salt")==0) + { + Data->Salt=CopyStr(Data->Salt, Value); + Data->SaltLen=StrLen(Data->Salt); + } + else if (strcasecmp(Name,"encrypt_iv")==0) + { + Data->InputVector=CopyStr(Data->InputVector, Value); + Data->InputVectorLen=StrLen(Data->InputVector); + } + else if (strcasecmp(Name,"encrypt_hexpassword")==0) + { + Data->PasswordLen=DecodeBytes(&(Data->Password), Value, ENCODE_HEX); + } + else if (strcasecmp(Name,"encrypt_hexkey")==0) + { + Data->KeyLen=DecodeBytes(&(Data->Key), Value, ENCODE_HEX); + } + else if (strcasecmp(Name,"encrypt_hexsalt")==0) + { + Data->SaltLen=DecodeBytes(&(Data->Salt), Value, ENCODE_HEX); + } + else if (strcasecmp(Name,"encrypt_hexiv")==0) + { + Data->InputVectorLen=DecodeBytes(&(Data->InputVector), Value, ENCODE_HEX); + } + else if (strcasecmp(Name,"encrypt_iter")==0) + { + Data->KeyStretchIter=atoi(Value); + } + else if (strcasecmp(Name,"PadBlock")==0) + { + // else if (strcasecmp(Value,"N")==0) *Flags |= DPM_NOPAD_DATA; + } + else if (strcasecmp(Name,"cipher")==0) Data->CipherName=CopyStr(Data->CipherName, Value); + else if (strcasecmp(Name,"encrypt_cipher")==0) Data->CipherName=CopyStr(Data->CipherName, Value); + + } + + ptr=GetNameValuePair(ptr,"\\S","=",&Name,&Value); + } + + if (Data->SaltLen == 0) + { + Data->Salt=SetStrLen(Data->Salt, 8); + GenerateRandomBytes(&Data->Salt, 8, 0); + Data->SaltLen=8; + } + + + DestroyString(Name); + DestroyString(Value); + + return(Data); +} + + + + + +static EVP_CIPHER *libCryptoGetCipher(const char *CipherList) +{ + EVP_CIPHER *cipher; + char *Token=NULL, *CipherName=NULL; + const char *ptr; + + ptr=GetToken(CipherList, ",", &Token, 0); + while (ptr) + { + if (strcasecmp(Token, "aes")==0) CipherName=CopyStr(CipherName, "AES-128-CBC"); + else if (strcasecmp(Token, "aes-128")==0) CipherName=CopyStr(CipherName, "AES-128-CBC"); + else if (strcasecmp(Token, "aes-256")==0) CipherName=CopyStr(CipherName, "AES-256-CBC"); + else if (strcasecmp(Token, "blowfish")==0) CipherName=CopyStr(CipherName, "BF-CBC"); + else if (strcasecmp(Token, "bf")==0) CipherName=CopyStr(CipherName, "BF-CBC"); + else if (strcasecmp(Token, "camellia")==0) CipherName=CopyStr(CipherName, "CAMELLIA-128-CBC"); + else if (strcasecmp(Token, "camellia-256")==0) CipherName=CopyStr(CipherName, "CAMELLIA-256-CBC"); + else if (strcasecmp(Token, "camellia-256")==0) CipherName=CopyStr(CipherName, "CAMELLIA-256-CBC"); + else if (strcasecmp(Token, "cast")==0) CipherName=CopyStr(CipherName, "CAST5-CBC"); + else if (strcasecmp(Token, "des")==0) CipherName=CopyStr(CipherName, "DES-CBC"); + else if (strcasecmp(Token, "desx")==0) CipherName=CopyStr(CipherName, "DESX-CBC"); + else if (strcasecmp(Token, "rc2")==0) CipherName=CopyStr(CipherName, "RC2-CBC"); + else CipherName=CopyStr(CipherName, Token); + +#ifdef HAVE_EVP_CIPHER_FETCH + cipher=EVP_CIPHER_fetch(NULL, CipherName, NULL); +#else + cipher=(EVP_CIPHER *) EVP_get_cipherbyname(CipherName); +#endif + + if (cipher != NULL) break; + ptr=GetToken(ptr, ",", &Token, 0); + } + + + Destroy(CipherName); + Destroy(Token); + + return(cipher); +} + + + + + +int libCryptoProcessorInit(TProcessingModule *ProcMod, const char *Args, unsigned char **Header, int *HeadLen) +{ + int result=FALSE; + + libCryptoProcessorData *Data; + EVP_CIPHER *cipher; + EVP_CIPHER_CTX *ctx; + int val; + char *Tempstr=NULL; + + Data=InitialiseEncryptionComponents(Args); + cipher=libCryptoGetCipher(Data->CipherName); + if (cipher) + { + OpenSSLGenIVKey(cipher, Data->Password, Data->PasswordLen, Data->Salt, Data->SaltLen, Data->KeyStretchIter, &Data->InputVector, &Data->InputVectorLen, &Data->Key, &Data->KeyLen); + + if (Data->KeyLen > 0) + { + Data->Cipher=cipher; + Data->enc_ctx=EVP_CIPHER_CTX_new(); + Data->dec_ctx=EVP_CIPHER_CTX_new(); + EVP_CIPHER_CTX_init(Data->enc_ctx); + EVP_CIPHER_CTX_init(Data->dec_ctx); + Data->BlockSize=EVP_CIPHER_block_size(Data->Cipher); + + Tempstr=EncodeBytes(Tempstr, Data->Key, Data->KeyLen, ENCODE_HEX); + Tempstr=EncodeBytes(Tempstr, Data->InputVector, Data->InputVectorLen, ENCODE_HEX); + + + EVP_EncryptInit_ex(Data->enc_ctx, Data->Cipher, NULL, (unsigned char *) Data->Key, (unsigned char *) Data->InputVector); + EVP_DecryptInit_ex(Data->dec_ctx, Data->Cipher, NULL, (unsigned char *) Data->Key, (unsigned char *) Data->InputVector); + + if (ProcMod->Flags & DPM_NOPAD_DATA) EVP_CIPHER_CTX_set_padding(Data->enc_ctx,FALSE); + + ProcMod->Data=Data; + result=TRUE; + + Tempstr=FormatStr(Tempstr,"%d",Data->BlockSize); + DataProcessorSetValue(ProcMod,"BlockSize",Tempstr); + + if (Header) + { + *Header=SetStrLen(*Header, 16); + memcpy(*Header, "Salted__", 8); + memcpy((*Header)+8, Data->Salt, 8); + *HeadLen=16; + } + } + else RaiseError(0, "libCryptoProcessorInit", "no key/password for encryption"); + } + else RaiseError(0, "libCryptoProcessorInit", "Cipher '%s' not available", Data->CipherName); + + if (! result) libCryptoDataDestroy(Data); + + DestroyString(Tempstr); + + return(result); +} + + + +int libCryptoProcessorWrite(TProcessingModule *ProcMod, const char *InData, unsigned long InLen, char **OutData, unsigned long *OutLen, int Flush) +{ + int RetVal=0; + + int len=0, result=0, val; + libCryptoProcessorData *Data; + EVP_CIPHER_CTX *ctx; + unsigned char *ptr, *Tempstr=NULL; + + if (ProcMod->Flags & DPM_WRITE_FINAL) return(0); + + Data=(libCryptoProcessorData *) ProcMod->Data; + ctx=Data->enc_ctx; + + ProcMod->Flags = ProcMod->Flags & ~DPM_WRITE_FINAL; + + if (InLen) + { + ptr=(unsigned char *) *OutData; + if (ProcMod->Flags & DPM_NOPAD_DATA) + { + val=InLen % Data->BlockSize; + Tempstr=CopyStrLen(Tempstr,InData,InLen); + if (val !=0) + { + Tempstr=SetStrLen(Tempstr,InLen + (Data->BlockSize-val)); + memset(Tempstr+InLen,' ', (Data->BlockSize-val)); + val=InLen+(Data->BlockSize-val); + } + else val=InLen; + + result=EVP_EncryptUpdate(ctx, ptr, &len, Tempstr, val); + if (! result) RetVal=STREAM_DATA_ERROR; + else RetVal=len; + } + else + { + result=EVP_EncryptUpdate(ctx, ptr, &len, InData, InLen); + if (! result) RetVal=STREAM_DATA_ERROR; + else RetVal=len; + } + } + + + if (Flush) + { + ptr=(unsigned char *) *OutData; + ptr+=len; + result=EVP_EncryptFinal_ex(ctx, ptr, &val); + len+=val; + if (len==0) RetVal=STREAM_CLOSED; + } + + *OutLen=len; + + DestroyString(Tempstr); + + return(RetVal); +} + + + + +int libCryptoProcessorRead(TProcessingModule *ProcMod, const char *InData, unsigned long InLen, char **OutData, unsigned long *OutLen, int Flush) +{ + int len=0; + int result; + libCryptoProcessorData *Data; + EVP_CIPHER_CTX *ctx; + char *ptr; + + ptr=*OutData; + + Data=(libCryptoProcessorData *) ProcMod->Data; + if (!Data) return(STREAM_CLOSED); + + if (ProcMod->Flags & DPM_READ_FINAL) + { + if (InLen==0) return(STREAM_CLOSED); + EVP_DecryptInit_ex(Data->dec_ctx,Data->Cipher,NULL,Data->Key,Data->InputVector); + + } + + ctx=Data->dec_ctx; + + if (InLen==0) + { + len=0; + result=EVP_DecryptFinal_ex(ctx, ptr, &len); + if (len==0) ProcMod->Flags |= DPM_READ_FINAL; //this so we don't try another read + } + else + { + len=*OutLen; + result=EVP_DecryptUpdate(ctx, ptr, &len, InData, InLen); + } + + + if (! result) len=STREAM_CLOSED; + + return(len); +} + + + +int libCryptoProcessorClose(TProcessingModule *ProcMod) +{ + libCryptoProcessorData *Data; + EVP_CIPHER_CTX *ctx; + + Data=(libCryptoProcessorData *) ProcMod->Data; + if (Data) + { + EVP_CIPHER_CTX_cleanup(Data->enc_ctx); + EVP_CIPHER_CTX_cleanup(Data->dec_ctx); + + DestroyString(Data->Key); + DestroyString(Data->InputVector); + free(Data); + } + ProcMod->Data=NULL; + return(TRUE); +} + +#endif +#endif + + +//all that will exist without libcrypto is this function, which will return NULL +TProcessingModule *libCryptoProcessorCreate() +{ + TProcessingModule *Mod=NULL; + + +#ifdef HAVE_LIBSSL +#ifdef HAVE_LIBCRYPTO + Mod=(TProcessingModule *) calloc(1, sizeof(TProcessingModule)); + Mod->Init=libCryptoProcessorInit; + Mod->Write=libCryptoProcessorWrite; + Mod->Read=libCryptoProcessorRead; + Mod->Close=libCryptoProcessorClose; +#endif +#else + RaiseError(0, "libCryptoProcessorCreate", "libSSL/libcrypto not compiled in"); +#endif + + return(Mod); +} diff --git a/libUseful-5/Encryption.h b/libUseful-5/Encryption.h new file mode 100644 index 0000000..97fa693 --- /dev/null +++ b/libUseful-5/Encryption.h @@ -0,0 +1,35 @@ +/* +Copyright (c) 2015 Colum Paget +* SPDX-License-Identifier: GPL-3.0 +*/ + + +/* +This module provides a data processor that uses openssl for encryption and decryption. +The resulting output is openssl compatible 'Salted__' format, with pbkdf2 interrated 10000 times +*/ + + +#ifndef LIBUSEFUL_ENCRYPTION_H +#define LIBUSEFUL_ENCRYPTION_H + + +#include "includes.h" + +#include "DataProcessing.h" + + +#ifdef __cplusplus +extern "C" { +#endif + +TProcessingModule *libCryptoProcessorCreate(); + + +#ifdef __cplusplus +} +#endif + + + +#endif diff --git a/libUseful-5/Errors.c b/libUseful-5/Errors.c index 5ba9f00..f5c3ad5 100644 --- a/libUseful-5/Errors.c +++ b/libUseful-5/Errors.c @@ -81,10 +81,10 @@ void InternalRaiseError(int flags, const char *where, const char *file, int line } //now consider if we want to syslog an error message. Pass ERRFLAG_NOTTY as it doesn't matter if stderr is not a - //tty for this case + //tty for this case. ERRFLAG_NOTTY is a setting here, not at test that uses '&' if (ErrorOutputWanted(flags | ERRFLAG_NOTTY)) { - if (LibUsefulGetBool("Error:Syslog")) syslog(LOG_ERR,"DEBUG: %s %s:%d %s. %s", where, file, line, Tempstr, ptr); + if ((flags & ERRFLAG_SYSLOG) || LibUsefulGetBool("Error:Syslog")) syslog(LOG_ERR,"DEBUG: %s %s:%d %s. %s", where, file, line, Tempstr, ptr); } //if this Error is just debugging, then never add it to the list of errors @@ -115,6 +115,15 @@ void InternalRaiseError(int flags, const char *where, const char *file, int line } + if (flags & ERRFLAG_ABORT) + { + abort(); + sleep(1); + syslog(LOG_CRIT,"Still running after attempted abort. possible shenanigans."); + _exit(1); + } + + DestroyString(Tempstr); } diff --git a/libUseful-5/Errors.h b/libUseful-5/Errors.h index 95864ac..63e12a9 100644 --- a/libUseful-5/Errors.h +++ b/libUseful-5/Errors.h @@ -9,11 +9,12 @@ Copyright (c) 2015 Colum Paget #include #include "List.h" -#define ERRFLAG_ERRNO 1 -#define ERRFLAG_DEBUG 2 -#define ERRFLAG_CLEAR 4 -#define ERRFLAG_NOTTY 8 - +#define ERRFLAG_ERRNO 1 +#define ERRFLAG_DEBUG 2 +#define ERRFLAG_CLEAR 4 +#define ERRFLAG_NOTTY 8 +#define ERRFLAG_SYSLOG 16 +#define ERRFLAG_ABORT 32 /* The libUseful error system builds a list of errors as the occur. This way, if multiple errors happen within @@ -53,6 +54,16 @@ Errors are injected into the list with RaiseError like this: ListUsefulSetValue("Error:notty","Y") + If the ERRFLAG_SYSLOG flag is passed, like this: + + RaiseError(ERRFLAG_ERRNO|ERRFLAG_SYSLOG, "ServiceConnect", "host=%s port=%d",Host, Port); + + Then the error will be logged to the system logger. Alternatively if the LibUseful value 'Error:Syslog' is set, like this: + + ListUsefulSetValue("Error:Syslog","Y") + + then all error and debug messages are sent to the system logger via syslog. + If the flag ERRFLAG_DEBUG is set then RaiseError won't print anything out by default. So this line: RaiseError(ERRFLAG_DEBUG, "ServiceConnect", "host=%s port=%d",Host, Port); @@ -69,7 +80,6 @@ Errors are injected into the list with RaiseError like this: If the libUseful internal value 'Error:Silent' is set true/yes/y with ListUsefulSetValue then RaiseError never prints errors to stderr, regardless of any other config. - If the value 'Error:Syslog' is set true/yes/y then error and debug messages are sent to the system logger via syslog */ @@ -89,6 +99,7 @@ extern "C" { #endif +//call 'RaiseError' to add an error into the error sytem #define RaiseError(flags, where, fmt, ...) InternalRaiseError(flags, where, __FILE__, __LINE__, fmt, ##__VA_ARGS__) //clears the list of errors diff --git a/libUseful-5/FileSystem.c b/libUseful-5/FileSystem.c index 4efd21c..82ff5f0 100644 --- a/libUseful-5/FileSystem.c +++ b/libUseful-5/FileSystem.c @@ -16,6 +16,9 @@ #include #endif +#ifdef USE_FSFLAGS +#include +#endif #ifndef HAVE_GET_CURR_DIR char *get_current_dir_name() @@ -133,17 +136,30 @@ int FileChangeExtension(const char *FilePath, const char *NewExt) int FileMoveToDir(const char *FilePath, const char *Dir) { char *Tempstr=NULL; - int result; + struct stat Stat; + int result, size; + int RetVal=FALSE; Tempstr=MCopyStr(Tempstr, Dir, "/", GetBasename(FilePath), NULL); MakeDirPath(Tempstr, 0700); - result=rename(FilePath,Tempstr); - if (result !=0) RaiseError(ERRFLAG_ERRNO, "FileMoveToDir", "cannot rename '%s' to '%s'",FilePath, Tempstr); + if (rename(FilePath,Tempstr) != 0) + { + RaiseError(ERRFLAG_DEBUG | ERRFLAG_ERRNO, "FileMoveToDir", "cannot rename '%s' to '%s', attempting copy",FilePath, Tempstr); + stat(FilePath, &Stat); + size=FileCopy(FilePath, Tempstr); + if (size==Stat.st_size) + { + unlink(FilePath); + RetVal=TRUE; + } + else RaiseError(ERRFLAG_ERRNO, "FileMoveToDir", "cannot rename nor copy '%s' to '%s'",FilePath, Tempstr); + } + else RetVal=TRUE; + DestroyString(Tempstr); - if (result==0) return(TRUE); - else return(FALSE); + return(RetVal); } @@ -183,7 +199,8 @@ int FindFilesInPath(const char *File, const char *Path, ListNode *Files) char *FindFileInPath(char *InBuff, const char *File, const char *Path) { - char *Tempstr=NULL, *CurrPath=NULL, *RetStr=NULL; + char *Tempstr=NULL, *CurrPath=NULL, *RetStr=NULL, *Link=NULL; + struct stat Stat; const char *ptr; RetStr=CopyStr(InBuff,""); @@ -199,17 +216,31 @@ char *FindFileInPath(char *InBuff, const char *File, const char *Path) { CurrPath=SlashTerminateDirectoryPath(CurrPath); Tempstr=MCopyStr(Tempstr,CurrPath,File,NULL); - if (access(Tempstr,F_OK)==0) + if (lstat(Tempstr, &Stat)==0) { - RetStr=CopyStr(RetStr,Tempstr); - break; + //if we find an symlink, then remember it, but don't return it, + //in the hope that we will find a better match + if (S_ISLNK(Stat.st_mode)) + { + if (! StrValid(Link)) Link=CopyStr(Link, Tempstr); + } + else + { + RetStr=CopyStr(RetStr,Tempstr); + break; + } } ptr=GetToken(ptr,":",&CurrPath,0); } + //if we didn't find an actual file, but found a link with the name + //then return that link + if (! StrValid(RetStr)) RetStr=CopyStr(RetStr, Link); + DestroyString(Tempstr); DestroyString(CurrPath); + DestroyString(Link); return(RetStr); } @@ -687,3 +718,79 @@ int FileSystemParsePermissions(const char *PermsStr) return(Perms); } + +int FDSetFlags(int fd, int Set, int UnSet) +{ +#ifdef USE_FSFLAGS + int attr; + + if (fd > -1) + { + if (ioctl(fd, FS_IOC_GETFLAGS, &attr) >= 0) + { + attr |= Set; + attr &= ~UnSet; + if (ioctl(fd, FS_IOC_SETFLAGS, &attr) >=0) return(TRUE); + } + } +#else + RaiseError(0, "FDSetFlags", "Support for append-only/immutable filesystem flags not compiled into libUseful"); +#endif + + return(FALSE); +} + +int FileSetFlags(const char *Path, int Set, int Unset) +{ + int fd; + int RetVal=FALSE; + +#ifdef FS_IOC_GETFLAGS + fd=open(Path, O_RDONLY); + if (fd > -1) + { + RetVal=FDSetFlags(fd, Set, Unset); + close(fd); + } +#endif + + return(RetVal); +} + + +int FileSystemSetSTREAMFlags(int fd, int Set, int UnSet) +{ + int toset=0, tounset=0; + +#ifdef FS_IMMUTABLE_FL + if (Set & STREAM_IMMUTABLE) toset |= FS_IMMUTABLE_FL; + else if (UnSet & STREAM_IMMUTABLE) tounset |= FS_IMMUTABLE_FL; +#endif + +#ifdef FS_APPEND_FL + if (Set & STREAM_APPENDONLY) toset |= FS_APPEND_FL; + else if (UnSet & STREAM_APPENDONLY) tounset |= FS_APPEND_FL; +#endif + + return(FDSetFlags(fd, toset, tounset)); +} + + +int FileSetSTREAMFlags(const char *Path, int Set, int Unset) +{ + int fd; + int RetVal=FALSE; + +#ifdef FS_IOC_GETFLAGS + fd=open(Path, O_RDONLY); + if (fd > -1) + { + RetVal=FileSystemSetSTREAMFlags(fd, Set, Unset); + close(fd); + } +#endif + + return(RetVal); +} + + diff --git a/libUseful-5/FileSystem.h b/libUseful-5/FileSystem.h index 8fe030b..376f5bf 100644 --- a/libUseful-5/FileSystem.h +++ b/libUseful-5/FileSystem.h @@ -84,6 +84,7 @@ int FileChMod(const char *Path, const char *Mode); int FileTouch(const char *Path); +//parse permissions in rwx format, either as rwxr-x-rx or as ugo=rwx format or even as a numeric string int FileSystemParsePermissions(const char *Permissions); @@ -141,9 +142,23 @@ int FileSetXAttr(const char *Path, const char *Name, const char *Value); //recursive copy of a directory int FileSystemCopyDir(const char *Src, const char *Dest); + int FileSystemRmDir(const char *Dir); +//these functions allow setting filesystem-wide flags under linux +//currently these are FS_APPEND_FL and FS_IMMUTABLE_FL, which make +//a file append-only or immutable +int FDSetFlags(int fd, int Set, int Unset); +int FileSetFlags(const char *Path, int Set, int Unset); + +//these functions allow setting filesystem-wide flags under linux +//they exist to be called from the STREAM module, and thus use STREAM_ flags +//in order that linux-specific flags are only used in this filesystem module +//currently these are STREAM_APPENDONLY and STREAM_IMMUTABLE, which make +//a file append-only or immutable +int FileSystemSetSTREAMFlags(int fd, int Set, int Unset); +int FileSetSTREAMFlags(const char *Path, int Set, int Unset); #ifdef __cplusplus } diff --git a/libUseful-5/GeneralFunctions.c b/libUseful-5/GeneralFunctions.c index c83dbcf..dbc26a4 100644 --- a/libUseful-5/GeneralFunctions.c +++ b/libUseful-5/GeneralFunctions.c @@ -180,7 +180,8 @@ int fd_remap_path(int fd, const char *Path, int Flags) char *MakeShellSafeString(char *RetStr, const char *String, int SafeLevel) { char *Tempstr=NULL; - char *BadChars=";|&`"; + char *BadChars=";|&`$"; + int ErrFlags=0; if (SafeLevel==SHELLSAFE_BLANK) { @@ -189,9 +190,12 @@ char *MakeShellSafeString(char *RetStr, const char *String, int SafeLevel) } else Tempstr=QuoteCharsInStr(RetStr,String,BadChars); - if (CompareStr(Tempstr,String) !=0) + + if ( (SafeLevel & (SHELLSAFE_REPORT | SHELLSAFE_ABORT)) && (CompareStr(Tempstr,String) !=0) ) { - //if (EventCallback) EventCallback(String); + ErrFlags=ERRFLAG_SYSLOG; + if (SafeLevel & SHELLSAFE_ABORT) ErrFlags |= ERRFLAG_ABORT; + RaiseError(ErrFlags, "MakeShellSafeString", "unsafe chars found in %s", String); } return(Tempstr); } diff --git a/libUseful-5/GeneralFunctions.h b/libUseful-5/GeneralFunctions.h index b69a103..445a614 100644 --- a/libUseful-5/GeneralFunctions.h +++ b/libUseful-5/GeneralFunctions.h @@ -61,9 +61,14 @@ const char *traverse_quoted(const char *ptr); char *CommaList(char *RetStr, const char *AddStr); -#define SHELLSAFE_BLANK 1 - -char *MakeShellSafeString(char *RetStr, const char *String, int SafeLevel); +#define SHELLSAFE_BLANK 1 +#define SHELLSAFE_REPORT 2 +#define SHELLSAFE_ABORT 4 + +// quote or blank out characters that are used to run unintended shell commands. +// if 'Flags' includes 'SHELLSAFE_BLANK' then such characters are replaced with ' ', otherwise they are quoted with '\' +// if 'Flags' includes 'SHELLSAFE_REPORT' then a syslog message is sent if any unsafe chars are found in the string +char *MakeShellSafeString(char *RetStr, const char *String, int Flags); //remap one fd to another. e.g. change stdin, stdout or stderr to point to a different fd int fd_remap(int fd, int newfd); diff --git a/libUseful-5/Hash.c b/libUseful-5/Hash.c index 0240ad5..92a79b8 100644 --- a/libUseful-5/Hash.c +++ b/libUseful-5/Hash.c @@ -23,8 +23,6 @@ int HashEncodingFromStr(const char *Str) void HashRegister(const char *Name, int Len, HASH_INIT_FUNC Init) { - ListNode *Node; - if (! HashTypes) HashTypes=ListCreate(); if (! ListFindNamedItem(HashTypes, Name)) ListAddTypedItem(HashTypes, Len, Name, Init); } @@ -83,24 +81,24 @@ HASH *HashInit(const char *Type) if (! HashTypes) HashRegisterAll(); - GetToken(Type, ",", &InitialType, 0); - if (strncmp(InitialType, "hmac-", 5) == 0) Hash=HMACInit(InitialType+5); + GetToken(Type, ",", &InitialType, 0); + if (strncasecmp(InitialType, "hmac-", 5) == 0) Hash=HMACInit(InitialType+5); else { - Node=ListFindNamedItem(HashTypes, InitialType); - if (Node) - { - InitFunc=(HASH_INIT_FUNC) Node->Item; - Hash=(HASH *) calloc(1,sizeof(HASH)); - Hash->Type=CopyStr(Hash->Type,Type); - if (! InitFunc(Hash, Node->Tag, Node->ItemType)) + Node=ListFindNamedItem(HashTypes, InitialType); + if (Node) { - HashDestroy(Hash); - Hash=NULL; - RaiseError(0, "HashInit", "Failed to setup Hash Type: '%s'", InitialType); + InitFunc=(HASH_INIT_FUNC) Node->Item; + Hash=(HASH *) calloc(1,sizeof(HASH)); + Hash->Type=CopyStr(Hash->Type,Type); + if (! InitFunc(Hash, Node->Tag, Node->ItemType)) + { + HashDestroy(Hash); + Hash=NULL; + RaiseError(0, "HashInit", "Failed to setup Hash Type: '%s'", InitialType); + } } - } - else RaiseError(0, "HashInit", "Unsupported Hash Type: '%s'", InitialType); + else RaiseError(0, "HashInit", "Unsupported Hash Type: '%s'", InitialType); } Destroy(InitialType); @@ -166,27 +164,35 @@ int HashBytes2(const char *Type, int Encoding, const char *text, int len, char * return(HashBytes(RetStr, Type, text, len, Encoding)); } -int PBK2DF2(char **Return, char *Type, char *Bytes, int Len, char *Salt, int SaltLen, uint32_t Rounds, int Encoding) + +int PBK2DF2(char **Return, const char *Type, const char *Bytes, int Len, const char *Salt, int SaltLen, uint32_t Rounds, int Encoding) { char *Tempstr=NULL, *Hash=NULL; uint32_t RoundsBE; - int i, len, hlen; + int i, len, hlen=0, dlen=0; //Network byte order is big endian RoundsBE=htonl(Rounds); Tempstr=SetStrLen(Tempstr, Len + SaltLen + 20); - memcpy(Tempstr, Bytes, Len); - memcpy(Tempstr+Len, Salt, SaltLen); - memcpy(Tempstr+Len+SaltLen, &RoundsBE, sizeof(uint32_t)); - len=Len+SaltLen+sizeof(uint32_t); + + dlen=Len; + //for hmac- pbk2df the 'Bytes' are the key, and thus the data hashed is just the salt plus the rounds counter + if (strncasecmp(Type, "hmac-", 5) !=0) dlen=0; + + memcpy(Tempstr, Bytes, dlen); + memcpy(Tempstr + dlen, Salt, SaltLen); + memcpy(Tempstr + dlen + SaltLen, &RoundsBE, sizeof(uint32_t)); + len=dlen + SaltLen + sizeof(uint32_t); for (i=0; i Ctx); #endif -Hash->Ctx=NULL; + Hash->Ctx=NULL; } static int OpenSSLFinishHash(HASH *Hash, char **Digest) { - int Len; + unsigned int Len; *Digest=SetStrLen(*Digest, EVP_MAX_MD_SIZE); - EVP_DigestFinal((EVP_MD_CTX *) Hash->Ctx, *Digest, &Len); + EVP_DigestFinal((EVP_MD_CTX *) Hash->Ctx, (unsigned char *) *Digest, &Len); OpenSSLFreeHashCTX(Hash); - return(Len); + return((int) Len); } @@ -49,11 +49,11 @@ static int OpenSSLInitHash(HASH *Hash, const char *Name, int Size) Hash->Ctx=(EVP_MD_CTX *) EVP_MD_CTX_create(); #endif - if (! EVP_DigestInit(Hash->Ctx, MD)) - { - OpenSSLFreeHashCTX(Hash); - return(FALSE); - } + if (! EVP_DigestInit(Hash->Ctx, MD)) + { + OpenSSLFreeHashCTX(Hash); + return(FALSE); + } Hash->Update=OpenSSLUpdateHash; Hash->Finish=OpenSSLFinishHash; @@ -73,9 +73,9 @@ static void OpenSSLDigestCallback(const OBJ_NAME *obj, void *arg) Hash=(HASH *) calloc(1, sizeof(HASH)); if (OpenSSLInitHash(Hash, obj->name, 0)) { - HashRegister(obj->name, 0, OpenSSLInitHash); - Tempstr=MCopyStr(Tempstr, "openssl:", obj->name, NULL); - HashRegister(Tempstr, 0, OpenSSLInitHash); + HashRegister(obj->name, 0, OpenSSLInitHash); + Tempstr=MCopyStr(Tempstr, "openssl:", obj->name, NULL); + HashRegister(Tempstr, 0, OpenSSLInitHash); } OpenSSLFreeHashCTX(Hash); diff --git a/libUseful-5/Http.c b/libUseful-5/Http.c index 8d73487..87b591d 100644 --- a/libUseful-5/Http.c +++ b/libUseful-5/Http.c @@ -10,6 +10,7 @@ #include "base64.h" #include "SecureMem.h" #include "Errors.h" +#include "Entropy.h" /* These functions relate to CLIENT SIDE http/https */ @@ -364,6 +365,8 @@ static int HTTPHandleWWWAuthenticate(const char *Line, int *Type, char **Config) else if (strcasecmp(Name,"opaque")==0) Opaque=CopyStr(Opaque,Value); } + //put all the digest parts into a single string that we can parse out later + //THIS IS NOT CONSTRUCTING OUR REPLY TO THE DIGEST AUTH REQUEST, it is just storing data for later use if (*Type & HTTP_AUTH_DIGEST) *Config=MCopyStr(*Config, Realm,":", Nonce, ":", QOP, ":", Opaque, ":", NULL); else *Config=MCopyStr(*Config,Realm,":",NULL); @@ -518,10 +521,21 @@ static void HTTPParseHeader(STREAM *S, HTTPInfoStruct *Info, char *Header) } -char *HTTPDigest(char *RetStr, const char *Method, const char *Logon, const char *Password, const char *Realm, const char *Doc, const char *Nonce) +static char *HTTPDigest(char *RetStr, const char *Method, const char *Logon, const char *Password, const char *Doc, const char *AuthInfo) { - char *Tempstr=NULL, *HA1=NULL, *HA2=NULL, *ClientNonce=NULL, *Digest=NULL; + char *Tempstr=NULL, *HA1=NULL, *HA2=NULL, *Digest=NULL; + char *Realm=NULL, *Nonce=NULL, *QOP=NULL, *Opaque=NULL, *ClientNonce=NULL; + const char *ptr; int len1, len2; + static unsigned long AuthCounter=0; + + + //if (*Type & HTTP_AUTH_DIGEST) *Config=MCopyStr(*Config, Realm,":", Nonce, ":", QOP, ":", Opaque, ":", NULL); + + ptr=GetToken(AuthInfo, ":", &Realm, GETTOKEN_QUOTES); + ptr=GetToken(ptr, ":", &Nonce, GETTOKEN_QUOTES); + ptr=GetToken(ptr, ":", &QOP, GETTOKEN_QUOTES); + ptr=GetToken(ptr, ":", &Opaque, GETTOKEN_QUOTES); Tempstr=FormatStr(Tempstr,"%s:%s:%s",Logon,Realm,Password); len1=HashBytes(&HA1,"md5",Tempstr,StrLen(Tempstr),ENCODE_HEX); @@ -529,28 +543,34 @@ char *HTTPDigest(char *RetStr, const char *Method, const char *Logon, const char Tempstr=FormatStr(Tempstr,"%s:%s",Method,Doc); len2=HashBytes(&HA2,"md5",Tempstr,StrLen(Tempstr),ENCODE_HEX); - Tempstr=MCopyStr(Tempstr,HA1,":",Nonce,":",HA2,NULL); - len2=HashBytes(&Digest,"md5",Tempstr,StrLen(Tempstr),ENCODE_HEX); - RetStr=MCopyStr(RetStr, "username=\"",Logon,"\", realm=\"",Realm,"\", nonce=\"",Nonce,"\", response=\"",Digest,"\", ","uri=\"",Doc,"\", algorithm=\"MD5\"", NULL); - /* AVANCED DIGEST - for (i=0; i < 10; i++) + if (strcmp(QOP, "auth")==0) + { + AuthCounter++; + ClientNonce=GetRandomAlphabetStr(ClientNonce, 16); + Tempstr=FormatStr(Tempstr,"%s:%s:%08d:%s:auth:%s",HA1,Nonce,AuthCounter,ClientNonce,HA2); + len2=HashBytes(&Digest,"md5",Tempstr,StrLen(Tempstr),ENCODE_HEX); + RetStr=FormatStr(RetStr,"username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", qop=\"auth\", nc=\"%08d\", cnonce=\"%s\", response=\"%s\"",Logon,Realm,Nonce,Doc,AuthCounter,ClientNonce,Digest); + } + else { - Tempstr=FormatStr(Tempstr,"%x",rand() % 255); - ClientNonce=CatStr(ClientNonce,Tempstr); + Tempstr=MCopyStr(Tempstr,HA1,":",Nonce,":",HA2,NULL); + len2=HashBytes(&Digest,"md5",Tempstr,StrLen(Tempstr),ENCODE_HEX); + RetStr=MCopyStr(RetStr, "username=\"",Logon,"\", realm=\"",Realm,"\", nonce=\"",Nonce,"\", response=\"",Digest,"\", ","uri=\"",Doc,"\", algorithm=\"MD5\"", NULL); } - Tempstr=FormatStr(Tempstr,"%s:%s:%08d:%s:auth:%s",HA1,Nonce,AuthCounter,ClientNonce,HA2); - HashBytes(&Digest,"md5",Tempstr,StrLen(Tempstr),0); - Tempstr=FormatStr(Tempstr,"%s: Digest username=\"%s\",realm=\"%s\",nonce=\"%s\",uri=\"%s\",qop=auth,nc=%08d,cnonce=\"%s\",response=\"%s\"\r\n",AuthHeader,Logon,Realm,Nonce,Doc,AuthCounter,ClientNonce,Digest); - SendStr=CatStr(SendStr,Tempstr); - */ + + DestroyString(Tempstr); DestroyString(HA1); DestroyString(HA2); DestroyString(Digest); DestroyString(ClientNonce); + DestroyString(Realm); + DestroyString(Nonce); + DestroyString(QOP); + DestroyString(Opaque); return(RetStr); } @@ -593,7 +613,7 @@ static char *HTTPHeadersAppendAuth(char *RetStr, const char *AuthHeader, HTTPInf { if (Info->AuthFlags & HTTP_AUTH_DIGEST) { - Tempstr=HTTPDigest(Tempstr, Info->Method, Info->UserName, p_Password, Realm, Info->Doc, Nonce); + Tempstr=HTTPDigest(Tempstr, Info->Method, Info->UserName, p_Password, Info->Doc, AuthInfo); SendStr=MCatStr(SendStr,AuthHeader,": Digest ", Tempstr, "\r\n",NULL); } else @@ -631,7 +651,6 @@ static char *HTTPHeadersAppendAuth(char *RetStr, const char *AuthHeader, HTTPInf void HTTPSendHeaders(STREAM *S, HTTPInfoStruct *Info) { char *SendStr=NULL, *Tempstr=NULL; - const char *ptr; ListNode *Curr; STREAMClearDataProcessors(S); @@ -912,8 +931,7 @@ int HTTPProcessResponse(HTTPInfoStruct *HTTPInfo) STREAM *HTTPSetupConnection(HTTPInfoStruct *Info, int ForceHTTPS) { char *Proto=NULL, *Host=NULL, *URL=NULL, *Tempstr=NULL; - const char *ptr; - int Port=0, Flags=0; + int Port=0; STREAM *S; //proto in here will not be http/https but tcp/ssl/tls @@ -1032,12 +1050,11 @@ static int HTTPTransactHandleAuthRequest(HTTPInfoStruct *Info, int AuthResult) //if HTTP_AUTH_RETURN is set, then we alread tried getting a refresh if (Info->AuthFlags & HTTP_AUTH_RETURN) return(FALSE); Info->Authorization=MCopyStr(Info->Authorization, "Bearer ", OAuthLookup(Info->Credentials, TRUE), NULL); - Info->AuthFlags |= HTTP_AUTH_RETURN; return(TRUE); } //for normal authentication, if we've sent the authentication, or if we have no auth details, then give up else if ( - (Info->AuthFlags & HTTP_AUTH_SENT) || + //(Info->AuthFlags & HTTP_AUTH_SENT) || (Info->AuthFlags & HTTP_AUTH_RETURN) || (! StrValid(Info->Authorization)) ) return(FALSE); @@ -1049,6 +1066,7 @@ static int HTTPTransactHandleAuthRequest(HTTPInfoStruct *Info, int AuthResult) if (! StrValid(Info->ProxyAuthorization)) return(FALSE); break; } + Info->AuthFlags |= HTTP_AUTH_RETURN; //if we get here then there was no questions raised about authentication! return(TRUE); @@ -1097,16 +1115,31 @@ STREAM *HTTPTransact(HTTPInfoStruct *Info) HTTPReadHeaders(S, Info); result=HTTPProcessResponse(Info); - STREAMSetValue(S,"HTTP:URL",Info->Doc); //we got redirected somewhere else. Shutdown the current stream and go around again //this time our URL will be the redirected url if (result==HTTP_REDIRECT) { STREAMShutdown(S); + //STREAMDestroy(S); continue; } + //if this returns FALSE, then the server asked us for authentication details and we have nay + //but if it returns true it either means that the server didn't ask for this, or else that + //we're using something like OAuth, in which case this function will try to refresh our auth + //credentials, and return TRUE which means 'try again now' + if ((result == HTTP_AUTH_BASIC) || (result == HTTP_AUTH_PROXY) ) + { + if (HTTPTransactHandleAuthRequest(Info, result)) + { + STREAMShutdown(S); + //STREAMDestroy(S); + continue; + } + else break; + } + //this means we got redirected back to the page we just asked for! this is bad and could //put us in a loop, so we just give up before doing anything else if (result == HTTP_CIRCULAR_REDIRECTS) break; @@ -1120,11 +1153,6 @@ STREAM *HTTPTransact(HTTPInfoStruct *Info) if (result == HTTP_ERROR) break; - //if this returns FALSE, then the server asked us for authentication details and we have nay - //but if it returns true it either means that the server didn't ask for this, or else that - //we're using something like OAuth, in which case this function will try to refresh our auth - //credentials, and return TRUE which means 'try again now' - if (! HTTPTransactHandleAuthRequest(Info, result)) break; //if we get here then we didn't get a successful http connection, so we set S to null S=NULL; @@ -1133,7 +1161,11 @@ STREAM *HTTPTransact(HTTPInfoStruct *Info) } //add data processors to deal with chunked data, gzip compression etc, because even if the - if (S) HTTPTransactSetupDataProcessors(Info, S); + if (S) + { + STREAMSetValue(S,"HTTP:URL",Info->Doc); + HTTPTransactSetupDataProcessors(Info, S); + } return(S); } @@ -1169,7 +1201,6 @@ STREAM *HTTPWithConfig(const char *URL, const char *Config) char *Token=NULL; const char *ptr, *cptr, *p_Method="GET"; STREAM *S; - int Flags=0; ptr=GetToken(Config,"\\S",&Token, 0); @@ -1213,21 +1244,37 @@ STREAM *HTTPWithConfig(const char *URL, const char *Config) + +int HTTPCopyToSTREAM(STREAM *Con, STREAM *S) +{ + const char *ptr; + size_t size=0; + + //do not check response code of HTTP server streams (strictly speaking STREAM_TYPE_HTTP_ACCEPT) + if (S->Type == STREAM_TYPE_HTTP) + { + ptr=STREAMGetValue(Con, "HTTP:ResponseCode"); + if ((! ptr) || (*ptr !='2')) + { + STREAMClose(Con); + return(-1); + } + } + + ptr=STREAMGetValue(Con, "HTTP:Content-Length"); + if (StrValid(ptr)) size=strtol(ptr, NULL, 10); + + return(STREAMSendFile(Con, S, size, SENDFILE_LOOP)); +} + + int HTTPDownload(char *URL, STREAM *S) { STREAM *Con; - const char *ptr; Con=HTTPGet(URL); if (! Con) return(-1); - - ptr=STREAMGetValue(Con, "HTTP:ResponseCode"); - if ((! ptr) || (*ptr !='2')) - { - STREAMClose(Con); - return(-1); - } - return(STREAMSendFile(Con, S, 0, SENDFILE_LOOP)); + return(HTTPCopyToSTREAM(Con, S)); } diff --git a/libUseful-5/Http.h b/libUseful-5/Http.h index e01e503..f032f6c 100644 --- a/libUseful-5/Http.h +++ b/libUseful-5/Http.h @@ -218,10 +218,6 @@ int HTTPDownload(char *URL, STREAM *S); void HTTPClearCookies(); -//Generate an http Disgest authentication string from components. You would almost never use this as this process is done internally -char *HTTPDigest(char *RetStr, const char *Method, const char *Logon, const char *Password, const char *Realm, const char *Doc, const char *Nonce); - - void HTTPInfoSetAuth(HTTPInfoStruct *Auth, const char *Logon, const char *Password, int Type); int HTTPConnectOkay(STREAM *S); diff --git a/libUseful-5/HttpChunkedTransfer.c b/libUseful-5/HttpChunkedTransfer.c index 762949b..013d34e 100644 --- a/libUseful-5/HttpChunkedTransfer.c +++ b/libUseful-5/HttpChunkedTransfer.c @@ -15,7 +15,7 @@ typedef struct -static int HTTPChunkedInit(TProcessingModule *Mod, const char *Args) +static int HTTPChunkedInit(TProcessingModule *Mod, const char *Args, unsigned char **Header, int *HeadLen) { Mod->Data=(THTTPChunk *) calloc(1, sizeof(THTTPChunk)); @@ -134,7 +134,7 @@ void HTTPAddChunkedProcessor(STREAM *S) Mod->Read=HTTPChunkedRead; Mod->Close=HTTPChunkedClose; - Mod->Init(Mod, ""); - STREAMAddDataProcessor(S,Mod,""); + Mod->Init(Mod, "", NULL, NULL); + STREAMAddDataProcessor(S, Mod); } diff --git a/libUseful-5/HttpServer.c b/libUseful-5/HttpServer.c index 5bc53fd..9521539 100644 --- a/libUseful-5/HttpServer.c +++ b/libUseful-5/HttpServer.c @@ -3,6 +3,7 @@ #include "String.h" #include "ContentType.h" #include "StreamAuth.h" +#include "HttpUtil.h" static void HTTPServerSetValue(STREAM *S, const char *Name, const char *Value) { @@ -10,6 +11,7 @@ static void HTTPServerSetValue(STREAM *S, const char *Name, const char *Value) //do not allow these to be set, as they will //overwrite the true HTTP method and url + if (strcmp(Name, "HTTP-Version")==0) return; if (strcmp(Name, "Method")==0) return; if (strcmp(Name, "URL")==0) return; @@ -19,11 +21,11 @@ static void HTTPServerSetValue(STREAM *S, const char *Name, const char *Value) Destroy(Tempstr); } + void HTTPServerParseClientCookies(ListNode *Vars, const char *Str) { const char *ptr; char *Name=NULL, *Value=NULL, *Tempstr=NULL; - ListNode *Item; ptr=GetNameValuePair(Str, ";", "=", &Name, &Value); while (ptr) @@ -47,7 +49,7 @@ void HTTPServerParseClientCookies(ListNode *Vars, const char *Str) void HTTPServerParseAuthorization(ListNode *Vars, const char *Str) { - char *Token=NULL; + char *Token=NULL, *Tempstr=NULL, *User=NULL, *Password=NULL; const char *ptr; ptr=Str; @@ -57,15 +59,20 @@ void HTTPServerParseAuthorization(ListNode *Vars, const char *Str) if (strcasecmp(Token, "basic")==0) { ptr=GetToken(ptr, "\\S", &Token, 0); - SetVar(Vars, "Auth:Basic", Token); + HTTPDecodeBasicAuth(Token, &User, &Password); + SetVar(Vars, "AUTH:User", User); + SetVar(Vars, "AUTH:Password", Password); } else if (strcasecmp(Token, "bearer")==0) { ptr=GetToken(ptr, "\\S", &Token, 0); - SetVar(Vars, "Auth:Bearer", Token); + SetVar(Vars, "AUTH:Bearer", Token); } + Destroy(Tempstr); Destroy(Token); + Destroy(User); + Destroy(Password); } @@ -78,7 +85,9 @@ void HTTPServerParseClientHeaders(STREAM *S) StripTrailingWhitespace(Tempstr); ptr=GetToken(Tempstr, "\\S", &Token, 0); STREAMSetValue(S, "HTTP:Method", Token); - STREAMSetValue(S, "HTTP:URL", ptr); + ptr=GetToken(ptr, "\\S", &Token, 0); + STREAMSetValue(S, "HTTP:URL", Token); + STREAMSetValue(S, "HTTP:HTTP-Version", ptr); Tempstr=STREAMReadLine(Tempstr, S); while (Tempstr) @@ -88,10 +97,13 @@ void HTTPServerParseClientHeaders(STREAM *S) ptr=GetToken(Tempstr, ":", &Token, 0); StripTrailingWhitespace(Token); - if (strcasecmp(Token, "Cookie:")==0) HTTPServerParseClientCookies(S->Values, ptr); + while (isspace(*ptr)) ptr++; + + if (strcasecmp(Token, "Cookie")==0) HTTPServerParseClientCookies(S->Values, ptr); else if (strcasecmp(Token, "Authorization")==0) HTTPServerParseAuthorization(S->Values, ptr); else if (strcasecmp(Token, "Sec-Websocket-Key") == 0) STREAMSetValue(S, "WEBSOCKET:KEY", ptr); else if (strcasecmp(Token, "Sec-Websocket-Protocol") == 0) STREAMSetValue(S, "WEBSOCKET:PROTOCOL", ptr); + //HTTPServerSetValue will ignore Method, URL and HTTP-Version so they can't be overridden by extra headers else HTTPServerSetValue(S, Token, ptr); Tempstr=STREAMReadLine(Tempstr, S); @@ -105,6 +117,7 @@ void HTTPServerParseClientHeaders(STREAM *S) void HTTPServerAccept(STREAM *S) { HTTPServerParseClientHeaders(S); + STREAMAuth(S); } @@ -144,22 +157,40 @@ void HTTPServerSendHeaders(STREAM *S, int ResponseCode, const char *ResponseText Destroy(Hash); } - -int HTTPServerSendDocument(STREAM *S, const char *Bytes, int Length, const char *ContentType, const char *Headers) +int HTTPServerSendResponse(STREAM *S, const char *ResponseCode, const char *ResponseReason, const char *Content, int Length, const char *ContentType, const char *Headers) { char *Tempstr=NULL; int result; Tempstr=FormatStr(Tempstr, "Content-Length=%d ", Length); if (StrValid(ContentType)) Tempstr=MCatStr(Tempstr, "Content-Type=", ContentType, " ", Headers, NULL); - HTTPServerSendHeaders(S, 200, "OKAY", Tempstr); - result=STREAMWriteBytes(S, Bytes, Length); + HTTPServerSendHeaders(S, atoi(ResponseCode), ResponseReason, Tempstr); + result=STREAMWriteBytes(S, Content, Length); Destroy(Tempstr); return(result); } +int HTTPServerSendDocument(STREAM *S, const char *Content, int Length, const char *ContentType, const char *Headers) +{ + return(HTTPServerSendResponse(S, "200", "OKAY", Content, Length, ContentType, Headers)); +} + +int HTTPServerSendStatus(STREAM *S, const char *StatusCode, const char *StatusReason) +{ + char *Tempstr=NULL; + int result; + + Tempstr=FormatStr(Tempstr, "

%s - %s

\r\n", StatusCode, StatusReason); + result=HTTPServerSendResponse(S, StatusCode, StatusReason, Tempstr, StrLen(Tempstr), "text/html", ""); + + Destroy(Tempstr); + + return(result); +} + + int HTTPServerSendFile(STREAM *S, const char *Path, const char *iContentType, const char *Headers) { struct stat FStat; diff --git a/libUseful-5/HttpServer.h b/libUseful-5/HttpServer.h index c093f48..1b2070e 100644 --- a/libUseful-5/HttpServer.h +++ b/libUseful-5/HttpServer.h @@ -13,7 +13,7 @@ Copyright (c) 2015 Colum Paget Support for very basic in-app http servers. Usage is: -Serv=STREAMServerNew("http:127.0.0.1:8080"); +Serv=STREAMServerNew("http:127.0.0.1:8080", ""); S=STREAMServerAccept(Serv); if (S) { @@ -59,7 +59,7 @@ while (1) { STREAMSelect(Connections, NULL); S=STREAMServerAccept(Serv); -if (! STREAMAuth(S)) HTTPServerSendHeaders(S, 401, "Authentication Required", "WWW-Authenticate=Basic"); +if (! STREAMIsAuth(S)) HTTPServerSendHeaders(S, 401, "Authentication Required", "WWW-Authenticate=Basic"); else { @@ -79,6 +79,9 @@ void HTTPServerParseClientHeaders(STREAM *S); void HTTPServerSendHeaders(STREAM *S, int ResponseCode, const char *ResponseText, const char *Headers); void HTTPServerAccept(STREAM *S); +int HTTPServerSendResponse(STREAM *S, const char *ResponseCode, const char *ResponseReason, const char *Content, int Length, const char *ContentType, const char *Headers); +int HTTPServerSendDocument(STREAM *S, const char *Content, int Length, const char *ContentType, const char *Headers); +int HTTPServerSendStatus(STREAM *S, const char *ErrorCode, const char *ErrorReason); int HTTPServerSendDocument(STREAM *S, const char *Bytes, int Length, const char *ContentType, const char *Headers); int HTTPServerSendFile(STREAM *S, const char *Path, const char *ContentType, const char *Headers); diff --git a/libUseful-5/IPAddress.c b/libUseful-5/IPAddress.c index 97af165..ffff221 100644 --- a/libUseful-5/IPAddress.c +++ b/libUseful-5/IPAddress.c @@ -158,21 +158,17 @@ void StrtoIP6(const char *Str, struct in6_addr *dest) { //if they pass in an IP4, we have to prefix it with ::ffff: as this is a range //set aside to easy allocation of IP6 addresses to servers with existing IP4 - if (IsIP4Address(Str)) - { - Token=MCopyStr(Token,"::ffff:",Str,NULL); - } + if (IsIP4Address(Str)) Token=MCopyStr(Token,"::ffff:",Str,NULL); else { ptr=Str; if (*ptr == '[') { - ptr=GetToken(ptr+1, "]", &Token, 0); - ptr=Token; + GetToken(ptr+1, "]", &Token, 0); } } - inet_pton(AF_INET6, ptr, dest); + inet_pton(AF_INET6, Token, dest); } Destroy(Token); diff --git a/libUseful-5/Inet.c b/libUseful-5/Inet.c index c43c6c3..9bf380d 100644 --- a/libUseful-5/Inet.c +++ b/libUseful-5/Inet.c @@ -133,7 +133,6 @@ int IPGeoLocate(const char *IP, ListNode *Vars) STREAM *S=NULL; char *Tempstr=NULL, *Token=NULL; const char *ptr; - const char *DesiredTags[]= {"CountryCode","CountryName","City","RegionName","Latitude","Longitude","TimeZone",NULL}; int result=FALSE; if (! StrValid(IP)) return(FALSE); diff --git a/libUseful-5/List.c b/libUseful-5/List.c index c379543..cd0e4f4 100644 --- a/libUseful-5/List.c +++ b/libUseful-5/List.c @@ -137,7 +137,7 @@ ListNode *MapGetChain(ListNode *Map, const char *Key) if (Map->Flags & LIST_FLAG_MAP_HEAD) { - i=fnv_hash(Key, Map->ItemType); + i=fnv_hash((unsigned const char *) Key, Map->ItemType); Node=(ListNode *) Map->Item; return(Node + i); } @@ -382,7 +382,7 @@ ListNode *ListFindNamedItemInsert(ListNode *Root, const char *Name) { ListNode *Prev, *Curr, *Next, *Head; int result=0, count=0; - int hops=0, jumps=0, miss=0; + int hops=0; unsigned long long val; if (! Root) return(Root); @@ -540,8 +540,6 @@ ListNode *InsertItemIntoSortedList(ListNode *List, void *Item, int (*LessThanFun //list get next is just a macro that either calls this for maps, or returns Node->next ListNode *MapChainGetNext(ListNode *CurrItem) { - ListNode *SubNode; - if (! CurrItem) return(NULL); if (CurrItem->Next) diff --git a/libUseful-5/List.h b/libUseful-5/List.h index d78f865..40997b6 100644 --- a/libUseful-5/List.h +++ b/libUseful-5/List.h @@ -3,16 +3,46 @@ Copyright (c) 2015 Colum Paget * SPDX-License-Identifier: GPL-3.0 */ -#ifndef LIB_USEFUL_LIST -#define LIB_USEFUL_LIST +#ifndef LIBUSEFUL_LIST +#define LIBUSEFUL_LIST /* -This module provides double linked lists and 'maps'. Maps are hashed arrays of linked lists, so they're very good for storing large numbers of items that can be looked up by a key or name +This module provides double linked lists and 'maps'. Maps are hashed arrays of linked lists, so they're very good for storing large numbers of items that can be looked up by a key or name. + +Items are stored as (void *) pointers, and can be tagged with a name by using 'ListAddNamedItem'. + +When the list is destroyed by the 'ListDestroy' function, a Destructor function can be passed in as the second argument which is used to destroy items stored in the list. If the items in the list aren't unique copies, but are pointers to things that exist outside of the list, then pass NULL as the destructor. + +For example: + +ListNode *MyList, *Curr; + +MyList=ListCreate(); +ListAdd(MyList, CopyStr(NULL, "item 1")); +ListAdd(MyList, CopyStr(NULL, "item 2")); + +Curr=ListGetNext(MyList); +while (Curr) +{ +printf("%s\n", (const char *) Curr->Item); +Curr=ListGetNext(Curr); +} + +ListDestroy(MyList, Destroy); + + +Here we add two strings to the list, and use 'CopyStr' to make unique copies of them. These are then destroyed/freed using the standard 'Destroy' function, which is passed in as the second argument of 'ListDestroy'. + */ + + + + + // Functions passsed to 'ListCreate' or 'MapCreate' or set against a ListNode item #define LIST_FLAG_DELETE 1 //internally used flag #define LIST_FLAG_CASE 2 //when doing searches with 'ListFindNamedItem' etc, use case diff --git a/libUseful-5/Log.c b/libUseful-5/Log.c index 218a1bf..59fa7bb 100644 --- a/libUseful-5/Log.c +++ b/libUseful-5/Log.c @@ -15,7 +15,7 @@ static ListNode *LogFiles=NULL; static TLogFile *LogFileDefaults=NULL; -STREAM *LogFileInternalDoRotate(TLogFile *LogFile); +static STREAM *LogFileInternalDoRotate(TLogFile *LogFile); ListNode *LogFilesGetList() { @@ -93,7 +93,6 @@ TLogFile *LogFileGetEntry(const char *FileName) { TLogFile *LogFile=NULL; ListNode *Node; - STREAM *S=NULL; if (! StrValid(FileName)) return(NULL); if (! LogFiles) LogFiles=ListCreate(); @@ -144,7 +143,7 @@ void LogFileCloseAll() } -char *LogFileInternalGetRotateDestinationPath(char *RetStr, TLogFile *LogFile) +static char *LogFileInternalGetRotateDestinationPath(char *RetStr, TLogFile *LogFile) { char *Tempstr=NULL; @@ -163,48 +162,64 @@ char *LogFileInternalGetRotateDestinationPath(char *RetStr, TLogFile *LogFile) } -STREAM *LogFileInternalDoRotate(TLogFile *LogFile) +static STREAM *LogFileInternalDoRotate(TLogFile *LogFile) { struct stat FStat; char *Tempstr=NULL, *Path=NULL, *PrevPath=NULL; int i; if (! LogFile) return(NULL); - if (! LogFile->S) return(NULL); + + //we can rotate even if logfile is closed + //if (! LogFile->S) return(NULL); + + //don't attempt to rotate hardened log files + if (LogFile->Flags & LOGFILE_HARDEN) return(LogFile->S); + + //don't attempt to rotate things that aren't files if (CompareStr(LogFile->Path,"SYSLOG")==0) return(LogFile->S); if (CompareStr(LogFile->Path,"STDOUT")==0) return(LogFile->S); if (CompareStr(LogFile->Path,"STDERR")==0) return(LogFile->S); + + //don't attempt to rotate if we are a child process forked off, + //otherwise we can get into chaos with processes not knowing which + //version of the file they should be logging to if (getpid() != ParentPID) return(LogFile->S); + + //if we have a max size specified, then consider rotating if (LogFile->MaxSize > 0) { - if (LogFile->S) fstat(LogFile->S->out_fd,&FStat); - else stat(LogFile->Path,&FStat); + if (LogFile->S) fstat(LogFile->S->out_fd, &FStat); + else stat(LogFile->Path, &FStat); if (FStat.st_size > LogFile->MaxSize) { - Tempstr=LogFileInternalGetRotateDestinationPath(Tempstr, LogFile); - for (i=LogFile->MaxRotate; i > 0; i--) - { - Path=FormatStr(Path,"%s.%d",Tempstr,i); - if (i==LogFile->MaxRotate) unlink(Path); - else rename(Path,PrevPath); - PrevPath=CopyStr(PrevPath,Path); - } - + //close logfile and check again, someone might have rotated logs under us! if (LogFile->S) { - //turn off append only sw we can do reanmae - if (LogFile->Flags & LOGFILE_HARDEN) STREAMSetFlags(LogFile->S, 0, STREAM_APPENDONLY); + STREAMClose(LogFile->S); + LogFile->S=NULL; } - if (PrevPath) rename(LogFile->Path,PrevPath); - if (LogFile->S) + + stat(LogFile->Path, &FStat); + + //if it's still too big, then rotate it + if (FStat.st_size > LogFile->MaxSize) { - //turn off append only sw we can do reanmae - if (LogFile->Flags & LOGFILE_HARDEN) STREAMSetFlags(LogFile->S, STREAM_IMMUTABLE, 0); + Tempstr=LogFileInternalGetRotateDestinationPath(Tempstr, LogFile); + for (i=LogFile->MaxRotate; i > 0; i--) + { + Path=FormatStr(Path,"%s.%d",Tempstr,i); + if (i==LogFile->MaxRotate) unlink(Path); + else rename(Path,PrevPath); + PrevPath=CopyStr(PrevPath,Path); + } + + if (PrevPath) rename(LogFile->Path,PrevPath); } - if (LogFile->S) STREAMClose(LogFile->S); + //close and reopen to get a fresh, empty logfile LogFile->S=LogFileOpen(LogFile->Path, LogFile->Flags); } } @@ -212,6 +227,7 @@ STREAM *LogFileInternalDoRotate(TLogFile *LogFile) DestroyString(PrevPath); DestroyString(Tempstr); DestroyString(Path); + return(LogFile->S); } @@ -220,7 +236,9 @@ STREAM *LogFileInternalDoRotate(TLogFile *LogFile) void LogFileSetValues(TLogFile *LogFile, int Flags, int MaxSize, int MaxRotate, int FlushInterval) { if (! LogFileDefaults) LogFileSetDefaults(LOGFILE_TIMESTAMP | LOGFILE_FLUSH | LOGFILE_LOGPID | LOGFILE_LOGUSER, 100000000, 0, 1); - if (ParentPID==0) ParentPID=getpid(); + + //Setting Values asserts ownership of the logfile by process + ParentPID=getpid(); if (LogFile) { @@ -254,10 +272,9 @@ int LogFileFindSetValues(const char *FileName, int Flags, int MaxSize, int MaxRo } -int LogFileInternalWrite(TLogFile *LF, STREAM *S, int Flags, const char *Str) +static int LogFileInternalWrite(TLogFile *LF, STREAM *S, int Flags, const char *Str) { char *Tempstr=NULL, *LogStr=NULL; - struct tm *TimeStruct; int result=FALSE; time_t Now; @@ -328,7 +345,7 @@ int LogFileInternalWrite(TLogFile *LF, STREAM *S, int Flags, const char *Str) -int LogFileInternalPush(TLogFile *LF, STREAM *S, int Flags, const char *Str) +static int LogFileInternalPush(TLogFile *LF, STREAM *S, int Flags, const char *Str) { char *Tempstr=NULL; int result=TRUE; @@ -414,7 +431,7 @@ int LogToFile(const char *FileName, const char *fmt, ...) { char *Tempstr=NULL; va_list args; - int result=FALSE, val; + int result=FALSE; TLogFile *LogFile; LogFile=LogFileGetEntry(FileName); diff --git a/libUseful-5/Log.h b/libUseful-5/Log.h index 1879d69..00f51a6 100644 --- a/libUseful-5/Log.h +++ b/libUseful-5/Log.h @@ -13,10 +13,18 @@ Copyright (c) 2015 Colum Paget /* This module provides log file functions. It keeps an internal list of log files so that you can just write to them without -worrying about opening or closeing them. These are separate log files from the syslog system, though these functions can +worrying about opening or closing them. These are separate log files from the syslog system, though these functions can write to syslog. These logfiles can auto-rotate when they reach a certain size. For most people only the function LogToFile will be relevant and perhaps LogFileSetDefaults and LogFileFindSetValues. + +Setting MaxSize when calling LogFileSetDefaults or LogFileFindSetValues will cause a logfile to be rotated when it goes over this size. +This means it will be moved to a new filename with a numeric suffix. When this numeric suffix becomes greater than 'MaxRotate', the file +will be deleted. This means you get to keep the current logfile and 'MaxRotate' logfiles that existed before it. + +if you set the 'LOGFILE_HARDEN' flag, logfiles will be created with the 'append only' flag on linux and log file rotation will be +disabled. This is because 'append only' and rotation are fundamentally incompatible, as you cannot rename an 'append only' file. +However, 'append only' requires the file to be opened as root, or by a user with the appropriate capabilities inherited */ @@ -29,7 +37,7 @@ For most people only the function LogToFile will be relevant and perhaps LogFile #define LOGFILE_LOCK 16 // lock the file on every write #define LOGFILE_TIMESTAMP 32 // include a timestamp in the log message #define LOGFILE_MILLISECS 64 // include milliseconds in the timestamp -#define LOGFILE_HARDEN 512 // harden logfile against tampering (uses appendonly and immutable flags on filesystems that support it) +#define LOGFILE_HARDEN 512 // harden logfile against tampering (uses appendonly flags on filesystems that support it. Disables log rotation.) #define LOGFILE_REPEATS 4096 // don't write repeat lines, instead count them and write 'last message repeated %d times' #define LOGFILE_CACHETIME 8192 // use cached time in logfiles. This means user must called 'GetTime(0)' themselves to update time #define LOGFILE_PLAIN 536870912 diff --git a/libUseful-5/Makefile b/libUseful-5/Makefile index 4450641..772a15d 100644 --- a/libUseful-5/Makefile +++ b/libUseful-5/Makefile @@ -1,6 +1,6 @@ CC = gcc AR = ar -VERSION = 5.14 +VERSION = 5.30 MAJOR=5 LIBFILE=libUseful.so.$(VERSION) SONAME=libUseful.so.$(MAJOR) @@ -9,8 +9,8 @@ LDFLAGS= LIBS = -lz -lssl -lcrypto -lc -lc -lc -lc prefix=/usr/local sysconfdir=${prefix}/etc -FLAGS=$(LDFLAGS) $(CPPFLAGS) $(CFLAGS) -fPIC -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DHAVE_LIBC=1 -DHAVE_GET_CURR_DIR=1 -DHAVE_PTSNAME_R=1 -DHAVE_CLEARENV=1 -DHAVE_SETRESUID=1 -DHAVE_INITGROUPS=1 -DHAVE_POLL=1 -DHAVE_MLOCK=1 -DHAVE_MLOCKALL=1 -DHAVE_MUNLOCKALL=1 -DHAVE_MADVISE=1 -DHAVE_MKOSTEMP=1 -DHAVE_MOUNT=1 -DHAVE_UMOUNT=1 -DHAVE_UMOUNT2=1 -DHAVE_GETENTROPY=1 -DHAVE_STDIO_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_STRINGS_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_UNISTD_H=1 -DSTDC_HEADERS=1 -DHAVE_SENDFILE=1 -DUSE_INET6=1 -DHAVE_LIBC=1 -DHAVE_XATTR=1 -DHAVE_LIBC=1 -DHAVE_UNSHARE=1 -DHAVE_LIBC=1 -DHAVE_SETNS=1 -DHAVE_LIBCRYPTO=1 -DHAVE_LIBSSL=1 -DHAVE_EVP_MD_CTX_NEW=1 -DHAVE_EVP_MD_CTX_FREE=1 -DHAVE_EVP_BF_CBC=1 -DHAVE_EVP_RC2_CBC=1 -DHAVE_EVP_RC4=1 -DHAVE_EVP_DES_CBC=1 -DHAVE_EVP_DESX_CBC=1 -DHAVE_EVP_CAST5_CBC=1 -DHAVE_EVP_AES_128_CBC=1 -DHAVE_EVP_AES_256_CBC=1 -DHAVE_X509_CHECK_HOST=1 -DHAVE_DECL_OPENSSL_ADD_ALL_ALGORITHMS=1 -DHAVE_OPENSSL_ADD_ALL_ALGORITHMS=1 -DHAVE_DECL_SSL_SET_TLSEXT_HOST_NAME=1 -DHAVE_SSL_SET_TLSEXT_HOST_NAME=1 -DHAVE_LIBZ=1 -DVERSION=\"$(VERSION)\" -DSYSCONFDIR=\"$(sysconfdir)\" -OBJ=StrLenCache.o String.o Array.o List.o IPAddress.o Socket.o Server.o UnixSocket.o Stream.o StreamAuth.o Errors.o Unicode.o TerminalKeys.o Terminal.o TerminalWidget.o TerminalMenu.o TerminalChoice.o TerminalBar.o TerminalProgress.o TerminalTheme.o FileSystem.o GeneralFunctions.o DataProcessing.o Pty.o Log.o HttpUtil.o HttpChunkedTransfer.o Http.o Gemini.o Smtp.o Inet.o Expect.o base32.o base64.o crc32.o md5c.o sha1.o sha2.o whirlpool.o jh_ref.o HashCRC32.o HashMD5.o HashSHA.o HashJH.o HashWhirlpool.o HashOpenSSL.o Hash.o HMAC.o Ssh.o Compression.o OAuth.o LibSettings.o Vars.o Time.o Markup.o SpawnPrograms.o Tokenizer.o StringList.o PatternMatch.o URL.o DataParser.o ConnectionChain.o OpenSSL.o Process.o Encodings.o RawData.o SecureMem.o CommandLineParser.o SysInfo.o Entropy.o Users.o UnitsOfMeasure.o HttpServer.o WebSocket.o ContentType.o PasswordFile.o OTP.o +FLAGS=$(LDFLAGS) $(CPPFLAGS) $(CFLAGS) -fPIC -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -D_FILE_OFFSET_BITS=64 -DHAVE_LIBC=1 -DHAVE_GET_CURR_DIR=1 -DHAVE_PTSNAME_R=1 -DHAVE_CLEARENV=1 -DHAVE_SETRESUID=1 -DHAVE_INITGROUPS=1 -DHAVE_POLL=1 -DHAVE_MLOCK=1 -DHAVE_MLOCKALL=1 -DHAVE_MUNLOCKALL=1 -DHAVE_MADVISE=1 -DHAVE_MKOSTEMP=1 -DHAVE_MOUNT=1 -DHAVE_UMOUNT=1 -DHAVE_UMOUNT2=1 -DHAVE_GETENTROPY=1 -DHAVE_PRCTL=1 -DHAVE_STDIO_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_STRINGS_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_UNISTD_H=1 -DSTDC_HEADERS=1 -DHAVE_SENDFILE=1 -DUSE_INET6=1 -DHAVE_LIBC=1 -DHAVE_XATTR=1 -DHAVE_LIBC=1 -DHAVE_UNSHARE=1 -DHAVE_LIBC=1 -DHAVE_SETNS=1 -DHAVE_LIBCRYPTO=1 -DHAVE_LIBSSL=1 -DHAVE_EVP_MD_CTX_CREATE=1 -DHAVE_EVP_MD_CTX_NEW=1 -DHAVE_EVP_MD_CTX_DESTROY=1 -DHAVE_EVP_MD_CTX_FREE=1 -DHAVE_X509_CHECK_HOST=1 -DHAVE_SSL_SET_MIN_PROTO_VERSION=1 -DHAVE_DECL_OPENSSL_ADD_ALL_ALGORITHMS=1 -DHAVE_OPENSSL_ADD_ALL_ALGORITHMS=1 -DHAVE_DECL_SSL_SET_TLSEXT_HOST_NAME=1 -DHAVE_SSL_SET_TLSEXT_HOST_NAME=1 -DHAVE_LIBZ=1 -DVERSION=\"$(VERSION)\" -DSYSCONFDIR=\"$(sysconfdir)\" +OBJ=StrLenCache.o String.o Array.o List.o IPAddress.o Socket.o Server.o UnixSocket.o Stream.o StreamAuth.o Errors.o Unicode.o TerminalKeys.o Terminal.o TerminalWidget.o TerminalMenu.o TerminalChoice.o TerminalBar.o TerminalProgress.o TerminalTheme.o FileSystem.o GeneralFunctions.o DataProcessing.o Pty.o Log.o HttpUtil.o HttpChunkedTransfer.o Http.o Gemini.o Smtp.o Inet.o Expect.o base32.o base64.o crc32.o md5c.o sha1.o sha2.o whirlpool.o jh_ref.o HashCRC32.o HashMD5.o HashSHA.o HashJH.o HashWhirlpool.o HashOpenSSL.o Hash.o HMAC.o Ssh.o Compression.o Encryption.o OAuth.o LibSettings.o Vars.o Time.o Markup.o SpawnPrograms.o Tokenizer.o StringList.o PatternMatch.o URL.o DataParser.o ConnectionChain.o OpenSSL.o Seccomp.o Process.o Container.o Encodings.o RawData.o SecureMem.o CommandLineParser.o SysInfo.o Entropy.o Users.o UnitsOfMeasure.o HttpServer.o WebSocket.o ContentType.o PasswordFile.o OTP.o CGI.o all: $(OBJ) @@ -19,7 +19,7 @@ all: $(OBJ) -ln -s -r -f $(LIBFILE) libUseful-$(MAJOR).so -ln -s -r -f $(LIBFILE) $(SONAME) -ln -s -r -f $(LIBFILE) libUseful.so - ar rcs libUseful-$(VERSION).a $(OBJ) + $(AR) rcs libUseful-$(VERSION).a $(OBJ) -ln -s -r -f libUseful-$(VERSION).a libUseful-$(MAJOR).a -ln -s -r -f libUseful-$(VERSION).a libUseful.a @@ -180,6 +180,9 @@ WebSocket.o: WebSocket.h WebSocket.c Compression.o: Compression.h Compression.c $(CC) $(FLAGS) -c Compression.c +Encryption.o: Encryption.h Encryption.c + $(CC) $(FLAGS) -c Encryption.c + ConnectionChain.o: ConnectionChain.h ConnectionChain.c $(CC) $(FLAGS) -c ConnectionChain.c @@ -216,6 +219,12 @@ OpenSSL.o: OpenSSL.c OpenSSL.h Process.o: Process.c Process.h $(CC) $(FLAGS) -c Process.c +Container.o: Container.c Container.h + $(CC) $(FLAGS) -c Container.c + +Seccomp.o: Seccomp.c Seccomp.h + $(CC) $(FLAGS) -c Seccomp.c + Vars.o: Vars.c Vars.h $(CC) $(FLAGS) -c Vars.c @@ -252,13 +261,17 @@ PasswordFile.o: PasswordFile.c PasswordFile.h OTP.o: OTP.c OTP.h $(CC) $(FLAGS) -c OTP.c +CGI.o: CGI.c CGI.h + $(CC) $(FLAGS) -c CGI.c + + #No dependancies, must always be compiled LibSettings.o: LibSettings.h LibSettings.c $(CC) $(FLAGS) -c LibSettings.c clean: - -rm -f *.o *.so *.so.* *.a *.orig + -rm -f *.o *.so *.so.* *.a *.orig .*.swp *~ -rm config.log config.status -rm -r autom4te.cache config.cache -$(MAKE) clean -C examples diff --git a/libUseful-5/Makefile.in b/libUseful-5/Makefile.in index b26bd51..f096746 100644 --- a/libUseful-5/Makefile.in +++ b/libUseful-5/Makefile.in @@ -1,6 +1,6 @@ CC = @CC@ AR = @AR@ -VERSION = 5.14 +VERSION = 5.30 MAJOR=5 LIBFILE=libUseful.so.$(VERSION) SONAME=libUseful.so.$(MAJOR) @@ -10,7 +10,7 @@ LIBS = @LIBS@ prefix=@prefix@ sysconfdir=@sysconfdir@ FLAGS=$(LDFLAGS) $(CPPFLAGS) $(CFLAGS) -fPIC @DEFS@ -DVERSION=\"$(VERSION)\" -DSYSCONFDIR=\"$(sysconfdir)\" -OBJ=StrLenCache.o String.o Array.o List.o IPAddress.o Socket.o Server.o UnixSocket.o Stream.o StreamAuth.o Errors.o Unicode.o TerminalKeys.o Terminal.o TerminalWidget.o TerminalMenu.o TerminalChoice.o TerminalBar.o TerminalProgress.o TerminalTheme.o FileSystem.o GeneralFunctions.o DataProcessing.o Pty.o Log.o HttpUtil.o HttpChunkedTransfer.o Http.o Gemini.o Smtp.o Inet.o Expect.o base32.o base64.o crc32.o md5c.o sha1.o sha2.o whirlpool.o jh_ref.o HashCRC32.o HashMD5.o HashSHA.o HashJH.o HashWhirlpool.o HashOpenSSL.o Hash.o HMAC.o Ssh.o Compression.o OAuth.o LibSettings.o Vars.o Time.o Markup.o SpawnPrograms.o Tokenizer.o StringList.o PatternMatch.o URL.o DataParser.o ConnectionChain.o OpenSSL.o Process.o Encodings.o RawData.o SecureMem.o CommandLineParser.o SysInfo.o Entropy.o Users.o UnitsOfMeasure.o HttpServer.o WebSocket.o ContentType.o PasswordFile.o OTP.o +OBJ=StrLenCache.o String.o Array.o List.o IPAddress.o Socket.o Server.o UnixSocket.o Stream.o StreamAuth.o Errors.o Unicode.o TerminalKeys.o Terminal.o TerminalWidget.o TerminalMenu.o TerminalChoice.o TerminalBar.o TerminalProgress.o TerminalTheme.o FileSystem.o GeneralFunctions.o DataProcessing.o Pty.o Log.o HttpUtil.o HttpChunkedTransfer.o Http.o Gemini.o Smtp.o Inet.o Expect.o base32.o base64.o crc32.o md5c.o sha1.o sha2.o whirlpool.o jh_ref.o HashCRC32.o HashMD5.o HashSHA.o HashJH.o HashWhirlpool.o HashOpenSSL.o Hash.o HMAC.o Ssh.o Compression.o Encryption.o OAuth.o LibSettings.o Vars.o Time.o Markup.o SpawnPrograms.o Tokenizer.o StringList.o PatternMatch.o URL.o DataParser.o ConnectionChain.o OpenSSL.o Seccomp.o Process.o Container.o Encodings.o RawData.o SecureMem.o CommandLineParser.o SysInfo.o Entropy.o Users.o UnitsOfMeasure.o HttpServer.o WebSocket.o ContentType.o PasswordFile.o OTP.o CGI.o all: $(OBJ) @@ -180,6 +180,9 @@ WebSocket.o: WebSocket.h WebSocket.c Compression.o: Compression.h Compression.c $(CC) $(FLAGS) -c Compression.c +Encryption.o: Encryption.h Encryption.c + $(CC) $(FLAGS) -c Encryption.c + ConnectionChain.o: ConnectionChain.h ConnectionChain.c $(CC) $(FLAGS) -c ConnectionChain.c @@ -216,6 +219,12 @@ OpenSSL.o: OpenSSL.c OpenSSL.h Process.o: Process.c Process.h $(CC) $(FLAGS) -c Process.c +Container.o: Container.c Container.h + $(CC) $(FLAGS) -c Container.c + +Seccomp.o: Seccomp.c Seccomp.h + $(CC) $(FLAGS) -c Seccomp.c + Vars.o: Vars.c Vars.h $(CC) $(FLAGS) -c Vars.c @@ -252,13 +261,17 @@ PasswordFile.o: PasswordFile.c PasswordFile.h OTP.o: OTP.c OTP.h $(CC) $(FLAGS) -c OTP.c +CGI.o: CGI.c CGI.h + $(CC) $(FLAGS) -c CGI.c + + #No dependancies, must always be compiled LibSettings.o: LibSettings.h LibSettings.c $(CC) $(FLAGS) -c LibSettings.c clean: - -rm -f *.o *.so *.so.* *.a *.orig + -rm -f *.o *.so *.so.* *.a *.orig .*.swp *~ -rm config.log config.status -rm -r autom4te.cache config.cache -$(MAKE) clean -C examples diff --git a/libUseful-5/OAuth.c b/libUseful-5/OAuth.c index 541ba38..f313208 100644 --- a/libUseful-5/OAuth.c +++ b/libUseful-5/OAuth.c @@ -424,8 +424,7 @@ int OAuthGrant(OAUTH *Ctx, const char *iURL, const char *PostArgs) { STREAM *S; char *Tempstr=NULL, *URL=NULL; - const char *ptr; - int len, result=FALSE; + int result=FALSE; if (LibUsefulDebugActive()) fprintf(stderr, "DEBUG: OAuthGrant: %s args: %s\n", iURL, PostArgs); URL=HTTPURLAddAuth(URL, iURL, GetVar(Ctx->Vars, "client_id"), GetVar(Ctx->Vars, "client_secret")); @@ -461,7 +460,7 @@ int OAuthRefresh(OAUTH *Ctx, const char *iURL) { char *Tempstr=NULL, *URL=NULL, *Args=NULL; const char *ptr; - int result; + int result=FALSE; /* @@ -548,7 +547,7 @@ int OAuthImplicit(OAUTH *Ctx, const char *URL, const char *Args) int OAuthStage1(OAUTH *Ctx, const char *URL) { char *Tempstr=NULL; - int result; + int result=FALSE; Tempstr=GetRandomAlphabetStr(Tempstr, 10); SetVar(Ctx->Vars, "session",Tempstr); @@ -558,8 +557,12 @@ int OAuthStage1(OAUTH *Ctx, const char *URL) if (LibUsefulDebugActive()) fprintf(stderr, "OAuthStage1: %s\n", Tempstr); if (StrValid(Tempstr)) { - if (Ctx->Flags & OAUTH_IMPLICIT) Ctx->VerifyURL=MCopyStr(Ctx->VerifyURL, URL, "?", Tempstr, NULL); - //result=OAuthImplicit(Ctx, URL, Tempstr); + if (Ctx->Flags & OAUTH_IMPLICIT) + { + Ctx->VerifyURL=MCopyStr(Ctx->VerifyURL, URL, "?", Tempstr, NULL); + //result=OAuthImplicit(Ctx, URL, Tempstr); + result=TRUE; + } else result=OAuthGrant(Ctx, URL, Tempstr); } @@ -648,7 +651,6 @@ int OAuthLoad(OAUTH *Ctx, const char *ReqName, const char *iPath) { STREAM *S; char *Tempstr=NULL, *Token=NULL, *Name=NULL, *Path=NULL; - const char *ptr; int result=FALSE; int MatchingLines=0; @@ -673,7 +675,7 @@ int OAuthLoad(OAUTH *Ctx, const char *ReqName, const char *iPath) while (Tempstr) { StripTrailingWhitespace(Tempstr); - ptr=GetToken(Tempstr, "\\S", &Token, GETTOKEN_QUOTES); + GetToken(Tempstr, "\\S", &Token, GETTOKEN_QUOTES); if (strcmp(Token, Name)==0) { OAuthParse(Ctx, Tempstr); diff --git a/libUseful-5/OTP.c b/libUseful-5/OTP.c index 3ee65ef..598a8b8 100644 --- a/libUseful-5/OTP.c +++ b/libUseful-5/OTP.c @@ -4,8 +4,7 @@ #include "Encodings.h" #include "String.h" - -char *TOTP(char *RetStr, const char *HashType, const char *EncodedSecret, int SecretEncoding, int Digits, int Interval) +int TOTPAtTime(char **RetStr, const char *HashType, const char *EncodedSecret, int SecretEncoding, time_t When, int Digits, int Interval) { uint64_t totp=0; uint32_t code; @@ -14,9 +13,9 @@ char *TOTP(char *RetStr, const char *HashType, const char *EncodedSecret, int Se int len, pos; len=DecodeBytes(&Secret, EncodedSecret, SecretEncoding); - totp=(uint64_t) htonll((uint64_t) (time(NULL) / Interval)); + totp=(uint64_t) htonll((uint64_t) (When / Interval)); - len=HMACBytes(&Tempstr, HashType, Secret, len, (unsigned char *) &totp, sizeof(uint64_t), ENCODE_NONE); + len=HMACBytes(&Tempstr, HashType, Secret, len, (char *) &totp, sizeof(uint64_t), ENCODE_NONE); ptr=Tempstr + len -1; pos=*ptr & 0xf; @@ -26,11 +25,31 @@ char *TOTP(char *RetStr, const char *HashType, const char *EncodedSecret, int Se code &= 0x7fffffff; Tempstr=FormatStr(Tempstr, "%u", code); - RetStr=CopyStrLen(RetStr, Tempstr + StrLen(Tempstr) - Digits, Digits); + *RetStr=CopyStrLen(*RetStr, Tempstr + StrLen(Tempstr) - Digits, Digits); Destroy(Tempstr); Destroy(Secret); + return(When % Interval); +} + + + +int TOTPPrevCurrNext(char **Prev, char **Curr, char **Next, const char *HashType, const char *EncodedSecret, int SecretEncoding, int Digits, int Interval) +{ + time_t When; + When=time(NULL); + + TOTPAtTime(Prev, HashType, EncodedSecret, SecretEncoding, When - (Interval / 2 + 1), Digits, Interval); + TOTPAtTime(Curr, HashType, EncodedSecret, SecretEncoding, When, Digits, Interval); + TOTPAtTime(Next, HashType, EncodedSecret, SecretEncoding, When + (Interval / 2 + 1), Digits, Interval); + return(When % Interval); +} + + +char *TOTP(char *RetStr, const char *HashType, const char *EncodedSecret, int SecretEncoding, int Digits, int Interval) +{ + TOTPAtTime(&RetStr, HashType, EncodedSecret, SecretEncoding, time(NULL), Digits, Interval); return(RetStr); } diff --git a/libUseful-5/OTP.h b/libUseful-5/OTP.h index 9e591a5..1c243c9 100644 --- a/libUseful-5/OTP.h +++ b/libUseful-5/OTP.h @@ -15,11 +15,29 @@ Digits=6 Interval=30 SecretEncoding=ENCODE_BASE32 + This function does not parse totp urls, you will have to extract the secret from those yourself. */ + + + +//Calculate TOTP at a given time, returns number of seconds the code is valid from that time +int TOTPAtTime(char **RetStr, const char *HashType, const char *EncodedSecret, int SecretEncoding, time_t When, int Digits, int Interval); + + +//Calculate TOTP at the current moment char *TOTP(char *RetStr, const char *HashType, const char *EncodedSecret, int SecretEncoding, int Digits, int Interval); +//Calculate TOTP at Current time, at CurrTime - (Interval / 2 +5) and at CurrTime + (Interval / 2 +5) +//returns number of seconds the 'Curr' code is valid from CurrTime +int TOTPPrevCurrNext(char **Prev, char **Curr, char **Next, const char *HashType, const char *EncodedSecret, int SecretEncoding, int Digits, int Interval); + + +//Calculate GoogleAutenticator code for the current moment +char *GoogleTOTP(char *RetStr, const char *EncodedSecret); + + //Google authenticator compatible TOTP char *GoogleTOTP(char *RetStr, const char *EncodedSecret); diff --git a/libUseful-5/OpenSSL.c b/libUseful-5/OpenSSL.c index f3d6168..9e2563d 100644 --- a/libUseful-5/OpenSSL.c +++ b/libUseful-5/OpenSSL.c @@ -61,7 +61,6 @@ static void STREAM_INTERNAL_SSL_ADD_SECURE_KEYS_LIST(STREAM *S, SSL_CTX *ctx, Li static void STREAM_INTERNAL_SSL_ADD_SECURE_KEYS(STREAM *S, SSL_CTX *ctx) { - ListNode *Curr; char *VerifyFile=NULL, *VerifyPath=NULL; SSL_CTX_set_default_verify_paths(ctx); @@ -69,8 +68,6 @@ static void STREAM_INTERNAL_SSL_ADD_SECURE_KEYS(STREAM *S, SSL_CTX *ctx) //Default Verify path //VerifyFile=CopyStr(VerifyFile,"/etc/ssl/certs/cacert.pem"); - Curr=ListGetNext(LibUsefulValuesGetHead()); - STREAM_INTERNAL_SSL_ADD_SECURE_KEYS_LIST(S, ctx, LibUsefulValuesGetHead(), &VerifyPath, &VerifyFile); STREAM_INTERNAL_SSL_ADD_SECURE_KEYS_LIST(S, ctx, S->Values, &VerifyPath, &VerifyFile); @@ -609,7 +606,7 @@ void OpenSSLGenerateDHParams() int DoSSLClientNegotiation(STREAM *S, int Flags) { - int result=FALSE, i, val; + int result=FALSE, i; char *Token=NULL; #ifdef HAVE_LIBSSL const SSL_METHOD *Method; @@ -669,7 +666,7 @@ int DoSSLClientNegotiation(STREAM *S, int Flags) result=SSL_do_handshake(ssl); - S->State |= SS_SSL; + S->State |= LU_SS_SSL; OpenSSLQueryCipher(S); OpenSSLVerifyCertificate(S, LU_SSL_VERIFY_HOSTNAME); @@ -696,8 +693,6 @@ int DoSSLServerNegotiation(STREAM *S, int Flags) const SSL_METHOD *Method; SSL_CTX *ctx; SSL *ssl; - const char *ptr; - if (S) { @@ -745,7 +740,7 @@ int DoSSLServerNegotiation(STREAM *S, int Flags) break; case TRUE: - S->State |= SS_SSL; + S->State |= LU_SS_SSL; if (Flags & LU_SSL_VERIFY_PEER) OpenSSLVerifyCertificate(S, 0); OpenSSLQueryCipher(S); break; @@ -798,7 +793,7 @@ int OpenSSLSTREAMCheckForBytes(STREAM *S) //if there are bytes available in the internal OpenSSL buffers, when we don't have to //wait on a select, we can just go straight through to SSL_read - if (S->State & SS_SSL) + if (S->State & LU_SS_SSL) { //ssl pending checks if there's bytes in the SSL buffer, it's not a select byte_count=SSL_pending(SSL_OBJ); @@ -811,13 +806,13 @@ int OpenSSLSTREAMCheckForBytes(STREAM *S) int OpenSSLSTREAMReadBytes(STREAM *S, char *Data, int len) { - int bytes_read=0, val; + int bytes_read=0; #ifdef HAVE_LIBSSL SSL *SSL_OBJ; SSL_OBJ=(SSL *) STREAMGetItem(S,"LIBUSEFUL-SSL:OBJ"); - if (S->State & SS_SSL) + if (S->State & LU_SS_SSL) { bytes_read=SSL_read(SSL_OBJ, Data, len); // saved_errno is used in all cases to capture errno before another function changes it @@ -895,7 +890,7 @@ void OpenSSLClose(STREAM *S) } #endif - S->State &= ~SS_SSL; + S->State &= ~LU_SS_SSL; } diff --git a/libUseful-5/PasswordFile.c b/libUseful-5/PasswordFile.c index e911fef..de66dcf 100644 --- a/libUseful-5/PasswordFile.c +++ b/libUseful-5/PasswordFile.c @@ -4,7 +4,7 @@ -char *PasswordFileGenerateEntry(char *RetStr, const char *User, const char *PassType, const char *Password) +char *PasswordFileGenerateEntry(char *RetStr, const char *User, const char *PassType, const char *Password, const char *Extra) { char *Salt=NULL, *Hash=NULL, *Tempstr=NULL; @@ -20,7 +20,8 @@ char *PasswordFileGenerateEntry(char *RetStr, const char *User, const char *Pass HashBytes(&Hash, PassType, Tempstr, StrLen(Tempstr), ENCODE_BASE64); } - RetStr=MCopyStr(RetStr, User, ":", PassType, ":", Salt, ":", Hash, "\n", NULL); + Tempstr=QuoteCharsInStr(Tempstr, Extra, ":"); + RetStr=MCopyStr(RetStr, User, ":", PassType, ":", Salt, ":", Hash, ":", Tempstr, "\n", NULL); Destroy(Tempstr); Destroy(Hash); @@ -30,7 +31,7 @@ char *PasswordFileGenerateEntry(char *RetStr, const char *User, const char *Pass } -int PasswordFileAdd(const char *Path, const char *PassType, const char *User, const char *Password) +int PasswordFileAdd(const char *Path, const char *PassType, const char *User, const char *Password, const char *Extra) { STREAM *Old, *New; char *Tempstr=NULL, *Token=NULL, *Salt=NULL; @@ -55,7 +56,7 @@ int PasswordFileAdd(const char *Path, const char *PassType, const char *User, co } - Tempstr=PasswordFileGenerateEntry(Tempstr, User, PassType, Password); + Tempstr=PasswordFileGenerateEntry(Tempstr, User, PassType, Password, Extra); STREAMWriteLine(Tempstr, New); rename(New->Path, Path); @@ -73,7 +74,7 @@ int PasswordFileAdd(const char *Path, const char *PassType, const char *User, co } -int PasswordFileAppend(const char *Path, const char *PassType, const char *User, const char *Password) +int PasswordFileAppend(const char *Path, const char *PassType, const char *User, const char *Password, const char *Extra) { STREAM *F; char *Tempstr=NULL, *Token=NULL; @@ -83,7 +84,7 @@ int PasswordFileAppend(const char *Path, const char *PassType, const char *User, if (! F) return(FALSE); STREAMSeek(F, 0, SEEK_END); - Tempstr=PasswordFileGenerateEntry(Tempstr, User, PassType, Password); + Tempstr=PasswordFileGenerateEntry(Tempstr, User, PassType, Password, Extra); STREAMWriteLine(Tempstr, F); STREAMClose(F); @@ -128,12 +129,16 @@ static int PasswordFileMatchItem(const char *Data, const char *User, const char } -int PasswordFileCheck(const char *Path, const char *User, const char *Password) +int PasswordFileCheck(const char *Path, const char *User, const char *Password, char **Extra) { STREAM *F; char *Tempstr=NULL; + const char *ptr; int result=FALSE; + if (! StrValid(Path)) return(FALSE); + if (! StrValid(User)) return(FALSE); + F=STREAMOpen(Path, "r"); if (F) { @@ -142,13 +147,22 @@ int PasswordFileCheck(const char *Path, const char *User, const char *Password) { StripTrailingWhitespace(Tempstr); result=PasswordFileMatchItem(Tempstr, User, Password); - if (result) break; + if (result) + { + if (Extra) + { + ptr=strrchr(Tempstr, ':'); + *Extra=UnQuoteStr(*Extra, ptr+1); + } + break; + } + Tempstr=STREAMReadLine(Tempstr, F); } STREAMClose(F); } - + else RaiseError(ERRFLAG_DEBUG, "PasswordFileCheck", "can't open %s", Path); Destroy(Tempstr); return(result); diff --git a/libUseful-5/PasswordFile.h b/libUseful-5/PasswordFile.h index 778a37b..4698430 100644 --- a/libUseful-5/PasswordFile.h +++ b/libUseful-5/PasswordFile.h @@ -5,12 +5,13 @@ Copyright (c) 2015 Colum Paget // These functions relate to a password file that stores passwords // in the form: -// ::: +// :::: // // if 'pass type' is blank or is 'plain' then the password is stored as-is in plaintext // otherwise 'pass type' will be a hash type, like md5, sha256 etc. // For hash types a 20 character salt is generated and prepended to the password, // and the resulting string is then hashed before being stored +// 'extra' is populated with any extra data for/about this user #ifndef LIBUSEFUL_PASSWORD_FILE_H @@ -28,14 +29,14 @@ extern "C" { // to remove previous entries, this function builds an new password file, and then atomically moves // it into place to replace the existing one. It will not remove any duplicate entries for other // users. -int PasswordFileAdd(const char *Path, const char *PassType, const char *User, const char *Password); +int PasswordFileAdd(const char *Path, const char *PassType, const char *User, const char *Password, const char *Extra); // Add an entry to the password file, not replacing previous entries, to previous passwords can still be // used. This does not require rebuilding the file, and thus may be more efficient than PasswordFileAdd -int PasswordFileAppend(const char *Path, const char *PassType, const char *User, const char *Password); +int PasswordFileAppend(const char *Path, const char *PassType, const char *User, const char *Password, const char *Extra); //check a users password matches the one stored in password file at 'Path' -int PasswordFileCheck(const char *Path, const char *User, const char *Password); +int PasswordFileCheck(const char *Path, const char *User, const char *Password, char **ReturnedData); #ifdef __cplusplus } diff --git a/libUseful-5/PatternMatch.c b/libUseful-5/PatternMatch.c index 9c3bc3c..a711ed2 100644 --- a/libUseful-5/PatternMatch.c +++ b/libUseful-5/PatternMatch.c @@ -159,7 +159,7 @@ static int pmatch_quot(const char **P_PtrPtr, const char **S_PtrPtr, int *Flags) { int result=MATCH_FAIL, OldFlags; char P_Char, S_Char; - const char *OldPos, *ptr; + const char *OldPos; P_Char=**P_PtrPtr; S_Char=**S_PtrPtr; @@ -692,7 +692,7 @@ int pmatch(const char *Pattern, const char *String, int Len, ListNode *Matches, const char **Compiled=NULL; const char *s_ptr, *s_end; const char *Start=NULL, *End=NULL; - int result=0, mcount=0, i; + int result=0, mcount=0; pmatch_compile(Pattern,&Compiled); diff --git a/libUseful-5/Process.c b/libUseful-5/Process.c index e68f615..4e9c426 100644 --- a/libUseful-5/Process.c +++ b/libUseful-5/Process.c @@ -1,8 +1,9 @@ #include "Process.h" +#include "Container.h" + #include "errno.h" #include "includes.h" #include -#include #include #include #include @@ -16,10 +17,15 @@ #include "FileSystem.h" #include "UnitsOfMeasure.h" #include "Users.h" +#include "Seccomp.h" //needed for 'flock' used by CreatePidFile and CreateLockFile #include +#ifdef HAVE_PRCTL +#include /* Definition of PR_* constants */ +#include +#endif /*This is code to change the command-line of a program as visible in ps */ @@ -53,6 +59,7 @@ int ProcessSetCapabilities(const char *CapNames) char *Token=NULL; const char *ptr; cap_t caps; + uid_t uid; caps=cap_get_proc(); cap_clear(caps); @@ -96,12 +103,17 @@ int ProcessSetCapabilities(const char *CapNames) cap_set_proc(caps); + uid=getuid(); #ifdef HAVE_SETRESUID - setresuid(99,99,99); + setresuid( uid, uid, uid); #else - setreuid(99,99); + setreuid( uid, uid); #endif + // once our capabilites are set, we can't be adding any + // further privilidges + ProcessNoNewPrivs(); + Destroy(Token); #endif @@ -118,7 +130,7 @@ void ProcessSetControlTTY(int fd) { // TIOCSCTTY doesn't seem to exist under macosx! #ifdef TIOCSCTTY - ioctl(fd,TIOCSCTTY,0); + ioctl(fd,TIOCSCTTY,1); #endif } @@ -270,446 +282,160 @@ void LU_DefaultSignalHandler(int sig) -void InitSigHandler(int sig) -{ -} - - - - -void ProcessContainerInit(int tunfd, int linkfd, pid_t Child, int RemoveRootDir) -{ - ListNode *Connections=NULL; - STREAM *TunS=NULL, *LinkS=NULL, *S; - struct sigaction sa; - - /* //this feature not working yet - if ((linkfd > -1) && (tunfd > -1)) - { - Connections=ListCreate(); - LinkS=STREAMFromFD(linkfd); - STREAMSetFlushType(LinkS, FLUSH_ALWAYS, 0, 0); - if (LinkS) ListAddItem(Connections, LinkS); - - TunS=STREAMFromFD(tunfd); - STREAMSetFlushType(TunS, FLUSH_ALWAYS, 0, 0); - if (TunS) ListAddItem(Connections, TunS); - } - */ - - - //this process is init, the child will carry on executation - if (chroot(".") == -1) RaiseError(ERRFLAG_ERRNO, "chroot", "failed to chroot to curr directory"); - ProcessSetTitle("init"); - - memset(&sa,0,sizeof(sa)); - sa.sa_handler=InitSigHandler; - sa.sa_flags=SA_NOCLDSTOP; - sigaction(SIGCHLD, &sa,NULL); - while (Connections) - { - S=STREAMSelect(Connections, NULL); - if (S==TunS) STREAMSendFile(S, LinkS, BUFSIZ, SENDFILE_KERNEL); - else if (S==LinkS) STREAMSendFile(S, TunS, BUFSIZ, SENDFILE_KERNEL); - if (waitpid(-1, NULL,WNOHANG) == -1) break; - } - - while (waitpid(-1,NULL,0) != -1); - FileSystemUnMount("/proc","rmdir"); - if (RemoveRootDir) FileSystemUnMount("/","recurse,rmdir"); - else - { - FileSystemUnMount("/","subdirs,rmdir"); - FileSystemUnMount("/","recurse"); - } - STREAMClose(TunS); - STREAMClose(LinkS); - - _exit(0); -} - - -int JoinNamespace(const char *Namespace, int type) +void ProcessSetRLimit(int Type, const char *Value) { - char *Tempstr=NULL; - struct stat Stat; - glob_t Glob; - int i, fd, result=FALSE; + struct rlimit limit; + rlim_t val; -#ifdef HAVE_SETNS - stat(Namespace,&Stat); - if (S_ISDIR(Stat.st_mode)) - { - Tempstr=MCopyStr(Tempstr,Namespace,"/*",NULL); - glob(Tempstr,0,0,&Glob); - if (Glob.gl_pathc ==0) RaiseError(ERRFLAG_ERRNO, "namespaces", "namespace dir %s empty", Tempstr); - for (i=0; i < Glob.gl_pathc; i++) - { - fd=open(Glob.gl_pathv[i],O_RDONLY); - if (fd > -1) - { - result=TRUE; - setns(fd, type); - close(fd); - } - else RaiseError(ERRFLAG_ERRNO, "namespaces", "couldn't open namespace %s", Glob.gl_pathv[i]); - } - } - else - { - fd=open(Namespace,O_RDONLY); - if (fd > -1) - { - result=TRUE; - setns(fd, type); - close(fd); - } - else RaiseError(ERRFLAG_ERRNO, "namespaces", "couldn't open namespace %s", Namespace); - } -#else - RaiseError(0, "namespaces", "setns unavailable"); -#endif + val=(rlim_t) FromMetric(Value, 0); + limit.rlim_cur=val; + limit.rlim_max=val; + setrlimit(Type, &limit); - Destroy(Tempstr); - return(result); } - -void ProcessContainerFilesys(const char *Config, const char *Dir, int Flags) +int ProcessResistPtrace() { - pid_t pid; - char *Tempstr=NULL, *Name=NULL, *Value=NULL; - char *ROMounts=NULL, *RWMounts=NULL; - char *Links=NULL, *PLinks=NULL, *FileClones=NULL; - const char *ptr, *tptr; - struct stat Stat; - - - ptr=GetNameValuePair(Config,"\\S","=",&Name,&Value); - while (ptr) - { - if (strcasecmp(Name,"+mnt")==0) ROMounts=MCatStr(ROMounts,",",Value,NULL); - else if (strcasecmp(Name,"+mnt")==0) ROMounts=MCatStr(ROMounts,",",Value,NULL); - else if (strcasecmp(Name,"mnt")==0) ROMounts=CopyStr(ROMounts,Value); - else if (strcasecmp(Name,"+wmnt")==0) RWMounts=MCatStr(RWMounts,",",Value,NULL); - else if (strcasecmp(Name,"wmnt")==0) RWMounts=CopyStr(RWMounts,Value); - else if (strcasecmp(Name,"+link")==0) Links=MCatStr(Links,",",Value,NULL); - else if (strcasecmp(Name,"link")==0) Links=CopyStr(Links,Value); - else if (strcasecmp(Name,"+plink")==0) PLinks=MCatStr(PLinks,",",Value,NULL); - else if (strcasecmp(Name,"plink")==0) PLinks=CopyStr(PLinks,Value); - else if (strcasecmp(Name,"pclone")==0) FileClones=CopyStr(FileClones,Value); - ptr=GetNameValuePair(ptr,"\\S","=",&Name,&Value); - } - - pid=getpid(); - if (StrValid(Dir)) Tempstr=FormatStr(Tempstr,Dir,pid); - else Tempstr=FormatStr(Tempstr,"%d.container",pid); - - mkdir(Tempstr,0755); - if (Flags & PROC_ISOCUBE) FileSystemMount("",Tempstr,"tmpfs",""); - if (chdir(Tempstr) !=0) RaiseError(ERRFLAG_ERRNO, "ProcessContainerFilesys", "failed to chdir to %s", Tempstr); - - //always make a tmp directory - mkdir("tmp",0777); - - ptr=GetToken(ROMounts,",",&Value,GETTOKEN_QUOTES); - while (ptr) - { - FileSystemMount(Value,"","bind","ro perms=755"); - ptr=GetToken(ptr,",",&Value,GETTOKEN_QUOTES); - } - - ptr=GetToken(RWMounts,",",&Value,GETTOKEN_QUOTES); - while (ptr) - { - FileSystemMount(Value,"","bind","perms=777"); - ptr=GetToken(ptr,",",&Value,GETTOKEN_QUOTES); - } - - ptr=GetToken(Links,",",&Value,GETTOKEN_QUOTES); - while (ptr) - { - if (link(Value,GetBasename(Value)) !=0) - ptr=GetToken(ptr,",",&Value,GETTOKEN_QUOTES); - } - - ptr=GetToken(PLinks,",",&Value,GETTOKEN_QUOTES); - while (ptr) - { - tptr=Value; - if (*tptr=='/') tptr++; - MakeDirPath(tptr,0755); - if (link(Value, tptr) != 0) RaiseError(ERRFLAG_ERRNO, "ProcessContainerFilesys", "Failed to link Value tptr."); - ptr=GetToken(ptr,",",&Value,GETTOKEN_QUOTES); - } +#ifdef HAVE_PRCTL +//Turn OFF Dumpable flag. This prevents producing coredumps, but has the side-effect of preventing ptrace attach. +//We normally control coredumps via resources (RLIMIT_CORE) rather than this +#ifdef PR_SET_DUMPABLE +#include - ptr=GetToken(FileClones,",",&Value,GETTOKEN_QUOTES); - while (ptr) - { - tptr=Value; - if (*tptr=='/') tptr++; - MakeDirPath(tptr,0755); - stat(Value, &Stat); - if (S_ISCHR(Stat.st_mode) || S_ISBLK(Stat.st_mode)) mknod(tptr, Stat.st_mode, Stat.st_rdev); - else - { - FileCopy(Value, tptr); - chmod(tptr, Stat.st_mode); - } - ptr=GetToken(ptr,",",&Value,GETTOKEN_QUOTES); - } +//set, then check we have the set. This covers situations where the sat failed, but we've already +//set the value previously somehow + prctl(PR_SET_DUMPABLE, 0, 0, 0, 0); + if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 0) return(TRUE); + RaiseError(ERRFLAG_ERRNO, "ProcessResistPtrace", "Failed to setup ptrace resistance"); +#else + RaiseError(0, "ProcessResistPtrace", "This platform doesn't seem to support the 'resist ptrace' (PR_SET_DUMPABLE) option"); +#endif + RaiseError(0, "ProcessResistPtrace", "This platform doesn't seem to support the 'resist ptrace' (PR_SET_DUMPABLE) option (no prctl)"); +#endif - Destroy(Name); - Destroy(Value); - Destroy(Tempstr); - Destroy(ROMounts); - Destroy(RWMounts); - Destroy(Links); - Destroy(PLinks); - Destroy(FileClones); + return(FALSE); } -void ProcessContainerNamespace(const char *Namespace, const char *HostName, int Flags) +int ProcessNoNewPrivs() { - int val, result; - -#ifdef CLONE_NEWNET - if (StrValid(Namespace)) JoinNamespace(Namespace, CLONE_NEWNET); - else if (! (Flags & PROC_CONTAINER_NET)) unshare(CLONE_NEWNET); -#endif +#ifdef HAVE_PRCTL +#ifdef PR_SET_NO_NEW_PRIVS +#include - if (Flags & PROC_CONTAINER) - { - //do these all individually because any one of them might be rejected -#ifdef CLONE_NEWIPC -// if (StrValid(Namespace)) JoinNamespace(Namespace, CLONE_NEWIPC); -// else unshare(CLONE_NEWIPC); -#endif +//set, then check that the set worked. This correctly handles situations where we ask to set more than once +//as the second attempt may 'fail', but we already have the desired result + prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); + if (prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0) == 1) return(TRUE); -#ifdef CLONE_NEWUTS - if (StrValid(Namespace)) JoinNamespace(Namespace, CLONE_NEWUTS); - else - { - unshare(CLONE_NEWUTS); - val=StrLen(HostName); - if (val != 0) result=sethostname(HostName, val); - else result=sethostname("container", 9); - if (result != 0) RaiseError(ERRFLAG_ERRNO, "ProcessContainerNamespace", "Failed to sethostname for container."); - } + RaiseError(ERRFLAG_ERRNO, "ProcessNoNewPrivs", "Failed to set 'no new privs'"); +#else + RaiseError(0, "ProcessNoNewPrivs", "This platform doesn't seem to support the 'no new privs' option"); #endif - -#ifdef CLONE_FS - if (StrValid(Namespace)) JoinNamespace(Namespace, CLONE_FS); - else unshare(CLONE_FS); +#else + RaiseError(0, "ProcessNoNewPrivs", "This platform doesn't seem to support the 'no new privs' option (no prctl)"); #endif -#ifdef CLONE_NEWNS - if (StrValid(Namespace)) JoinNamespace(Namespace, CLONE_NEWNS); - else unshare(CLONE_NEWNS); -#endif - } + return(FALSE); } -void ProcessContainerSetEnvs(const char *Envs) +static int ProcessMemLockAdd() { - char *Name=NULL, *Value=NULL; - const char *ptr; - -#ifdef HAVE_CLEARENV - clearenv(); + int result=FALSE; + LibUsefulFlags |= LU_MLOCKALL; +#ifdef HAVE_MLOCKALL + if (mlockall(MCL_CURRENT | MCL_FUTURE)) result=TRUE; + else RaiseError(ERRFLAG_ERRNO, "ProcessMemLockAdd", "Failed to set 'mlockall'"); +#else + RaiseError(0, "ProcessMemLockAdd", "This platform doesn't seem to support 'mlockall'"); #endif + LibUsefulSetupAtExit(); - setenv("LD_LIBRARY_PATH","/lib:/usr/lib",TRUE); - - ptr=GetNameValuePair(Envs, ",","=", &Name, &Value); - while (ptr) - { - setenv(Name, Value, TRUE); - ptr=GetNameValuePair(ptr, ",","=", &Name, &Value); - } - Destroy(Name); - Destroy(Value); + return(result); } - -int ProcessContainer(const char *Config) +static int ProcessParseSecurity(const char *Config, char **SeccompSetup) { - char *HostName=NULL, *SetupScript=NULL, *Namespace=NULL, *Envs=NULL; - char *Dir=NULL, *ChRoot=NULL; - char *Name=NULL, *Value=NULL; - char *Tempstr=NULL; + char *Token=NULL; const char *ptr; - int Flags=0; - int result=TRUE; - pid_t child; + int Flags=0, val; + const char *Levels[]= {"minimal", "basic", "user", "guest", "client", "untrusted", "local", "constrained", "high", NULL}; + typedef enum {LU_SEC_MINIMAL, LU_SEC_BASIC, LU_SEC_USER, LU_SEC_GUEST, LU_SEC_CLIENT, LU_SEC_UNTRUSTED, LU_SEC_LOCAL, LU_SEC_CONSTRAINED, LU_SEC_HIGH} TSecLevel; - ptr=GetNameValuePair(Config,"\\S","=",&Name,&Value); + ptr=GetToken(Config, " ", &Token, 0); while (ptr) { - if (strcasecmp(Name,"hostname")==0) HostName=CopyStr(HostName, Value); - else if (strcasecmp(Name,"dir")==0) Dir=CopyStr(Dir, Value); - else if (strcasecmp(Name,"+net")==0) Flags |= PROC_CONTAINER_NET; - else if (strcasecmp(Name,"-net")==0) Flags &= ~PROC_CONTAINER_NET; - else if (strcasecmp(Name,"jailsetup")==0) SetupScript=CopyStr(SetupScript, Value); - else if ( - (strcasecmp(Name,"ns")==0) || - (strcasecmp(Name,"namespace")==0) - ) - { - Namespace=CopyStr(Namespace, Value); - Flags |= PROC_CONTAINER; - } - else if (strcasecmp(Name,"container")==0) - { - if (StrValid(Value)) ChRoot=CopyStr(ChRoot, Value); - Flags |= PROC_CONTAINER; - } - else if (strcasecmp(Name,"container+net")==0) - { - if (StrValid(Value)) ChRoot=CopyStr(ChRoot, Value); - Flags |= PROC_CONTAINER | PROC_CONTAINER_NET; - } - else if (strcasecmp(Name,"isocube")==0) - { - if (StrValid(Value)) ChRoot=CopyStr(ChRoot, Value); - Flags |= PROC_ISOCUBE | PROC_CONTAINER; - } - else if (strcasecmp(Name,"setenv")==0) - { - Tempstr=QuoteCharsInStr(Tempstr, Value, ","); - Envs=MCatStr(Envs, Tempstr, ",",NULL); - } - - - ptr=GetNameValuePair(ptr,"\\S","=",&Name,&Value); - } - - - if (Flags & PROC_CONTAINER) - { -#ifdef HAVE_UNSHARE -#ifdef CLONE_NEWPID - if (StrValid(Namespace)) JoinNamespace(Namespace, CLONE_NEWPID); - else unshare(CLONE_NEWPID); -#endif -#endif + val=MatchTokenFromList(Token, Levels, 0); - if (! StrValid(ChRoot)) + switch (val) { - ChRoot=CopyStr(ChRoot, Dir); - Dir=CopyStr(Dir,""); + case LU_SEC_HIGH: + *SeccompSetup=CatStr(*SeccompSetup, "syscall_kill=group:net "); + //break; //fall through to LU_SEC_CONSTRAINED + + case LU_SEC_CONSTRAINED: + *SeccompSetup=CatStr(*SeccompSetup, "syscall_allow=ioctl(termget);ioctl(termset) syscall_deny=group:net syscall_kill=group:exec;mprotect(exec);mmap(exec);ioctl;group:ptrace "); + //break; //fall through to LU_SEC_LOCAL + + case LU_SEC_LOCAL: + *SeccompSetup=CatStr(*SeccompSetup, "syscall_allow=socket(unix) syscall_deny=socket "); + //break; //fall through to LU_SEC_UNTRUSTED + + case LU_SEC_UNTRUSTED: + *SeccompSetup=CatStr(*SeccompSetup, "syscall_kill=group:chroot;group:keyring;group:ns;setsid;acct "); + //break; //fall through to LU_SEC_CLENT + + case LU_SEC_CLIENT: + *SeccompSetup=CatStr(*SeccompSetup, "syscall_deny=listen;accept "); + //break; //fall through to LU_SEC_GUEST + + case LU_SEC_GUEST: + *SeccompSetup=CatStr(*SeccompSetup, "syscall_deny=group:keyring "); + //break; //fall through to LU_SEC_USER + + case LU_SEC_USER: + *SeccompSetup=CatStr(*SeccompSetup, "syscall_deny=chown;chmod(exec) syscall_kill=group:sysadmin;bpf "); + //break; //fall through to LU_SEC_BASIC + + case LU_SEC_BASIC: + *SeccompSetup=CatStr(*SeccompSetup, "syscall_deny=acct "); + //break; //fall through to LU_SEC_MINIMAL + + case LU_SEC_MINIMAL: + //sadly, things like wine use ptrace, so we'd rather deny it than kill them. + *SeccompSetup=CatStr(*SeccompSetup, "syscall_deny=ptrace syscall_kill=group:kexec;uselib;userfaultfd;personality;perf_event_open;group:kern_mods;kexec_load;get_kernel_syms;lookup_dcookie;vm86;vm86old;mbind;move_pages "); + + Flags |= PROC_NO_NEW_PRIVS; + break; + + default: + if (strncmp(Token, "syscall_allow=", 14)==0) *SeccompSetup=MCatStr(*SeccompSetup, Token, " ", NULL); + else if (strncmp(Token, "syscall_kill=", 13)==0) *SeccompSetup=MCatStr(*SeccompSetup, Token, " ", NULL); + else if (strncmp(Token, "syscall_deny=", 13)==0) *SeccompSetup=MCatStr(*SeccompSetup, Token, " ", NULL); + Flags |= PROC_NO_NEW_PRIVS; + break; } - ProcessContainerFilesys(Config, ChRoot, Flags); - - //fork again because CLONE_NEWPID only takes effect after another fork, and creates an 'init' process - child=fork(); - if (child==0) - { - //we do not call CredsStoreOnFork here becausee it's assumed that we want to take the creds store with us, as - //these forks are in order to change aspects of our program, rather than spawn a new process - - //must do proc after the fork so that CLONE_NEWPID takes effect - mkdir("proc",0755); - FileSystemMount("","proc","proc",""); - - if (StrValid(SetupScript)) - { - if (system(SetupScript) < 1) RaiseError(ERRFLAG_ERRNO, "ProcessContainer", "failed to exec %s", SetupScript); - } - - -#ifdef HAVE_UNSHARE - ProcessContainerNamespace(Namespace, HostName, Flags); -#endif - - ProcessContainerSetEnvs(Envs); - //if we are given a namespace we assume there is already an init for it - if (! StrValid(Namespace)) - { - //as we are going to create an init for a namespace it needs to be session leader - setsid(); - - //fork again! Honestly. - child=fork(); - if (child !=0) - { - //ProcessContainerInit will never return, it will exit when finished - if ((! (Flags & PROC_ISOCUBE)) &&StrValid(Dir)) ProcessContainerInit(-1, -1, child, FALSE); - else ProcessContainerInit(-1, -1, child, TRUE); - } - } - - if (chroot(".") == -1) - { - RaiseError(ERRFLAG_ERRNO, "ProcessContainer", "failed to chroot to curr directory"); - result=FALSE; - } - - - if (result) - { - LibUsefulSetupAtExit(); - LibUsefulFlags |= LU_CONTAINER; - - if (StrValid(Dir)) - { - if (chdir(Dir) !=0) RaiseError(ERRFLAG_ERRNO, "ProcessContainer", "failed to chdir to %s", Dir); - } - } - } - //we no longer need the parent thread, as the child thread, now completely in the CLONE_NEWPID jail, is our new thread - else _exit(0); + ptr=GetToken(ptr, " ", &Token, 0); } - Destroy(Tempstr); - Destroy(SetupScript); - Destroy(HostName); - Destroy(Namespace); - Destroy(Name); - Destroy(Value); - Destroy(ChRoot); - Destroy(Dir); - - return(result); -} - -void ProcessSetRLimit(int Type, const char *Value) -{ - struct rlimit limit; - rlim_t val; - - val=(rlim_t) FromMetric(Value, 0); - limit.rlim_cur=val; - limit.rlim_max=val; - setrlimit(Type, &limit); - -} - - -static int ProcessResistPtrace() -{ -#ifdef PR_SET_DUMPABLE -#include - prctl(PR_SET_DUMPABLE, 0, 0, 0, 0); - if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 0) return(TRUE); -#endif + Destroy(Token); - return(FALSE); + return(Flags); } -int ProcessApplyEarlyConfig(const char *Config) +//do all things that we can do 'early' (i.e. before chroot and demonize) +static int ProcessApplyEarlyConfig(const char *Config) { char *Name=NULL, *Value=NULL; const char *ptr; @@ -724,15 +450,6 @@ int ProcessApplyEarlyConfig(const char *Config) else if (strcasecmp(Name,"prio")==0) setpriority(PRIO_PROCESS, 0, atoi(Value)); else if (strcasecmp(Name,"priority")==0) setpriority(PRIO_PROCESS, 0, atoi(Value)); else if (strcasecmp(Name,"openlog")==0) openlog(Value, LOG_PID, LOG_USER); - else if (strcasecmp(Name,"chroot")==0) - { - Flags |= PROC_CHROOT; - if ( StrValid(Value) && (chdir(Value) !=0 ) ) - { - Flags |= PROC_SETUP_FAIL;; - RaiseError(ERRFLAG_ERRNO, "ProcessApplyEarlyConfig", "failed to chroot to directory %s", Value); - } - } else if (strcasecmp(Name,"sigdef")==0) Flags |= PROC_SIGDEF; else if (strcasecmp(Name,"sigdefault")==0) Flags |= PROC_SIGDEF; else if (strcasecmp(Name,"setsid")==0) Flags |= PROC_SETSID; @@ -740,6 +457,8 @@ int ProcessApplyEarlyConfig(const char *Config) else if (strcasecmp(Name,"daemon")==0) Flags |= PROC_DAEMON; else if (strcasecmp(Name,"demon")==0) Flags |= PROC_DAEMON; else if (strcasecmp(Name,"ctrltty")==0) Flags |= PROC_CTRL_TTY; + else if (strcasecmp(Name,"ctrl_tty")==0) Flags |= PROC_CTRL_TTY; + else if (strcasecmp(Name,"strict")==0) Flags |= PROC_SETUP_STRICT; else if (strcasecmp(Name,"innull")==0) fd_remap_path(0, "/dev/null", O_WRONLY); else if (strcasecmp(Name,"errnull")==0) fd_remap_path(2, "/dev/null", O_WRONLY); else if (strcasecmp(Name,"outnull")==0) @@ -754,29 +473,17 @@ int ProcessApplyEarlyConfig(const char *Config) else if (strcasecmp(Name,"trust")==0) Flags |= SPAWN_TRUST_COMMAND; else if (strcasecmp(Name,"noshell")==0) Flags |= SPAWN_NOSHELL; else if (strcasecmp(Name,"arg0")==0) Flags |= SPAWN_ARG0; -//container flags will be parsed again in ContainerInit, so we just se them all to 'PROC_CONTAINER' here - else if (strcasecmp(Name,"container")==0) Flags |= PROC_CONTAINER; - else if (strcasecmp(Name,"container+net")==0) Flags |= PROC_CONTAINER; - else if (strcasecmp(Name,"isocube")==0) Flags |= PROC_CONTAINER; - else if (strcasecmp(Name,"-net")==0) Flags |= PROC_CONTAINER; - else if (strcasecmp(Name,"ns")==0) Flags |= PROC_CONTAINER; - else if (strcasecmp(Name,"namespace")==0) Flags |= PROC_CONTAINER; - else if (strcasecmp(Name,"mlock")==0) - { - LibUsefulFlags |= LU_MLOCKALL; -#ifdef HAVE_MLOCKALL - mlockall(MCL_CURRENT | MCL_FUTURE); -#endif - LibUsefulSetupAtExit(); - } - else if (strcasecmp(Name,"memlock")==0) - { - LibUsefulFlags |= LU_MLOCKALL; -#ifdef HAVE_MLOCKALL - mlockall(MCL_CURRENT | MCL_FUTURE); -#endif - LibUsefulSetupAtExit(); - } + else if (strcasecmp(Name,"container")==0) Flags |= PROC_CONTAINER_FS; + else if (strcasecmp(Name,"container+net")==0) Flags |= PROC_CONTAINER_FS | PROC_CONTAINER_NET; + else if (strcasecmp(Name,"isocube")==0) Flags |= PROC_CONTAINER_FS; + else if (strcasecmp(Name,"-net")==0) Flags |= PROC_CONTAINER_NET; + else if (strcasecmp(Name,"nonet")==0) Flags |= PROC_CONTAINER_NET; + else if (strcasecmp(Name,"nopid")==0) Flags |= PROC_CONTAINER_PID; + else if (strcasecmp(Name,"-pid")==0) Flags |= PROC_CONTAINER_PID; + else if (strcasecmp(Name,"ns")==0) Flags |= PROC_CONTAINER_FS; + else if (strcasecmp(Name,"namespace")==0) Flags |= PROC_CONTAINER_FS; + else if (strcasecmp(Name,"mlock")==0) ProcessMemLockAdd(); + else if (strcasecmp(Name,"memlock")==0) ProcessMemLockAdd(); else if (strcasecmp(Name,"mem")==0) ProcessSetRLimit(RLIMIT_DATA, Value); else if (strcasecmp(Name,"mlockmax")==0) ProcessSetRLimit(RLIMIT_MEMLOCK, Value); else if (strcasecmp(Name,"fsize")==0) ProcessSetRLimit(RLIMIT_FSIZE, Value); @@ -784,10 +491,24 @@ int ProcessApplyEarlyConfig(const char *Config) else if (strcasecmp(Name,"coredumps")==0) ProcessSetRLimit(RLIMIT_CORE, Value); else if ( (strcasecmp(Name,"procs")==0) || (strcasecmp(Name,"nproc")==0) ) ProcessSetRLimit(RLIMIT_NPROC, Value); else if (strcasecmp(Name, "resist_ptrace")==0) LibUsefulFlags |= LU_RESIST_PTRACE; + else if (strcasecmp(Name,"chroot")==0) + { + if ( StrValid(Value) && (chdir(Value) !=0 ) ) + { + RaiseError(ERRFLAG_ERRNO, "ProcessApplyEarlyConfig", "failed to chdir to directory %s for chrooting", Value); + Flags |= PROC_SETUP_FAIL; + } + else Flags |= PROC_CHROOT; + } ptr=GetNameValuePair(ptr,"\\S","=",&Name,&Value); } + if (LibUsefulFlags & LU_RESIST_PTRACE) + { + if (! ProcessResistPtrace()) Flags |= PROC_SETUP_FAIL; + } + Destroy(Name); Destroy(Value); @@ -796,9 +517,9 @@ int ProcessApplyEarlyConfig(const char *Config) //Apply config changes that are relevant AFTER chroot/daemonize -int ProcessApplyLateConfig(int Flags, const char *Config) +static int ProcessApplyLateConfig(int Flags, const char *Config) { - char *Name=NULL, *Value=NULL, *Capabilities=NULL; + char *Name=NULL, *Value=NULL, *Capabilities=NULL, *SeccompDeny=NULL; const char *ptr; long uid=0, gid=0; int lockfd, ctty_fd=0; @@ -816,10 +537,12 @@ int ProcessApplyLateConfig(int Flags, const char *Config) if (chdir(Value) !=0) { RaiseError(ERRFLAG_ERRNO, "ProcessApplyConfig", "failed to chdir to %s", Value); + RaiseError(ERRFLAG_ERRNO, "ProcessApplyConfig", "too dangerous to continue, (possibly in wrong directory) exiting...", Value); + exit(1); + Flags |= PROC_SETUP_FAIL; } } - else if (strcasecmp(Name,"PidFile")==0) WritePidFile(Value); else if (strcasecmp(Name,"LockFile")==0) { @@ -832,12 +555,15 @@ int ProcessApplyLateConfig(int Flags, const char *Config) lockfd=CreateLockFile(Value, 0); if (lockfd==-1) _exit(1); } + else if (strcasecmp(Name,"nosu")==0) Flags |= PROC_NO_NEW_PRIVS; + else if (strcasecmp(Name,"nopriv")==0) Flags |= PROC_NO_NEW_PRIVS; + else if (strcasecmp(Name,"noprivs")==0) Flags |= PROC_NO_NEW_PRIVS; else if (strcasecmp(Name,"capabilities")==0) Capabilities=CopyStr(Capabilities, Value); + else if (strcasecmp(Name,"security")==0) Flags |= ProcessParseSecurity(Value, &SeccompDeny); else if (strcasecmp(Name,"ctty")==0) { ctty_fd=atoi(Value); Flags |= PROC_CTRL_TTY; - ProcessSetControlTTY(ctty_fd); } ptr=GetNameValuePair(ptr,"\\S","=",&Name,&Value); @@ -845,9 +571,11 @@ int ProcessApplyLateConfig(int Flags, const char *Config) if (Flags & PROC_CONTAINER) { - if (! ProcessContainer(Config)) Flags |= PROC_SETUP_FAIL; + if (! ContainerApplyConfig(Config)) Flags |= PROC_SETUP_FAIL; } + if (Flags & PROC_CTRL_TTY) ProcessSetControlTTY(ctty_fd); + //Always do group first, otherwise we'll lose ability to switch user/group if (gid > 0) SwitchGID(gid); @@ -855,12 +583,8 @@ int ProcessApplyLateConfig(int Flags, const char *Config) if (LibUsefulFlags & LU_RESIST_PTRACE) { - // do this again, and switching uid or gid can reset this - if (! ProcessResistPtrace()) - { - RaiseError(0, "ProcessApplyConfig", "failed to activate ptrace resistance"); - exit(1); - } + // do this again, as switching uid or gid can reset this + if (! ProcessResistPtrace()) Flags |= PROC_SETUP_FAIL; } //Must do this last! After parsing Config, and also after functions like @@ -874,21 +598,27 @@ int ProcessApplyLateConfig(int Flags, const char *Config) } } - if (StrValid(Capabilities)) + + if (StrValid(Capabilities)) ProcessSetCapabilities(Capabilities); + //if we set any capabilites, we will already have set 'NO_NEW_PRIVS' + //so only consider the PROC_NO_NEW_PRIVS flag if we didn't use + //capabilities + else if (Flags & PROC_NO_NEW_PRIVS) { - ProcessSetCapabilities(Capabilities); + if (! ProcessNoNewPrivs()) Flags |= PROC_SETUP_FAIL; + else if (LibUsefulDebugActive()) fprintf(stderr, "DEBUG: set 'PROC_NO_NEW_PRIVS', su/suid should not be possible now\n"); -//does this belong inside ProcessSetCapabilties? -#ifdef PR_SET_NO_NEW_PRIVS -#include - prctl(PR_SET_NO_NEW_PRIVS, 0, 0, 0, 0); -#endif + //seccomp must come after PROC_NO_NEW_PRIVS +#ifdef USE_SECCOMP + if (StrValid(SeccompDeny)) SeccompAddRules(SeccompDeny); +#endif } Destroy(Name); Destroy(Value); Destroy(Capabilities); + Destroy(SeccompDeny); return(Flags); } @@ -903,9 +633,12 @@ int ProcessApplyConfig(const char *Config) //do all things that we can do 'early' (i.e. before chroot and demonize) Flags=ProcessApplyEarlyConfig(Config); - if (Flags & PROC_SETUP_FAIL) return(Flags); + if (Flags & PROC_SETUP_FAIL) + { + if (Flags & PROC_SETUP_STRICT) RaiseError(ERRFLAG_ABORT, "ProcessApplyConfig", "Early setup failed. Strict mode requested. Aborting."); + return(Flags); + } - if (LibUsefulFlags & LU_RESIST_PTRACE) ProcessResistPtrace(); //set all signal handlers to default if (Flags & PROC_SIGDEF) @@ -931,14 +664,17 @@ int ProcessApplyConfig(const char *Config) { if (chroot(".") == -1) { - RaiseError(ERRFLAG_ERRNO, "chroot", "failed to chroot"); + RaiseError(ERRFLAG_ERRNO, "ProcessApplyConfig", "failed to chroot"); Flags |= PROC_SETUP_FAIL; + if (Flags & PROC_SETUP_STRICT) RaiseError(ERRFLAG_ABORT, "ProcessApplyConfig", "chroot failed. Strict mode requested. Aborting."); } } //Apply config changes that are relevant AFTER chroot/daemonize if (! (Flags & PROC_SETUP_FAIL)) Flags=ProcessApplyLateConfig(Flags, Config); + if ( (Flags & PROC_SETUP_FAIL) && (Flags & PROC_SETUP_STRICT) ) RaiseError(ERRFLAG_ABORT, "ProcessApplyConfig", "Late setup failed. Strict mode requested. Aborting."); + return(Flags); } diff --git a/libUseful-5/Process.h b/libUseful-5/Process.h index e38b7ce..07d2b69 100644 --- a/libUseful-5/Process.h +++ b/libUseful-5/Process.h @@ -13,24 +13,30 @@ Copyright (c) 2015 Colum Paget //Various functions related to a process -#define PROC_DAEMON 8 //make process a daemon -#define PROC_SETSID 16 //create a new session for this process -#define PROC_CTRL_TTY 32 -#define PROC_CHROOT 64 //chroot this process -#define PROC_JAIL 128 -#define PROC_SIGDEF 256 //set default signal mask for this process -#define PROC_CONTAINER 512 -#define PROC_CONTAINER_NET 1024 -#define PROC_ISOCUBE 2048 -#define PROC_NEWPGROUP 4096 //create new process group for this process +#define PROC_DAEMON 8 // make process a daemon +#define PROC_SETSID 16 // create a new session for this process +#define PROC_CTRL_TTY 32 // set stdin to be a controlling tty +#define PROC_CHROOT 64 // chroot this process before switching user etc. Used to chroot into a full unix system. +#define PROC_NEWPGROUP 128 // create new process group for this process +#define PROC_SIGDEF 256 // set default signal mask for this process +#define PROC_CONTAINER_FS 512 +#define PROC_CONTAINER_NET 1024 // unshare network namespace for this process +#define PROC_CONTAINER_PID 2048 // unshare pids namespace //these must be compatible with PROC_ defines -#define SPAWN_NOSHELL 8192 -#define SPAWN_TRUST_COMMAND 16384 -#define SPAWN_ARG0 32768 +#define SPAWN_NOSHELL 8192 // run the command directly using exec, not from a shell using system +#define SPAWN_TRUST_COMMAND 16384 // don't strip unsafe chars from command +#define SPAWN_ARG0 32768 // deduce arg[0] from the command name -#define PROC_SETUP_FAIL 65536 +#define PROC_SETUP_FAIL 65536 // internal flag if anyting goes wrong, can trigger PROC_SETUP_STRICT +#define PROC_SETUP_STRICT 131072 // if anything goes wrong in ProcessApplyConfig, then abort program +#define PROC_NO_NEW_PRIVS 262144 // do not allow privilege escalation via setuid or other such methods +#define PROC_JAIL 524288 // chroot after everything setup. This jails a process in a directory, not the same as PROC_CHROOT +#define PROC_ISOCUBE 1048576 // chroot into a tmpfs filesystem. Any files process writes will be lost when it exits + + +#define PROC_CONTAINER (PROC_CONTAINER_FS | PROC_CONTAINER_NET | PROC_CONTAINER_PID) #ifdef __cplusplus extern "C" { @@ -43,7 +49,7 @@ void LU_DefaultSignalHandler(int sig); // Beware, this will change its pid. Returns the new pid or '0' on failure pid_t demonize(); -//singply try to close all file descriptors from 3 to 1024, leaving stdin, stdout and stderr alone +//try to close all file descriptors from 3 to 1024, leaving stdin, stdout and stderr alone void CloseOpenFiles(); //write a file containing the current pid. The file can either be an absolute path to a file anywhere @@ -64,6 +70,13 @@ void ProcessSetTitle(const char *FmtStr, ...); // set 'fd' to be a processes controling tty void ProcessSetControlTTY(int fd); +//set process to not be traceable with ptrace/strace, and also unable to make coredumps +int ProcessResistPtrace(); + +//set 'no new privs' to process cannot switch user/priviledges by any means (no su, sudo or setuid) +int ProcessNoNewPrivs(); + + /* ProcessApplyConfig() changes aspects of a running process. This function is not normally used in C programming, and is instead either called from the Spawn or fork functions in SpawnCommands.c or is used when binding libUseful functionality to scripting languages that have limited types, and where structures cannot easily be used to pass data. @@ -71,14 +84,15 @@ Values that can be passed in the 'Config' string of this function are: user= run process as user 'name' group= run process as group 'name' +uid= run process as user number 'uid' +gid= run process as group number 'gid' dir= run process in directory 'path' setsid start a new session for the process newpgroup start a new process group for the process (pgid will be the same as the processes pid) -ctrl_tty set controlling tty of process to be it's standard-in. Signals and tty output will then happen on that channel, rather than - via the console the program is running on. So if your overall program is running on /dev/tty1, switch it to believe it's - tty is really whatever is on stdin +ctrltty +ctrl_tty set controlling tty of process to be it's standard-in. Signals and tty output will then happen on that channel, rather than via the console the program is running on. So if your overall program is running on /dev/tty1, switch it to believe it's tty is really whatever is on stdin ctty= set controlling tty of process to be 'fd' (where fd is a file descriptor number). Same as ctrl_tty above, but using an arbitary file descriptor rather than stdin. @@ -94,26 +108,52 @@ stderr= redirect process stderr to file descriptor sigdef set all signal handlers to the default values (throw away any sighandlers set by parent process) sigdefault set all signal handlers to the default values (throw away any sighandlers set by parent process) -chroot= chroot process into . This option happens before switching users, so that user info lookup, lockfile, pidfile, - and chdir to directory specified with 'dir=' all happen within the chroot. Thus this is used when chrooting - into a full unix filesystem +demon +daemon 'daemonize' the current process (fork it into the background, close stdin/stdout/stderr, etc) + +chroot= chroot process into . This option happens before switching users, so that user info lookup, lockfile, pidfile, and chdir to directory specified with 'dir=' all happen within the chroot. Thus this is used when chrooting into a full unix filesystem -jail jail the process. This does a chroot AFTER looking up the user id, creating lockfile, etc ,etc. This can be used to - jail a process into an empty or private directory +jail jail the process. This does a chroot AFTER looking up the user id, creating lockfile, etc ,etc. This can be used to jail a process into an empty or private directory +strict abort process if chdir, chroot or jail fails + +namespace= ns= linux namespace to join. is either a path to a namespace file, or a path to a directory (e.g. /proc//ns ) that contains namespace descriptor files -nice=value 'nice' value of new process -prio=value scheduling priority of new process (equivalent to 0 - nice value) -priority=value scheduling priority of new process (equivalent to 0 - nice value) -mem=value resource limit for memory (data segment) -fsize=value resource limit for filesize -files=value resource limit for open files -coredumps=value resource limit for max size of coredump files -procs=value resource limit for max number of processes ON A PER USER BASIS. +nosu set 'prctl(PR_NO_NEW_PRIVS)' to prevent privesc via su/sudo/setuid +nopriv set 'prctl(PR_NO_NEW_PRIVS)' to prevent privesc via su/sudo/setuid +noprivs set 'prctl(PR_NO_NEW_PRIVS)' to prevent privesc via su/sudo/setuid +nice= 'nice' value of new process +prio= scheduling priority of new process (equivalent to 0 - nice value) +priority= scheduling priority of new process (equivalent to 0 - nice value) +mem= resource limit for memory (data segment) +mlockmax= resource limit for locked memory +fsize= resource limit for filesize +files= resource limit for open files +coredumps= resource limit for max size of coredump files +procs= resource limit for max number of processes ON A PER USER BASIS. +nproc= resource limit for max number of processes ON A PER USER BASIS. +resist_ptrace set prctrl(PR_NONE_DUMPABLE) to prevent ptracing of the process. This also prevents coredumps totally. +openlog= set 'ident' of future syslog messages to 'name'. Also adds 'LOG_PID' and sets facility to 'LOG_USER' (see "man openlog" for more details). +mlock lock all current and future pages in memory so they don't swap out +memlock lock all current and future pages in memory so they don't swap out +pidfile= create pidfile for this process at 'path' +lockfile= create lockfile at 'path' + +security= set security levels for seccomp. These are intended to mostly kill processess that are trying to use suspicious/dangerous or inappropriate syscalls. + Any level includes the 'nosu' setting as seccomp requires setting 'prctrl(PR_NO_NEW_PRIVS) + Levels are 'minimal', 'basic', 'user', 'untrusted', 'constrained' and 'high'. Each level includes the level below it, so 'untrsted' gives you everything in 'minimal', 'basic' and 'user'. + + minimal: disable ptrace and kill apps that try to use: personality, uselib, userfaultfd, perf_event_open, kexec_load, get_kernel_syms, lookup_dcookie, vm86, vm86old, mbind, move_pages, nfsservctl, and anything involving kernel modules + basic: everything in 'minimal' but also disable the 'acct' syscall + user: everything in 'basic' but also kill processes that try to use bpf, or any 'sysadmin' calls: settimeofday, clocksettime, clockadjtime, quotactl, reboot, swapon, swapoff, mount, umount, umount2, mknod, quotactl + untrusted: everyting in 'user' but kill apps that try to use: chroot, access the keyring, unshare or change namespaces group:ns or all acct + constrained: everything in 'untrusted' but kill apps that try to use: socket/network syscalls, exec syscalls, mprotect, ioctl or ptrace + high: kill apps that try to use networking */ + int ProcessApplyConfig(const char *Config); #ifdef __cplusplus diff --git a/libUseful-5/Pty.c b/libUseful-5/Pty.c index c5c4470..ac00049 100644 --- a/libUseful-5/Pty.c +++ b/libUseful-5/Pty.c @@ -357,6 +357,7 @@ int TTYParseConfig(const char *Config, int *Speed) else if (strcasecmp(Token,"nosig")==0) Flags |= TTYFLAG_IGNSIG; else if (strcasecmp(Token,"ignsig")==0) Flags |= TTYFLAG_IGNSIG; else if (strcasecmp(Token,"save")==0) Flags |= TTYFLAG_SAVE; + else if (strcasecmp(Token,"data")==0) Flags |= TTYFLAG_DATA; else if (isnum(Token) && Speed) *Speed=atoi(Token); ptr=GetToken(ptr," |,",&Token,GETTOKEN_MULTI_SEP); diff --git a/libUseful-5/Pty.h b/libUseful-5/Pty.h index f0d9835..aff2ccf 100644 --- a/libUseful-5/Pty.h +++ b/libUseful-5/Pty.h @@ -10,6 +10,7 @@ Copyright (c) 2015 Colum Paget //These are passed to TTYConfig #define TTYFLAG_PTY 1 +#define TTYFLAG_DATA 2 //we will be sending raw data on the tty, not lines of text. Effects flushing rules. #define TTYFLAG_CANON 4096 #define TTYFLAG_HARDWARE_FLOW 8192 //enable hardware flow control #define TTYFLAG_SOFTWARE_FLOW 16324 //enable software flow control diff --git a/libUseful-5/Seccomp.c b/libUseful-5/Seccomp.c new file mode 100644 index 0000000..2aa1890 --- /dev/null +++ b/libUseful-5/Seccomp.c @@ -0,0 +1,985 @@ +#include "Seccomp.h" + +#ifdef USE_SECCOMP + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include //for offsetof macro + +static int InstructionCount=0; + + + +int SysCallGetID(const char *Name) +{ + +//switch user functions + if (strcmp(Name, "setuid")==0) return(__NR_setuid); + if (strcmp(Name, "setreuid")==0) return(__NR_setreuid); + if (strcmp(Name, "setresuid")==0) return(__NR_setresuid); + if (strcmp(Name, "setgid")==0) return(__NR_setgid); + if (strcmp(Name, "setregid")==0) return(__NR_setregid); + if (strcmp(Name, "setresgid")==0) return(__NR_setresgid); + +#ifdef __NR_setsid + if (strcmp(Name, "setsid")==0) return(__NR_setsid); +#endif + +// 'exec' functions +#ifdef __NR_execv + if (strcmp(Name, "execv")==0) return(__NR_execv); +#endif + +#ifdef __NR_execve + if (strcmp(Name, "execve")==0) return(__NR_execve); +#endif + +#ifdef __NR_execveat + if (strcmp(Name, "execveat")==0) return(__NR_execveat); +#endif + +#ifdef __NR_exec_with_loader + if (strcmp(Name, "exec_with_loader")==0) return(__NR_exec_with_loader); +#endif + + +//fork/clone functions +#ifdef __NR_clone + if (strcmp(Name, "clone")==0) return(__NR_clone); +#endif +#ifdef __NR_clone2 + if (strcmp(Name, "clone2")==0) return(__NR_clone2); +#endif +#ifdef __NR_clone3 + if (strcmp(Name, "clone3")==0) return(__NR_clone3); +#endif +#ifdef __NR_fork + if (strcmp(Name, "fork")==0) return(__NR_fork); +#endif +#ifdef __NR_vfork + if (strcmp(Name, "vfork")==0) return(__NR_vfork); +#endif +#ifdef __NR_setsid + if (strcmp(Name, "setsid")==0) return(__NR_setsid); +#endif + +//send signal syscalls + +#ifdef __NR_kill + if (strcmp(Name, "kill")==0) return(__NR_kill); +#endif + +#ifdef __NR_tkill + if (strcmp(Name, "tkill")==0) return(__NR_tkill); +#endif + +#ifdef __NR_tgkill + if (strcmp(Name, "tgkill")==0) return(__NR_tgkill); +#endif + +//socket/network syscalls +#ifdef __NR_socketcall + if (strcmp(Name, "socketcall")==0) return(__NR_socketcall); +#endif +#ifdef __NR_socket + if (strcmp(Name, "socket")==0) return(__NR_socket); +#endif +#ifdef __NR_connect + if (strcmp(Name, "connect")==0) return(__NR_connect); +#endif +#ifdef __NR_shutdown + if (strcmp(Name, "shutdown")==0) return(__NR_shutdown); +#endif +#ifdef __NR_bind + if (strcmp(Name, "bind")==0) return(__NR_bind); +#endif +#ifdef __NR_listen + if (strcmp(Name, "listen")==0) return(__NR_listen); +#endif +#ifdef __NR_accept + if (strcmp(Name, "accept")==0) return(__NR_accept); +#endif +#ifdef __NR_accept4 + if (strcmp(Name, "accept4")==0) return(__NR_accept4); +#endif + +//file access functions +#ifdef __NR_open + if (strcmp(Name, "open")==0) return(__NR_open); +#endif + +#ifdef __NR_open2 + if (strcmp(Name, "open2")==0) return(__NR_open2); +#endif + +#ifdef __NR_openat + if (strcmp(Name, "openat")==0) return(__NR_openat); +#endif + +#ifdef __NR_openat2 + if (strcmp(Name, "openat2")==0) return(__NR_openat2); +#endif + +#ifdef __NR_creat + if (strcmp(Name, "creat")==0) return(__NR_creat); +#endif + + +#ifdef __NR_name_to_handle_at + if (strcmp(Name, "name_to_handle_at")==0) return(__NR_name_to_handle_at); +#endif + +//this weird 'open' function has been used in container breakouts, so it's not part of 'group:open' +#ifdef __NR_open_by_handle_at + if (strcmp(Name, "open_by_handle_at")==0) return(__NR_open_by_handle_at); +#endif + +#ifdef __NR_unlink + if (strcmp(Name, "unlink")==0) return(__NR_unlink); +#endif + +#ifdef __NR_rmdir + if (strcmp(Name, "rmdir")==0) return(__NR_rmdir); +#endif + +#ifdef __NR_chown + if (strcmp(Name, "chown")==0) return(__NR_chown); +#endif + +#ifdef __NR_chown32 + if (strcmp(Name, "chown32")==0) return(__NR_chown32); +#endif + +#ifdef __NR_fchown + if (strcmp(Name, "fchown")==0) return(__NR_fchown); +#endif + +#ifdef __NR_fchownat + if (strcmp(Name, "fchownat")==0) return(__NR_fchownat); +#endif + +#ifdef __NR_fchown32 + if (strcmp(Name, "fchown32")==0) return(__NR_fchown32); +#endif + +#ifdef __NR_lchown + if (strcmp(Name, "lchown")==0) return(__NR_lchown); +#endif + +#ifdef __NR_lchown32 + if (strcmp(Name, "lchown32")==0) return(__NR_lchown32); +#endif + +#ifdef __NR_chmod + if (strcmp(Name, "chmod")==0) return(__NR_chmod); +#endif + +#ifdef __NR_fchmod + if (strcmp(Name, "fchmod")==0) return(__NR_fchmod); +#endif + +#ifdef __NR_fchmodat + if (strcmp(Name, "fchmodat")==0) return(__NR_fchmodat); +#endif + +#ifdef __NR_lchmod + if (strcmp(Name, "lchmod")==0) return(__NR_lchmod); +#endif + + + + +#ifdef __NR_truncate + if (strcmp(Name, "ftruncate")==0) return(__NR_ftruncate); +#endif + +#ifdef __NR_ftruncate64 + if (strcmp(Name, "ftruncate64")==0) return(__NR_ftruncate64); +#endif + +#ifdef __NR_ioctl + if (strcmp(Name, "ioctl")==0) return(__NR_ioctl); +#endif + + +//shared memory syscalls. Probably benign in most cases, but we could +//block them to kill programs that aren't supposed to use them, from using them +//which would indicate that the process has been compromised +#ifdef __NR_shmat + if (strcmp(Name, "shmat")==0) return(__NR_shmat); +#endif +#ifdef __NR_shmdt + if (strcmp(Name, "shmdt")==0) return(__NR_shmdt); +#endif +#ifdef __NR_shmget + if (strcmp(Name, "shmget")==0) return(__NR_shmget); +#endif +#ifdef __NR_shmctl + if (strcmp(Name, "shmctl")==0) return(__NR_shmctl); +#endif + + +//switch filesystem root. A certain number of user processes would be using these validly +//but where possible we should deny them, especially as they can be used to break out of +//chroot jails +#ifdef __NR_chroot + if (strcmp(Name, "chroot")==0) return(__NR_chroot); +#endif +#ifdef __NR_pivot_root + if (strcmp(Name, "pivot_root")==0) return(__NR_pivot_root); +#endif + + +//namespaces syscalls. Again, pleny of use programs use these to setup containers etc, but +//where possible we should limit them +#ifdef __NR_unshare + if (strcmp(Name, "unshare")==0) return(__NR_unshare); +#endif +#ifdef __NR_setns + if (strcmp(Name, "setns")==0) return(__NR_setns); +#endif + +//mount/unmount. Userside programs shouldn't normally be mounting filesystems, +//except maybe bind mounts or in containers +#ifdef __NR_mount + if (strcmp(Name, "mount")==0) return(__NR_mount); +#endif + +#ifdef __NR_umount + if (strcmp(Name, "umount")==0) return(__NR_umount); +#endif + +#ifdef __NR_umount2 + if (strcmp(Name, "umount2")==0) return(__NR_umount2); +#endif + +#ifdef __NR_unmount2 + if (strcmp(Name, "unmount2")==0) return(__NR_umount2); +#endif + +//ptrace group. These are some of the most dangerous syscalls. They allow attaching to another process +//and altering it, even overwriting it's code. Programs like wine, strace and gdb use these, but +//wherever possible they should be denied +#ifdef __NR_ptrace + if (strcmp(Name, "ptrace")==0) return(__NR_ptrace); +#endif +#ifdef __NR_process_vm_readv + if (strcmp(Name, "process_vm_readv")==0) return(__NR_process_vm_readv); +#endif +#ifdef __NR_process_vm_writev + if (strcmp(Name, "process_vm_writev")==0) return(__NR_process_vm_writev); +#endif + + +//kernel module syscalls. Very few programs should legitimately call these +#ifdef __NR_create_module + if (strcmp(Name, "create_module")==0) return(__NR_create_module); +#endif +#ifdef __NR_delete_module + if (strcmp(Name, "delete_module")==0) return(__NR_delete_module); +#endif +#ifdef __NR_init_module + if (strcmp(Name, "init_module")==0) return(__NR_init_module); +#endif +#ifdef __NR_finit_module + if (strcmp(Name, "finit_module")==0) return(__NR_finit_module); +#endif +#ifdef __NR_query_module + if (strcmp(Name, "query_module")==0) return(__NR_query_module); +#endif + + +//from here on it's weird shit that a normal user wouldn't be calling + +#ifdef __NR_utimes + if (strcmp(Name, "utimes")==0) return(__NR_utimes); +#endif + +#ifdef __NR_bpf + if (strcmp(Name, "bpf")==0) return(__NR_bpf); +#endif + +#ifdef __NR_vm86 + if (strcmp(Name, "vm86")==0) return(__NR_vm86); +#endif + +#ifdef __NR_vm86old + if (strcmp(Name, "vm86old")==0) return(__NR_vm86old); +#endif + +#ifdef __NR_move_pages + if (strcmp(Name, "move_pages")==0) return(__NR_move_pages); +#endif + +#ifdef __NR_nfsservctl + if (strcmp(Name, "nfsservctl")==0) return(__NR_nfsservctl); +#endif + +#ifdef __NR_lookup_dcookie + if (strcmp(Name, "lookup_dcookie")==0) return(__NR_lookup_dcookie); +#endif + +#ifdef __NR_acct + if (strcmp(Name, "acct")==0) return(__NR_acct); +#endif +#ifdef __NR_swapon + if (strcmp(Name, "swapon")==0) return(__NR_swapon); +#endif +#ifdef __NR_swapoff + if (strcmp(Name, "swapoff")==0) return(__NR_swapoff); +#endif +#ifdef __NR_reboot + if (strcmp(Name, "reboot")==0) return(__NR_reboot); +#endif +#ifdef __NR_sethostname + if (strcmp(Name, "sethostname")==0) return(__NR_sethostname); +#endif +#ifdef __NR_setdomainname + if (strcmp(Name, "setdomainname")==0) return(__NR_setdomainname); +#endif +#ifdef __NR_clock_settime + if (strcmp(Name, "clock_settime")==0) return(__NR_clock_settime); +#endif +#ifdef __NR_clock_adjtime + if (strcmp(Name, "clock_adjtime")==0) return(__NR_clock_adjtime); +#endif +#ifdef __NR_adjtimex + if (strcmp(Name, "adjtimex")==0) return(__NR_adjtimex); +#endif +#ifdef __NR_settimeofday + if (strcmp(Name, "settimeofday")==0) return(__NR_settimeofday); +#endif +#ifdef __NR_quotactl + if (strcmp(Name, "quotactl")==0) return(__NR_quotactl); +#endif +#ifdef __NR_kexec_load + if (strcmp(Name, "kexec_load")==0) return(__NR_kexec_load); +#endif +#ifdef __NR_kexec_file_load + if (strcmp(Name, "kexec_file_load")==0) return(__NR_kexec_file_load); +#endif + +#ifdef __NR_mknod + if (strcmp(Name, "mknod")==0) return(__NR_mknod); +#endif +#ifdef __NR_mknodat + if (strcmp(Name, "mknodat")==0) return(__NR_mknodat); +#endif + +#ifdef __NR_add_key + if (strcmp(Name, "add_key")==0) return(__NR_add_key); +#endif + +#ifdef __NR_request_key + if (strcmp(Name, "request_key")==0) return(__NR_request_key); +#endif + +#ifdef __NR_keyctl + if (strcmp(Name, "keyctl")==0) return(__NR_keyctl); +#endif + +#ifdef __NR_mmap + if (strcmp(Name, "mmap")==0) return(__NR_mmap); +#endif + +#ifdef __NR_mmap2 + if (strcmp(Name, "mmap2")==0) return(__NR_mmap2); +#endif + + +#ifdef __NR_mprotect + if (strcmp(Name, "mprotect")==0) return(__NR_mprotect); +#endif + +#ifdef __NR_uselib + if (strcmp(Name, "uselib")==0) return(__NR_uselib); +#endif + +#ifdef __NR_get_kernel_syms + if (strcmp(Name, "get_kernel_syms")==0) return(__NR_get_kernel_syms); +#endif + +#ifdef __NR_perf_event_open + if (strcmp(Name, "perf_event_open")==0) return(__NR_perf_event_open); +#endif + +#ifdef __NR_personality + if (strcmp(Name, "personality")==0) return(__NR_personality); +#endif + + + return(-1); +} + + + +int SocketCallGetID(const char *Name) +{ +#ifdef SYS_SOCKET + if (strcmp(Name, "socket")==0) return(SYS_SOCKET); +#endif + +#ifdef SYS_CONNECT + if (strcmp(Name, "connect")==0) return(SYS_CONNECT); +#endif + +#ifdef SYS_BIND + if (strcmp(Name, "bind")==0) return(SYS_BIND); +#endif + +#ifdef SYS_LISTEN + if (strcmp(Name, "listen")==0) return(SYS_LISTEN); +#endif + +#ifdef SYS_ACCEPT + if (strcmp(Name, "accept")==0) return(SYS_ACCEPT); +#endif + +#ifdef SYS_ACCEPT4 + if (strcmp(Name, "accept4")==0) return(SYS_ACCEPT4); +#endif + + return(-1); +} + + + +const char *SyscallGroupLookup(const char *Name) +{ + if (strcmp(Name, "socket")==0) return("socket;socketcall(socket)"); + else if (strcmp(Name, "socket(ip)")==0) return("socket(ip);socketcall(socket,ip)"); + else if (strcmp(Name, "socket(unix)")==0) return("socket(unix);socketcall(socket,unix)"); + else if (strcmp(Name, "socket(packet)")==0) return("socket(packet);socketcall(socket,packet)"); + else if (strcmp(Name, "connect")==0) return("connect;socketcall(connect)"); + else if (strcmp(Name, "accept")==0) return("accept;accept4;socketcall(accept);socketcall(accept4)"); + else if (strcmp(Name, "bind")==0) return("bind;socketcall(bind)"); + else if (strcmp(Name, "listen")==0) return("listen;socketcall(listen)"); + else if (strcmp(Name, "mmap")==0) return("mmap;mmap2"); + else if (strcmp(Name, "mmap(exec)")==0) return("mmap(exec);mmap2(exec)"); + else if (strcmp(Name, "chmod")==0) return("chmod;fchmod;fchmodat;lchmod"); + else if (strcmp(Name, "chmod(exec)")==0) return("chmod(exec);fchmod(exec);fchmodat(exec);lchmod(exec);open(exec);openat(exec);open2(exec);openat2(exec);creat(exec)"); + else if (strcmp(Name, "group:open")==0) return("open;openat;open2;openat2;creat"); + else if (strcmp(Name, "group:creat()")==0) return("open(create);openat(create);open2(create);openat2(create);creat"); + else if (strcmp(Name, "group:fork")==0) return("clone;clone2;clone3;fork;vfork"); + else if (strcmp(Name, "group:uid")==0) return("setuid;setreuid;setresuid"); + else if (strcmp(Name, "group:ugid")==0) return("setuid;setreuid;setresuid;setgid;setregid;setresgid"); + else if (strcmp(Name, "group:mount")==0) return("mount;umount;umount2"); + else if (strcmp(Name, "group:chroot")==0) return("chroot;pivot_root"); + else if (strcmp(Name, "group:kill")==0) return("kill;tkill;tgkill"); + else if (strcmp(Name, "group:settime")==0) return("settimeofday;clock_settime;clock_adjtime"); + else if (strcmp(Name, "group:server")==0) return("accept;accept4;listen"); + else if (strcmp(Name, "group:swap")==0) return("swapon;swapoff"); + else if (strcmp(Name, "group:ns")==0) return("unshare;setns"); + else if (strcmp(Name, "group:net")==0) return("socket;socketcall;connect;bind;listen;accept"); + else if (strcmp(Name, "group:sysadmin")==0) return("settimeofday;clocksettime;clockadjtime;quotactl;reboot;swapon;swapoff;mount;umount;umount2;mknod;quotactl"); + else if (strcmp(Name, "group:keyring")==0) return("add_key;request_key;keyctl"); + else if (strcmp(Name, "group:shm")==0) return("shmat;shmdt;shmget;shmctl"); + else if (strcmp(Name, "group:fsrm")==0) return("unlink;rmdir"); + else if (strcmp(Name, "group:ptrace")==0) return("ptrace;process_vm_readv;process_vm_writev;kcmp"); + else if (strcmp(Name, "group:kern_mod")==0) return("create_module;delete_module;init_module;finit_module;query_module"); + else if (strcmp(Name, "group:exec")==0) return("exec_with_loader;execv;execve;execveat"); + else if (strcmp(Name, "group:kexec")==0) return("kexec_load;kexec_file_load"); + + return(Name); +} + +int SeccompFilterAddSTMT(struct sock_filter **Filt, int Statement, uint32_t Arg) +{ + struct sock_filter stmt=BPF_STMT(Statement, Arg); + + *Filt=(struct sock_filter *) realloc(*Filt, sizeof(struct sock_filter) * (InstructionCount + 10)); + memcpy((*Filt) + InstructionCount, &stmt, sizeof(struct sock_filter)); + InstructionCount++; + return(InstructionCount); +} + +int SeccompFilterAddJUMP(struct sock_filter **Filt, int Type, int Arg, int JumpEQ, int JumpNE) +{ + struct sock_filter jump=BPF_JUMP(Type, Arg, JumpEQ, JumpNE); + + *Filt=(struct sock_filter *) realloc(*Filt, sizeof(struct sock_filter) * (InstructionCount + 10)); + memcpy((*Filt) + InstructionCount, &jump, sizeof(struct sock_filter)); + InstructionCount++; + return(InstructionCount); +} + + +static int SeccompArch() +{ +#ifdef __x86_64__ + return(AUDIT_ARCH_X86_64); +#endif + +#ifdef _____LP64_____ + return(AUDIT_ARCH_X86_64); +#endif + + return(AUDIT_ARCH_I386); +} + + + +void SeccompFilterAddArchCheck(struct sock_filter **Filt) +{ + int expected_arch; + + expected_arch=SeccompArch(); + +//Load the architecture of the syscall + SeccompFilterAddSTMT(Filt, BPF_LD | BPF_W | BPF_ABS, (uint32_t) (offsetof(struct seccomp_data, arch))); + +//compare it with our expected arch, if it matches, all is good, and we jump over the kill instruction + SeccompFilterAddJUMP(Filt, BPF_JMP | BPF_JEQ | BPF_K, expected_arch, 1, 0); + SeccompFilterAddSTMT(Filt, BPF_RET | BPF_K, SECCOMP_RET_KILL); +} + + +static int SeccompFilterCalcJump(const char *Args) +{ + char *Token=NULL; + const char *ptr; + int Jump=1; + + ptr=GetToken(Args, "\\S", &Token, 0); + while (ptr) + { + Jump += 2; + ptr=GetToken(ptr, "\\S", &Token, 0); + } + + return(Jump); +} + +#define SECCOMP_ARG_BIT 1 +#define SECCOMP_ARG_NOT 2 +#define SECCOMP_ARG_LT 3 +#define SECCOMP_ARG_GT 4 +#define SECCOMP_ARG_EQ 5 +#define SECCOMP_ARG_NEQ 6 + +const char *GetArg(const char *Args, int *pos, int *type, int *value) +{ + char *ptr; + + *type=0; + ptr=(char *) Args; + while (isspace(*ptr)) ptr++; + if (*ptr=='\0') return(NULL); + + *pos=strtol(ptr, &ptr, 10); + switch (*ptr) + { + case 'b': + *type=SECCOMP_ARG_BIT; + break; + case 'n': + *type=SECCOMP_ARG_NOT; + break; + case '<': + *type=SECCOMP_ARG_LT; + break; + case '>': + *type=SECCOMP_ARG_GT; + break; + case '=': + *type=SECCOMP_ARG_EQ; + break; + case '!': + *type=SECCOMP_ARG_NEQ; + break; + case '\0': + return(NULL); + break; + } + ptr++; + if (*ptr=='\0') return(NULL); + *value=strtol(ptr, &ptr, 10); + + return((const char *) ptr); +} + + +int SeccompFilterAddSyscall(struct sock_filter **Filt, int SysCall, const char *Args, int Action) +{ + int jump, pos, type, value; + int argcount=0; + const char *ptr; + + jump=SeccompFilterCalcJump(Args); +//Load, out of the 'secomp_data' context, the value 'nr' which is the syscall number of the current syscall + SeccompFilterAddSTMT(Filt, BPF_LD | BPF_W | BPF_ABS, (uint32_t) (offsetof(struct seccomp_data, nr))); + +//Compare the syscall number we loaded with the one that's sypplied as 'Syscall' +//If it matches execute next instruction, otherwise jump over following instructions + SeccompFilterAddJUMP(Filt, BPF_JMP | BPF_JEQ | BPF_K, SysCall, 0, jump); + + ptr=GetArg(Args, &pos, &type, &value); + while (ptr) + { + if (type > 0) + { + SeccompFilterAddSTMT(Filt, BPF_LD | BPF_W | BPF_ABS, (uint32_t) (offsetof(struct seccomp_data, args[pos]))); + jump -= 2; + switch (type) + { + case SECCOMP_ARG_BIT: + SeccompFilterAddJUMP(Filt, BPF_JMP | BPF_JSET | BPF_K, value, 0, jump); + break; + case SECCOMP_ARG_LT: + SeccompFilterAddJUMP(Filt, BPF_JMP | BPF_JLT | BPF_K, value, 0, jump); + break; + case SECCOMP_ARG_GT: + SeccompFilterAddJUMP(Filt, BPF_JMP | BPF_JGT | BPF_K, value, 0, jump); + break; + case SECCOMP_ARG_EQ: + SeccompFilterAddJUMP(Filt, BPF_JMP | BPF_JEQ | BPF_K, value, 0, jump); + break; + case SECCOMP_ARG_NEQ: + SeccompFilterAddJUMP(Filt, BPF_JMP | BPF_JNE | BPF_K, value, 0, jump); + break; + } + } + else RaiseError(0, "SeccompFilterAddSyscall","ERROR: BadArgument %d to syscall %d", argcount, SysCall); + argcount++; + + ptr=GetArg(ptr, &pos, &type, &value); + } + + + + //At the moment we only allow EPERM to be returned as an errornumber, to serve seccomp_deny. + //The way the ERRNO is specified is a bit odd it's packed into a 32bit integer, + //where the top 16 bits are the actions,'SECCOMP_RET_KILL', 'SECCOMP_RET_ERRNO' etc + //and the lower 16 bits, masked by SECCMP_RET_DATA, are the errno value to return + if (Action==SECCOMP_RET_ERRNO) Action |= (EPERM & SECCOMP_RET_DATA); + + //kill, allow, etc + return(SeccompFilterAddSTMT(Filt, BPF_RET | BPF_K, Action)); +} + + +static int SeccompCommit(struct sock_filter **Filt, int Action) +{ + struct sock_fprog SeccompProg; + + SeccompFilterAddSTMT(Filt, BPF_RET | BPF_K, Action); + SeccompProg.len = (unsigned short) InstructionCount; + SeccompProg.filter = *Filt; + + InstructionCount=0; + + if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &SeccompProg)) + { + RaiseError(ERRFLAG_ERRNO, "SeccompCommit","ERROR: prctl(PR_SET_SECCOMP) failed "); + return(FALSE); + } + + return(TRUE); +} + + +static int LookupSocketFamily(const char *name) +{ + if (strcasecmp(name, "unix")==0) return(AF_UNIX); + if (strcasecmp(name, "ip")==0) return(AF_INET); + if (strcasecmp(name, "ip6")==0) return(AF_INET6); + if (strcasecmp(name, "bt")==0) return(AF_BLUETOOTH); + if (strcasecmp(name, "packet")==0) return(AF_PACKET); + + return(-1); +} + + +//adds an argument to the list of things to be tested. These checks have names like 'exec' or 'setuid' +//that define a syscall-specific feature we want to allow/block. The 'Fmt' argument will contain the +//type and position of the syscall arguemnt to be checked, e.g. "1=" to check that the first argument +//equals something, or "2b" to check a bit within the second argument +static int SeccompAddCheck(char **Args, const char *Fmt, int Value) +{ + int ArgInt; + char *Tempstr=NULL; + + ArgInt=Value; + Tempstr=FormatStr(Tempstr, Fmt, ArgInt); + *Args=MCatStr(*Args, Tempstr, " ", NULL); + + Destroy(Tempstr); + return(ArgInt); +} + +static int SeccompParseArg0(int SyscallID, const char *Name, char **Args) +{ + int Arg0=0; + + if (isdigit(*Name)) Arg0=SeccompAddCheck(Args, "0=%d", atoi(Name)); + else + { + switch (SyscallID) + { +#ifdef __NR_socketcall + case __NR_socketcall: + Arg0=SeccompAddCheck(Args, "0=%d", SocketCallGetID(Name)); + break; +#endif + +#ifdef __NR_socket + case __NR_socket: + Arg0=SeccompAddCheck(Args, "0=%d", LookupSocketFamily(Name)); + break; +#endif + + +#ifdef __NR_mprotect + case __NR_mprotect: + if (strcasecmp(Name, "exec")==0) SeccompAddCheck(Args, "2b%d", PROT_EXEC); + break; +#endif + +#ifdef __NR_mmap + case __NR_mmap: + if (strcasecmp(Name, "exec")==0) SeccompAddCheck(Args, "2b%d", PROT_EXEC); + break; +#endif + +#ifdef __NR_mmap2 + case __NR_mmap2: + if (strcasecmp(Name, "exec")==0) SeccompAddCheck(Args, "2b%d", PROT_EXEC); + break; +#endif + + +#ifdef __NR_chmod + case __NR_chmod: + if (strcasecmp(Name, "exec")==0) SeccompAddCheck(Args, "2b%d", S_IXUSR | S_IXGRP | S_IXOTH); + if (strcasecmp(Name, "suid")==0) SeccompAddCheck(Args, "2b%d", S_ISUID | S_ISGID); + break; +#endif + +#ifdef __NR_fchmod + case __NR_fchmod: + if (strcasecmp(Name, "exec")==0) SeccompAddCheck(Args, "2b%d", S_IXUSR | S_IXGRP | S_IXOTH); + if (strcasecmp(Name, "suid")==0) SeccompAddCheck(Args, "2b%d", S_ISUID | S_ISGID); + break; +#endif + +#ifdef __NR_lchmod + case __NR_lchmod: + if (strcasecmp(Name, "exec")==0) SeccompAddCheck(Args, "2b%d", S_IXUSR | S_IXGRP | S_IXOTH); + if (strcasecmp(Name, "suid")==0) SeccompAddCheck(Args, "2b%d", S_ISUID | S_ISGID); + break; +#endif + +#ifdef __NR_fchmodat + case __NR_fchmodat: + if (strcasecmp(Name, "exec")==0) SeccompAddCheck(Args, "2b%d", S_IXUSR | S_IXGRP | S_IXOTH); + if (strcasecmp(Name, "suid")==0) SeccompAddCheck(Args, "2b%d", S_ISUID | S_ISGID); + break; +#endif + +#ifdef __NR_creat + case __NR_creat: + if (strcasecmp(Name, "create")==0) SeccompAddCheck(Args, "1b%d", O_CREAT); + if (strcasecmp(Name, "write")==0) SeccompAddCheck(Args, "1b%d", O_CREAT | O_WRONLY | O_RDWR | O_APPEND); + if (strcasecmp(Name, "exec")==0) SeccompAddCheck(Args, "2b%d", S_IXUSR | S_IXGRP | S_IXOTH); + if (strcasecmp(Name, "suid")==0) SeccompAddCheck(Args, "2b%d", S_ISUID | S_ISGID); + break; +#endif + + +#ifdef __NR_open + case __NR_open: + if (strcasecmp(Name, "create")==0) SeccompAddCheck(Args, "1b%d", O_CREAT); + if (strcasecmp(Name, "write")==0) SeccompAddCheck(Args, "1b%d", O_CREAT | O_WRONLY | O_RDWR | O_APPEND); + if (strcasecmp(Name, "suid")==0) SeccompAddCheck(Args, "2b%d", S_ISUID | S_ISGID); + if (strcasecmp(Name, "exec")==0) + { + SeccompAddCheck(Args, "1b%d", O_CREAT); + SeccompAddCheck(Args, "2b%d", S_IXUSR | S_IXGRP | S_IXOTH); + } + break; +#endif + +#ifdef __NR_open2 + case __NR_open2: + if (strcasecmp(Name, "create")==0) SeccompAddCheck(Args, "1b%d", O_CREAT); + if (strcasecmp(Name, "write")==0) SeccompAddCheck(Args, "1b%d", O_CREAT | O_WRONLY | O_RDWR | O_APPEND); + if (strcasecmp(Name, "suid")==0) SeccompAddCheck(Args, "2b%d", S_ISUID | S_ISGID); + if (strcasecmp(Name, "exec")==0) + { + SeccompAddCheck(Args, "1b%d", O_CREAT); + SeccompAddCheck(Args, "2b%d", S_IXUSR | S_IXGRP | S_IXOTH); + } + break; +#endif + + +#ifdef __NR_openat + case __NR_openat: + if (strcasecmp(Name, "create")==0) SeccompAddCheck(Args, "2b%d", O_CREAT); + if (strcasecmp(Name, "write")==0) SeccompAddCheck(Args, "2b%d", O_CREAT | O_WRONLY | O_RDWR | O_APPEND); + if (strcasecmp(Name, "suid")==0) SeccompAddCheck(Args, "3b%d", S_ISUID | S_ISGID); + if (strcasecmp(Name, "exec")==0) + { + SeccompAddCheck(Args, "2b%d", O_CREAT); + SeccompAddCheck(Args, "3b%d", S_IXUSR | S_IXGRP | S_IXOTH); + } + break; +#endif + +#ifdef __NR_openat2 + case __NR_openat2: + if (strcasecmp(Name, "create")==0) SeccompAddCheck(Args, "2b%d", O_CREAT); + if (strcasecmp(Name, "write")==0) SeccompAddCheck(Args, "2b%d", O_CREAT | O_WRONLY | O_RDWR | O_APPEND); + if (strcasecmp(Name, "suid")==0) SeccompAddCheck(Args, "3b%d", S_ISUID | S_ISGID); + if (strcasecmp(Name, "exec")==0) + { + SeccompAddCheck(Args, "2b%d", O_CREAT); + SeccompAddCheck(Args, "3b%d", S_IXUSR | S_IXGRP | S_IXOTH); + } + break; +#endif + +#ifdef __NR_ioctl + case __NR_ioctl: + if (strcasecmp(Name, "termget")==0) SeccompAddCheck(Args, "1=%d", TCGETS); + if (strcasecmp(Name, "termset")==0) SeccompAddCheck(Args, "1=%d", TCSETS); + break; +#endif + + + + } + } + + return(Arg0); +} + + + +static int SeccompParseArg1(int SyscallID, int Arg0, const char *Name, char **Args) +{ + int Arg1=0; + char *Tempstr=NULL; + + + if (StrValid(Name)) + { + if (isdigit(*Name)) + { + Arg1=atoi(Name); + Tempstr=FormatStr(Tempstr, "2=%d ", Arg1); + *Args=CatStr(*Args, Tempstr); + } + } + + Destroy(Tempstr); + return(Arg1); +} + + +void SeccompParseName(const char *Token, int *SyscallID, char **Args) +{ + const char *p_args; + char *Name=NULL; + int Arg0=0, Arg1=0; + + *SyscallID=-1; + *Args=CopyStr(*Args, ""); + p_args=GetToken(Token, "(", &Name, 0); + *SyscallID=SysCallGetID(Name); + if (StrValid(p_args)) + { + p_args=GetToken(p_args, ",|)", &Name, GETTOKEN_MULTI_SEP); + if (StrValid(Name)) Arg0=SeccompParseArg0(*SyscallID, Name, Args); + + p_args=GetToken(p_args, ",|)", &Name, GETTOKEN_MULTI_SEP); + if (StrValid(Name)) Arg1=SeccompParseArg1(*SyscallID, Arg0, Name, Args); + } + + Destroy(Name); +} + + +int SeccompFilterAddSyscallNames(struct sock_filter **Filt, const char *NameList, int Action) +{ + int syscall_id; + int NoOfStatements=0; + char *Token=NULL, *Args=NULL; + const char *ptr; + + ptr=GetToken(NameList, ";", &Token, 0); + while (ptr) + { + SeccompParseName(Token, &syscall_id, &Args); + if (syscall_id > -1) NoOfStatements=SeccompFilterAddSyscall(Filt, syscall_id, Args, Action); + ptr=GetToken(ptr, ";", &Token, 0); + } + + Destroy(Token); + + return(NoOfStatements); +} + +int SeccompFilterAddSyscallGroup(struct sock_filter **Filt, const char *NameList, int Action) +{ + int NoOfStatements=0; + char *Name=NULL; + const char *ptr; + + ptr=GetToken(NameList, ";", &Name, 0); + while (ptr) + { + NoOfStatements=SeccompFilterAddSyscallNames(Filt, SyscallGroupLookup(Name), Action); + ptr=GetToken(ptr, ";", &Name, 0); + } + + Destroy(Name); + + return(NoOfStatements); +} + +void SeccompSetup(struct sock_filter **SeccompFilter, const char *Setup) +{ + char *Name=NULL, *Value=NULL; + int NoOfStatements=0; + const char *ptr; + + + if (LibUsefulDebugActive()) fprintf(stderr, "DEBUG: Seccomp setup: %s\n", Setup); + + SeccompFilterAddArchCheck(SeccompFilter); + ptr=GetNameValuePair(Setup, "\\S", "=", &Name, &Value); + while (ptr) + { + if (strcmp(Name, "syscall_kill")==0) SeccompFilterAddSyscallGroup(SeccompFilter, Value, SECCOMP_RET_KILL); + else if (strcmp(Name, "syscall_allow")==0) SeccompFilterAddSyscallGroup(SeccompFilter, Value, SECCOMP_RET_ALLOW); + else if (strcmp(Name, "syscall_deny")==0) SeccompFilterAddSyscallGroup(SeccompFilter, Value, SECCOMP_RET_ERRNO); + ptr=GetNameValuePair(ptr, "\\S", "=", &Name, &Value); + } + + Destroy(Name); + Destroy(Value); +} + + +int SeccompAddRules(const char *RuleList) +{ + //this will be allocated via realloc in AddStatment + struct sock_filter *SeccompFilter=NULL; + + SeccompSetup(&SeccompFilter, RuleList); + return(SeccompCommit( &SeccompFilter, SECCOMP_RET_ALLOW)); +} + +#endif + diff --git a/libUseful-5/Seccomp.h b/libUseful-5/Seccomp.h new file mode 100644 index 0000000..c645318 --- /dev/null +++ b/libUseful-5/Seccomp.h @@ -0,0 +1,8 @@ +#ifndef LIBUSEFUL_SECCOMP_H +#define LIBUSEFUL_SECCOMP_H + +#include "includes.h" + +int SeccompAddRules(const char *RuleList); + +#endif diff --git a/libUseful-5/SecureMem.c b/libUseful-5/SecureMem.c index 3c0a80d..45f0e97 100644 --- a/libUseful-5/SecureMem.c +++ b/libUseful-5/SecureMem.c @@ -284,7 +284,7 @@ int SecureStoreNextLine(SECURESTORE *SS, unsigned char **Line) int SecureStoreGetLine(SECURESTORE *SS, int LineNo, unsigned char **Line) { - int len, i; + int len=0, i; SS->CurrLine=SS->Data; for (i=0; i <=LineNo; i++) diff --git a/libUseful-5/Server.c b/libUseful-5/Server.c index 68f998b..5ecf713 100644 --- a/libUseful-5/Server.c +++ b/libUseful-5/Server.c @@ -10,7 +10,7 @@ int IPServerNew(int iType, const char *Address, int Port, int Flags) { int sock, val, Type; int BindFlags=0; - const char *p_Addr=NULL, *ptr; + const char *p_Addr=NULL; //if IP6 not compiled in then throw error if one is passed #ifndef USE_INET6 @@ -115,9 +115,8 @@ static void STREAMServerParseConfig(STREAM *S, const char *Config) ptr=GetNameValuePair(Config, "\\S", "=", &Name, &Value); while (ptr) { - if (strncasecmp(Name, "SSL:", 4)==0) STREAMSetValue(S, Name, Value); - else if (strcasecmp(Name, "Authentication")==0) STREAMSetValue(S, "Authenticator", Value); - else if (strcasecmp(Name, "Auth")==0) STREAMSetValue(S, "Authenticator", Value); + if (strcasecmp(Name, "Auth")==0) STREAMSetValue(S, "AUTH:Types", Value); + else STREAMSetValue(S, Name, Value); ptr=GetNameValuePair(ptr, "\\S", "=", &Name, &Value); } @@ -130,7 +129,7 @@ static void STREAMServerParseConfig(STREAM *S, const char *Config) STREAM *STREAMServerNew(const char *URL, const char *Config) { char *Proto=NULL, *Host=NULL, *Token=NULL; - int fd=-1, Port=0, Type, Flags=0; + int fd=-1, Port=0, Type=-1, Flags=0; TSockSettings Settings; STREAM *S=NULL; @@ -222,13 +221,17 @@ STREAM *STREAMServerNew(const char *URL, const char *Config) } - S=STREAMFromSock(fd, Type, NULL, Host, Port); - if (S) + if (Type == -1) RaiseError(0, "STREAMServerNew","Unable to parse protocol: '%s'", Proto); + else { - S->Path=CopyStr(S->Path, URL); - if (Flags & SOCK_TLS_AUTO) S->Flags |= SF_TLS_AUTO; - else if (Flags & SF_TLS) S->Flags |= SF_TLS; - STREAMServerParseConfig(S, Config); + S=STREAMFromSock(fd, Type, NULL, Host, Port); + if (S) + { + S->Path=CopyStr(S->Path, URL); + if (Flags & SOCK_TLS_AUTO) S->Flags |= SF_TLS_AUTO; + else if (Flags & SF_TLS) S->Flags |= SF_TLS; + STREAMServerParseConfig(S, Config); + } } DestroyString(Proto); @@ -249,7 +252,7 @@ STREAM *STREAMServerAccept(STREAM *Serv) { char *Tempstr=NULL, *DestIP=NULL; STREAM *S=NULL; - int fd=-1, type=0, DestPort=0, result; + int fd=-1, type=0, DestPort=0; if (! Serv) return(NULL); diff --git a/libUseful-5/Server.h b/libUseful-5/Server.h index 17ef13e..c7bd314 100644 --- a/libUseful-5/Server.h +++ b/libUseful-5/Server.h @@ -3,8 +3,8 @@ Copyright (c) 2015 Colum Paget * SPDX-License-Identifier: GPL-3.0 */ -#ifndef LIBUSEFUL_SERVER -#define LIBUSEFUL_SERVER +#ifndef LIBUSEFUL_SERVER_H +#define LIBUSEFUL_SERVER_H #include "Socket.h" diff --git a/libUseful-5/Smtp.c b/libUseful-5/Smtp.c index 43dbc04..b126720 100644 --- a/libUseful-5/Smtp.c +++ b/libUseful-5/Smtp.c @@ -190,10 +190,10 @@ int SmtpSendRecipients(const char *Recipients, STREAM *S) STREAM *SMTPConnect(const char *Sender, const char *Recipients, int Flags) { - char *MailFrom=NULL, *Recip=NULL, *Tempstr=NULL; + char *Recip=NULL, *Tempstr=NULL; char *Proto=NULL, *User=NULL, *Pass=NULL, *Host=NULL, *PortStr=NULL; - const char *p_MailServer, *ptr; - int result=FALSE, Caps=0, RecipientAccepted=FALSE; + const char *p_MailServer; + int result=FALSE, Caps=0; STREAM *S; p_MailServer=LibUsefulGetValue("SMTP:Server"); diff --git a/libUseful-5/Socket.c b/libUseful-5/Socket.c index 230ef55..615cebd 100644 --- a/libUseful-5/Socket.c +++ b/libUseful-5/Socket.c @@ -280,7 +280,6 @@ int IP4SockAddrCreate(struct sockaddr **ret_sa, const char *Addr, int Port) int SockAddrCreate(struct sockaddr **ret_sa, const char *Host, int Port) { const char *p_Addr=""; - socklen_t salen; if (StrValid(Host)) { @@ -300,10 +299,10 @@ int SockAddrCreate(struct sockaddr **ret_sa, const char *Host, int Port) int BindSock(int Type, const char *Address, int Port, int Flags) { - int result; struct sockaddr *sa; socklen_t salen; - int fd; + int fd=-1; + int result=-1; salen=SockAddrCreate(&sa, Address, Port); if (salen==0) return(-1); @@ -314,17 +313,22 @@ int BindSock(int Type, const char *Address, int Port, int Flags) } else fd=socket(sa->sa_family, Type, 0); - //REUSEADDR and REUSEPORT must be set BEFORE bind - result=1; + + if (fd > -1) + { + //REUSEADDR and REUSEPORT must be set BEFORE bind + result=1; #ifdef SO_REUSEADDR - setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &result, sizeof(result)); + setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &result, sizeof(result)); #endif #ifdef SO_REUSEPORT - if (Flags & BIND_REUSEPORT) setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &result, sizeof(result)); + if (Flags & BIND_REUSEPORT) setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &result, sizeof(result)); #endif - result=bind(fd, sa, salen); + result=bind(fd, sa, salen); + } + free(sa); if (result !=0) @@ -346,21 +350,21 @@ int BindSock(int Type, const char *Address, int Port, int Flags) int GetHostARP(const char *IP, char **Device, char **MAC) { char *Tempstr=NULL, *Token=NULL; - int result=FALSE, len; + int result=FALSE; const char *ptr; - FILE *F; + STREAM *S; Tempstr=SetStrLen(Tempstr, 255); -//TODO: why use fopen? - F=fopen("/proc/net/arp","r"); - if (F) + S=STREAMOpen("/proc/net/arp","r"); + if (S) { *Device=CopyStr(*Device,"remote"); *MAC=CopyStr(*MAC,"remote"); //Read Title Line - fgets(Tempstr,255,F); + Tempstr=STREAMReadLine(Tempstr, S); - while (fgets(Tempstr,255,F)) + Tempstr=STREAMReadLine(Tempstr, S); + while (Tempstr) { StripTrailingWhitespace(Tempstr); ptr=GetToken(Tempstr," ",&Token,0); @@ -384,8 +388,9 @@ int GetHostARP(const char *IP, char **Device, char **MAC) result=TRUE; } + Tempstr=STREAMReadLine(Tempstr, S); } - fclose(F); + STREAMClose(S); } DestroyString(Tempstr); @@ -407,7 +412,7 @@ int GetSockDestination(int sock, char **Host, int *Port) #ifdef SO_ORIGINAL_DST salen=sizeof(struct sockaddr_in); - if (getsockopt(sock, SOL_IP, SO_ORIGINAL_DST, (char *) &sa, &salen) ==0) + if (getsockopt(sock, SOL_IP, SO_ORIGINAL_DST, (char *) &sa, (unsigned int *) &salen) ==0) { *Host=SetStrLen(*Host,NI_MAXHOST); Tempstr=SetStrLen(Tempstr,NI_MAXSERV); @@ -560,7 +565,6 @@ int UDPRecv(int sock, char *Buffer, int len, char **Addr, int *Port) struct sockaddr_in sa; socklen_t salen; int result; - int fd; salen=sizeof(sa); result=recvfrom(sock, Buffer, len,0, (struct sockaddr *) &sa, &salen); @@ -666,7 +670,6 @@ void IP6AddresssFromSA(struct sockaddr_storage *sa, char **ReturnAddr, int *Retu int GetSockDetails(int sock, char **LocalAddress, int *LocalPort, char **RemoteAddress, int *RemotePort) { socklen_t salen; - int result; struct sockaddr_storage sa; if (LocalPort) *LocalPort=0; @@ -781,7 +784,7 @@ int NetConnectWithSettings(const char *Proto, const char *LocalHost, const char } else sock=BindSock(SOCK_STREAM, p_LocalHost, 0, 0); - +//set some options that are values rather than flags, SockSetOptions (called within IPReconnect) only handles flags if (Settings->TTL > 0) setsockopt(sock, IPPROTO_IP, IP_TTL, &(Settings->TTL), sizeof(int)); if (Settings->ToS > 0) setsockopt(sock, IPPROTO_IP, IP_TOS, &(Settings->ToS), sizeof(int)); @@ -789,6 +792,9 @@ int NetConnectWithSettings(const char *Proto, const char *LocalHost, const char if (Settings->Mark > 0) setsockopt(sock, SOL_SOCKET, SO_MARK, &(Settings->Mark), sizeof(int)); #endif + //if a timeout is specified at connection time, then we apply it to the connection step + //if it's added later with STREAMAddTimeout, then it will only apply to read + if (Settings->Timeout > 0) Settings->Flags |= CONNECT_NONBLOCK; result=IPReconnect(sock, Host, Port, Settings->Flags); Destroy(Host); @@ -849,13 +855,13 @@ int STREAMIsConnected(STREAM *S) result=IsSockConnected(S->in_fd); if (result==TRUE) { - if (S->State & SS_CONNECTING) + if (S->State & LU_SS_CONNECTING) { - S->State |= SS_CONNECTED; - S->State &= (~SS_CONNECTING); + S->State |= LU_SS_CONNECTED; + S->State &= (~LU_SS_CONNECTING); } } - if ((result==SOCK_CONNECTING) && (! (S->State & SS_CONNECTING))) result=FALSE; + if ((result==SOCK_CONNECTING) && (! (S->State & LU_SS_CONNECTING))) result=FALSE; return(result); } @@ -890,7 +896,7 @@ int STREAMDoPostConnect(STREAM *S, int Flags) } result=TRUE; - S->State |=SS_CONNECTED; + S->State |=LU_SS_CONNECTED; } else { @@ -965,11 +971,12 @@ int STREAMNetConnect(STREAM *S, const char *Proto, const char *Host, int Port, c if (S->Type==STREAM_TYPE_SSL) S->Flags |= CONNECT_SSL; if (S->Flags & SF_NONBLOCK) { - S->State |=SS_CONNECTING; + S->State |=LU_SS_CONNECTING; S->Flags |=SF_NONBLOCK; } if (STREAMWaitConnect(S)) result=STREAMDoPostConnect(S, S->Flags); + else result=FALSE; } Destroy(Name); @@ -986,9 +993,6 @@ int STREAMConnect(STREAM *S, const char *URL, const char *Config) int result=FALSE; char *Proto=NULL, *Host=NULL, *Token=NULL, *Path=NULL; char *Name=NULL, *Value=NULL; - TSockSettings Settings; - const char *ptr, *p_val; - int Flags=0, fd; int Port=0; diff --git a/libUseful-5/Socket.h b/libUseful-5/Socket.h index ae307f4..8bca349 100644 --- a/libUseful-5/Socket.h +++ b/libUseful-5/Socket.h @@ -3,8 +3,8 @@ Copyright (c) 2015 Colum Paget * SPDX-License-Identifier: GPL-3.0 */ -#ifndef LIBUSEFUL_SOCK -#define LIBUSEFUL_SOCK +#ifndef LIBUSEFUL_SOCKET_H +#define LIBUSEFUL_SOCKET_H #include "includes.h" diff --git a/libUseful-5/SpawnPrograms.c b/libUseful-5/SpawnPrograms.c index 6392d93..b929e6b 100644 --- a/libUseful-5/SpawnPrograms.c +++ b/libUseful-5/SpawnPrograms.c @@ -7,6 +7,7 @@ #include "String.h" #include "Errors.h" #include "FileSystem.h" +#include "Container.h" #include #include @@ -43,7 +44,7 @@ int SpawnParseConfig(const char *Config) //This is the function we call in the child process for 'SpawnCommand' int BASIC_FUNC_EXEC_COMMAND(void *Command, int Flags) { - int result; + int result=-1; char *Token=NULL, *FinalCommand=NULL, *ExecPath=NULL; char **argv; const char *ptr; @@ -76,7 +77,7 @@ int BASIC_FUNC_EXEC_COMMAND(void *Command, int Flags) argv[i]=CopyStr(argv[i],Token); } - execv(ExecPath, argv); + result=execv(ExecPath, argv); } else result=execl("/bin/sh","/bin/sh","-c",(char *) Command,NULL); @@ -116,7 +117,6 @@ pid_t xfork(const char *Config) pid_t xforkio(int StdIn, int StdOut, int StdErr) { pid_t pid; - int fd; pid=xfork(""); if (pid==0) @@ -213,7 +213,6 @@ pid_t PipeSpawnFunction(int *infd, int *outfd, int *errfd, BASIC_FUNC Func, void //default these to stdin, stdout and stderr and then override those later int c1=0, c2=1, c3=2; int channel1[2], channel2[2], channel3[2]; - int result; int Flags=0; Flags=SpawnParseConfig(Config); @@ -233,6 +232,7 @@ pid_t PipeSpawnFunction(int *infd, int *outfd, int *errfd, BASIC_FUNC Func, void //if Func is NULL we effectively do a fork, rather than calling a function we just //continue exectution from where we were + Flags=ProcessApplyConfig(Config); if (Func) { @@ -281,23 +281,25 @@ pid_t PipeSpawn(int *infd,int *outfd,int *errfd, const char *Command, const ch pid_t PseudoTTYSpawnFunction(int *ret_pty, BASIC_FUNC Func, void *Data, int Flags, const char *Config) { pid_t pid=-1, ConfigFlags=0; - int tty, pty, i; + int tty, pty; if (PseudoTTYGrab(&pty, &tty, Flags)) { + //ContainerApplyConfig(Config); pid=xforkio(tty, tty, tty); if (pid==0) { close(pty); - ProcessSetControlTTY(tty); + ConfigFlags=ProcessApplyConfig(Config); + setsid(); + ProcessSetControlTTY(tty); ///now that we've dupped it, we don't need to keep it open //as it will be open on stdin/stdout close(tty); - ConfigFlags=ProcessApplyConfig(Config); //if Func is NULL we effectively do a fork, rather than calling a function we just //continue exectution from where we were @@ -348,18 +350,15 @@ STREAM *STREAMSpawnFunction(BASIC_FUNC Func, void *Data, const char *Config) if (pid > 0) { S=STREAMFromDualFD(from_fd, to_fd); - /* - if (waitpid(pid, NULL, WNOHANG) < 1) - //sleep to allow spawned function time to exit due to startup problems - usleep(250); - //use waitpid to check process has not exited, if so then spawn stream - else fprintf(stderr, "ERROR: Subprocess exited: %s %s\n", strerror(errno), Data); - */ } if (S) { - STREAMSetFlushType(S,FLUSH_LINE,0,0); + //if we are doing to be sending raw data to the process, then flush always + //otherwise we expect lines of text and flush on a line terminator + if (Flags & TTYFLAG_DATA) STREAMSetFlushType(S,FLUSH_ALWAYS,0,0); + else STREAMSetFlushType(S,FLUSH_LINE,0,0); + Tempstr=FormatStr(Tempstr,"%d",pid); STREAMSetValue(S,"PeerPID",Tempstr); S->Type=STREAM_TYPE_PIPE; @@ -413,6 +412,7 @@ int STREAMSpawnCommandAndPty(const char *Command, const char *Config, STREAM **C if (PseudoTTYGrab(&pty, &tty, TTYFLAG_PTY)) { + //ContainerApplyConfig(Config); //handle situation where Config might be null if (StrValid(Config)) Tempstr=CopyStr(Tempstr, Config); else Tempstr=CopyStr(Tempstr, "rw"); diff --git a/libUseful-5/SpawnPrograms.h b/libUseful-5/SpawnPrograms.h index 0b97781..7cc7a32 100644 --- a/libUseful-5/SpawnPrograms.h +++ b/libUseful-5/SpawnPrograms.h @@ -24,7 +24,7 @@ lockstdin= create a lockfile and hook it to stdin. This is used with progr trust 'trust' command. without this option certain characters are stripped from any commands that are run with the 'SpawnCommand' functions, notably ';' and '|'. You cannot therefore concatanate commands without using this - option. + option. pty instead of using pipes to talk to the child process use a pseudo tty device. This creates a link where text sent to the command undergoes input processing as though it was from a keyboard diff --git a/libUseful-5/Ssh.c b/libUseful-5/Ssh.c index aeccd57..5fcef70 100644 --- a/libUseful-5/Ssh.c +++ b/libUseful-5/Ssh.c @@ -3,13 +3,90 @@ #include "Pty.h" #include "SpawnPrograms.h" -STREAM *SSHConnect(const char *Host, int Port, const char *User, const char *Pass, const char *Command, int Flags) + +#define SSH_CANON_PTY 1 //communicate to ssh program over a canonical pty (honor ctrl-d, ctrl-c etc) +#define SSH_NO_ESCAPE 2 //disable the 'escape character' +#define SSH_COMPRESS 4 //use -C to compress ssh traffic + + + +static int SSHParseFlags(const char *Token) +{ + const char *ptr; + int Flags=0; + + for (ptr=Token; *ptr != '\0'; ptr++) + { + switch (*ptr) + { + case 'a': + Flags |= STREAM_APPEND; + case 'r': + Flags |= SF_RDONLY; + case 'w': + Flags |= SF_WRONLY; + case 'l': + Flags |= SF_LIST; + } + } + + return(Flags); +} + + +static int SSHParseConfig(const char *Config, char **BindAddress, char **ConfigFile) +{ + char *Name=NULL, *Value=NULL; + const char *ptr; + int Flags=0; + + ptr=GetToken(Config, "\\S", &Value, 0); + + //if first item is a name=value, then there's no flags, so all of Config is name=value pairs + if (! strchr(Value, '=')) Flags=SSHParseFlags(Value); + else ptr=Config; + + + ptr=GetNameValuePair(ptr, "\\S", "=", &Name, &Value); + while (ptr) + { + //we could add options here like 'bind address' + //or specify encryption/key algorithms, but + //unfortunately that will mean rethinking SSHConnect + //as it has no way of passing such arguments at current + + + if ( (strcasecmp(Name, "bind")==0) && BindAddress) *BindAddress=CopyStr(*BindAddress, Value); + if ( (strcasecmp(Name, "config")==0) && ConfigFile) *ConfigFile=CopyStr(*ConfigFile, Value); + ptr=GetNameValuePair(ptr, "\\S", "=", &Name, &Value); + } + + Destroy(Name); + Destroy(Value); + + return(Flags); +} + + +STREAM *SSHConnect(const char *Host, int Port, const char *User, const char *Pass, const char *Command, const char *Config) { ListNode *Dialog; - char *Tempstr=NULL, *KeyFile=NULL, *Token=NULL, *RemoteCmd=NULL, *TTYConfigs=NULL; + char *Tempstr=NULL, *KeyFile=NULL, *Token=NULL, *RemoteCmd=NULL, *TTYConfigs=NULL, *ConfigFile=NULL, *BindAddress=NULL; const char *ptr; STREAM *S; int IsTunnel=FALSE; + int Flags, SshFlags=0; + + Flags=SSHParseConfig(Config, &BindAddress, &ConfigFile); + + + //translate stream flags into specific SSH configurations + if (Flags & SF_COMPRESSED) SshFlags |= SSH_COMPRESS; + + if (Flags & SF_WRONLY) SshFlags |= SSH_CANON_PTY; + else if (Flags & STREAM_APPEND) SshFlags |= SSH_CANON_PTY | SSH_NO_ESCAPE; + else if (Flags & SF_LIST) SshFlags |= SSH_CANON_PTY | SSH_NO_ESCAPE; + //If we are using the .ssh/config connection-config system then there won't be a username, and 'Host' will @@ -29,8 +106,8 @@ STREAM *SSHConnect(const char *Host, int Port, const char *User, const char *Pas Tempstr=MCatStr(Tempstr,"-i ",KeyFile," ",NULL); } - if (Flags & SSH_NO_ESCAPE) Tempstr=MCatStr(Tempstr, "-e none ", NULL); - if (Flags & SSH_COMPRESS) Tempstr=MCatStr(Tempstr, "-C ", NULL); + if (SshFlags & SSH_NO_ESCAPE) Tempstr=MCatStr(Tempstr, "-e none ", NULL); + if (SshFlags & SSH_COMPRESS) Tempstr=MCatStr(Tempstr, "-C ", NULL); ptr=GetToken(Command, "\\S", &Token, 0); while (ptr) @@ -53,6 +130,9 @@ STREAM *SSHConnect(const char *Host, int Port, const char *User, const char *Pas ptr=GetToken(ptr, "\\S", &Token, 0); } + if (StrValid(BindAddress)) Tempstr=MCatStr(Tempstr, "-b \"", BindAddress, "\" ", NULL); + if (StrValid(ConfigFile)) Tempstr=MCatStr(Tempstr, "-E \"", ConfigFile, "\" ", NULL); + if (StrValid(RemoteCmd)) Tempstr=MCatStr(Tempstr, " \"", RemoteCmd, "\" ", NULL); @@ -67,7 +147,7 @@ STREAM *SSHConnect(const char *Host, int Port, const char *User, const char *Pas //to tell it 'end of file'. We can't just close the connection, as we //may not have sent all the data. For this one situation we use canonical //pty settings, so we can use the 'cntrl-d' control character - if (Flags & SSH_CANON_PTY) TTYConfigs=CatStr(TTYConfigs, " canon"); + if (SshFlags & SSH_CANON_PTY) TTYConfigs=CatStr(TTYConfigs, " canon"); TTYConfigs=CatStr(TTYConfigs, " noshell setsid"); @@ -101,6 +181,8 @@ STREAM *SSHConnect(const char *Host, int Port, const char *User, const char *Pas DestroyString(KeyFile); DestroyString(TTYConfigs); DestroyString(RemoteCmd); + DestroyString(ConfigFile); + DestroyString(BindAddress); DestroyString(Token); return(S); @@ -113,15 +195,18 @@ STREAM *SSHConnect(const char *Host, int Port, const char *User, const char *Pas //get translated to: //'r' -> SF_RDONLY (read a file from remote server) //'w' -> SF_WRONLY (write a file to remote server) +//'a' -> SF_APPEND (append to a file to remote server) +//'l' list files on remote server //'x' or anything else runs a command on the remote server -STREAM *SSHOpen(const char *Host, int Port, const char *User, const char *Pass, const char *iPath, int Flags) +STREAM *SSHOpen(const char *Host, int Port, const char *User, const char *Pass, const char *iPath, const char *Config) { char *Tempstr=NULL, *Path=NULL; const char *ptr; - int SshFlags=0; + int Flags; STREAM *S; + Flags=SSHParseConfig(Config, NULL, NULL); if (iPath) { @@ -132,7 +217,8 @@ STREAM *SSHOpen(const char *Host, int Port, const char *User, const char *Pass, } else ptr=""; - //if SF_RDONLY is set, then we treat this as a 'file get' + //if SF_RDONLY is set, then we treat this as a 'file get', + // we cannot do both read and write to a file over ssh if (Flags & SF_RDONLY) { Tempstr=QuoteCharsInStr(Tempstr, ptr, " ()"); @@ -142,18 +228,20 @@ STREAM *SSHOpen(const char *Host, int Port, const char *User, const char *Pass, { Tempstr=QuoteCharsInStr(Tempstr, ptr, " ()"); Path=MCopyStr(Path, "cat - > ", Tempstr, NULL); - SshFlags |= SSH_CANON_PTY; } else if (Flags & STREAM_APPEND) { Tempstr=QuoteCharsInStr(Tempstr, ptr, " ()"); Path=MCopyStr(Path, "cat - >> ", Tempstr, NULL); - SshFlags |= SSH_CANON_PTY | SSH_NO_ESCAPE; + } + else if (Flags & SF_LIST) + { + Tempstr=QuoteCharsInStr(Tempstr, ptr, " ()"); + Path=MCopyStr(Path, "ls -d ", Tempstr, NULL); } else Path=CopyStr(Path, ptr); - if (Flags & SF_COMPRESSED) SshFlags |= SSH_COMPRESS; - S=SSHConnect(Host, Port, User, Pass, Path, SshFlags); + S=SSHConnect(Host, Port, User, Pass, Path, Config); Destroy(Tempstr); Destroy(Path); diff --git a/libUseful-5/Ssh.h b/libUseful-5/Ssh.h index 6d53104..710ecb4 100644 --- a/libUseful-5/Ssh.h +++ b/libUseful-5/Ssh.h @@ -3,14 +3,31 @@ Copyright (c) 2015 Colum Paget * SPDX-License-Identifier: GPL-3.0 */ -#ifndef LIBUSEFUL_SSH -#define LIBUSEFUL_SSH +#ifndef LIBUSEFUL_SSH_H +#define LIBUSEFUL_SSH_H #include "Stream.h" /* Connect to an ssh server and run a command. This requires the ssh command-line program to be available. +You will normally not use these functions, instead using something like 'STREAMOpen("ssh://myhost.com:2222", "r bind=192.168.6.1");' + +The 'config' argument to SSHConnect and SSHOpen is the same as other STREAMOpen style commands, consisting of a set of fopen-style 'open flags' +followed by name-value pairs for other settings + +Currently recognized 'open flags' are: +'r' -> SF_RDONLY (read a file from remote server) +'w' -> SF_WRONLY (write a file to remote server) +'w' -> SF_APPEND (append to a file to remote server) +'l' -> list files on remote server +'x' or anything else runs a command on the remote server + +Currently recognized name-value settings are: + +bind=
bind to a local address so that our connection seems to be coming from that address +config= use ssh config file + Note, such SSH connections CANNOT BE USED WITH CONNECTION CHAINS / PROXIES. They are always direct connections. if ssh's config system is being used to set up known connections (via ~/.ssh/config) then User, Pass and Port @@ -20,16 +37,12 @@ The returned stream can be used with the usual STREAM functions to read/write to ssh host. see Stream.h for available functions. */ -#define SSH_CANON_PTY 1 //communicate to ssh program over a canonical pty (honor ctrl-d, ctrl-c etc) -#define SSH_NO_ESCAPE 2 //disable the 'escape character' -#define SSH_COMPRESS 4 //use -C to compress ssh traffic - #ifdef __cplusplus extern "C" { #endif -STREAM *SSHConnect(const char *Host, int Port, const char *User, const char *Pass, const char *Command, int Flags); -STREAM *SSHOpen(const char *Host, int Port, const char *User, const char *Pass, const char *Path, int Flags); +STREAM *SSHConnect(const char *Host, int Port, const char *User, const char *Pass, const char *Command, const char *Config); +STREAM *SSHOpen(const char *Host, int Port, const char *User, const char *Pass, const char *Path, const char *Config); void SSHClose(STREAM *S); #ifdef __cplusplus diff --git a/libUseful-5/Stream.c b/libUseful-5/Stream.c index 0e75753..470cbb4 100644 --- a/libUseful-5/Stream.c +++ b/libUseful-5/Stream.c @@ -12,17 +12,13 @@ #include "String.h" #include "Users.h" #include "UnitsOfMeasure.h" +#include "FileSystem.h" #include "WebSocket.h" #include #include "SecureMem.h" #include #include -#ifdef linux -#include -#endif - - //A difficult function to fit in order @@ -62,7 +58,7 @@ static void SelectAddFD(TSelectSet *Set, int type, int fd) static int SelectWait(TSelectSet *Set, struct timeval *tv) { - long long timeout, next; + long long timeout; uint64_t start, diff; int result; @@ -241,27 +237,12 @@ void STREAMSetFlags(STREAM *S, int Set, int UnSet) fcntl(S->in_fd, F_SETFD, val); fcntl(S->out_fd, F_SETFD, val); +#ifdef USE_FSFLAGS //immutable and append only flags are a special case as //they are not io flags, but permanent file flags so we //only touch those if explicitly set in Set or UnSet - if ((Set | UnSet) & (STREAM_IMMUTABLE | STREAM_APPENDONLY)) - { -#ifdef FS_IOC_SETFLAGS - ioctl(S->out_fd, FS_IOC_GETFLAGS, &val); - -#ifdef FS_IMMUTABLE_FL - if (Set & STREAM_IMMUTABLE) val |= FS_IMMUTABLE_FL; - else if (UnSet & STREAM_IMMUTABLE) val &= ~FS_IMMUTABLE_FL; -#endif - -#ifdef FS_APPEND_FL - if (Set & STREAM_APPENDONLY) val |= FS_APPEND_FL; - else if (UnSet & STREAM_APPENDONLY) val |= FS_APPEND_FL; + if ((Set | UnSet) & (STREAM_IMMUTABLE | STREAM_APPENDONLY)) FileSystemSetSTREAMFlags(S->out_fd, Set, UnSet); #endif - - ioctl(S->out_fd, FS_IOC_SETFLAGS, &val); -#endif - } } @@ -286,7 +267,7 @@ void STREAMSetFlushType(STREAM *S, int Type, int StartPoint, int BlockSize) /* the file pointer to that position */ void STREAMReAllocBuffer(STREAM *S, int size, int Flags) { - char *ibuf=NULL, *obuf=NULL; + unsigned char *ibuf=NULL, *obuf=NULL; int RW; if (S->Flags & SF_MMAP) return; @@ -314,8 +295,8 @@ void STREAMReAllocBuffer(STREAM *S, int size, int Flags) } else { - if (! (RW & SF_WRONLY)) S->InputBuff =(char *) realloc(S->InputBuff,size); - if (! (RW & SF_RDONLY)) S->OutputBuff=(char *) realloc(S->OutputBuff,size); + if (! (RW & SF_WRONLY)) S->InputBuff =(unsigned char *) realloc(S->InputBuff,size); + if (! (RW & SF_RDONLY)) S->OutputBuff=(unsigned char *) realloc(S->OutputBuff,size); } if (ibuf) @@ -345,7 +326,7 @@ int STREAMCheckForBytes(STREAM *S) struct stat Stat; if (! S) return(FALSE); - if (S->State & SS_EMBARGOED) return(FALSE); + if (S->State & LU_SS_EMBARGOED) return(FALSE); if (S->InEnd > S->InStart) return(TRUE); if (S->in_fd==-1) return(FALSE); @@ -368,7 +349,7 @@ int STREAMCountWaitingBytes(STREAM *S) int read_result=0, result; if (! S) return(0); - if (S->State & SS_EMBARGOED) return(0); + if (S->State & LU_SS_EMBARGOED) return(0); result=FDCheckForBytes(S->in_fd); if (result > 0) read_result=STREAMReadCharsToBuffer(S); @@ -398,7 +379,7 @@ STREAM *STREAMSelect(ListNode *Streams, struct timeval *tv) while (Curr) { S=(STREAM *) Curr->Item; - if (S && (! (S->State & SS_EMBARGOED))) + if (S && (! (S->State & LU_SS_EMBARGOED))) { //server type streams don't have buffers if ( (S->Type != STREAM_TYPE_UNIX_SERVER) && (S->Type != STREAM_TYPE_TCP_SERVER) ) @@ -458,7 +439,7 @@ int STREAMCheckForWaitingChar(STREAM *S,unsigned char check_char) char *found_char; if (! S) return(0); - if (S->State & SS_EMBARGOED) return(0); + if (S->State & LU_SS_EMBARGOED) return(0); result=FDCheckForBytes(S->in_fd); if (result > 0) read_result=STREAMReadCharsToBuffer(S); @@ -528,20 +509,18 @@ int STREAMBasicSendBytes(STREAM *S, const char *Data, int DataLen) int STREAMPushBytes(STREAM *S, const char *Data, int DataLen) { - if (S->State & SS_SSL) return(OpenSSLSTREAMWriteBytes(S, Data, DataLen)); + if (S->State & LU_SS_SSL) return(OpenSSLSTREAMWriteBytes(S, Data, DataLen)); return(STREAMBasicSendBytes(S, Data, DataLen)); } static int STREAMInternalPushBytes(STREAM *S, const char *Data, int DataLen) { - int result=0, count=0, len; - void *vptr; + int result=0, count=0; if (! S) return(STREAM_CLOSED); if (S->out_fd==-1) return(STREAM_CLOSED); - //if we are flushing blocks, then pad out to the blocksize if (S->Flags & FLUSH_BLOCK) { @@ -598,7 +577,9 @@ static int STREAMInternalPushBytes(STREAM *S, const char *Data, int DataLen) int STREAMFlush(STREAM *S) { int val; + val=STREAMInternalPushBytes(S, S->OutputBuff, S->OutEnd); + //if nothing left in stream (There shouldn't be) then wipe data because //there might have been passwords sent on the stream, and we don't want //that hanging about in memory @@ -676,7 +657,7 @@ int STREAMReadThroughProcessors(STREAM *S, char *Bytes, int InLen) } if ( - (! (S->State & SS_DATA_ERROR)) && + (! (S->State & LU_SS_DATA_ERROR)) && (len > 0) ) { @@ -697,7 +678,7 @@ int STREAMReadThroughProcessors(STREAM *S, char *Bytes, int InLen) if (len==0) { if (state==STREAM_CLOSED) return(STREAM_CLOSED); - if (S->State & SS_DATA_ERROR) return(STREAM_DATA_ERROR); + if (S->State & LU_SS_DATA_ERROR) return(STREAM_DATA_ERROR); } // this indicates that there's still data in the processing chain @@ -768,12 +749,12 @@ STREAM *STREAMFromDualFD(int in_fd, int out_fd) int STREAMOpenMMap(STREAM *S, int offset, int len, int Flags) { - char *ptr; + unsigned char *ptr; int MProt=PROT_READ; if (S->InputBuff) free(S->InputBuff); if (Flags & (SF_WRONLY | SF_RDWR)) MProt |= PROT_WRITE; - ptr=(char *) mmap(0, len, MProt, MAP_SHARED, S->in_fd, offset); + ptr=(unsigned char *) mmap(0, len, MProt, MAP_SHARED, S->in_fd, offset); if (ptr==MAP_FAILED) return(FALSE); S->InEnd=len; S->InStart=0; @@ -785,15 +766,104 @@ int STREAMOpenMMap(STREAM *S, int offset, int len, int Flags) } + +static int STREAMAutoRecoverRequired(int Flags) +{ + if ( + (Flags & SF_AUTORECOVER) && + (Flags & SF_WRONLY) && + (! (Flags & (STREAM_APPEND | SF_RDONLY) ) ) + ) return(TRUE); + + return(FALSE); +} + + +void STREAMFileAutoRecover(const char *Path, int Flags) +{ + char *BackupPath=NULL; + struct stat FStat; + int result; + + BackupPath=MCopyStr(BackupPath, Path, ".autorecover", NULL); + result=stat(BackupPath, &FStat); + if (result==0) + { + //never use an autorecover that is zero bytes in size + if (FStat.st_size == 0) + { + result=unlink(BackupPath); + if (result != 0) RaiseError(ERRFLAG_ERRNO|ERRFLAG_DEBUG, "STREAMFileOpen", "zero-length autorecovery found, but cannot remove it %s", BackupPath); + } + // if we are writing to the file, and we are not appending to it, then we are going to blank the file down anyways, so no need to autorecover + else if (! (Flags & (SF_RDONLY|STREAM_APPEND)) ) + { + result=unlink(BackupPath); + if (result != 0) RaiseError(ERRFLAG_ERRNO|ERRFLAG_DEBUG, "STREAMFileOpen", "autorecovery found, not needed, but cannot remove it %s", BackupPath); + } + else + { + RaiseError(ERRFLAG_DEBUG, "STREAMFileOpen", "autorecovery from %s", BackupPath); + //first take a backup for the current 'live' file + BackupPath=MCopyStr(BackupPath, Path, ".", GetDateStr("%Y-%m-%dT%H%M%S", NULL), ".error", NULL); + result=rename(Path, BackupPath); + if (result != 0) RaiseError(ERRFLAG_ERRNO | ERRFLAG_DEBUG, "STREAMFileOpen", "autorecovery cannot archive current file to %s", BackupPath); + + BackupPath=MCopyStr(BackupPath, Path, ".autorecover", NULL); + result=rename(BackupPath, Path); + if (result != 0) RaiseError(ERRFLAG_ERRNO | ERRFLAG_DEBUG, "STREAMFileOpen", "autorecovery cannot import %s", BackupPath); + } + } + + Destroy(BackupPath); +} + + +// do a bunch of preparation before opening the file +// firstly convert paths starting in ~/ to point to the user's home directory +// secondly handle taking/making a backup if that is requested +// This function always makes a copy of path, because even if no substitutions are +// required functions like mkostemp want to be able to change the file path +// and need a writeable copy to do that +static char *STREAMFileOpenPrepare(char *NewPath, const char *Path, int Flags) +{ + char *BackupPath=NULL; + int result; + + //if path starts with a tilde, then it's the user's home directory + if (strncmp(Path, "~/", 2) ==0) + { + //Path+1 so we get the / to make sure there is one after HomeDir + NewPath=MCopyStr(NewPath, GetCurrUserHomeDir(), Path+1, NULL); + } + else NewPath=CopyStr(NewPath, Path); + + if (Flags & SF_AUTORECOVER) + { + //only take a backup if we are in write/truncate mode, not append or r/w + if ( STREAMAutoRecoverRequired(Flags) ) + { + BackupPath=MCopyStr(BackupPath, NewPath, ".autorecover", NULL); + result=rename(NewPath, BackupPath); + if (result != 0) RaiseError(ERRFLAG_ERRNO|ERRFLAG_DEBUG, "STREAMFileOpen", "failed to take backup of %s to %s", NewPath, BackupPath); + } + //if stream opened for read or append, then autorecover + else STREAMFileAutoRecover(NewPath, Flags); + } + + Destroy(BackupPath); + + return(NewPath); +} + + STREAM *STREAMFileOpen(const char *Path, int Flags) { int fd, Mode=0; STREAM *Stream; struct stat myStat; char *Tempstr=NULL, *NewPath=NULL; - const char *p_Path, *ptr; - p_Path=Path; if (Flags & SF_WRONLY) Mode=O_WRONLY; else if (Flags & SF_RDONLY) Mode=O_RDONLY; else Mode=O_RDWR; @@ -802,41 +872,34 @@ STREAM *STREAMFileOpen(const char *Path, int Flags) if (Flags & SF_CREATE) Mode |=O_CREAT; if (Flags & SF_EXCL) Mode |=O_EXCL; - if (CompareStr(Path,"-")==0) + //we take a copy of Path, because we may need to substitute ~/ for the user's home directory + //or because functions like mkostemp want to modify the string they are passed + NewPath=STREAMFileOpenPrepare(NewPath, Path, Flags); + + // '-' means stdin or stdout, depending on context + if (CompareStr(NewPath,"-")==0) { if (Mode==O_RDONLY) fd=0; else fd=1; } + // create a file with a tempoary name, the pattern 'XXXXXX' will be replaced with a unique + // random string to create a unique filename else if (Flags & SF_TMPNAME) { - //Must make a copy because mkostemp internally alters path - NewPath=CopyStr(NewPath, Path); #ifdef HAVE_MKOSTEMP fd=mkostemp(NewPath, Mode); #else fd=mkstemp(NewPath); #endif - p_Path=NewPath; - } - //if path starts with a tilde, then it's the user's home directory - else if (strncmp(Path, "~/", 2) ==0) - { - //Path+1 so we get the / to make sure there is one after HomeDir - NewPath=MCopyStr(NewPath, GetCurrUserHomeDir(), Path+1, NULL); - fd=open(NewPath, Mode, 0600); - p_Path=NewPath; - } - else - { - fd=open(Path, Mode, 0600); - p_Path=Path; } + // otherwise just open the file as normal! + else fd=open(NewPath, Mode, 0600); if (fd==-1) { - if (Flags & SF_ERROR) RaiseError(ERRFLAG_ERRNO, "STREAMFileOpen", "failed to open %s", p_Path); - else RaiseError(ERRFLAG_ERRNO|ERRFLAG_DEBUG, "STREAMFileOpen", "failed to open %s", p_Path); + if (Flags & SF_ERROR) RaiseError(ERRFLAG_ERRNO, "STREAMFileOpen", "failed to open %s", NewPath); + else RaiseError(ERRFLAG_ERRNO|ERRFLAG_DEBUG, "STREAMFileOpen", "failed to open %s", NewPath); Destroy(NewPath); return(NULL); } @@ -845,7 +908,7 @@ STREAM *STREAMFileOpen(const char *Path, int Flags) { if (flock(fd,LOCK_EX | LOCK_NB)==-1) { - RaiseError(ERRFLAG_ERRNO, "STREAMFileOpen", "file lock requested but failed %s", p_Path); + RaiseError(ERRFLAG_ERRNO, "STREAMFileOpen", "file lock requested but failed %s", NewPath); close(fd); Destroy(NewPath); return(NULL); @@ -856,7 +919,7 @@ STREAM *STREAMFileOpen(const char *Path, int Flags) { if (flock(fd,LOCK_SH | LOCK_NB)==-1) { - RaiseError(ERRFLAG_ERRNO, "STREAMFileOpen", "file lock requested but failed %s", p_Path); + RaiseError(ERRFLAG_ERRNO, "STREAMFileOpen", "file lock requested but failed %s", NewPath); close(fd); Destroy(NewPath); return(NULL); @@ -871,9 +934,9 @@ STREAM *STREAMFileOpen(const char *Path, int Flags) if ((Mode != O_RDONLY) && (! (Flags & SF_FOLLOW))) { - if (lstat(p_Path, &myStat) !=0) + if (lstat(NewPath, &myStat) !=0) { - RaiseError(ERRFLAG_ERRNO, "STREAMFileOpen", "cannot stat %s", p_Path); + RaiseError(ERRFLAG_ERRNO, "STREAMFileOpen", "cannot stat %s", NewPath); close(fd); Destroy(NewPath); return(NULL); @@ -881,7 +944,7 @@ STREAM *STREAMFileOpen(const char *Path, int Flags) if (S_ISLNK(myStat.st_mode)) { - RaiseError(0, "STREAMFileOpen", "%s is a symlink, but not not in 'symlink okay' mode", p_Path); + RaiseError(0, "STREAMFileOpen", "%s is a symlink, but not not in 'symlink okay' mode", NewPath); close(fd); Destroy(NewPath); return(NULL); @@ -889,7 +952,7 @@ STREAM *STREAMFileOpen(const char *Path, int Flags) } else { - stat(p_Path, &myStat); + stat(NewPath, &myStat); } //CREATE THE STREAM OBJECT !! @@ -900,17 +963,17 @@ STREAM *STREAMFileOpen(const char *Path, int Flags) Tempstr=FormatStr(Tempstr,"%d",myStat.st_size); STREAMSetValue(Stream, "FileSize", Tempstr); Stream->Size=myStat.st_size; - Stream->Path=CopyStr(Stream->Path, p_Path); + Stream->Path=CopyStr(Stream->Path, NewPath); if ( (Flags & (SF_RDONLY | SF_MMAP)) == (SF_RDONLY | SF_MMAP) ) STREAMOpenMMap(Stream, 0, myStat.st_size, Flags); else { if (Flags & SF_TRUNC) { - if (ftruncate(fd,0) != 0) RaiseError(ERRFLAG_ERRNO, "STREAMFileOpen", "cannot ftruncate %s", p_Path); + if (ftruncate(fd,0) != 0) RaiseError(ERRFLAG_ERRNO, "STREAMFileOpen", "cannot ftruncate %s", NewPath); STREAMSetValue(Stream, "FileSize", "0"); } - if (Flags & STREAM_APPEND) lseek(fd,0,SEEK_END); + if (Flags & STREAM_APPEND) lseek(fd, 0, SEEK_END); } STREAMSetFlags(Stream, Flags, 0); @@ -955,6 +1018,9 @@ static int STREAMParseConfig(const char *Config) case 'a': Flags |= STREAM_APPEND | SF_CREATE; break; + case 'e': + Flags |= SF_ENCRYPT; + break; case 'E': Flags |= SF_ERROR; break; @@ -985,6 +1051,9 @@ static int STREAMParseConfig(const char *Config) case 'F': Flags |= SF_FOLLOW; break; + case 'R': + Flags |= SF_AUTORECOVER; + break; case 'S': Flags |= SF_SORTED; break; @@ -1038,6 +1107,32 @@ static const char *STREAMExtractMasterURL(const char *URL) #define STREAMFileOpenWithConfig(url, config) STREAMFileOpen((url), STREAMParseConfig(config)) + +//Add Processor Modules. if any of these fail, then close the stream and return NULL +//so that we don't for instance, write to a file without encryption when that was asked for +static STREAM *STREAMSetupDataProcessorModules(STREAM *S, const char *Config) +{ +//if no processors are needed, then we consider things 'good' + int SetupGood=TRUE; + + if (S->Flags & SF_COMPRESSED) + { + if (S->Flags & SF_RDONLY) if (! STREAMAddStandardDataProcessor(S, "decompress", "gzip", "")) SetupGood=FALSE; + else if (S->Flags & SF_WRONLY) if (! STREAMAddStandardDataProcessor(S, "compress", "gzip", "")) SetupGood=FALSE; + } + + if (S->Flags & SF_ENCRYPT) if (! STREAMAddStandardDataProcessor(S, "crypto", "", Config)) SetupGood=FALSE; + + if (! SetupGood) + { + STREAMClose(S); + S=NULL; + } + + return(S); +} + + //URL can be a file path or a number of different network/file URL types STREAM *STREAMOpen(const char *URL, const char *Config) { @@ -1098,7 +1193,7 @@ STREAM *STREAMOpen(const char *URL, const char *Config) if ( (CompareStr(URL,"-")==0) || (strcasecmp(URL,"stdio:")==0) ) S=STREAMFromDualFD(dup(0), dup(1)); else if (strcasecmp(URL,"stdin:")==0) S=STREAMFromFD(dup(0)); else if (strcasecmp(URL,"stdout:")==0) S=STREAMFromFD(dup(1)); - else if (strcasecmp(Proto,"ssh")==0) S=SSHOpen(Host, Port, User, Pass, Path, STREAMParseConfig(Config)); + else if (strcasecmp(Proto,"ssh")==0) S=SSHOpen(Host, Port, User, Pass, Path, Config); else if (strcasecmp(Proto,"tty")==0) { S=STREAMFromFD(TTYConfigOpen(URL+4, Config)); @@ -1134,14 +1229,15 @@ STREAM *STREAMOpen(const char *URL, const char *Config) break; } + + if (S) S=STREAMSetupDataProcessorModules(S, Config); + + + if (S) { if (S->Flags & SF_SECURE) STREAMResizeBuffer(S, S->BuffSize); - if (S->Flags & SF_COMPRESSED) - { - if (S->Flags & SF_RDONLY) STREAMAddStandardDataProcessor(S, "decompress", "gzip", ""); - else if (S->Flags & SF_WRONLY) STREAMAddStandardDataProcessor(S, "compress", "gzip", ""); - } + switch (S->Type) { @@ -1238,13 +1334,24 @@ void STREAMTruncate(STREAM *S, long size) //doesn't require caching (maybe becasue it's a logfile rather than data) void STREAMCloseFile(STREAM *S) { + char *Tempstr=NULL; + if ( - (StrEnd(S->Path)) || + (StrValid(S->Path)) && (CompareStr(S->Path,"-") !=0) //don't do this for stdin/stdout ) { + if (S->out_fd != -1) { + //as we have closed the file sucessfully, we no longer need backup + if (STREAMAutoRecoverRequired(S->Flags)) + { + Tempstr=MCopyStr(Tempstr, S->Path, ".autorecover", NULL); + unlink(Tempstr); + } + + //if we don't need this file cached for future use, tell the os so when we close it #ifdef POSIX_FADV_DONTNEED if (S->Flags & SF_NOCACHE) @@ -1265,6 +1372,8 @@ void STREAMCloseFile(STREAM *S) } } + + Destroy(Tempstr); } @@ -1278,6 +1387,7 @@ void STREAMShutdown(STREAM *S) //-1 means 'FLUSH' STREAMReadThroughProcessors(S, NULL, -1); + STREAMWriteBytes(S, NULL, 0); //means flush any processors STREAMFlush(S); switch (S->Type) @@ -1347,7 +1457,7 @@ int STREAMWaitForBytes(STREAM *S) struct timeval tv; //if using SSL and already has bytes queued, don't do a wait on select - if ( (S->State & SS_SSL) && OpenSSLSTREAMCheckForBytes(S) ) WaitForBytes=FALSE; + if ( (S->State & LU_SS_SSL) && OpenSSLSTREAMCheckForBytes(S) ) WaitForBytes=FALSE; //must set this to 1 in case not doing a select, 'cos if S->Timeout is not set //then we won't wait at all, won't set read_result, so we must do it here @@ -1420,21 +1530,21 @@ static int STREAMReadCharsToBuffer_Default(STREAM *S, char *Buffer, int Len) int STREAMPullBytes(STREAM *S, char *Buffer, int Len) { - if (S->State & SS_SSL) return(OpenSSLSTREAMReadBytes(S, Buffer, Len)); + if (S->State & LU_SS_SSL) return(OpenSSLSTREAMReadBytes(S, Buffer, Len)); return(STREAMReadCharsToBuffer_Default(S, Buffer, Len)); } int STREAMReadCharsToBuffer(STREAM *S) { int val=0, read_result=0; - long bytes_read; + long bytes_read=0; char *tmpBuff=NULL; if (! S) return(0); //we don't read from and embargoed stream. Embargoed is a state that we //use to indicate a stream must be ignored for a while - if (S->State & SS_EMBARGOED) return(0); + if (S->State & LU_SS_EMBARGOED) return(0); //number of bytes queued in STREAM val=S->InEnd-S->InStart; @@ -1776,7 +1886,7 @@ int STREAMWriteBytes(STREAM *S, const char *Data, int DataLen) if (! S) return(STREAM_CLOSED); if (S->out_fd==-1) return(STREAM_CLOSED); - if (S->State & SS_WRITE_ERROR) return(STREAM_CLOSED); + if (S->State & LU_SS_WRITE_ERROR) return(STREAM_CLOSED); i_data=Data; @@ -1784,7 +1894,11 @@ int STREAMWriteBytes(STREAM *S, const char *Data, int DataLen) if (ListSize(S->ProcessingModules)) { - STREAMInternalPushProcessingModules(S, i_data, len, &TempBuff, &len); + if (len < 4096) len=4096; + + TempBuff=SetStrLen(TempBuff, len * 2); + len=0; + STREAMInternalPushProcessingModules(S, i_data, DataLen, &TempBuff, &len); i_data=TempBuff; } @@ -1792,7 +1906,10 @@ int STREAMWriteBytes(STREAM *S, const char *Data, int DataLen) //thus the calling application always believes all data is written //Thus we only report errors if len==0; if (len > 0) result=STREAMInternalQueueBytes(S, i_data, len); - else if (S->OutEnd > S->StartPoint) result=STREAMInternalPushBytes(S, S->OutputBuff, S->OutEnd); + else if (S->OutEnd > S->StartPoint) + { + result=STREAMInternalPushBytes(S, S->OutputBuff, S->OutEnd); + } Destroy(TempBuff); @@ -2137,11 +2254,18 @@ int STREAMReadToString(STREAM *S, char **RetStr, int *len, const char *Term) char *STREAMReadDocument(char *RetStr, STREAM *S) { char *Tempstr=NULL; - int result, size, bytes_read=0, max; + const char *ptr; + int result=0, size, bytes_read=0, max; + + //for documents where we know the size, e.g. HTTP documents where we've had 'Content-Length' + //there will be a size booked against the stream 'S' + if ( (S->Size > 0) && (! (S->State & LU_SS_COMPRESSED)) ) size=S->Size; + + //we can set a program-wide max document size max=LibUsefulGetInteger("MaxDocumentSize"); - if ( (S->Size > 0) && (! (S->State & SS_COMPRESSED)) ) size=S->Size; - else size=max; + if (max > 0) size=max; + while (bytes_read < size) { @@ -2150,8 +2274,17 @@ char *STREAMReadDocument(char *RetStr, STREAM *S) if (result >= 0) bytes_read+=result; else break; } - StrTrunc(RetStr,bytes_read); + //don't trust StrTrunc here, as we might have read + //binary data that can include '\0' characters + //StrTrunc(RetStr,bytes_read); + + //instead of StrTrunc do this. + RetStr[bytes_read]='\0'; + StrLenCacheAdd(RetStr, bytes_read); + + + //if result > 0 then we didn't break out on reading a 'STREAM_CLOSED' or other close condition, we broke out because we had hit the size limit if ((bytes_read==size) && (result > 0)) { if (bytes_read==max) RaiseError(0, "STREAMReadDocument", "Document size is greater than Max Document Size of %s bytes", ToIEC(max, 1)); diff --git a/libUseful-5/Stream.h b/libUseful-5/Stream.h index aabc6a7..f401f9b 100644 --- a/libUseful-5/Stream.h +++ b/libUseful-5/Stream.h @@ -77,6 +77,26 @@ t make a unique temporary file name. the file path must be a mktemp style te S file contents are sorted x exclusive open using O_EXCL. Only create/open file if it doesn't exist. z compress/uncompress with gzip +e encrypt using openssl compatible file format +R autorecovery. Take a backup when the file is opened for write, and if the file isn't closed properly, then revert to that backup when next it's opened. + + +for encrypted files with the 'e' option, a password must be supplied using the 'encrypt' argument. The key and inputvector are calculated from this password. +e.g. + +S=STREAMOpen("myfile.enc", "we encrypt=T0PSekrit"); + +The default cipher used is aes-256-cbc, however the cipher can be overridden like so: + + +S=STREAMOpen("myfile.enc", "we encrypt=T0PSekrit encrypt_cipher=blowfish"); + +Encryption only supports either read only or write only files, not read-write. + + + +Autorecovery using the 'R' option will take a backup whenever the file is opened write-only, but not for read-write or append. This backup should be deleted when the file is closed. If the file is opened for read or append, and the backup exists, then the file will be moved to ..error and the backup will be imported in it's place. + for tcp/unix/udp network connections the 'config argument' defaults to 'rw' if blank. @@ -208,38 +228,41 @@ typedef enum {STREAM_TYPE_FILE, STREAM_TYPE_PIPE, STREAM_TYPE_TTY, STREAM_TYPE_U #define SF_RDLOCK 2048 //lock file on every read #define SF_FOLLOW 4096 //ONLY FOR FILES: follow symbolic links #define SF_TLS 4096 //ONLY FOR SOCKETS: use SSL/TLS -#define SF_SECURE 8192 //lock internal buffers into memory so they aren't written to swap or coredumps -#define SF_NONBLOCK 16384 //nonblocking open (you must use select to check that the file is ready to use) -#define SF_EXCL 32768 //ONLY FOR FILES: exclusive create with O_EXCL, file must not pre-exist -#define SF_TLS_AUTO 32768 //nothing to see here, move along -#define SF_ERROR 65536 //raise an error if open or connect fails -#define SF_EXEC_INHERIT 131072 //allow stream to be inherited across an exec (default is close-on-exec) -#define SF_BINARY 262144 //'binary mode' for websocket etc -#define SF_NOCACHE 524288 //don't cache file data in filesystem cache -#define SF_SORTED 1048576 //file is sorted, this is a hint to 'STREAMFind' -#define STREAM_IMMUTABLE 2097152 //file is immutable (if supported by fs) +#define SF_SECURE 8192 //lock internal buffers into memory so they aren't written to swap or coredumps +#define SF_NONBLOCK 16384 //nonblocking open (you must use select to check that the file is ready to use) +#define SF_EXCL 32768 //ONLY FOR FILES: exclusive create with O_EXCL, file must not pre-exist +#define SF_TLS_AUTO 32768 //nothing to see here, move along +#define SF_ERROR 65536 //raise an error if open or connect fails +#define SF_EXEC_INHERIT 131072 //allow stream to be inherited across an exec (default is close-on-exec) +#define SF_AUTORECOVER 262144 //ONLY FOR FILES: take autorecovery backup on writing a file, and apply it on read +#define SF_BINARY 262144 //ONLY FOR SOCKETS: 'binary mode' for, websockets etc +#define SF_NOCACHE 524288 //don't cache file data in filesystem cache +#define SF_LIST 524288 //only for SSH streams: list files +#define SF_SORTED 1048576 //file is sorted, this is a hint to 'STREAMFind' +#define STREAM_IMMUTABLE 2097152 //file is immutable (if supported by fs) #define STREAM_APPENDONLY 4194304 //file is append-only (if supported by fs) -#define SF_COMPRESSED 8388608 //enable compression, this requests compression -#define SF_TMPNAME 16777216 //file path is a template to create a temporary file name (must end in 'XXXXXX') +#define SF_COMPRESSED 8388608 //enable compression, this requests compression +#define SF_TMPNAME 16777216 //file path is a template to create a temporary file name (must end in 'XXXXXX') +#define SF_ENCRYPT 33554432 //file path is a template to create a temporary file name (must end in 'XXXXXX') //Stream state values, set in S->State -#define SS_CONNECTING 1 -#define SS_INITIAL_CONNECT_DONE 4 -#define SS_CONNECTED 8 -#define SS_DATA_ERROR 16 -#define SS_WRITE_ERROR 32 -#define SS_EMBARGOED 64 -#define SS_SSL 4096 -#define SS_AUTH 8192 -#define SS_COMPRESSED 16384 //compression enabled, specifies compression active on a stream -#define SS_MSG_READ 32768 +#define LU_SS_CONNECTING 1 +#define LU_SS_INITIAL_CONNECT_DONE 4 +#define LU_SS_CONNECTED 8 +#define LU_SS_DATA_ERROR 16 +#define LU_SS_WRITE_ERROR 32 +#define LU_SS_EMBARGOED 64 +#define LU_SS_SSL 4096 +#define LU_SS_AUTH 8192 +#define LU_SS_COMPRESSED 16384 //compression enabled, specifies compression active on a stream +#define LU_SS_MSG_READ 32768 //state values available for programmer use -#define SS_USER1 268435456 -#define SS_USER2 536870912 -#define SS_USER3 1073741824 -#define SS_USER4 2147483648 +#define LU_SS_USER1 268435456 +#define LU_SS_USER2 536870912 +#define LU_SS_USER3 1073741824 +#define LU_SS_USER4 2147483648 diff --git a/libUseful-5/StreamAuth.c b/libUseful-5/StreamAuth.c index d7ca67d..6094031 100644 --- a/libUseful-5/StreamAuth.c +++ b/libUseful-5/StreamAuth.c @@ -41,12 +41,12 @@ static int STREAMBasicAuthPasswordFile(const char *Path, STREAM *S) const char *ptr; int AuthResult=FALSE; - ptr=STREAMGetValue(S, "Auth:Basic"); - printf("AB: [%s]\n", ptr); - if (! StrValid(ptr)) return(FALSE); - - HTTPDecodeBasicAuth(ptr, &User, &Password); - AuthResult=PasswordFileCheck(Path, User, Password); + if (StrValid(Path)) + { + User=CopyStr(User, STREAMGetValue(S, "AUTH:User")); + Password=CopyStr(Password, STREAMGetValue(S, "AUTH:Password")); + AuthResult=PasswordFileCheck(Path, User, Password, NULL); + } Destroy(User); Destroy(Password); @@ -69,7 +69,6 @@ static int STREAMAuthProcess(STREAM *S, const char *AuthTypes) ptr=GetNameValuePair(AuthTypes, ";", ":",&Key, &Value); while (ptr) { - printf("AUTH: %s\n", Key); if (CompareStrNoCase(Key, "basic")==0) { Tempstr=EncodeBytes(Tempstr, Value, StrLen(Value), ENCODE_BASE64); @@ -90,7 +89,7 @@ static int STREAMAuthProcess(STREAM *S, const char *AuthTypes) } else if (CompareStrNoCase(Key, "password-file")==0) AuthResult=STREAMBasicAuthPasswordFile(Value, S); - ptr=GetNameValuePair(ptr, ";", "=",&Key, &Value); + ptr=GetNameValuePair(ptr, ";", ":",&Key, &Value); } if (AuthResult==TRUE) STREAMSetValue(S, "STREAM:Authenticated", "Y"); @@ -109,10 +108,14 @@ int STREAMAuth(STREAM *S) { const char *ptr; - ptr=STREAMGetValue(S, "Authenticator"); + ptr=STREAMGetValue(S, "AUTH:Types"); if (! StrValid(ptr)) return(TRUE); - return(STREAMAuthProcess(S, ptr)); + if (STREAMAuthProcess(S, ptr)) + { + S->Flags |= LU_SS_AUTH; + return(TRUE); + } return(FALSE); } diff --git a/libUseful-5/StreamAuth.h b/libUseful-5/StreamAuth.h index fb837ae..b07c1d1 100644 --- a/libUseful-5/StreamAuth.h +++ b/libUseful-5/StreamAuth.h @@ -8,11 +8,64 @@ Copyright (c) 2015 Colum Paget #include "Stream.h" +/* Functions supporting some types of authentication against streams. + +For http streams password-file authentication is supported. For other network streams +IP address based and ssl certificate based authenticaiton is supported. + +The only function you'd normally use here is the 'STREAMIsAuth(STREAM *S)' macro, to check +if a stream has been authenticated using any of these methods. 'STREAMAuth' is usually called +automatically from within STREAMServerAccept, and doesn't need to be re-called. + +Both STREAMIsAuth and STREAMAuth return TRUE or FALSE to indicate whether the stream has been authenticated + +Example usage: + +Serv=STREAMServerNew("http:192.168.0.1", "auth='password-file:/etc/myserver.pw;ip:192.168.0.2,192.168.0.3'"); +S=STREAMServerAccept(Serv); +if (StreamIsAuth(S)) +{ +... +} + +This sets up authentication using either a password file (see PasswordFile.h) or by IP address. If the connection is coming from one of the specified IP addresses, or theres a user/password match in the password file, then the connection is authenticated (obviously password-file is only usable because HTTP has a password authentication scheme). + +Note usage of semi-colon to seperate authentication types. comma is used to seperate multiple options within an authentication type + +Available authentication schemes are: + +ip:
- authenticate by matching source IP with one of the IPs in a comma-seperated list +password-file: - authenticate by using a username/password found in password file at +cert: - authenticate with a client-certificate that verifies and has the specified subject (usually username) +certificate: - authenticate with a client-certificate that verifies and has the specified subject (usually username) +issuer: - authenticate with a client-certificate that verifies and is issued by the specified issuer +basic: - authenticate using a username and password combo expressed as an HTTP style base64 encoded string +cookie: - authenticate using an HTTP cookie that matches + +For the 'certificate' and 'issuer' authentication types, the verifiying certificates (CA certificates) can be defined using the 'SSL:VerifyFile' and 'SSL:VerifyDir' options to STREAMServerNew (without these libUseful will default to using the openssl default file, usually stored somewhere like '/etc/ssl/cacert.pem', and which provides CA certificates for well-known certificate authorities. + +Example SSL setup: + +Serv=STREAMServerNew("tls:192.168.0.1", "auth='cert:bill.blogs;issuer:myCA' ssl:CertFile=/etc/ssl/myhost.crt ssl:KeyFile=/etc/ssl/myhost.key ssl:VerifyFile=/etc/ssl/myCA.ca"); +S=STREAMServerAccept(Serv); +if (StreamIsAuth(S)) +{ +... +} + +In this setup we can authenticate using a certificate for 'bill.blogs' that is verified by any CA certificate (in this case that would have to be one in /etc/ssl/myCA.ca) or with any certificate issued by 'myCA' (which again, must be verified against a certificate in /etc/ssl/myCA.ca) + + +*/ + + + #ifdef __cplusplus extern "C" { #endif +#define STREAMIsAuth(S) ((S)->Flags & LU_SS_AUTH) int STREAMAuth(STREAM *S); #ifdef __cplusplus diff --git a/libUseful-5/String.c b/libUseful-5/String.c index b0a935f..909ed2e 100644 --- a/libUseful-5/String.c +++ b/libUseful-5/String.c @@ -194,7 +194,6 @@ char *VCatStr(char *Dest, const char *Str1, va_list args) size_t len=0, ilen; char *ptr=NULL; const char *sptr=NULL; - char *eptr; if (Dest !=NULL) @@ -298,7 +297,7 @@ int StrRTruncChar(char *Str, char Term) char *PadStr(char*Dest, char Pad, int PadLen) { char *NewStr=NULL; - int i, len, abslen; + int i, abslen; if (PadLen==0) return(Dest); if (PadLen < 0) abslen=0-PadLen; @@ -326,7 +325,6 @@ char *PadStr(char*Dest, char Pad, int PadLen) char *PadStrTo(char*Dest, char Pad, int PadLen) { - char *NewStr=NULL; int val, len; if (PadLen==0) return(Dest); @@ -589,7 +587,7 @@ char *StripQuotes(char *Str) char *QuoteCharsInStr(char *Buffer, const char *String, const char *QuoteChars) { char *RetStr=NULL; - const char *sptr, *cptr; + const char *sptr; size_t olen=0; RetStr=CopyStr(Buffer,""); diff --git a/libUseful-5/String.h b/libUseful-5/String.h index 1117a86..ab513e4 100644 --- a/libUseful-5/String.h +++ b/libUseful-5/String.h @@ -3,8 +3,8 @@ Copyright (c) 2015 Colum Paget * SPDX-License-Identifier: GPL-3.0 */ -#ifndef LIBUSEFUL_STRING -#define LIBUSEFUL_STRING +#ifndef LIBUSEFUL_STRING_H +#define LIBUSEFUL_STRING_H /***************************************************************************** Functions related to resizeable strings. diff --git a/libUseful-5/SysInfo.c b/libUseful-5/SysInfo.c index 4e3a8e6..af49f88 100644 --- a/libUseful-5/SysInfo.c +++ b/libUseful-5/SysInfo.c @@ -86,12 +86,16 @@ const char *OSSysInfoString(int Info) case OSINFO_HOSTNAME: buf=SetStrLen(buf, HOST_NAME_MAX); result=gethostname(buf, HOST_NAME_MAX); + //if call failed make sure we return a blank string + if (result != 0) buf[0]='\0'; return(buf); break; case OSINFO_DOMAINNAME: buf=SetStrLen(buf, HOST_NAME_MAX); result=getdomainname(buf, HOST_NAME_MAX); + //if call failed make sure we return a blank string + if (result != 0) buf[0]='\0'; return(buf); break; diff --git a/libUseful-5/SysInfo.h b/libUseful-5/SysInfo.h index 9365855..21a1b78 100644 --- a/libUseful-5/SysInfo.h +++ b/libUseful-5/SysInfo.h @@ -3,8 +3,8 @@ Copyright (c) 2015 Colum Paget * SPDX-License-Identifier: GPL-3.0 */ -#ifndef LIBUSEFUL_SYSINFO -#define LIBUSEFUL_SYSINFO +#ifndef LIBUSEFUL_SYSINFO_H +#define LIBUSEFUL_SYSINFO_H #include "defines.h" diff --git a/libUseful-5/Terminal.c b/libUseful-5/Terminal.c index ff23d1d..ccafa8d 100644 --- a/libUseful-5/Terminal.c +++ b/libUseful-5/Terminal.c @@ -133,6 +133,23 @@ int TerminalStrLen(const char *Str) } +char *TerminalPadStr(char *Str, int PadChar, int PadTo) +{ + int term_len, len, diff, max; + + term_len=TerminalStrLen(Str); + len=StrLen(Str); + diff=PadTo-term_len; + max=len+diff; + while (len < max) + { + Str=AddCharToBuffer(Str, len, PadChar); + len++; + } + + return(Str); +} + char *TerminalStrTrunc(char *Str, int MaxLen) { @@ -246,6 +263,7 @@ int ANSIParseColor(const char *Str) void TerminalGeometry(STREAM *S, int *wid, int *len) { struct winsize w; + char *Tempstr=NULL; const char *ptr; int val=0; @@ -268,6 +286,14 @@ void TerminalGeometry(STREAM *S, int *wid, int *len) *wid=w.ws_col; *len=w.ws_row; + + + Tempstr=FormatStr(Tempstr,"%d", *wid); + STREAMSetValue(S, "Terminal:cols", Tempstr); + Tempstr=FormatStr(Tempstr,"%d", *len); + STREAMSetValue(S, "Terminal:rows", Tempstr); + + Destroy(Tempstr); } @@ -369,6 +395,12 @@ const char *TerminalAlignText(const char *Text, char **RetStr, int Flags, STREAM int pos=0, cols, rows, len, i; const char *ptr; + if (! Term) + { + *RetStr=CopyStr(*RetStr, Text); + return(Text+StrLen(Text)); + } + TerminalGeometry(Term, &cols, &rows); len=TerminalStrLen(Text); @@ -399,7 +431,6 @@ const char *TerminalAlignText(const char *Text, char **RetStr, int Flags, STREAM char *TerminalCommandStr(char *RetStr, int Cmd, int Arg1, int Arg2) { - int i; char *Tempstr=NULL; switch (Cmd) @@ -575,7 +606,7 @@ char *TerminalFillToEndOfLine(char *RetStr, int fill_char, STREAM *Term) const char *TerminalFormatSubStr(const char *Str, char **RetStr, STREAM *Term) { - const char *ptr, *end; + const char *ptr; char *Tempstr=NULL; long val; int Fg, Bg; @@ -770,6 +801,7 @@ void TerminalPutChar(int Char, STREAM *S) else result=write(1,Tempstr,StrLen(Tempstr)); } + Destroy(Tempstr); } @@ -791,6 +823,21 @@ void TerminalPutStr(const char *Str, STREAM *S) } + +void TerminalPrint(STREAM *S, const char *FmtStr, ...) +{ + char *Tempstr=NULL; + va_list args; + + va_start(args,FmtStr); + Tempstr=VFormatStr(Tempstr, FmtStr, args); + va_end(args); + TerminalPutStr(Tempstr, S); + + Destroy(Tempstr); +} + + void XtermSetTerminalSize(STREAM *Term, int wide, int high) { char *Tempstr=NULL; @@ -964,13 +1011,14 @@ char *TerminalReadText(char *RetStr, int Flags, STREAM *S) switch (inchar) { + //seems like control-c sends this + case STREAM_NODATA: case ESCAPE: Destroy(RetStr); return(NULL); break; case STREAM_TIMEOUT: - case STREAM_NODATA: case '\n': case '\r': break; @@ -1057,10 +1105,6 @@ int TerminalInit(STREAM *S, int Flags) int ttyflags=0; TerminalGeometry(S, &cols, &rows); - Tempstr=FormatStr(Tempstr,"%d",cols); - STREAMSetValue(S, "Terminal:cols", Tempstr); - Tempstr=FormatStr(Tempstr,"%d",rows); - STREAMSetValue(S, "Terminal:rows", Tempstr); STREAMSetValue(S, "Terminal:top", "0"); @@ -1074,7 +1118,7 @@ int TerminalInit(STREAM *S, int Flags) if (ttyflags) TTYConfig(S->in_fd, 0, ttyflags); } - XtermSetDefaultColors(S, TerminalThemeGet("Terminal:Attribs")); + XtermSetDefaultColors(S, TerminalThemeGet("Terminal", "Attribs")); TerminalBarsInit(S); if (Flags & TERM_WHEELMOUSE) STREAMWriteLine("\x1b[?1000h", S); else if (Flags & TERM_MOUSE) STREAMWriteLine("\x1b[?9h", S); diff --git a/libUseful-5/Terminal.h b/libUseful-5/Terminal.h index 368c9d8..f68ad32 100644 --- a/libUseful-5/Terminal.h +++ b/libUseful-5/Terminal.h @@ -306,14 +306,23 @@ const char *TerminalFormatSubStr(const char *Str, char **RetStr, STREAM *Term); void TerminalPutStr(const char *Str, STREAM *S); +//'FmtStr' is a printf-style format string with '%d, %s' style substitutions and 'tilde commands' in it. +//Furthermore, any strings printed with '%s' can contain tilde commands too. +//The ANSI coded result is output to stream S +void TerminalPrint(STREAM *S, const char *FmtStr, ...); //step past a single character. Understands tilde-strings and (some) unicode, consuming them as one character int TerminalConsumeCharacter(const char **ptr); //calculate length of string *after ANSI formating*, so ANSI escape sequences don't count as characters added -//to the length +//to the length and unicode escape sequences should only count as single chars int TerminalStrLen(const char *Str); +// pad terminal string with a character to a length *handling ANSI formatting*, +// so ANSI escape sequences don't count if they just change colors, and unicode +// escape sequences should only count as single chars +char *TerminalPadStr(char *Str, int PadChar, int PadTo); + //truncate a terminal string to a length *handling ANSI formatting*, so ANSI escape sequences don't count to //the length to be truncated. This means if you ask for 5 characters, you get five text characters, plus any //ansi strings that preceed them diff --git a/libUseful-5/TerminalBar.c b/libUseful-5/TerminalBar.c index 2200230..8897ef5 100644 --- a/libUseful-5/TerminalBar.c +++ b/libUseful-5/TerminalBar.c @@ -7,7 +7,7 @@ void TerminalInternalConfig(const char *Config, int *ForeColor, int *BackColor, void TerminalBarUpdate(TERMBAR *TB, const char *Text) { - int rows, cols, x=0, y=0, TextLen; + int rows, cols, y=0, TextLen; char *Str=NULL; TextLen=TerminalStrLen(Text); @@ -284,7 +284,6 @@ TERMBAR *TerminalBarCreate(STREAM *Term, const char *Config, const char *Text) { TERMBAR *TB; char *Tempstr=NULL; - const char *ptr; TB=(TERMBAR *) calloc(1,sizeof(TERMBAR)); TB->Term=Term; diff --git a/libUseful-5/TerminalChoice.c b/libUseful-5/TerminalChoice.c index b1062e3..0306157 100644 --- a/libUseful-5/TerminalChoice.c +++ b/libUseful-5/TerminalChoice.c @@ -13,13 +13,9 @@ TERMCHOICE *TerminalChoiceCreate(STREAM *Term, const char *Config) void TerminalChoiceDraw(TERMCHOICE *Chooser) { - ListNode *Curr; char *Tempstr=NULL, *LPad=NULL, *RPad=NULL; - - if (Chooser->Flags & TERMMENU_POSITIONED) TerminalCommand(TERM_CURSOR_MOVE, Chooser->x, Chooser->y, Chooser->Term); - else Tempstr=CopyStr(Tempstr, "\r"); - - if (StrValid(Chooser->Text)) Tempstr=CatStr(Tempstr, Chooser->Text); + ListNode *Curr; + int choice_pos=0, len, pos; LPad=PadStr(LPad, ' ', TerminalStrLen(Chooser->CursorLeft)); RPad=PadStr(RPad, ' ', TerminalStrLen(Chooser->CursorRight)); @@ -30,13 +26,49 @@ void TerminalChoiceDraw(TERMCHOICE *Chooser) if (Chooser->Options->Side==Curr) { Tempstr=MCatStr(Tempstr, Chooser->CursorAttribs, Chooser->CursorLeft, Curr->Tag, Chooser->CursorRight, "~0", NULL); + choice_pos=StrLen(Tempstr); } else Tempstr=MCatStr(Tempstr, LPad, Curr->Tag, RPad, NULL); Curr=ListGetNext(Curr); } - TerminalPutStr(Tempstr, Chooser->Term); + //choice pos is the position of the end of the selected option/choice + //if this is outside of the 'window' of the chooser, we'll have to use + //memmove to move the option into the 'window' of the chooser + choice_pos += StrLen(Chooser->Text); + if (Chooser->wid > 0) + { + if (choice_pos > Chooser->wid) + { + len=StrLen(Tempstr); + pos=choice_pos - Chooser->wid; + len -= pos; + memmove(Tempstr, Tempstr + pos, len+1); + } + + } + + + //from here on we use LPad for the 'final' string that's printed out + + //either move to position or use '\r' to go to start of the line + LPad=CopyStr(LPad, ""); + if (Chooser->Flags & TERMMENU_POSITIONED) TerminalCommand(TERM_CURSOR_MOVE, Chooser->x, Chooser->y, Chooser->Term); + else LPad=CopyStr(LPad, "\r"); + + //Add the prompt + if (StrValid(Chooser->Text)) LPad=CatStr(LPad, Chooser->Text); + LPad=CatStr(LPad, Tempstr); + + if (Chooser->wid > 0) + { + len=TerminalStrLen(LPad); + LPad=PadStr(LPad, ' ', Chooser->wid); + StrTrunc(LPad, Chooser->wid); + } + + TerminalPutStr(LPad, Chooser->Term); STREAMFlush(Chooser->Term); Destroy(Tempstr); diff --git a/libUseful-5/TerminalKeys.c b/libUseful-5/TerminalKeys.c index cc3a66b..0e682c0 100644 --- a/libUseful-5/TerminalKeys.c +++ b/libUseful-5/TerminalKeys.c @@ -1455,7 +1455,7 @@ static int TerminalReadCSISeqNum(STREAM *S, char PrevChar) static int TerminalReadCSIMouse(STREAM *S) { char *Tempstr=NULL; - int flags, x, y, val, keycode=0; + int flags, x, y, keycode=0; flags=STREAMReadChar(S)-32; x=STREAMReadChar(S)-32; diff --git a/libUseful-5/TerminalMenu.c b/libUseful-5/TerminalMenu.c index 28a59cc..732ac5d 100644 --- a/libUseful-5/TerminalMenu.c +++ b/libUseful-5/TerminalMenu.c @@ -3,7 +3,7 @@ TERMMENU *TerminalMenuCreate(STREAM *Term, int x, int y, int wid, int high) { - return(TerminalWidgetNew(Term, x, y, wid, high, "attribs= cursor_attribs=~e selected_attribs=~e cursor=>")); + return(TerminalWidgetNew(Term, x, y, wid, high, "type=menu")); } @@ -56,9 +56,9 @@ static void TerminalGetLineAttributes(TERMMENU *Menu, ListNode *Curr, char **p_A -static char *TerminalMenuFormatItem(char *Output, TERMMENU *Menu, ListNode *Curr) +static char *TerminalMenuFormatItem(char *Output, TERMMENU *Menu, ListNode *Curr, int TermWidth) { - int count, margins; + int count, margins, wide; char *LineStart=NULL, *LineEnd=NULL, *Contents=NULL, *Tempstr=NULL; char *SingleLineCR=NULL; char *p_Attribs; @@ -74,14 +74,12 @@ static char *TerminalMenuFormatItem(char *Output, TERMMENU *Menu, ListNode *Curr if (StrValid(p_Attribs)) Contents=ReplaceStr(Contents, Curr->Tag, "~0", p_Attribs); else Contents=CopyStr(Contents, Curr->Tag); - Contents=TerminalStrTrunc(Contents, Menu->wid - margins); - count=TerminalStrLen(Contents); - while (count < (Menu->wid - margins)) - { - Contents=CatStr(Contents, " "); - count++; - } + wide=Menu->wid; + if (wide < 0) wide=TermWidth + wide; + + Contents=TerminalStrTrunc(Contents, wide - margins); + Contents=TerminalPadStr(Contents, ' ', wide - margins); Tempstr=MCopyStr(Tempstr, SingleLineCR, LineStart, Contents, LineEnd, NULL); @@ -100,13 +98,18 @@ static char *TerminalMenuFormatItem(char *Output, TERMMENU *Menu, ListNode *Curr //If a menu has fewer items in it than can fill it's full size, //then we need to pad it with extra lines to it's full size. -void TerminalMenuPadToEnd(TERMMENU *Menu, int start, int end) +static void TerminalMenuPadToEnd(TERMMENU *Menu, int start, int end, int TermWidth) { - int y; + int y, wide; char *Output=NULL; y=start; - Output=PadStrTo(Output, ' ', Menu->wid); + wide=Menu->wid; + if (wide < 0) wide=TermWidth + wide; + + + + Output=PadStrTo(Output, ' ', wide); while (y <= end) { TerminalCursorMove(Menu->Term, Menu->x, y); @@ -122,7 +125,7 @@ void TerminalMenuDraw(TERMMENU *Menu) { ListNode *Curr; char *Output=NULL; - int y, yend, count; + int y, yend, TermWide, TermHigh; //single line mode is a special case //that doesn't use 'cursor move' to build //a menu at a specific screen position, @@ -130,6 +133,12 @@ void TerminalMenuDraw(TERMMENU *Menu) //at the current cursor position int singleline=FALSE; + if (Menu->Term) + { + TermWide=atoi(STREAMGetValue(Menu->Term, "Terminal:cols")); + TermHigh=atoi(STREAMGetValue(Menu->Term, "Terminal:rows")); + } + if (Menu->y==-1) { y=0; @@ -139,14 +148,16 @@ void TerminalMenuDraw(TERMMENU *Menu) else { y=Menu->y; - yend=y+Menu->high; + if (Menu->high < 0) yend=y + (TermHigh + Menu->high); + else yend=y+Menu->high; } + Curr=MenuGetTop(Menu); while (Curr) { if (! singleline) TerminalCursorMove(Menu->Term, Menu->x, y); - Output=TerminalMenuFormatItem(Output, Menu, Curr); + Output=TerminalMenuFormatItem(Output, Menu, Curr, TermWide); //length has two added for the leading space for the cursor @@ -158,7 +169,7 @@ void TerminalMenuDraw(TERMMENU *Menu) } - if (! singleline) TerminalMenuPadToEnd(Menu, y, yend); + if (! singleline) TerminalMenuPadToEnd(Menu, y, yend, TermWide); STREAMFlush(Menu->Term); Destroy(Output); @@ -287,7 +298,6 @@ ListNode *TerminalMenu(STREAM *Term, ListNode *Options, int x, int y, int wid, i { TERMMENU *Menu; ListNode *Node; - int key; Menu=TerminalMenuCreate(Term, x, y, wid, high); Menu->Options = Options; diff --git a/libUseful-5/TerminalProgress.c b/libUseful-5/TerminalProgress.c index fcc95b8..183b352 100644 --- a/libUseful-5/TerminalProgress.c +++ b/libUseful-5/TerminalProgress.c @@ -1,12 +1,10 @@ #include "TerminalProgress.h" -#include "TerminalTheme.h" TERMPROGRESS *TerminalProgressCreate(STREAM *Term, const char *Config) { TERMPROGRESS *TP; - TP=TerminalWidgetCreate(Term, "progress=* remain=' ' left-contain=' [' right-contain='] '"); - TerminalThemeApply(TP, "Progress"); + TP=TerminalWidgetCreate(Term, "type=progress"); TerminalWidgetParseConfig(TP, Config); return(TP); } @@ -15,28 +13,38 @@ TERMPROGRESS *TerminalProgressCreate(STREAM *Term, const char *Config) void TerminalProgressDraw(TERMPROGRESS *TP, float Fract, const char *Info) { char *Tempstr=NULL, *Bar=NULL, *Remain=NULL; - int i, len; + const char *ptr; + int len, wide; + + wide=TP->wid; + if (TP->Term) + { + if (wide < 0) wide=atoi(STREAMGetValue(TP->Term, "Terminal:cols")) + TP->wid - TP->x - TerminalStrLen(TP->Text) - TerminalStrLen(Info); + } if (TP->Flags & TERMMENU_POSITIONED) TerminalCommand(TERM_CURSOR_MOVE, TP->x, TP->y, TP->Term); else Tempstr=CopyStr(Tempstr, "\r"); if (StrValid(TP->Text)) Tempstr=CatStr(Tempstr, TP->Text); - Tempstr=MCatStr(Tempstr, GetVar(TP->Options, "LeftContainer"), TP->SelectedAttribs, NULL); - - len=(int) (TP->wid * Fract + 0.5); - Bar=PadStr(Bar, *TP->CursorLeft, len); + Tempstr=MCatStr(Tempstr, TP->CursorLeft, TP->SelectedAttribs, NULL); + len=(int) (wide * Fract + 0.5); + ptr=GetVar(TP->Options, "progress"); + if (! StrValid(ptr)) ptr=" "; + Bar=PadStr(Bar, *ptr, len); Tempstr=CatStr(Tempstr, Bar); if (StrValid(TP->Attribs)) Tempstr=CatStr(Tempstr, TP->Attribs); else if (StrValid(TP->SelectedAttribs)) Tempstr=CatStr(Tempstr, "~0"); - Remain=PadStr(Remain, *TP->CursorRight, TP->wid - len); + ptr=GetVar(TP->Options, "remain"); + if (! StrValid(ptr)) ptr=" "; + Remain=PadStr(Remain, *ptr, wide - len); Tempstr=CatStr(Tempstr, Remain); if (StrValid(TP->Attribs)) Tempstr=CatStr(Tempstr, "~0"); - Tempstr=CatStr(Tempstr, GetVar(TP->Options, "RightContainer")); + Tempstr=CatStr(Tempstr, TP->CursorRight); if (StrValid(Info)) Tempstr=MCatStr(Tempstr, Info, "~>", NULL); TerminalPutStr(Tempstr, TP->Term); diff --git a/libUseful-5/TerminalTheme.c b/libUseful-5/TerminalTheme.c index 874ab67..f1f252a 100644 --- a/libUseful-5/TerminalTheme.c +++ b/libUseful-5/TerminalTheme.c @@ -12,6 +12,14 @@ ListNode *TerminalThemeInit() SetVar(TermTheme, "Menu:CursorLeft", ">"); SetVar(TermTheme, "Menu:SelectedLeft", "*"); + SetVar(TermTheme, "Menu:CursorAttribs", "~e"); + SetVar(TermTheme, "Menu:SelectedAttribs", "~e"); + + SetVar(TermTheme, "Progress:CursorLeft", "["); + SetVar(TermTheme, "Progress:CursorRight", "]"); + SetVar(TermTheme, "Progress:Progress", "*"); + SetVar(TermTheme, "Progress:Remain", " "); + SetVar(TermTheme, "Choice:CursorLeft", "["); SetVar(TermTheme, "Choice:CursorRight", "]"); @@ -31,30 +39,36 @@ ListNode *TerminalThemeInit() } -const char *TerminalThemeGet(const char *Name) +const char *TerminalThemeGet(const char *Scope, const char *Attrib) { + char *Tempstr=NULL; + const char *p_Value; + if (! TermTheme) TerminalThemeInit(); - return(GetVar(TermTheme, Name)); + Tempstr=MCopyStr(Tempstr, Scope, ":", Attrib, NULL); + p_Value=GetVar(TermTheme, Tempstr); + + Destroy(Tempstr); + + return(p_Value); } + void TerminalThemeSet(const char *Name, const char *Value) { if (! TermTheme) TerminalThemeInit(); SetVar(TermTheme, Name, Value); } + static char *TerminalThemeLoadValue(char *RetStr, const char *Theme, const char *Attrib) { - char *Tempstr=NULL; const char *ptr; if (! TermTheme) TerminalThemeInit(); - - Tempstr=MCopyStr(Tempstr, Theme, ":", Attrib, NULL); - ptr=TerminalThemeGet(Tempstr); + ptr=TerminalThemeGet(Theme, Attrib); if (StrValid(ptr)) RetStr=CopyStr(RetStr, ptr); - Destroy(Tempstr); return(RetStr); } @@ -65,4 +79,10 @@ void TerminalThemeApply(TERMWIDGET *TW, const char *Type) TW->SelectedAttribs=TerminalThemeLoadValue(TW->SelectedAttribs, Type, "SelectedAttribs"); TW->CursorLeft=TerminalThemeLoadValue(TW->CursorLeft, Type, "CursorLeft"); TW->CursorRight=TerminalThemeLoadValue(TW->CursorRight, Type, "CursorRight"); + + if (strcasecmp(Type, "progress")==0) + { + SetVar(TW->Options, "progress", TerminalThemeGet(Type, "progress")); + SetVar(TW->Options, "remain", TerminalThemeGet(Type, "remain")); + } } diff --git a/libUseful-5/TerminalTheme.h b/libUseful-5/TerminalTheme.h index 587ccbf..e559568 100644 --- a/libUseful-5/TerminalTheme.h +++ b/libUseful-5/TerminalTheme.h @@ -17,7 +17,7 @@ extern "C" { #include "TerminalWidget.h" ListNode *TerminalThemeInit(); -const char *TerminalThemeGet(const char *Name); +const char *TerminalThemeGet(const char *Scope, const char *AttributeName); void TerminalThemeSet(const char *Name, const char *Value); void TerminalThemeApply(TERMWIDGET *TW, const char *Type); diff --git a/libUseful-5/TerminalWidget.c b/libUseful-5/TerminalWidget.c index 331dd76..dfc185a 100644 --- a/libUseful-5/TerminalWidget.c +++ b/libUseful-5/TerminalWidget.c @@ -1,5 +1,5 @@ #include "TerminalWidget.h" - +#include "TerminalTheme.h" void TerminalWidgetSetOptions(TERMWIDGET *TW, const char *Choices) @@ -28,7 +28,6 @@ void TerminalWidgetParseConfig(TERMWIDGET *TW, const char *Config) char *Name=NULL, *Value=NULL; const char *ptr; - ptr=GetNameValuePair(Config, "\\S", "=", &Name, &Value); while (ptr) { @@ -59,7 +58,7 @@ void TerminalWidgetParseConfig(TERMWIDGET *TW, const char *Config) case 'l': if (strcasecmp(Name, "left_cursor")==0) TW->CursorLeft=CopyStr(TW->CursorLeft, Value); - if (strcasecmp(Name, "left_contain")==0) SetVar(TW->Options, "LeftContainer", Value); + if (strcasecmp(Name, "left_contain")==0) TW->CursorLeft=CopyStr(TW->CursorLeft, Value); break; case 'h': @@ -72,16 +71,16 @@ void TerminalWidgetParseConfig(TERMWIDGET *TW, const char *Config) case 'p': if (strcasecmp(Name, "prompt")==0) TW->Text=CopyStr(TW->Text, Value); - if (strcasecmp(Name, "progress")==0) TW->CursorLeft=CopyStr(TW->CursorLeft, Value); + if (strcasecmp(Name, "progress")==0) SetVar(TW->Options, "progress", Value); if (strcasecmp(Name, "progress_attribs")==0) TW->SelectedAttribs=CopyStr(TW->SelectedAttribs, Value); break; case 'r': if (strcasecmp(Name, "right_cursor")==0) TW->CursorRight=CopyStr(TW->CursorRight, Value); - if (strcasecmp(Name, "right_contain")==0) SetVar(TW->Options, "RightContainer", Value); - if (strcasecmp(Name, "remain")==0) TW->CursorRight=CopyStr(TW->CursorRight, Value); - if (strcasecmp(Name, "remaining")==0) TW->CursorRight=CopyStr(TW->CursorRight, Value); - if (strcasecmp(Name, "remainder")==0) TW->CursorRight=CopyStr(TW->CursorRight, Value); + if (strcasecmp(Name, "right_contain")==0) TW->CursorRight=CopyStr(TW->CursorRight, Value); + if (strcasecmp(Name, "remain")==0) SetVar(TW->Options, "remain", Value); + if (strcasecmp(Name, "remaining")==0) SetVar(TW->Options, "remain", Value); + if (strcasecmp(Name, "remainder")==0) SetVar(TW->Options, "remain", Value); break; @@ -90,6 +89,10 @@ void TerminalWidgetParseConfig(TERMWIDGET *TW, const char *Config) else if (strcasecmp(Name, "select_right")==0) TW->CursorRight=CopyStr(TW->CursorRight, Value); break; + case 't': + if (strcasecmp(Name, "type")==0) TerminalThemeApply(TW, Value); + break; + case 'w': if (strcasecmp(Name, "width")==0) TW->wid=atoi(Value); break; diff --git a/libUseful-5/Time.c b/libUseful-5/Time.c index 14aed72..4e2b58e 100644 --- a/libUseful-5/Time.c +++ b/libUseful-5/Time.c @@ -12,7 +12,6 @@ static time_t LU_CachedTime=0; //This is cached millisecs since 1970 static uint64_t LU_CachedMillisecs=0; -static struct tm LU_CachedTM; void TimeZoneSet(const char *TimeZone) @@ -55,16 +54,6 @@ char *GetDateStrFromSecs(const char *DateFormat, time_t Secs, const char *TimeZo SavedTimeZone=CopyStr(SavedTimeZone, getenv("TZ")); TimeZoneSet(TimeZone); - /* - if (Secs==LU_CachedTime) TMS=&LU_CachedTM; - else - { - val=Secs; - TMS=localtime(&val); - memcpy(&LU_CachedTM, TMS, sizeof(struct tm)); - } - */ - val=Secs; TMS=localtime(&val); @@ -157,7 +146,6 @@ time_t ParseDuration(const char *Dur) long TimezoneOffset(const char *TimeZone) { long Secs=0; - char *Tempstr=NULL; char *SavedTimeZone=NULL; SavedTimeZone=CopyStr(SavedTimeZone, getenv("TZ")); diff --git a/libUseful-5/URL.c b/libUseful-5/URL.c index 1c81e60..9d770af 100644 --- a/libUseful-5/URL.c +++ b/libUseful-5/URL.c @@ -60,8 +60,9 @@ const char *ParseHostDetails(const char *Data, char **Host,char **Port,char **Us return(ptr); } +#define FLAG_GUESS_PORT 1 -void ParseURL(const char *URL, char **Proto, char **Host, char **Port, char **User, char **Password, char **Path, char **Args) +static void DecodeURL(const char *URL, char **Proto, char **Host, char **Port, char **User, char **Password, char **Path, char **Args, int Flags) { const char *ptr; char *Token=NULL, *tProto=NULL, *aptr; @@ -120,19 +121,21 @@ void ParseURL(const char *URL, char **Proto, char **Host, char **Port, char **Us } } -//the 'GetToken' call will have thrown away the '/' at the start of the path -//add it back in - if (Port && (! StrValid(*Port)) && StrValid(tProto)) + + if (Flags & FLAG_GUESS_PORT) { - if (CompareStr(tProto,"http")==0) *Port=CopyStr(*Port,"80"); - else if (CompareStr(tProto,"https")==0) *Port=CopyStr(*Port,"443"); - else if (CompareStr(tProto,"ssh")==0) *Port=CopyStr(*Port,"22"); - else if (CompareStr(tProto,"ftp")==0) *Port=CopyStr(*Port,"21"); - else if (CompareStr(tProto,"telnet")==0) *Port=CopyStr(*Port,"23"); - else if (CompareStr(tProto,"smtp")==0) *Port=CopyStr(*Port,"25"); - else if (CompareStr(tProto,"mailto")==0) *Port=CopyStr(*Port,"25"); + if (Port && (! StrValid(*Port)) && StrValid(tProto)) + { + if (CompareStr(tProto,"http")==0) *Port=CopyStr(*Port,"80"); + else if (CompareStr(tProto,"https")==0) *Port=CopyStr(*Port,"443"); + else if (CompareStr(tProto,"ssh")==0) *Port=CopyStr(*Port,"22"); + else if (CompareStr(tProto,"ftp")==0) *Port=CopyStr(*Port,"21"); + else if (CompareStr(tProto,"telnet")==0) *Port=CopyStr(*Port,"23"); + else if (CompareStr(tProto,"smtp")==0) *Port=CopyStr(*Port,"25"); + else if (CompareStr(tProto,"mailto")==0) *Port=CopyStr(*Port,"25"); + } } @@ -140,7 +143,15 @@ void ParseURL(const char *URL, char **Proto, char **Host, char **Port, char **Us DestroyString(tProto); } +void UnpackURL(const char *URL, char **Proto, char **Host, char **Port, char **User, char **Password, char **Path, char **Args) +{ + return(DecodeURL(URL, Proto, Host, Port, User, Password, Path, Args, 0)); +} +void ParseURL(const char *URL, char **Proto, char **Host, char **Port, char **User, char **Password, char **Path, char **Args) +{ + return(DecodeURL(URL, Proto, Host, Port, User, Password, Path, Args, FLAG_GUESS_PORT)); +} void ParseConnectDetails(const char *Str, char **Type, char **Host, char **Port, char **User, char **Pass, char **Path) { diff --git a/libUseful-5/URL.h b/libUseful-5/URL.h index 6e9bbfb..0a24c65 100644 --- a/libUseful-5/URL.h +++ b/libUseful-5/URL.h @@ -3,8 +3,8 @@ Copyright (c) 2015 Colum Paget * SPDX-License-Identifier: GPL-3.0 */ -#ifndef LIBUSEFUL_URL -#define LIBUSEFUL_URL +#ifndef LIBUSEFUL_URL_H +#define LIBUSEFUL_URL_H #include "includes.h" @@ -19,7 +19,12 @@ for those to NULL extern "C" { #endif -//Parse a full URL with all parts. You can just use this for everything. + +//Parse a full URL with all parts. DO NOT TRY TO GUESS PORT if no port in the URL itself +void UnpackURL(const char *URL, char **Proto, char **Host, char **Port, char **User, char **Password, char **Path, char **Args); + + +//Parse a full URL with all parts. Guess port for well known protocols (so https://myhost/ returns a port of 80) void ParseURL(const char *URL, char **Proto, char **Host, char **Port, char **User, char **Password, char **Path, char **Args); //Parse a URL type that lacks a protocol or Args part, something like "myhost.com:22" diff --git a/libUseful-5/UnitsOfMeasure.h b/libUseful-5/UnitsOfMeasure.h index f831b92..86cc67b 100644 --- a/libUseful-5/UnitsOfMeasure.h +++ b/libUseful-5/UnitsOfMeasure.h @@ -26,11 +26,12 @@ const char *ToSIUnit(double Value, int Base, int Precision); #define ToMetric(Value, Precision) (ToSIUnit((Value), 1000, Precision)) //Convert to and from metric -double FromSIUnit(const char *Data, int BAse); +double FromSIUnit(const char *Data, int Base); #define FromIEC(Value, Precision) (FromSIUnit((Value), 1024)) #define FromMetric(Value, Precision) (FromSIUnit((Value), 1000)) + #ifdef __cplusplus } #endif diff --git a/libUseful-5/UnixSocket.c b/libUseful-5/UnixSocket.c index 166c58e..78cb476 100644 --- a/libUseful-5/UnixSocket.c +++ b/libUseful-5/UnixSocket.c @@ -10,7 +10,6 @@ void sun_set_path(struct sockaddr_un *sa, const char *Path) { int len, val; char *ptr1, *ptr2; - off_t pos; memset(sa,0,sizeof(struct sockaddr_un)); sa->sun_family=AF_UNIX; @@ -95,9 +94,9 @@ int UnixServerInit(int Type, const char *Path) //if (Type==0) Type=SOCK_STREAM; sock=socket(PF_UNIX, Type, 0); - if (sock <0) + if (sock < 0) { - if (result != 0) RaiseError(ERRFLAG_ERRNO, "UnixServerInit","failed to create a unix socket."); + RaiseError(ERRFLAG_ERRNO, "UnixServerInit","failed to create a unix socket."); return(-1); } diff --git a/libUseful-5/Vars.c b/libUseful-5/Vars.c index 7980978..e1557e8 100644 --- a/libUseful-5/Vars.c +++ b/libUseful-5/Vars.c @@ -30,6 +30,17 @@ ListNode *SetVar(ListNode *Vars, const char *Name, const char *Data) return(SetDetailVar(Vars, Name, Data,0, 0)); } +void AppendVar(ListNode *Vars, const char *VarName, const char *Value) +{ + char *Tempstr=NULL; + + Tempstr=MCopyStr(Tempstr,GetVar(Vars, VarName),Value, " ", NULL); + SetVar(Vars, VarName, Tempstr); + + Destroy(Tempstr); +} + + ListNode *FindTypedVar(ListNode *Vars, const char *Name, int Type) { @@ -136,7 +147,7 @@ static char *SubstituteAppendVar(char *RetStr, const char *Var, int Flags) static char *SubstituteParseVar(char *OutStr, const char **Line, ListNode *LocalVars, int Flags) { char *VarName=NULL, *Tempstr=NULL; - const char *ptr, *vptr; + const char *ptr; ptr=*Line; @@ -405,7 +416,6 @@ int ExtractVarsFromString(const char *Data, const char *FormatStr, ListNode *Var - int FindVarNamesInString(const char *Data, ListNode *Vars) { const char *ptr; diff --git a/libUseful-5/Vars.h b/libUseful-5/Vars.h index f35be98..bfcd932 100644 --- a/libUseful-5/Vars.h +++ b/libUseful-5/Vars.h @@ -44,6 +44,9 @@ ListNode *SetTypedVar(ListNode *Vars, const char *Name, const char *Data, int Ty //set a variable ListNode *SetVar(ListNode *Vars, const char *Name, const char *Data); +//append to a variable +void AppendVar(ListNode *Vars, const char *VarName, const char *Value); + //get a variable by name and type const char *GetTypedVar(ListNode *Vars, const char *Name, int Type); @@ -65,7 +68,7 @@ void CopyVars(ListNode *Dest, ListNode *Source); // SUBS_STRIP Strip whitespace surrounding any value before substitution // SUBS_INTERPRET_BACKSLASH Interpret backslash in the substitution string as a quote, so don't substitute "\$(thing)" // SUBS_QUOTES Honor quotes in the subsitution string, and don't quote anyting in quotes -// SUBS_SHELL_SAFE Strip vars of any shell-unsafe characters (;&`) before substituting +// SUBS_SHELL_SAFE Strip vars of any shell-unsafe characters (;&`$) AFTER substituting // SUBS_HTTP_VARS Quote values with HTTP style substitution char *SubstituteVarsInString(char *Buffer, const char *Fmt, ListNode *Vars, int Flags); diff --git a/libUseful-5/WebSocket.c b/libUseful-5/WebSocket.c index 89f5851..d4c5d95 100644 --- a/libUseful-5/WebSocket.c +++ b/libUseful-5/WebSocket.c @@ -121,7 +121,7 @@ static int WebSocketReadFrameHeader(STREAM *S, uint32_t *mask) result=STREAMPullBytes(S, bytes, 2); if (result==0) return(0); - if (bytes[0] & WS_FIN) S->State |= SS_MSG_READ; + if (bytes[0] & WS_FIN) S->State |= LU_SS_MSG_READ; op=bytes[0] & WS_OP_MASK; len=bytes[1] & 0xFF; @@ -195,11 +195,11 @@ int WebSocketReadBytes(STREAM *S, char *Data, int Len) if (msg_len==0) { - if (S->State & SS_MSG_READ) + if (S->State & LU_SS_MSG_READ) { if (Len > 0) { - S->State &= ~ SS_MSG_READ;; + S->State &= ~ LU_SS_MSG_READ;; Data[0]='\n'; return(1); } @@ -237,9 +237,8 @@ int WebSocketReadBytes(STREAM *S, char *Data, int Len) STREAM *WebSocketOpen(const char *WebsocketURL, const char *Config) { STREAM *S; - const char *p_Proto; char *URL=NULL, *Args=NULL, *Key=NULL, *Tempstr=NULL; - int Port, Type; + int Type; if (strncmp(WebsocketURL, "wss:", 4)==0) @@ -283,7 +282,7 @@ static void WebsocketUpgradeProtocol(STREAM *S) HashBytes(&Hash, "sha1", Tempstr, StrLen(Tempstr), ENCODE_BASE64); Headers=MCatStr(Headers, "Sec-Websocket-Accept=", Hash, " ", NULL); HTTPServerSendHeaders(S, 101, "Switching Protocols", Headers); - S->State |= SS_CONNECTED; + S->State |= LU_SS_CONNECTED; S->Type = STREAM_TYPE_WS_SERVICE; Destroy(Headers); diff --git a/libUseful-5/base32.c b/libUseful-5/base32.c index 3dc1741..a8ea4e6 100644 --- a/libUseful-5/base32.c +++ b/libUseful-5/base32.c @@ -16,7 +16,7 @@ char *base32tobinary(char *RetStr, const char *In, const char *Encoder) { const char *ptr, *found; - uint32_t val=0, count=0, bit; + uint32_t val=0, bit; for (ptr=In; *ptr != '\0'; ptr++) { @@ -76,7 +76,7 @@ char *base32encode(char *RetStr, const char *Input, int Len, const char *Encoder int val; RetStr=CopyStr(RetStr, ""); - BCD=encode_bcd_bytes(BCD, Input, Len); + BCD=encode_bcd_bytes(BCD, (unsigned const char *) Input, Len); end=BCD+StrLen(BCD); for (ptr=BCD; ptr < end; ptr+=5) diff --git a/libUseful-5/base64.c b/libUseful-5/base64.c index c923b9f..f21280b 100644 --- a/libUseful-5/base64.c +++ b/libUseful-5/base64.c @@ -1,7 +1,9 @@ /* * base64.c -- base-64 conversion routines. * - * For license terms, see the file COPYING in this directory. + * This base64 code is adapted from code from the fetchmail program. + * It is GPL v2 or later as covered in fetchmail's 'COPYING' file. + * It is believed to be written written by Eric S Raymond. * * This base 64 encoding is defined in RFC2045 section 6.8, * "Base64 Content-Transfer-Encoding", but lines must not be broken in the @@ -47,7 +49,7 @@ void Radix64frombits(unsigned char *out, const unsigned char *in, int inlen, con void to64frombits(char *out, const char *in, int inlen) { - Radix64frombits(out, in, inlen, BASE64_CHARS,'='); + Radix64frombits((unsigned char *) out, (const unsigned char *) in, inlen, BASE64_CHARS,'='); } diff --git a/libUseful-5/base64.h b/libUseful-5/base64.h index 2721649..c3a5bc0 100644 --- a/libUseful-5/base64.h +++ b/libUseful-5/base64.h @@ -1,3 +1,12 @@ +/* + * SPDX-License-Identifier: GPL-2.0 + * + * This base64 code is adapted from code from the fetchmail program. + * It is GPL v2 or later and believed written by Eric S Raymond. + * +*/ + + #ifndef BASE_64_H #define BASE_64_H diff --git a/libUseful-5/configure b/libUseful-5/configure index 406fabe..5832bda 100755 --- a/libUseful-5/configure +++ b/libUseful-5/configure @@ -1,9 +1,9 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.72. +# Generated by GNU Autoconf 2.71. # # -# Copyright (C) 1992-1996, 1998-2017, 2020-2023 Free Software Foundation, +# Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation, # Inc. # # @@ -15,6 +15,7 @@ # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh +as_nop=: if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 then : emulate sh @@ -23,13 +24,12 @@ then : # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST -else case e in #( - e) case `(set -o) 2>/dev/null` in #( +else $as_nop + case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; -esac ;; esac fi @@ -101,7 +101,7 @@ IFS=$as_save_IFS ;; esac -# We did not find ourselves, most probably we were run as 'sh COMMAND' +# We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 @@ -131,14 +131,15 @@ case $- in # (((( esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail -# out after a failed 'exec'. +# out after a failed `exec'. printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2 exit 255 fi # We don't want this to propagate to other subprocesses. { _as_can_reexec=; unset _as_can_reexec;} if test "x$CONFIG_SHELL" = x; then - as_bourne_compatible="if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 + as_bourne_compatible="as_nop=: +if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 then : emulate sh NULLCMD=: @@ -146,13 +147,12 @@ then : # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST -else case e in #( - e) case \`(set -o) 2>/dev/null\` in #( +else \$as_nop + case \`(set -o) 2>/dev/null\` in #( *posix*) : set -o posix ;; #( *) : ;; -esac ;; esac fi " @@ -170,9 +170,8 @@ as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } if ( set x; as_fn_ret_success y && test x = \"\$1\" ) then : -else case e in #( - e) exitcode=1; echo positional parameters were not saved. ;; -esac +else \$as_nop + exitcode=1; echo positional parameters were not saved. fi test x\$exitcode = x0 || exit 1 blah=\$(echo \$(echo blah)) @@ -186,15 +185,14 @@ test \$(( 1 + 1 )) = 2 || exit 1" if (eval "$as_required") 2>/dev/null then : as_have_required=yes -else case e in #( - e) as_have_required=no ;; -esac +else $as_nop + as_have_required=no fi if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null then : -else case e in #( - e) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +else $as_nop + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_found=false for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do @@ -227,13 +225,12 @@ IFS=$as_save_IFS if $as_found then : -else case e in #( - e) if { test -f "$SHELL" || test -f "$SHELL.exe"; } && +else $as_nop + if { test -f "$SHELL" || test -f "$SHELL.exe"; } && as_run=a "$SHELL" -c "$as_bourne_compatible""$as_required" 2>/dev/null then : CONFIG_SHELL=$SHELL as_have_required=yes -fi ;; -esac +fi fi @@ -255,7 +252,7 @@ case $- in # (((( esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail -# out after a failed 'exec'. +# out after a failed `exec'. printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2 exit 255 fi @@ -274,8 +271,7 @@ $0: message. Then install a modern shell, or manually run $0: the script under such a shell if you do have one." fi exit 1 -fi ;; -esac +fi fi fi SHELL=${CONFIG_SHELL-/bin/sh} @@ -314,6 +310,14 @@ as_fn_exit () as_fn_set_status $1 exit $1 } # as_fn_exit +# as_fn_nop +# --------- +# Do nothing but, unlike ":", preserve the value of $?. +as_fn_nop () +{ + return $? +} +as_nop=as_fn_nop # as_fn_mkdir_p # ------------- @@ -382,12 +386,11 @@ then : { eval $1+=\$2 }' -else case e in #( - e) as_fn_append () +else $as_nop + as_fn_append () { eval $1=\$$1\$2 - } ;; -esac + } fi # as_fn_append # as_fn_arith ARG... @@ -401,14 +404,21 @@ then : { as_val=$(( $* )) }' -else case e in #( - e) as_fn_arith () +else $as_nop + as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` - } ;; -esac + } fi # as_fn_arith +# as_fn_nop +# --------- +# Do nothing but, unlike ":", preserve the value of $?. +as_fn_nop () +{ + return $? +} +as_nop=as_fn_nop # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- @@ -482,8 +492,6 @@ as_cr_alnum=$as_cr_Letters$as_cr_digits /[$]LINENO/= ' <$as_myself | sed ' - t clear - :clear s/[$]LINENO.*/&-/ t lineno b @@ -532,6 +540,7 @@ esac as_echo='printf %s\n' as_echo_n='printf %s' + rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file @@ -543,9 +552,9 @@ if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: - # 1) On MSYS, both 'ln -s file dir' and 'ln file dir' fail. - # 2) DJGPP < 2.04 has no symlinks; 'ln -s' creates a wrapper executable. - # In both cases, we have to default to 'cp -pR'. + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then @@ -570,12 +579,10 @@ as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. -as_sed_cpp="y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g" -as_tr_cpp="eval sed '$as_sed_cpp'" # deprecated +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. -as_sed_sh="y%*+%pp%;s%[^_$as_cr_alnum]%_%g" -as_tr_sh="eval sed '$as_sed_sh'" # deprecated +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" test -n "$DJDIR" || exec 7<&0 /dev/null && - as_fn_error $? "invalid feature name: '$ac_useropt'" + as_fn_error $? "invalid feature name: \`$ac_useropt'" ac_useropt_orig=$ac_useropt ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -857,7 +864,7 @@ do ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid feature name: '$ac_useropt'" + as_fn_error $? "invalid feature name: \`$ac_useropt'" ac_useropt_orig=$ac_useropt ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1070,7 +1077,7 @@ do ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid package name: '$ac_useropt'" + as_fn_error $? "invalid package name: \`$ac_useropt'" ac_useropt_orig=$ac_useropt ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1086,7 +1093,7 @@ do ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid package name: '$ac_useropt'" + as_fn_error $? "invalid package name: \`$ac_useropt'" ac_useropt_orig=$ac_useropt ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1116,8 +1123,8 @@ do | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries=$ac_optarg ;; - -*) as_fn_error $? "unrecognized option: '$ac_option' -Try '$0 --help' for more information" + -*) as_fn_error $? "unrecognized option: \`$ac_option' +Try \`$0 --help' for more information" ;; *=*) @@ -1125,7 +1132,7 @@ Try '$0 --help' for more information" # Reject names that are not valid shell variable names. case $ac_envvar in #( '' | [0-9]* | *[!_$as_cr_alnum]* ) - as_fn_error $? "invalid variable name: '$ac_envvar'" ;; + as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; esac eval $ac_envvar=\$ac_optarg export $ac_envvar ;; @@ -1175,7 +1182,7 @@ do as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" done -# There might be people who depend on the old broken behavior: '$host' +# There might be people who depend on the old broken behavior: `$host' # used to hold the argument of --host etc. # FIXME: To remove some day. build=$build_alias @@ -1243,7 +1250,7 @@ if test ! -r "$srcdir/$ac_unique_file"; then test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" fi -ac_msg="sources are in $srcdir, but 'cd $srcdir' does not work" +ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" ac_abs_confdir=`( cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" pwd)` @@ -1271,7 +1278,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -'configure' configures this package to adapt to many kinds of systems. +\`configure' configures this package to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1285,11 +1292,11 @@ Configuration: --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit - -q, --quiet, --silent do not print 'checking ...' messages + -q, --quiet, --silent do not print \`checking ...' messages --cache-file=FILE cache test results in FILE [disabled] - -C, --config-cache alias for '--cache-file=config.cache' + -C, --config-cache alias for \`--cache-file=config.cache' -n, --no-create do not create output files - --srcdir=DIR find the sources in DIR [configure dir or '..'] + --srcdir=DIR find the sources in DIR [configure dir or \`..'] Installation directories: --prefix=PREFIX install architecture-independent files in PREFIX @@ -1297,10 +1304,10 @@ Installation directories: --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [PREFIX] -By default, 'make install' will install all the files in -'$ac_default_prefix/bin', '$ac_default_prefix/lib' etc. You can specify -an installation prefix other than '$ac_default_prefix' using '--prefix', -for instance '--prefix=\$HOME'. +By default, \`make install' will install all the files in +\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify +an installation prefix other than \`$ac_default_prefix' using \`--prefix', +for instance \`--prefix=\$HOME'. For better control, use the options below. @@ -1349,12 +1356,13 @@ Optional Features: --enable-sendfile enable 'fastcopy' sendfile support --enable-ip6 enable IPv6 support --enable-xattr enable filesystem xattr support + --enable-fsflags enable support for immutable and append-only files (and use of these in logs) --enable-namespaces enable linux namespace support --enable-ssl use Secure Sockets Layer --enable-zlib use ZLib Compression --enable-simd= use SIMD cpu extensions, 'level' can be one of mmx, sse, sse2 --enable-capabilities enable linux capabilities support (default=no) - --enable-year2038 support timestamps after 2038 + --enable-seccomp enable seccomp to limit process syscalls Some influential environment variables: CC C compiler command @@ -1366,7 +1374,7 @@ Some influential environment variables: you have headers in a nonstandard directory CPP C preprocessor -Use these variables to override the choices made by 'configure' or to help +Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. Report bugs to the package provider. @@ -1434,9 +1442,9 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF configure -generated by GNU Autoconf 2.72 +generated by GNU Autoconf 2.71 -Copyright (C) 2023 Free Software Foundation, Inc. +Copyright (C) 2021 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF @@ -1475,12 +1483,11 @@ printf "%s\n" "$ac_try_echo"; } >&5 } && test -s conftest.$ac_objext then : ac_retval=0 -else case e in #( - e) printf "%s\n" "$as_me: failed program was:" >&5 +else $as_nop + printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 - ac_retval=1 ;; -esac + ac_retval=1 fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval @@ -1518,12 +1525,11 @@ printf "%s\n" "$ac_try_echo"; } >&5 } then : ac_retval=0 -else case e in #( - e) printf "%s\n" "$as_me: failed program was:" >&5 +else $as_nop + printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 - ac_retval=1 ;; -esac + ac_retval=1 fi # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would @@ -1546,15 +1552,15 @@ printf %s "checking for $2... " >&6; } if eval test \${$3+y} then : printf %s "(cached) " >&6 -else case e in #( - e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Define $2 to an innocuous variant, in case declares $2. For example, HP-UX 11i declares gettimeofday. */ #define $2 innocuous_$2 /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $2 (void); below. */ + which can conflict with char $2 (); below. */ #include #undef $2 @@ -1565,7 +1571,7 @@ else case e in #( #ifdef __cplusplus extern "C" #endif -char $2 (void); +char $2 (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ @@ -1584,13 +1590,11 @@ _ACEOF if ac_fn_c_try_link "$LINENO" then : eval "$3=yes" -else case e in #( - e) eval "$3=no" ;; -esac +else $as_nop + eval "$3=no" fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ - conftest$ac_exeext conftest.$ac_ext ;; -esac + conftest$ac_exeext conftest.$ac_ext fi eval ac_res=\$$3 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 @@ -1611,8 +1615,8 @@ printf %s "checking for $2... " >&6; } if eval test \${$3+y} then : printf %s "(cached) " >&6 -else case e in #( - e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 #include <$2> @@ -1620,12 +1624,10 @@ _ACEOF if ac_fn_c_try_compile "$LINENO" then : eval "$3=yes" -else case e in #( - e) eval "$3=no" ;; -esac +else $as_nop + eval "$3=no" fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; -esac +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi eval ac_res=\$$3 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 @@ -1647,8 +1649,8 @@ printf %s "checking whether $as_decl_name is declared... " >&6; } if eval test \${$3+y} then : printf %s "(cached) " >&6 -else case e in #( - e) as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'` +else $as_nop + as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'` eval ac_save_FLAGS=\$$6 as_fn_append $6 " $5" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -1672,14 +1674,12 @@ _ACEOF if ac_fn_c_try_compile "$LINENO" then : eval "$3=yes" -else case e in #( - e) eval "$3=no" ;; -esac +else $as_nop + eval "$3=no" fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext eval $6=\$ac_save_FLAGS - ;; -esac + fi eval ac_res=\$$3 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 @@ -1715,12 +1715,11 @@ printf "%s\n" "$ac_try_echo"; } >&5 } then : ac_retval=0 -else case e in #( - e) printf "%s\n" "$as_me: failed program was:" >&5 +else $as_nop + printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 - ac_retval=1 ;; -esac + ac_retval=1 fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval @@ -1751,7 +1750,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by $as_me, which was -generated by GNU Autoconf 2.72. Invocation command line was +generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -1997,10 +1996,10 @@ esac printf "%s\n" "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 . "$ac_site_file" \ - || { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} + || { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "failed to load site script $ac_site_file -See 'config.log' for more details" "$LINENO" 5; } +See \`config.log' for more details" "$LINENO" 5; } fi done @@ -2036,7 +2035,9 @@ struct stat; /* Most of the following tests are stolen from RCS 5.7 src/conf.sh. */ struct buf { int x; }; struct buf * (*rcsopen) (struct buf *, struct stat *, int); -static char *e (char **p, int i) +static char *e (p, i) + char **p; + int i; { return p[i]; } @@ -2050,21 +2051,6 @@ static char *f (char * (*g) (char **, int), char **p, ...) return s; } -/* C89 style stringification. */ -#define noexpand_stringify(a) #a -const char *stringified = noexpand_stringify(arbitrary+token=sequence); - -/* C89 style token pasting. Exercises some of the corner cases that - e.g. old MSVC gets wrong, but not very hard. */ -#define noexpand_concat(a,b) a##b -#define expand_concat(a,b) noexpand_concat(a,b) -extern int vA; -extern int vbee; -#define aye A -#define bee B -int *pvA = &expand_concat(v,aye); -int *pvbee = &noexpand_concat(v,bee); - /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has function prototypes and stuff, but not \xHH hex character constants. These do not provoke an error unfortunately, instead are silently treated @@ -2092,19 +2078,16 @@ ok |= (argc == 0 || f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]); # Test code for whether the C compiler supports C99 (global declarations) ac_c_conftest_c99_globals=' -/* Does the compiler advertise C99 conformance? */ +// Does the compiler advertise C99 conformance? #if !defined __STDC_VERSION__ || __STDC_VERSION__ < 199901L # error "Compiler does not advertise C99 conformance" #endif -// See if C++-style comments work. - #include extern int puts (const char *); extern int printf (const char *, ...); extern int dprintf (int, const char *, ...); extern void *malloc (size_t); -extern void free (void *); // Check varargs macros. These examples are taken from C99 6.10.3.5. // dprintf is used instead of fprintf to avoid needing to declare @@ -2154,6 +2137,7 @@ typedef const char *ccp; static inline int test_restrict (ccp restrict text) { + // See if C++-style comments work. // Iterate through items via the restricted pointer. // Also check for declarations in for loops. for (unsigned int i = 0; *(text+i) != '\''\0'\''; ++i) @@ -2219,8 +2203,6 @@ ac_c_conftest_c99_main=' ia->datasize = 10; for (int i = 0; i < ia->datasize; ++i) ia->data[i] = i * 1.234; - // Work around memory leak warnings. - free (ia); // Check named initializers. struct named_init ni = { @@ -2242,7 +2224,7 @@ ac_c_conftest_c99_main=' # Test code for whether the C compiler supports C11 (global declarations) ac_c_conftest_c11_globals=' -/* Does the compiler advertise C11 conformance? */ +// Does the compiler advertise C11 conformance? #if !defined __STDC_VERSION__ || __STDC_VERSION__ < 201112L # error "Compiler does not advertise C11 conformance" #endif @@ -2365,12 +2347,12 @@ for ac_var in $ac_precious_vars; do eval ac_new_val=\$ac_env_${ac_var}_value case $ac_old_set,$ac_new_set in set,) - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: '$ac_var' was set to '$ac_old_val' in the previous run" >&5 -printf "%s\n" "$as_me: error: '$ac_var' was set to '$ac_old_val' in the previous run" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +printf "%s\n" "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} ac_cache_corrupted=: ;; ,set) - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: '$ac_var' was not set in the previous run" >&5 -printf "%s\n" "$as_me: error: '$ac_var' was not set in the previous run" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 +printf "%s\n" "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} ac_cache_corrupted=: ;; ,);; *) @@ -2379,18 +2361,18 @@ printf "%s\n" "$as_me: error: '$ac_var' was not set in the previous run" >&2;} ac_old_val_w=`echo x $ac_old_val` ac_new_val_w=`echo x $ac_new_val` if test "$ac_old_val_w" != "$ac_new_val_w"; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: '$ac_var' has changed since the previous run:" >&5 -printf "%s\n" "$as_me: error: '$ac_var' has changed since the previous run:" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 +printf "%s\n" "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} ac_cache_corrupted=: else - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in '$ac_var' since the previous run:" >&5 -printf "%s\n" "$as_me: warning: ignoring whitespace changes in '$ac_var' since the previous run:" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 +printf "%s\n" "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} eval $ac_var=\$ac_old_val fi - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: former value: '$ac_old_val'" >&5 -printf "%s\n" "$as_me: former value: '$ac_old_val'" >&2;} - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: current value: '$ac_new_val'" >&5 -printf "%s\n" "$as_me: current value: '$ac_new_val'" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 +printf "%s\n" "$as_me: former value: \`$ac_old_val'" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 +printf "%s\n" "$as_me: current value: \`$ac_new_val'" >&2;} fi;; esac # Pass precious variables to config.status. @@ -2406,11 +2388,11 @@ printf "%s\n" "$as_me: current value: '$ac_new_val'" >&2;} fi done if $ac_cache_corrupted; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 printf "%s\n" "$as_me: error: changes in the environment can compromise the build" >&2;} - as_fn_error $? "run '${MAKE-make} distclean' and/or 'rm $cache_file' + as_fn_error $? "run \`${MAKE-make} distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 fi ## -------------------- ## @@ -2447,8 +2429,8 @@ printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else case e in #( - e) if test -n "$CC"; then +else $as_nop + if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -2470,8 +2452,7 @@ done done IFS=$as_save_IFS -fi ;; -esac +fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then @@ -2493,8 +2474,8 @@ printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_ac_ct_CC+y} then : printf %s "(cached) " >&6 -else case e in #( - e) if test -n "$ac_ct_CC"; then +else $as_nop + if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -2516,8 +2497,7 @@ done done IFS=$as_save_IFS -fi ;; -esac +fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then @@ -2552,8 +2532,8 @@ printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else case e in #( - e) if test -n "$CC"; then +else $as_nop + if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -2575,8 +2555,7 @@ done done IFS=$as_save_IFS -fi ;; -esac +fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then @@ -2598,8 +2577,8 @@ printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else case e in #( - e) if test -n "$CC"; then +else $as_nop + if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else ac_prog_rejected=no @@ -2638,8 +2617,7 @@ if test $ac_prog_rejected = yes; then ac_cv_prog_CC="$as_dir$ac_word${1+' '}$@" fi fi -fi ;; -esac +fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then @@ -2663,8 +2641,8 @@ printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else case e in #( - e) if test -n "$CC"; then +else $as_nop + if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -2686,8 +2664,7 @@ done done IFS=$as_save_IFS -fi ;; -esac +fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then @@ -2713,8 +2690,8 @@ printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_ac_ct_CC+y} then : printf %s "(cached) " >&6 -else case e in #( - e) if test -n "$ac_ct_CC"; then +else $as_nop + if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -2736,8 +2713,7 @@ done done IFS=$as_save_IFS -fi ;; -esac +fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then @@ -2775,8 +2751,8 @@ printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else case e in #( - e) if test -n "$CC"; then +else $as_nop + if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -2798,8 +2774,7 @@ done done IFS=$as_save_IFS -fi ;; -esac +fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then @@ -2821,8 +2796,8 @@ printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_ac_ct_CC+y} then : printf %s "(cached) " >&6 -else case e in #( - e) if test -n "$ac_ct_CC"; then +else $as_nop + if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -2844,8 +2819,7 @@ done done IFS=$as_save_IFS -fi ;; -esac +fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then @@ -2874,10 +2848,10 @@ fi fi -test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} +test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "no acceptable C compiler found in \$PATH -See 'config.log' for more details" "$LINENO" 5; } +See \`config.log' for more details" "$LINENO" 5; } # Provide some information about the compiler. printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 @@ -2949,8 +2923,8 @@ printf "%s\n" "$ac_try_echo"; } >&5 printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } then : - # Autoconf-2.13 could set the ac_cv_exeext variable to 'no'. -# So ignore a value of 'no', otherwise this would lead to 'EXEEXT = no' + # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. +# So ignore a value of `no', otherwise this would lead to `EXEEXT = no' # in a Makefile. We should not override ac_cv_exeext if it was cached, # so that the user can short-circuit this test for compilers unknown to # Autoconf. @@ -2970,7 +2944,7 @@ do ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` fi # We set ac_cv_exeext here because the later test for it is not - # safe: cross compilers may not add the suffix if given an '-o' + # safe: cross compilers may not add the suffix if given an `-o' # argument, so we may need to know it at that point already. # Even if this section looks crufty: it has the advantage of # actually working. @@ -2981,9 +2955,8 @@ do done test "$ac_cv_exeext" = no && ac_cv_exeext= -else case e in #( - e) ac_file='' ;; -esac +else $as_nop + ac_file='' fi if test -z "$ac_file" then : @@ -2992,14 +2965,13 @@ printf "%s\n" "no" >&6; } printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 -{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} +{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "C compiler cannot create executables -See 'config.log' for more details" "$LINENO" 5; } -else case e in #( - e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -printf "%s\n" "yes" >&6; } ;; -esac +See \`config.log' for more details" "$LINENO" 5; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 printf %s "checking for C compiler default output file name... " >&6; } @@ -3023,10 +2995,10 @@ printf "%s\n" "$ac_try_echo"; } >&5 printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } then : - # If both 'conftest.exe' and 'conftest' are 'present' (well, observable) -# catch 'conftest.exe'. For instance with Cygwin, 'ls conftest' will -# work properly (i.e., refer to 'conftest.exe'), while it won't with -# 'rm'. + # If both `conftest.exe' and `conftest' are `present' (well, observable) +# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will +# work properly (i.e., refer to `conftest.exe'), while it won't with +# `rm'. for ac_file in conftest.exe conftest conftest.*; do test -f "$ac_file" || continue case $ac_file in @@ -3036,12 +3008,11 @@ for ac_file in conftest.exe conftest conftest.*; do * ) break;; esac done -else case e in #( - e) { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} +else $as_nop + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of executables: cannot compile and link -See 'config.log' for more details" "$LINENO" 5; } ;; -esac +See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest conftest$ac_cv_exeext { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 @@ -3057,8 +3028,6 @@ int main (void) { FILE *f = fopen ("conftest.out", "w"); - if (!f) - return 1; return ferror (f) || fclose (f) != 0; ; @@ -3098,27 +3067,26 @@ printf "%s\n" "$ac_try_echo"; } >&5 if test "$cross_compiling" = maybe; then cross_compiling=yes else - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot run C compiled programs. -If you meant to cross compile, use '--host'. -See 'config.log' for more details" "$LINENO" 5; } +If you meant to cross compile, use \`--host'. +See \`config.log' for more details" "$LINENO" 5; } fi fi fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 printf "%s\n" "$cross_compiling" >&6; } -rm -f conftest.$ac_ext conftest$ac_cv_exeext \ - conftest.o conftest.obj conftest.out +rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out ac_clean_files=$ac_clean_files_save { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 printf %s "checking for suffix of object files... " >&6; } if test ${ac_cv_objext+y} then : printf %s "(cached) " >&6 -else case e in #( - e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -3150,18 +3118,16 @@ then : break;; esac done -else case e in #( - e) printf "%s\n" "$as_me: failed program was:" >&5 +else $as_nop + printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 -{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} +{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of object files: cannot compile -See 'config.log' for more details" "$LINENO" 5; } ;; -esac +See \`config.log' for more details" "$LINENO" 5; } fi -rm -f conftest.$ac_cv_objext conftest.$ac_ext ;; -esac +rm -f conftest.$ac_cv_objext conftest.$ac_ext fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 printf "%s\n" "$ac_cv_objext" >&6; } @@ -3172,8 +3138,8 @@ printf %s "checking whether the compiler supports GNU C... " >&6; } if test ${ac_cv_c_compiler_gnu+y} then : printf %s "(cached) " >&6 -else case e in #( - e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -3190,14 +3156,12 @@ _ACEOF if ac_fn_c_try_compile "$LINENO" then : ac_compiler_gnu=yes -else case e in #( - e) ac_compiler_gnu=no ;; -esac +else $as_nop + ac_compiler_gnu=no fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu - ;; -esac + fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; } @@ -3215,8 +3179,8 @@ printf %s "checking whether $CC accepts -g... " >&6; } if test ${ac_cv_prog_cc_g+y} then : printf %s "(cached) " >&6 -else case e in #( - e) ac_save_c_werror_flag=$ac_c_werror_flag +else $as_nop + ac_save_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes ac_cv_prog_cc_g=no CFLAGS="-g" @@ -3234,8 +3198,8 @@ _ACEOF if ac_fn_c_try_compile "$LINENO" then : ac_cv_prog_cc_g=yes -else case e in #( - e) CFLAGS="" +else $as_nop + CFLAGS="" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -3250,8 +3214,8 @@ _ACEOF if ac_fn_c_try_compile "$LINENO" then : -else case e in #( - e) ac_c_werror_flag=$ac_save_c_werror_flag +else $as_nop + ac_c_werror_flag=$ac_save_c_werror_flag CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -3268,15 +3232,12 @@ if ac_fn_c_try_compile "$LINENO" then : ac_cv_prog_cc_g=yes fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; -esac +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; -esac +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - ac_c_werror_flag=$ac_save_c_werror_flag ;; -esac + ac_c_werror_flag=$ac_save_c_werror_flag fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 printf "%s\n" "$ac_cv_prog_cc_g" >&6; } @@ -3303,8 +3264,8 @@ printf %s "checking for $CC option to enable C11 features... " >&6; } if test ${ac_cv_prog_cc_c11+y} then : printf %s "(cached) " >&6 -else case e in #( - e) ac_cv_prog_cc_c11=no +else $as_nop + ac_cv_prog_cc_c11=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -3321,28 +3282,25 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam test "x$ac_cv_prog_cc_c11" != "xno" && break done rm -f conftest.$ac_ext -CC=$ac_save_CC ;; -esac +CC=$ac_save_CC fi if test "x$ac_cv_prog_cc_c11" = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 printf "%s\n" "unsupported" >&6; } -else case e in #( - e) if test "x$ac_cv_prog_cc_c11" = x +else $as_nop + if test "x$ac_cv_prog_cc_c11" = x then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 printf "%s\n" "none needed" >&6; } -else case e in #( - e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5 +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5 printf "%s\n" "$ac_cv_prog_cc_c11" >&6; } - CC="$CC $ac_cv_prog_cc_c11" ;; -esac + CC="$CC $ac_cv_prog_cc_c11" fi ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c11 - ac_prog_cc_stdc=c11 ;; -esac + ac_prog_cc_stdc=c11 fi fi if test x$ac_prog_cc_stdc = xno @@ -3352,8 +3310,8 @@ printf %s "checking for $CC option to enable C99 features... " >&6; } if test ${ac_cv_prog_cc_c99+y} then : printf %s "(cached) " >&6 -else case e in #( - e) ac_cv_prog_cc_c99=no +else $as_nop + ac_cv_prog_cc_c99=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -3370,28 +3328,25 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam test "x$ac_cv_prog_cc_c99" != "xno" && break done rm -f conftest.$ac_ext -CC=$ac_save_CC ;; -esac +CC=$ac_save_CC fi if test "x$ac_cv_prog_cc_c99" = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 printf "%s\n" "unsupported" >&6; } -else case e in #( - e) if test "x$ac_cv_prog_cc_c99" = x +else $as_nop + if test "x$ac_cv_prog_cc_c99" = x then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 printf "%s\n" "none needed" >&6; } -else case e in #( - e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5 +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5 printf "%s\n" "$ac_cv_prog_cc_c99" >&6; } - CC="$CC $ac_cv_prog_cc_c99" ;; -esac + CC="$CC $ac_cv_prog_cc_c99" fi ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99 - ac_prog_cc_stdc=c99 ;; -esac + ac_prog_cc_stdc=c99 fi fi if test x$ac_prog_cc_stdc = xno @@ -3401,8 +3356,8 @@ printf %s "checking for $CC option to enable C89 features... " >&6; } if test ${ac_cv_prog_cc_c89+y} then : printf %s "(cached) " >&6 -else case e in #( - e) ac_cv_prog_cc_c89=no +else $as_nop + ac_cv_prog_cc_c89=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -3419,28 +3374,25 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam test "x$ac_cv_prog_cc_c89" != "xno" && break done rm -f conftest.$ac_ext -CC=$ac_save_CC ;; -esac +CC=$ac_save_CC fi if test "x$ac_cv_prog_cc_c89" = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 printf "%s\n" "unsupported" >&6; } -else case e in #( - e) if test "x$ac_cv_prog_cc_c89" = x +else $as_nop + if test "x$ac_cv_prog_cc_c89" = x then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 printf "%s\n" "none needed" >&6; } -else case e in #( - e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 printf "%s\n" "$ac_cv_prog_cc_c89" >&6; } - CC="$CC $ac_cv_prog_cc_c89" ;; -esac + CC="$CC $ac_cv_prog_cc_c89" fi ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89 - ac_prog_cc_stdc=c89 ;; -esac + ac_prog_cc_stdc=c89 fi fi @@ -3450,110 +3402,6 @@ ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu -if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args. -set dummy ${ac_tool_prefix}ar; ac_word=$2 -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -printf %s "checking for $ac_word... " >&6; } -if test ${ac_cv_prog_AR+y} -then : - printf %s "(cached) " >&6 -else case e in #( - e) if test -n "$AR"; then - ac_cv_prog_AR="$AR" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - case $as_dir in #((( - '') as_dir=./ ;; - */) ;; - *) as_dir=$as_dir/ ;; - esac - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then - ac_cv_prog_AR="${ac_tool_prefix}ar" - printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi ;; -esac -fi -AR=$ac_cv_prog_AR -if test -n "$AR"; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 -printf "%s\n" "$AR" >&6; } -else - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 -printf "%s\n" "no" >&6; } -fi - - -fi -if test -z "$ac_cv_prog_AR"; then - ac_ct_AR=$AR - # Extract the first word of "ar", so it can be a program name with args. -set dummy ar; ac_word=$2 -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -printf %s "checking for $ac_word... " >&6; } -if test ${ac_cv_prog_ac_ct_AR+y} -then : - printf %s "(cached) " >&6 -else case e in #( - e) if test -n "$ac_ct_AR"; then - ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - case $as_dir in #((( - '') as_dir=./ ;; - */) ;; - *) as_dir=$as_dir/ ;; - esac - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_AR="ar" - printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi ;; -esac -fi -ac_ct_AR=$ac_cv_prog_ac_ct_AR -if test -n "$ac_ct_AR"; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 -printf "%s\n" "$ac_ct_AR" >&6; } -else - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 -printf "%s\n" "no" >&6; } -fi - - if test "x$ac_ct_AR" = x; then - AR=":" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - AR=$ac_ct_AR - fi -else - AR="$ac_cv_prog_AR" -fi - ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' @@ -3567,8 +3415,8 @@ ac_make=`printf "%s\n" "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` if eval test \${ac_cv_prog_make_${ac_make}_set+y} then : printf %s "(cached) " >&6 -else case e in #( - e) cat >conftest.make <<\_ACEOF +else $as_nop + cat >conftest.make <<\_ACEOF SHELL = /bin/sh all: @echo '@@@%%%=$(MAKE)=@@@%%%' @@ -3580,8 +3428,7 @@ case `${MAKE-make} -f conftest.make 2>/dev/null` in *) eval ac_cv_prog_make_${ac_make}_set=no;; esac -rm -f conftest.make ;; -esac +rm -f conftest.make fi if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 @@ -3598,8 +3445,8 @@ printf %s "checking for grep that handles long lines and -e... " >&6; } if test ${ac_cv_path_GREP+y} then : printf %s "(cached) " >&6 -else case e in #( - e) if test -z "$GREP"; then +else $as_nop + if test -z "$GREP"; then ac_path_GREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -3618,10 +3465,9 @@ do as_fn_executable_p "$ac_path_GREP" || continue # Check for GNU ac_path_GREP and select it if it is found. # Check for GNU $ac_path_GREP -case `"$ac_path_GREP" --version 2>&1` in #( +case `"$ac_path_GREP" --version 2>&1` in *GNU*) ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; -#( *) ac_count=0 printf %s 0123456789 >"conftest.in" @@ -3656,8 +3502,7 @@ IFS=$as_save_IFS else ac_cv_path_GREP=$GREP fi - ;; -esac + fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 printf "%s\n" "$ac_cv_path_GREP" >&6; } @@ -3669,8 +3514,8 @@ printf %s "checking for egrep... " >&6; } if test ${ac_cv_path_EGREP+y} then : printf %s "(cached) " >&6 -else case e in #( - e) if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 +else $as_nop + if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 then ac_cv_path_EGREP="$GREP -E" else if test -z "$EGREP"; then @@ -3692,10 +3537,9 @@ do as_fn_executable_p "$ac_path_EGREP" || continue # Check for GNU ac_path_EGREP and select it if it is found. # Check for GNU $ac_path_EGREP -case `"$ac_path_EGREP" --version 2>&1` in #( +case `"$ac_path_EGREP" --version 2>&1` in *GNU*) ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; -#( *) ac_count=0 printf %s 0123456789 >"conftest.in" @@ -3731,15 +3575,12 @@ else ac_cv_path_EGREP=$EGREP fi - fi ;; -esac + fi fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 printf "%s\n" "$ac_cv_path_EGREP" >&6; } EGREP="$ac_cv_path_EGREP" - EGREP_TRADITIONAL=$EGREP - ac_cv_path_EGREP_TRADITIONAL=$EGREP # Check whether --enable-largefile was given. @@ -3747,34 +3588,31 @@ if test ${enable_largefile+y} then : enableval=$enable_largefile; fi -if test "$enable_largefile,$enable_year2038" != no,no -then : - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable large file support" >&5 -printf %s "checking for $CC option to enable large file support... " >&6; } -if test ${ac_cv_sys_largefile_opts+y} + +if test "$enable_largefile" != no; then + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5 +printf %s "checking for special C compiler options needed for large files... " >&6; } +if test ${ac_cv_sys_largefile_CC+y} then : printf %s "(cached) " >&6 -else case e in #( - e) ac_save_CC="$CC" - ac_opt_found=no - for ac_opt in "none needed" "-D_FILE_OFFSET_BITS=64" "-D_LARGE_FILES=1" "-n32"; do - if test x"$ac_opt" != x"none needed" -then : - CC="$ac_save_CC $ac_opt" -fi - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else $as_nop + ac_cv_sys_largefile_CC=no + if test "$GCC" != yes; then + ac_save_CC=$CC + while :; do + # IRIX 6.2 and later do not support large files by default, + # so use the C compiler's -n32 option if that helps. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include -#ifndef FTYPE -# define FTYPE off_t -#endif - /* Check that FTYPE can represent 2**63 - 1 correctly. - We can't simply define LARGE_FTYPE to be 9223372036854775807, + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_FTYPE (((FTYPE) 1 << 31 << 31) - 1 + ((FTYPE) 1 << 31 << 31)) - int FTYPE_is_large[(LARGE_FTYPE % 2147483629 == 721 - && LARGE_FTYPE % 2147483647 == 1) +#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int main (void) @@ -3784,88 +3622,142 @@ main (void) return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - if test x"$ac_opt" = x"none needed" -then : - # GNU/Linux s390x and alpha need _FILE_OFFSET_BITS=64 for wide ino_t. - CC="$CC -DFTYPE=ino_t" if ac_fn_c_try_compile "$LINENO" then : - -else case e in #( - e) CC="$CC -D_FILE_OFFSET_BITS=64" - if ac_fn_c_try_compile "$LINENO" -then : - ac_opt='-D_FILE_OFFSET_BITS=64' + break fi -rm -f core conftest.err conftest.$ac_objext conftest.beam ;; -esac +rm -f core conftest.err conftest.$ac_objext conftest.beam + CC="$CC -n32" + if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_sys_largefile_CC=' -n32'; break fi rm -f core conftest.err conftest.$ac_objext conftest.beam + break + done + CC=$ac_save_CC + rm -f conftest.$ac_ext + fi fi - ac_cv_sys_largefile_opts=$ac_opt - ac_opt_found=yes +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5 +printf "%s\n" "$ac_cv_sys_largefile_CC" >&6; } + if test "$ac_cv_sys_largefile_CC" != no; then + CC=$CC$ac_cv_sys_largefile_CC + fi + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5 +printf %s "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; } +if test ${ac_cv_sys_file_offset_bits+y} +then : + printf %s "(cached) " >&6 +else $as_nop + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_sys_file_offset_bits=no; break fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - test $ac_opt_found = no || break - done - CC="$ac_save_CC" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#define _FILE_OFFSET_BITS 64 +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main (void) +{ - test $ac_opt_found = yes || ac_cv_sys_largefile_opts="support not detected" ;; -esac + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_sys_file_offset_bits=64; break fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_opts" >&5 -printf "%s\n" "$ac_cv_sys_largefile_opts" >&6; } - -ac_have_largefile=yes -case $ac_cv_sys_largefile_opts in #( - "none needed") : - ;; #( - "supported through gnulib") : - ;; #( - "support not detected") : - ac_have_largefile=no ;; #( - "-D_FILE_OFFSET_BITS=64") : - -printf "%s\n" "#define _FILE_OFFSET_BITS 64" >>confdefs.h - ;; #( - "-D_LARGE_FILES=1") : - -printf "%s\n" "#define _LARGE_FILES 1" >>confdefs.h - ;; #( - "-n32") : - CC="$CC -n32" ;; #( - *) : - as_fn_error $? "internal error: bad value for \$ac_cv_sys_largefile_opts" "$LINENO" 5 ;; +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + ac_cv_sys_file_offset_bits=unknown + break +done +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5 +printf "%s\n" "$ac_cv_sys_file_offset_bits" >&6; } +case $ac_cv_sys_file_offset_bits in #( + no | unknown) ;; + *) +printf "%s\n" "#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits" >>confdefs.h +;; esac - -if test "$enable_year2038" != no -then : - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option for timestamps after 2038" >&5 -printf %s "checking for $CC option for timestamps after 2038... " >&6; } -if test ${ac_cv_sys_year2038_opts+y} +rm -rf conftest* + if test $ac_cv_sys_file_offset_bits = unknown; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5 +printf %s "checking for _LARGE_FILES value needed for large files... " >&6; } +if test ${ac_cv_sys_large_files+y} then : printf %s "(cached) " >&6 -else case e in #( - e) ac_save_CPPFLAGS="$CPPFLAGS" - ac_opt_found=no - for ac_opt in "none needed" "-D_TIME_BITS=64" "-D__MINGW_USE_VC2005_COMPAT" "-U_USE_32_BIT_TIME_T -D__MINGW_USE_VC2005_COMPAT"; do - if test x"$ac_opt" != x"none needed" +else $as_nop + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" then : - CPPFLAGS="$ac_save_CPPFLAGS $ac_opt" + ac_cv_sys_large_files=no; break fi - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - - #include - /* Check that time_t can represent 2**32 - 1 correctly. */ - #define LARGE_TIME_T \\ - ((time_t) (((time_t) 1 << 30) - 1 + 3 * ((time_t) 1 << 30))) - int verify_time_t_range[(LARGE_TIME_T / 65537 == 65535 - && LARGE_TIME_T % 65537 == 0) - ? 1 : -1]; - +#define _LARGE_FILES 1 +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; int main (void) { @@ -3876,48 +3768,37 @@ main (void) _ACEOF if ac_fn_c_try_compile "$LINENO" then : - ac_cv_sys_year2038_opts="$ac_opt" - ac_opt_found=yes + ac_cv_sys_large_files=1; break fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - test $ac_opt_found = no || break - done - CPPFLAGS="$ac_save_CPPFLAGS" - test $ac_opt_found = yes || ac_cv_sys_year2038_opts="support not detected" ;; + ac_cv_sys_large_files=unknown + break +done +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5 +printf "%s\n" "$ac_cv_sys_large_files" >&6; } +case $ac_cv_sys_large_files in #( + no | unknown) ;; + *) +printf "%s\n" "#define _LARGE_FILES $ac_cv_sys_large_files" >>confdefs.h +;; esac +rm -rf conftest* + fi fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_year2038_opts" >&5 -printf "%s\n" "$ac_cv_sys_year2038_opts" >&6; } -ac_have_year2038=yes -case $ac_cv_sys_year2038_opts in #( - "none needed") : - ;; #( - "support not detected") : - ac_have_year2038=no ;; #( - "-D_TIME_BITS=64") : - -printf "%s\n" "#define _TIME_BITS 64" >>confdefs.h - ;; #( - "-D__MINGW_USE_VC2005_COMPAT") : - -printf "%s\n" "#define __MINGW_USE_VC2005_COMPAT 1" >>confdefs.h - ;; #( - "-U_USE_32_BIT_TIME_T"*) : - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} -as_fn_error $? "the 'time_t' type is currently forced to be 32-bit. It -will stop working after mid-January 2038. Remove -_USE_32BIT_TIME_T from the compiler flags. -See 'config.log' for more details" "$LINENO" 5; } ;; #( - *) : - as_fn_error $? "internal error: bad value for \$ac_cv_sys_year2038_opts" "$LINENO" 5 ;; -esac -fi + +if test "$AR" = "" +then +AR=ar fi + +echo "CC=$CC AR=$AR" + + cf_have_libssl=no cf_have_libcrypto=no cf_have_libz=no @@ -3928,13 +3809,15 @@ cf_use_xattr=no cf_use_hashopenssl=auto + + + # Check whether --enable-wall was given. if test ${enable_wall+y} then : enableval=$enable_wall; cf_use_wall=$enableval -else case e in #( - e) cf_use_wall=no ;; -esac +else $as_nop + cf_use_wall=no fi if test "$cf_use_wall" = "yes" @@ -3947,9 +3830,8 @@ fi if test ${enable_werror+y} then : enableval=$enable_werror; cf_use_werror=$enableval -else case e in #( - e) cf_use_werror=no ;; -esac +else $as_nop + cf_use_werror=no fi if test "$cf_use_werror" = "yes" @@ -3962,36 +3844,32 @@ fi if test ${enable_fortify+y} then : enableval=$enable_fortify; cf_use_fortify=$enableval -else case e in #( - e) cf_use_fortify=no ;; -esac +else $as_nop + cf_use_fortify=no fi # Check whether --enable-stack-protect was given. if test ${enable_stack_protect+y} then : enableval=$enable_stack_protect; cf_use_stackprotect=$enableval -else case e in #( - e) cf_use_stackprotect=no ;; -esac +else $as_nop + cf_use_stackprotect=no fi # Check whether --enable-harden was given. if test ${enable_harden+y} then : enableval=$enable_harden; cf_use_harden=$enableval -else case e in #( - e) cf_use_harden=no ;; -esac +else $as_nop + cf_use_harden=no fi # Check whether --enable-soname was given. if test ${enable_soname+y} then : enableval=$enable_soname; cf_use_soname=$enableval -else case e in #( - e) cf_use_soname=gcc ;; -esac +else $as_nop + cf_use_soname=gcc fi @@ -4031,28 +3909,21 @@ CFLAGS="$CFLAGS -fstack-protector-strong" fi - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for get_current_dir_name in -lc" >&5 printf %s "checking for get_current_dir_name in -lc... " >&6; } if test ${ac_cv_lib_c_get_current_dir_name+y} then : printf %s "(cached) " >&6 -else case e in #( - e) ac_check_lib_save_LIBS=$LIBS +else $as_nop + ac_check_lib_save_LIBS=$LIBS LIBS="-lc $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. - The 'extern "C"' is for builds by C++ compilers; - although this is not generally supported in C code supporting it here - has little cost and some practical benefit (sr 110532). */ -#ifdef __cplusplus -extern "C" -#endif -char get_current_dir_name (void); + builtin and then its argument prototype would still apply. */ +char get_current_dir_name (); int main (void) { @@ -4064,14 +3935,12 @@ _ACEOF if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_c_get_current_dir_name=yes -else case e in #( - e) ac_cv_lib_c_get_current_dir_name=no ;; -esac +else $as_nop + ac_cv_lib_c_get_current_dir_name=no fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS ;; -esac +LIBS=$ac_check_lib_save_LIBS fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_c_get_current_dir_name" >&5 printf "%s\n" "$ac_cv_lib_c_get_current_dir_name" >&6; } @@ -4187,6 +4056,12 @@ then : printf "%s\n" "#define HAVE_GETENTROPY 1" >>confdefs.h fi +ac_fn_c_check_func "$LINENO" "prctl" "ac_cv_func_prctl" +if test "x$ac_cv_func_prctl" = xyes +then : + printf "%s\n" "#define HAVE_PRCTL 1" >>confdefs.h + +fi @@ -4194,9 +4069,8 @@ fi if test ${enable_sendfile+y} then : enableval=$enable_sendfile; cf_use_sendfile=$enableval -else case e in #( - e) cf_use_sendfile=auto ;; -esac +else $as_nop + cf_use_sendfile=auto fi if test "$cf_use_sendfile" != "no" @@ -4234,9 +4108,8 @@ ac_fn_c_check_header_compile "$LINENO" "sys/sendfile.h" "ac_cv_header_sys_sendfi if test "x$ac_cv_header_sys_sendfile_h" = xyes then : cf_use_sendfile=yes -else case e in #( - e) cf_use_sendfile=no ;; -esac +else $as_nop + cf_use_sendfile=no fi if test "$cf_use_sendfile" != "no" @@ -4258,9 +4131,8 @@ fi if test ${enable_ip6+y} then : enableval=$enable_ip6; cf_use_ip6=$enableval -else case e in #( - e) cf_use_ip6=yes ;; -esac +else $as_nop + cf_use_ip6=yes fi if test "$cf_use_ip6" = "yes" @@ -4274,9 +4146,8 @@ fi if test ${enable_xattr+y} then : enableval=$enable_xattr; cf_use_xattr=$enableval -else case e in #( - e) cf_use_xattr=yes ;; -esac +else $as_nop + cf_use_xattr=yes fi if test "$cf_use_xattr" = "yes" @@ -4286,22 +4157,16 @@ printf %s "checking for getxattr in -lc... " >&6; } if test ${ac_cv_lib_c_getxattr+y} then : printf %s "(cached) " >&6 -else case e in #( - e) ac_check_lib_save_LIBS=$LIBS +else $as_nop + ac_check_lib_save_LIBS=$LIBS LIBS="-lc $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. - The 'extern "C"' is for builds by C++ compilers; - although this is not generally supported in C code supporting it here - has little cost and some practical benefit (sr 110532). */ -#ifdef __cplusplus -extern "C" -#endif -char getxattr (void); + builtin and then its argument prototype would still apply. */ +char getxattr (); int main (void) { @@ -4313,14 +4178,12 @@ _ACEOF if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_c_getxattr=yes -else case e in #( - e) ac_cv_lib_c_getxattr=no ;; -esac +else $as_nop + ac_cv_lib_c_getxattr=no fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS ;; -esac +LIBS=$ac_check_lib_save_LIBS fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_c_getxattr" >&5 printf "%s\n" "$ac_cv_lib_c_getxattr" >&6; } @@ -4340,14 +4203,39 @@ printf "%s\n" "#define HAVE_XATTR 1" >>confdefs.h fi fi +# Check whether --enable-fsflags was given. +if test ${enable_fsflags+y} +then : + enableval=$enable_fsflags; cf_use_fsflags=$enableval +else $as_nop + cf_use_fsflags=no +fi + + +if test "$cf_use_fsflags" = "yes" +then +ac_fn_c_check_header_compile "$LINENO" "linux/fs.h" "ac_cv_header_linux_fs_h" "$ac_includes_default" +if test "x$ac_cv_header_linux_fs_h" = xyes +then : + cf_have_fsflags=yes +fi + +fi + +if test "$cf_have_fsflags" = "yes" +then +printf "%s\n" "#define USE_FSFLAGS 1" >>confdefs.h + +fi + + # Check whether --enable-namespaces was given. if test ${enable_namespaces+y} then : enableval=$enable_namespaces; cf_use_namespaces=$enableval -else case e in #( - e) cf_use_namespaces=yes ;; -esac +else $as_nop + cf_use_namespaces=yes fi if test "$cf_use_namespaces" = "yes" @@ -4357,22 +4245,16 @@ printf %s "checking for unshare in -lc... " >&6; } if test ${ac_cv_lib_c_unshare+y} then : printf %s "(cached) " >&6 -else case e in #( - e) ac_check_lib_save_LIBS=$LIBS +else $as_nop + ac_check_lib_save_LIBS=$LIBS LIBS="-lc $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. - The 'extern "C"' is for builds by C++ compilers; - although this is not generally supported in C code supporting it here - has little cost and some practical benefit (sr 110532). */ -#ifdef __cplusplus -extern "C" -#endif -char unshare (void); + builtin and then its argument prototype would still apply. */ +char unshare (); int main (void) { @@ -4384,14 +4266,12 @@ _ACEOF if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_c_unshare=yes -else case e in #( - e) ac_cv_lib_c_unshare=no ;; -esac +else $as_nop + ac_cv_lib_c_unshare=no fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS ;; -esac +LIBS=$ac_check_lib_save_LIBS fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_c_unshare" >&5 printf "%s\n" "$ac_cv_lib_c_unshare" >&6; } @@ -4415,22 +4295,16 @@ printf %s "checking for setns in -lc... " >&6; } if test ${ac_cv_lib_c_setns+y} then : printf %s "(cached) " >&6 -else case e in #( - e) ac_check_lib_save_LIBS=$LIBS +else $as_nop + ac_check_lib_save_LIBS=$LIBS LIBS="-lc $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. - The 'extern "C"' is for builds by C++ compilers; - although this is not generally supported in C code supporting it here - has little cost and some practical benefit (sr 110532). */ -#ifdef __cplusplus -extern "C" -#endif -char setns (void); + builtin and then its argument prototype would still apply. */ +char setns (); int main (void) { @@ -4442,14 +4316,12 @@ _ACEOF if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_c_setns=yes -else case e in #( - e) ac_cv_lib_c_setns=no ;; -esac +else $as_nop + ac_cv_lib_c_setns=no fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS ;; -esac +LIBS=$ac_check_lib_save_LIBS fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_c_setns" >&5 printf "%s\n" "$ac_cv_lib_c_setns" >&6; } @@ -4475,9 +4347,8 @@ fi if test ${enable_ssl+y} then : enableval=$enable_ssl; cf_use_ssl=$enableval -else case e in #( - e) cf_use_ssl=yes ;; -esac +else $as_nop + cf_use_ssl=yes fi @@ -4510,22 +4381,16 @@ printf %s "checking for EVP_CIPHER_CTX_init in -lcrypto... " >&6; } if test ${ac_cv_lib_crypto_EVP_CIPHER_CTX_init+y} then : printf %s "(cached) " >&6 -else case e in #( - e) ac_check_lib_save_LIBS=$LIBS +else $as_nop + ac_check_lib_save_LIBS=$LIBS LIBS="-lcrypto $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. - The 'extern "C"' is for builds by C++ compilers; - although this is not generally supported in C code supporting it here - has little cost and some practical benefit (sr 110532). */ -#ifdef __cplusplus -extern "C" -#endif -char EVP_CIPHER_CTX_init (void); + builtin and then its argument prototype would still apply. */ +char EVP_CIPHER_CTX_init (); int main (void) { @@ -4537,14 +4402,12 @@ _ACEOF if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_crypto_EVP_CIPHER_CTX_init=yes -else case e in #( - e) ac_cv_lib_crypto_EVP_CIPHER_CTX_init=no ;; -esac +else $as_nop + ac_cv_lib_crypto_EVP_CIPHER_CTX_init=no fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS ;; -esac +LIBS=$ac_check_lib_save_LIBS fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_EVP_CIPHER_CTX_init" >&5 printf "%s\n" "$ac_cv_lib_crypto_EVP_CIPHER_CTX_init" >&6; } @@ -4565,22 +4428,16 @@ printf %s "checking for EVP_CIPHER_CTX_new in -lcrypto... " >&6; } if test ${ac_cv_lib_crypto_EVP_CIPHER_CTX_new+y} then : printf %s "(cached) " >&6 -else case e in #( - e) ac_check_lib_save_LIBS=$LIBS +else $as_nop + ac_check_lib_save_LIBS=$LIBS LIBS="-lcrypto $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. - The 'extern "C"' is for builds by C++ compilers; - although this is not generally supported in C code supporting it here - has little cost and some practical benefit (sr 110532). */ -#ifdef __cplusplus -extern "C" -#endif -char EVP_CIPHER_CTX_new (void); + builtin and then its argument prototype would still apply. */ +char EVP_CIPHER_CTX_new (); int main (void) { @@ -4592,14 +4449,12 @@ _ACEOF if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_crypto_EVP_CIPHER_CTX_new=yes -else case e in #( - e) ac_cv_lib_crypto_EVP_CIPHER_CTX_new=no ;; -esac +else $as_nop + ac_cv_lib_crypto_EVP_CIPHER_CTX_new=no fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS ;; -esac +LIBS=$ac_check_lib_save_LIBS fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_EVP_CIPHER_CTX_new" >&5 printf "%s\n" "$ac_cv_lib_crypto_EVP_CIPHER_CTX_new" >&6; } @@ -4620,22 +4475,16 @@ printf %s "checking for SSL_library_init in -lssl... " >&6; } if test ${ac_cv_lib_ssl_SSL_library_init+y} then : printf %s "(cached) " >&6 -else case e in #( - e) ac_check_lib_save_LIBS=$LIBS +else $as_nop + ac_check_lib_save_LIBS=$LIBS LIBS="-lssl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. - The 'extern "C"' is for builds by C++ compilers; - although this is not generally supported in C code supporting it here - has little cost and some practical benefit (sr 110532). */ -#ifdef __cplusplus -extern "C" -#endif -char SSL_library_init (void); + builtin and then its argument prototype would still apply. */ +char SSL_library_init (); int main (void) { @@ -4647,14 +4496,12 @@ _ACEOF if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_ssl_SSL_library_init=yes -else case e in #( - e) ac_cv_lib_ssl_SSL_library_init=no ;; -esac +else $as_nop + ac_cv_lib_ssl_SSL_library_init=no fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS ;; -esac +LIBS=$ac_check_lib_save_LIBS fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_library_init" >&5 printf "%s\n" "$ac_cv_lib_ssl_SSL_library_init" >&6; } @@ -4675,22 +4522,16 @@ printf %s "checking for OPENSSL_init_ssl in -lssl... " >&6; } if test ${ac_cv_lib_ssl_OPENSSL_init_ssl+y} then : printf %s "(cached) " >&6 -else case e in #( - e) ac_check_lib_save_LIBS=$LIBS +else $as_nop + ac_check_lib_save_LIBS=$LIBS LIBS="-lssl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. - The 'extern "C"' is for builds by C++ compilers; - although this is not generally supported in C code supporting it here - has little cost and some practical benefit (sr 110532). */ -#ifdef __cplusplus -extern "C" -#endif -char OPENSSL_init_ssl (void); + builtin and then its argument prototype would still apply. */ +char OPENSSL_init_ssl (); int main (void) { @@ -4702,14 +4543,12 @@ _ACEOF if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_ssl_OPENSSL_init_ssl=yes -else case e in #( - e) ac_cv_lib_ssl_OPENSSL_init_ssl=no ;; -esac +else $as_nop + ac_cv_lib_ssl_OPENSSL_init_ssl=no fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS ;; -esac +LIBS=$ac_check_lib_save_LIBS fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_OPENSSL_init_ssl" >&5 printf "%s\n" "$ac_cv_lib_ssl_OPENSSL_init_ssl" >&6; } @@ -4759,66 +4598,6 @@ if test "x$ac_cv_func_EVP_MD_CTX_free" = xyes then : printf "%s\n" "#define HAVE_EVP_MD_CTX_FREE 1" >>confdefs.h -fi -ac_fn_c_check_func "$LINENO" "EVP_bf_cbc" "ac_cv_func_EVP_bf_cbc" -if test "x$ac_cv_func_EVP_bf_cbc" = xyes -then : - printf "%s\n" "#define HAVE_EVP_BF_CBC 1" >>confdefs.h - -fi -ac_fn_c_check_func "$LINENO" "EVP_rc2_cbc" "ac_cv_func_EVP_rc2_cbc" -if test "x$ac_cv_func_EVP_rc2_cbc" = xyes -then : - printf "%s\n" "#define HAVE_EVP_RC2_CBC 1" >>confdefs.h - -fi -ac_fn_c_check_func "$LINENO" "EVP_rc4" "ac_cv_func_EVP_rc4" -if test "x$ac_cv_func_EVP_rc4" = xyes -then : - printf "%s\n" "#define HAVE_EVP_RC4 1" >>confdefs.h - -fi -ac_fn_c_check_func "$LINENO" "EVP_rc5_32_12_16_cbc" "ac_cv_func_EVP_rc5_32_12_16_cbc" -if test "x$ac_cv_func_EVP_rc5_32_12_16_cbc" = xyes -then : - printf "%s\n" "#define HAVE_EVP_RC5_32_12_16_CBC 1" >>confdefs.h - -fi -ac_fn_c_check_func "$LINENO" "EVP_des_cbc" "ac_cv_func_EVP_des_cbc" -if test "x$ac_cv_func_EVP_des_cbc" = xyes -then : - printf "%s\n" "#define HAVE_EVP_DES_CBC 1" >>confdefs.h - -fi -ac_fn_c_check_func "$LINENO" "EVP_desx_cbc" "ac_cv_func_EVP_desx_cbc" -if test "x$ac_cv_func_EVP_desx_cbc" = xyes -then : - printf "%s\n" "#define HAVE_EVP_DESX_CBC 1" >>confdefs.h - -fi -ac_fn_c_check_func "$LINENO" "EVP_cast5_cbc" "ac_cv_func_EVP_cast5_cbc" -if test "x$ac_cv_func_EVP_cast5_cbc" = xyes -then : - printf "%s\n" "#define HAVE_EVP_CAST5_CBC 1" >>confdefs.h - -fi -ac_fn_c_check_func "$LINENO" "EVP_idea_cbc" "ac_cv_func_EVP_idea_cbc" -if test "x$ac_cv_func_EVP_idea_cbc" = xyes -then : - printf "%s\n" "#define HAVE_EVP_IDEA_CBC 1" >>confdefs.h - -fi -ac_fn_c_check_func "$LINENO" "EVP_aes_128_cbc" "ac_cv_func_EVP_aes_128_cbc" -if test "x$ac_cv_func_EVP_aes_128_cbc" = xyes -then : - printf "%s\n" "#define HAVE_EVP_AES_128_CBC 1" >>confdefs.h - -fi -ac_fn_c_check_func "$LINENO" "EVP_aes_256_cbc" "ac_cv_func_EVP_aes_256_cbc" -if test "x$ac_cv_func_EVP_aes_256_cbc" = xyes -then : - printf "%s\n" "#define HAVE_EVP_AES_256_CBC 1" >>confdefs.h - fi ac_fn_c_check_func "$LINENO" "X509_check_host" "ac_cv_func_X509_check_host" if test "x$ac_cv_func_X509_check_host" = xyes @@ -4838,6 +4617,12 @@ then : printf "%s\n" "#define HAVE_SSL_SET_MIN_PROTO_VERSION 1" >>confdefs.h fi +ac_fn_c_check_func "$LINENO" "EVP_CIPHER_fetch" "ac_cv_func_EVP_CIPHER_fetch" +if test "x$ac_cv_func_EVP_CIPHER_fetch" = xyes +then : + printf "%s\n" "#define HAVE_EVP_CIPHER_FETCH 1" >>confdefs.h + +fi @@ -4846,8 +4631,8 @@ printf %s "checking for $CC options needed to detect all undeclared functions... if test ${ac_cv_c_undeclared_builtin_options+y} then : printf %s "(cached) " >&6 -else case e in #( - e) ac_save_CFLAGS=$CFLAGS +else $as_nop + ac_save_CFLAGS=$CFLAGS ac_cv_c_undeclared_builtin_options='cannot detect' for ac_arg in '' -fno-builtin; do CFLAGS="$ac_save_CFLAGS $ac_arg" @@ -4866,8 +4651,8 @@ _ACEOF if ac_fn_c_try_compile "$LINENO" then : -else case e in #( - e) # This test program should compile successfully. +else $as_nop + # This test program should compile successfully. # No library function is consistently available on # freestanding implementations, so test against a dummy # declaration. Include always-available headers on the @@ -4895,29 +4680,26 @@ then : if test x"$ac_arg" = x then : ac_cv_c_undeclared_builtin_options='none needed' -else case e in #( - e) ac_cv_c_undeclared_builtin_options=$ac_arg ;; -esac +else $as_nop + ac_cv_c_undeclared_builtin_options=$ac_arg fi break fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; -esac +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext done CFLAGS=$ac_save_CFLAGS - ;; -esac + fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_undeclared_builtin_options" >&5 printf "%s\n" "$ac_cv_c_undeclared_builtin_options" >&6; } case $ac_cv_c_undeclared_builtin_options in #( 'cannot detect') : - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot make $CC report undeclared builtins -See 'config.log' for more details" "$LINENO" 5; } ;; #( +See \`config.log' for more details" "$LINENO" 5; } ;; #( 'none needed') : ac_c_undeclared_builtin_options='' ;; #( *) : @@ -4929,9 +4711,8 @@ ac_fn_check_decl "$LINENO" "OpenSSL_add_all_algorithms" "ac_cv_have_decl_OpenSSL if test "x$ac_cv_have_decl_OpenSSL_add_all_algorithms" = xyes then : ac_have_decl=1 -else case e in #( - e) ac_have_decl=0 ;; -esac +else $as_nop + ac_have_decl=0 fi printf "%s\n" "#define HAVE_DECL_OPENSSL_ADD_ALL_ALGORITHMS $ac_have_decl" >>confdefs.h if test $ac_have_decl = 1 @@ -4945,9 +4726,8 @@ ac_fn_check_decl "$LINENO" "SSL_set_tlsext_host_name" "ac_cv_have_decl_SSL_set_t if test "x$ac_cv_have_decl_SSL_set_tlsext_host_name" = xyes then : ac_have_decl=1 -else case e in #( - e) ac_have_decl=0 ;; -esac +else $as_nop + ac_have_decl=0 fi printf "%s\n" "#define HAVE_DECL_SSL_SET_TLSEXT_HOST_NAME $ac_have_decl" >>confdefs.h if test $ac_have_decl = 1 @@ -4974,8 +4754,8 @@ if test -z "$CPP"; then if test ${ac_cv_prog_CPP+y} then : printf %s "(cached) " >&6 -else case e in #( - e) # Double quotes because $CC needs to be expanded +else $as_nop + # Double quotes because $CC needs to be expanded for CPP in "$CC -E" "$CC -E -traditional-cpp" cpp /lib/cpp do ac_preproc_ok=false @@ -4993,10 +4773,9 @@ _ACEOF if ac_fn_c_try_cpp "$LINENO" then : -else case e in #( - e) # Broken: fails on valid input. -continue ;; -esac +else $as_nop + # Broken: fails on valid input. +continue fi rm -f conftest.err conftest.i conftest.$ac_ext @@ -5010,16 +4789,15 @@ if ac_fn_c_try_cpp "$LINENO" then : # Broken: success on invalid input. continue -else case e in #( - e) # Passes both tests. +else $as_nop + # Passes both tests. ac_preproc_ok=: -break ;; -esac +break fi rm -f conftest.err conftest.i conftest.$ac_ext done -# Because of 'break', _AC_PREPROC_IFELSE's cleaning code was skipped. +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok then : @@ -5028,8 +4806,7 @@ fi done ac_cv_prog_CPP=$CPP - ;; -esac + fi CPP=$ac_cv_prog_CPP else @@ -5052,10 +4829,9 @@ _ACEOF if ac_fn_c_try_cpp "$LINENO" then : -else case e in #( - e) # Broken: fails on valid input. -continue ;; -esac +else $as_nop + # Broken: fails on valid input. +continue fi rm -f conftest.err conftest.i conftest.$ac_ext @@ -5069,26 +4845,24 @@ if ac_fn_c_try_cpp "$LINENO" then : # Broken: success on invalid input. continue -else case e in #( - e) # Passes both tests. +else $as_nop + # Passes both tests. ac_preproc_ok=: -break ;; -esac +break fi rm -f conftest.err conftest.i conftest.$ac_ext done -# Because of 'break', _AC_PREPROC_IFELSE's cleaning code was skipped. +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok then : -else case e in #( - e) { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} +else $as_nop + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "C preprocessor \"$CPP\" fails sanity check -See 'config.log' for more details" "$LINENO" 5; } ;; -esac +See \`config.log' for more details" "$LINENO" 5; } fi ac_ext=c @@ -5098,140 +4872,6 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $ ac_compiler_gnu=$ac_cv_c_compiler_gnu -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for egrep -e" >&5 -printf %s "checking for egrep -e... " >&6; } -if test ${ac_cv_path_EGREP_TRADITIONAL+y} -then : - printf %s "(cached) " >&6 -else case e in #( - e) if test -z "$EGREP_TRADITIONAL"; then - ac_path_EGREP_TRADITIONAL_found=false - # Loop through the user's path and test for each of PROGNAME-LIST - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin -do - IFS=$as_save_IFS - case $as_dir in #((( - '') as_dir=./ ;; - */) ;; - *) as_dir=$as_dir/ ;; - esac - for ac_prog in grep ggrep - do - for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_EGREP_TRADITIONAL="$as_dir$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_EGREP_TRADITIONAL" || continue -# Check for GNU ac_path_EGREP_TRADITIONAL and select it if it is found. - # Check for GNU $ac_path_EGREP_TRADITIONAL -case `"$ac_path_EGREP_TRADITIONAL" --version 2>&1` in #( -*GNU*) - ac_cv_path_EGREP_TRADITIONAL="$ac_path_EGREP_TRADITIONAL" ac_path_EGREP_TRADITIONAL_found=:;; -#( -*) - ac_count=0 - printf %s 0123456789 >"conftest.in" - while : - do - cat "conftest.in" "conftest.in" >"conftest.tmp" - mv "conftest.tmp" "conftest.in" - cp "conftest.in" "conftest.nl" - printf "%s\n" 'EGREP_TRADITIONAL' >> "conftest.nl" - "$ac_path_EGREP_TRADITIONAL" -E 'EGR(EP|AC)_TRADITIONAL$' < "conftest.nl" >"conftest.out" 2>/dev/null || break - diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - as_fn_arith $ac_count + 1 && ac_count=$as_val - if test $ac_count -gt ${ac_path_EGREP_TRADITIONAL_max-0}; then - # Best one so far, save it but keep looking for a better one - ac_cv_path_EGREP_TRADITIONAL="$ac_path_EGREP_TRADITIONAL" - ac_path_EGREP_TRADITIONAL_max=$ac_count - fi - # 10*(2^10) chars as input seems more than enough - test $ac_count -gt 10 && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out;; -esac - - $ac_path_EGREP_TRADITIONAL_found && break 3 - done - done - done -IFS=$as_save_IFS - if test -z "$ac_cv_path_EGREP_TRADITIONAL"; then - : - fi -else - ac_cv_path_EGREP_TRADITIONAL=$EGREP_TRADITIONAL -fi - - if test "$ac_cv_path_EGREP_TRADITIONAL" -then : - ac_cv_path_EGREP_TRADITIONAL="$ac_cv_path_EGREP_TRADITIONAL -E" -else case e in #( - e) if test -z "$EGREP_TRADITIONAL"; then - ac_path_EGREP_TRADITIONAL_found=false - # Loop through the user's path and test for each of PROGNAME-LIST - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin -do - IFS=$as_save_IFS - case $as_dir in #((( - '') as_dir=./ ;; - */) ;; - *) as_dir=$as_dir/ ;; - esac - for ac_prog in egrep - do - for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_EGREP_TRADITIONAL="$as_dir$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_EGREP_TRADITIONAL" || continue -# Check for GNU ac_path_EGREP_TRADITIONAL and select it if it is found. - # Check for GNU $ac_path_EGREP_TRADITIONAL -case `"$ac_path_EGREP_TRADITIONAL" --version 2>&1` in #( -*GNU*) - ac_cv_path_EGREP_TRADITIONAL="$ac_path_EGREP_TRADITIONAL" ac_path_EGREP_TRADITIONAL_found=:;; -#( -*) - ac_count=0 - printf %s 0123456789 >"conftest.in" - while : - do - cat "conftest.in" "conftest.in" >"conftest.tmp" - mv "conftest.tmp" "conftest.in" - cp "conftest.in" "conftest.nl" - printf "%s\n" 'EGREP_TRADITIONAL' >> "conftest.nl" - "$ac_path_EGREP_TRADITIONAL" 'EGR(EP|AC)_TRADITIONAL$' < "conftest.nl" >"conftest.out" 2>/dev/null || break - diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - as_fn_arith $ac_count + 1 && ac_count=$as_val - if test $ac_count -gt ${ac_path_EGREP_TRADITIONAL_max-0}; then - # Best one so far, save it but keep looking for a better one - ac_cv_path_EGREP_TRADITIONAL="$ac_path_EGREP_TRADITIONAL" - ac_path_EGREP_TRADITIONAL_max=$ac_count - fi - # 10*(2^10) chars as input seems more than enough - test $ac_count -gt 10 && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out;; -esac - - $ac_path_EGREP_TRADITIONAL_found && break 3 - done - done - done -IFS=$as_save_IFS - if test -z "$ac_cv_path_EGREP_TRADITIONAL"; then - as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 - fi -else - ac_cv_path_EGREP_TRADITIONAL=$EGREP_TRADITIONAL -fi - ;; -esac -fi ;; -esac -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP_TRADITIONAL" >&5 -printf "%s\n" "$ac_cv_path_EGREP_TRADITIONAL" >&6; } - EGREP_TRADITIONAL=$ac_cv_path_EGREP_TRADITIONAL - cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5242,17 +4882,16 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP_TRADITIONAL "yes" >/dev/null 2>&1 + $EGREP "yes" >/dev/null 2>&1 then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } # AC_DEFINE(USE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [Use OpenSSL_add_all_algorithms]) -else case e in #( - e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 -printf "%s\n" "no" >&6; } ;; -esac +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi rm -rf conftest* @@ -5271,9 +4910,8 @@ fi if test ${enable_zlib+y} then : enableval=$enable_zlib; cf_use_zlib=$enableval -else case e in #( - e) cf_use_zlib=yes ;; -esac +else $as_nop + cf_use_zlib=yes fi @@ -5284,22 +4922,16 @@ printf %s "checking for deflate in -lz... " >&6; } if test ${ac_cv_lib_z_deflate+y} then : printf %s "(cached) " >&6 -else case e in #( - e) ac_check_lib_save_LIBS=$LIBS +else $as_nop + ac_check_lib_save_LIBS=$LIBS LIBS="-lz $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. - The 'extern "C"' is for builds by C++ compilers; - although this is not generally supported in C code supporting it here - has little cost and some practical benefit (sr 110532). */ -#ifdef __cplusplus -extern "C" -#endif -char deflate (void); + builtin and then its argument prototype would still apply. */ +char deflate (); int main (void) { @@ -5311,14 +4943,12 @@ _ACEOF if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_z_deflate=yes -else case e in #( - e) ac_cv_lib_z_deflate=no ;; -esac +else $as_nop + ac_cv_lib_z_deflate=no fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS ;; -esac +LIBS=$ac_check_lib_save_LIBS fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_deflate" >&5 printf "%s\n" "$ac_cv_lib_z_deflate" >&6; } @@ -5357,9 +4987,8 @@ cf_have_capabilities=no if test ${enable_capabilities+y} then : enableval=$enable_capabilities; cf_use_capabilities=$enableval -else case e in #( - e) cf_use_capabilities=no ;; -esac +else $as_nop + cf_use_capabilities=no fi @@ -5386,22 +5015,16 @@ printf %s "checking for cap_init in -lcap... " >&6; } if test ${ac_cv_lib_cap_cap_init+y} then : printf %s "(cached) " >&6 -else case e in #( - e) ac_check_lib_save_LIBS=$LIBS +else $as_nop + ac_check_lib_save_LIBS=$LIBS LIBS="-lcap $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. - The 'extern "C"' is for builds by C++ compilers; - although this is not generally supported in C code supporting it here - has little cost and some practical benefit (sr 110532). */ -#ifdef __cplusplus -extern "C" -#endif -char cap_init (void); + builtin and then its argument prototype would still apply. */ +char cap_init (); int main (void) { @@ -5413,14 +5036,12 @@ _ACEOF if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_cap_cap_init=yes -else case e in #( - e) ac_cv_lib_cap_cap_init=no ;; -esac +else $as_nop + ac_cv_lib_cap_cap_init=no fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS ;; -esac +LIBS=$ac_check_lib_save_LIBS fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_cap_cap_init" >&5 printf "%s\n" "$ac_cv_lib_cap_cap_init" >&6; } @@ -5437,6 +5058,98 @@ printf "%s\n" "#define USE_CAPABILITIES 1" >>confdefs.h fi + +# Check whether --enable-seccomp was given. +if test ${enable_seccomp+y} +then : + enableval=$enable_seccomp; cf_use_seccomp=$enableval +else $as_nop + cf_use_seccomp=no +fi + + +if test "$cf_use_seccomp" = "yes" +then +ac_fn_c_check_header_compile "$LINENO" "linux/seccomp.h" "ac_cv_header_linux_seccomp_h" "$ac_includes_default" +if test "x$ac_cv_header_linux_seccomp_h" = xyes +then : + +else $as_nop + cf_use_seccomp=no +fi + +ac_fn_c_check_header_compile "$LINENO" "linux/filter.h" "ac_cv_header_linux_filter_h" "$ac_includes_default" +if test "x$ac_cv_header_linux_filter_h" = xyes +then : + +else $as_nop + cf_use_seccomp=no +fi + +ac_fn_c_check_header_compile "$LINENO" "linux/bpf.h" "ac_cv_header_linux_bpf_h" "$ac_includes_default" +if test "x$ac_cv_header_linux_bpf_h" = xyes +then : + +else $as_nop + cf_use_seccomp=no +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for prctl in -lc" >&5 +printf %s "checking for prctl in -lc... " >&6; } +if test ${ac_cv_lib_c_prctl+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lc $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char prctl (); +int +main (void) +{ +return prctl (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_c_prctl=yes +else $as_nop + ac_cv_lib_c_prctl=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_c_prctl" >&5 +printf "%s\n" "$ac_cv_lib_c_prctl" >&6; } +if test "x$ac_cv_lib_c_prctl" = xyes +then : + printf "%s\n" "#define HAVE_LIBC 1" >>confdefs.h + + LIBS="-lc $LIBS" + +else $as_nop + cf_use_seccomp=no +fi + +if test "$cf_use_seccomp" = "yes" +then +printf "%s\n" "#define USE_SECCOMP 1" >>confdefs.h + +fi + +fi + + + + ac_config_files="$ac_config_files Makefile" cat >confcache <<\_ACEOF @@ -5449,8 +5162,8 @@ cat >confcache <<\_ACEOF # config.status only pays attention to the cache file if you give it # the --recheck option to rerun configure. # -# 'ac_cv_env_foo' variables (set or unset) will be overridden when -# loading this file, other *unset* 'ac_cv_foo' will be assigned the +# `ac_cv_env_foo' variables (set or unset) will be overridden when +# loading this file, other *unset* `ac_cv_foo' will be assigned the # following values. _ACEOF @@ -5480,14 +5193,14 @@ printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} (set) 2>&1 | case $as_nl`(ac_space=' '; set) 2>&1` in #( *${as_nl}ac_space=\ *) - # 'set' does not quote correctly, so add quotes: double-quote + # `set' does not quote correctly, so add quotes: double-quote # substitution turns \\\\ into \\, and sed turns \\ into \. sed -n \ "s/'/'\\\\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" ;; #( *) - # 'set' quotes correctly as required by POSIX, so do not add quotes. + # `set' quotes correctly as required by POSIX, so do not add quotes. sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | @@ -5551,7 +5264,9 @@ s/^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)/-D\1=\2/g t quote b any :quote -s/[][ `~#$^&*(){}\\|;'\''"<>?]/\\&/g +s/[ `~#$^&*(){}\\|;'\''"<>?]/\\&/g +s/\[/\\&/g +s/\]/\\&/g s/\$/$$/g H :any @@ -5582,12 +5297,6 @@ LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs -# Check whether --enable-year2038 was given. -if test ${enable_year2038+y} -then : - enableval=$enable_year2038; -fi - : "${CONFIG_STATUS=./config.status}" ac_write_fail=0 @@ -5617,6 +5326,7 @@ cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh +as_nop=: if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 then : emulate sh @@ -5625,13 +5335,12 @@ then : # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST -else case e in #( - e) case `(set -o) 2>/dev/null` in #( +else $as_nop + case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; -esac ;; esac fi @@ -5703,7 +5412,7 @@ IFS=$as_save_IFS ;; esac -# We did not find ourselves, most probably we were run as 'sh COMMAND' +# We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 @@ -5732,6 +5441,7 @@ as_fn_error () } # as_fn_error + # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. @@ -5771,12 +5481,11 @@ then : { eval $1+=\$2 }' -else case e in #( - e) as_fn_append () +else $as_nop + as_fn_append () { eval $1=\$$1\$2 - } ;; -esac + } fi # as_fn_append # as_fn_arith ARG... @@ -5790,12 +5499,11 @@ then : { as_val=$(( $* )) }' -else case e in #( - e) as_fn_arith () +else $as_nop + as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` - } ;; -esac + } fi # as_fn_arith @@ -5878,9 +5586,9 @@ if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: - # 1) On MSYS, both 'ln -s file dir' and 'ln file dir' fail. - # 2) DJGPP < 2.04 has no symlinks; 'ln -s' creates a wrapper executable. - # In both cases, we have to default to 'cp -pR'. + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then @@ -5961,12 +5669,10 @@ as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. -as_sed_cpp="y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g" -as_tr_cpp="eval sed '$as_sed_cpp'" # deprecated +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. -as_sed_sh="y%*+%pp%;s%[^_$as_cr_alnum]%_%g" -as_tr_sh="eval sed '$as_sed_sh'" # deprecated +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" exec 6>&1 @@ -5982,7 +5688,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # values after options handling. ac_log=" This file was extended by $as_me, which was -generated by GNU Autoconf 2.72. Invocation command line was +generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS @@ -6009,7 +5715,7 @@ _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 ac_cs_usage="\ -'$as_me' instantiates files and other configuration actions +\`$as_me' instantiates files and other configuration actions from templates according to the current configuration. Unless the files and actions are specified as TAGs, all are instantiated by default. @@ -6037,10 +5743,10 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ config.status -configured by $0, generated by GNU Autoconf 2.72, +configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" -Copyright (C) 2023 Free Software Foundation, Inc. +Copyright (C) 2021 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." @@ -6097,8 +5803,8 @@ do ac_cs_silent=: ;; # This is an error. - -*) as_fn_error $? "unrecognized option: '$1' -Try '$0 --help' for more information." ;; + -*) as_fn_error $? "unrecognized option: \`$1' +Try \`$0 --help' for more information." ;; *) as_fn_append ac_config_targets " $1" ac_need_defaults=false ;; @@ -6148,7 +5854,7 @@ do case $ac_config_target in "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; - *) as_fn_error $? "invalid argument: '$ac_config_target'" "$LINENO" 5;; + *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; esac done @@ -6166,7 +5872,7 @@ fi # creating and moving files from /tmp can sometimes cause problems. # Hook for its removal unless debugging. # Note that there is a small window in which the directory will not be cleaned: -# after its creation but before its name has been assigned to '$tmp'. +# after its creation but before its name has been assigned to `$tmp'. $debug || { tmp= ac_tmp= @@ -6190,7 +5896,7 @@ ac_tmp=$tmp # Set up the scripts for CONFIG_FILES section. # No need to generate them if there are no CONFIG_FILES. -# This happens for instance with './config.status config.h'. +# This happens for instance with `./config.status config.h'. if test -n "$CONFIG_FILES"; then @@ -6356,7 +6062,7 @@ do esac case $ac_mode$ac_tag in :[FHL]*:*);; - :L* | :C*:*) as_fn_error $? "invalid tag '$ac_tag'" "$LINENO" 5;; + :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; :[FH]-) ac_tag=-:-;; :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; esac @@ -6378,19 +6084,19 @@ do -) ac_f="$ac_tmp/stdin";; *) # Look for the file first in the build tree, then in the source tree # (if the path is not absolute). The absolute path cannot be DOS-style, - # because $ac_f cannot contain ':'. + # because $ac_f cannot contain `:'. test -f "$ac_f" || case $ac_f in [\\/$]*) false;; *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; esac || - as_fn_error 1 "cannot find input file: '$ac_f'" "$LINENO" 5;; + as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; esac case $ac_f in *\'*) ac_f=`printf "%s\n" "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac as_fn_append ac_file_inputs " '$ac_f'" done - # Let's still pretend it is 'configure' which instantiates (i.e., don't + # Let's still pretend it is `configure' which instantiates (i.e., don't # use $as_me), people would be surprised to read: # /* config.h. Generated by config.status. */ configure_input='Generated from '` @@ -6514,7 +6220,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 esac _ACEOF -# Neutralize VPATH when '$srcdir' = '.'. +# Neutralize VPATH when `$srcdir' = `.'. # Shell code in configure.ac might set extrasub. # FIXME: do we really want to maintain this feature? cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 @@ -6543,9 +6249,9 @@ test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ "$ac_tmp/out"`; test -z "$ac_out"; } && - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable 'datarootdir' + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&5 -printf "%s\n" "$as_me: WARNING: $ac_file contains a reference to the variable 'datarootdir' +printf "%s\n" "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&2;} rm -f "$ac_tmp/stdin" @@ -6650,6 +6356,13 @@ else echo "zlib NOT enabled" fi +if test "$cf_have_fsflags" = "yes" +then +echo "support for FS_APPEND_FL and FS_IMMUTABLE_FL flags and hardened logs enabled" +else +echo "support for FS_APPEND_FL and FS_IMMUTABLE_FL flags and hardened logs NOT enabled" +fi + if test "$cf_have_unshare" = "yes" -o "$cf_have_setns" = "yes" then echo "linux namespace support enabled" @@ -6664,4 +6377,11 @@ else echo "linux capabilities support NOT enabled" fi +if test "$cf_use_seccomp" = "yes" +then +echo "linux seccomp support enabled" +else +echo "linux seccomp support NOT enabled" +fi + diff --git a/libUseful-5/configure.ac b/libUseful-5/configure.ac index 9ee7a1e..b59cfbb 100644 --- a/libUseful-5/configure.ac +++ b/libUseful-5/configure.ac @@ -1,12 +1,22 @@ AC_INIT AC_PROG_CC -AC_PROG_AR AC_LANG([C]) AC_PROG_MAKE_SET AC_PROG_EGREP AC_SYS_LARGEFILE +m4_ifdef([AC_PROG_AR], [AC_PROG_AR]) +m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) +if test "$AR" = "" +then +AR=ar +fi +AC_SUBST(AR) + +echo "CC=$CC AR=$AR" + + cf_have_libssl=no cf_have_libcrypto=no cf_have_libz=no @@ -17,6 +27,9 @@ cf_use_xattr=no cf_use_hashopenssl=auto + + + AC_ARG_ENABLE(wall, [ --enable-wall use -Wall to get maximum compile warnings], cf_use_wall=$enableval, cf_use_wall=no ) if test "$cf_use_wall" = "yes" then @@ -69,7 +82,6 @@ CFLAGS="$CFLAGS -fstack-protector-strong" fi - AC_CHECK_LIB(c,get_current_dir_name,,) cf_have_get_current_dir_name=$ac_cv_lib_c_get_current_dir_name if test "$cf_have_get_current_dir_name" = "yes" @@ -78,7 +90,7 @@ AC_DEFINE([HAVE_GET_CURR_DIR]) fi -AC_CHECK_FUNCS(ptsname_r clearenv setresuid initgroups poll mlock mlockall munlockall madvise htonll ntohll mkostemp mount umount umount2 getentropy) +AC_CHECK_FUNCS(ptsname_r clearenv setresuid initgroups poll mlock mlockall munlockall madvise htonll ntohll mkostemp mount umount umount2 getentropy prctl) AC_ARG_ENABLE(sendfile, [ --enable-sendfile enable 'fastcopy' sendfile support], cf_use_sendfile=$enableval, cf_use_sendfile=auto ) @@ -112,6 +124,19 @@ AC_DEFINE([HAVE_XATTR]) fi fi +AC_ARG_ENABLE(fsflags, [ --enable-fsflags enable support for immutable and append-only files (and use of these in logs) ], cf_use_fsflags=$enableval, cf_use_fsflags=no ) + +if test "$cf_use_fsflags" = "yes" +then +AC_CHECK_HEADER(linux/fs.h,cf_have_fsflags=yes,,) +fi + +if test "$cf_have_fsflags" = "yes" +then +AC_DEFINE([USE_FSFLAGS]) +fi + + AC_ARG_ENABLE(namespaces, [ --enable-namespaces enable linux namespace support], cf_use_namespaces=$enableval, cf_use_namespaces=yes ) if test "$cf_use_namespaces" = "yes" @@ -176,7 +201,7 @@ if test "$cf_have_libssl" = "yes" then cf_use_zlib=yes -AC_CHECK_FUNCS(OpenSSL_add_all_algorithms EVP_MD_CTX_create EVP_MD_CTX_new EVP_MD_CTX_destroy EVP_MD_CTX_free EVP_bf_cbc EVP_rc2_cbc EVP_rc4 EVP_rc5_32_12_16_cbc EVP_des_cbc EVP_desx_cbc EVP_cast5_cbc EVP_idea_cbc EVP_aes_128_cbc EVP_aes_256_cbc X509_check_host SSL_set_tlsext_host_name SSL_set_min_proto_version) +AC_CHECK_FUNCS(OpenSSL_add_all_algorithms EVP_MD_CTX_create EVP_MD_CTX_new EVP_MD_CTX_destroy EVP_MD_CTX_free X509_check_host SSL_set_tlsext_host_name SSL_set_min_proto_version EVP_CIPHER_fetch ) AC_CHECK_DECLS(OpenSSL_add_all_algorithms,AC_DEFINE([HAVE_OPENSSL_ADD_ALL_ALGORITHMS]),[],[[#include ]]) @@ -239,6 +264,25 @@ AC_DEFINE([USE_CAPABILITIES]) fi + +AC_ARG_ENABLE(seccomp, [ --enable-seccomp enable seccomp to limit process syscalls], cf_use_seccomp=$enableval, cf_use_seccomp=no) + +if test "$cf_use_seccomp" = "yes" +then +AC_CHECK_HEADER([linux/seccomp.h],,cf_use_seccomp=no,) +AC_CHECK_HEADER([linux/filter.h],,cf_use_seccomp=no,) +AC_CHECK_HEADER([linux/bpf.h],,cf_use_seccomp=no,) +AC_CHECK_LIB(c,prctl,,cf_use_seccomp=no) +if test "$cf_use_seccomp" = "yes" +then +AC_DEFINE([USE_SECCOMP]) +fi + +fi + + + + dnl read Makefile.in and write Makefile AC_CONFIG_FILES([Makefile]) AC_OUTPUT @@ -296,6 +340,13 @@ else echo "zlib NOT enabled" fi +if test "$cf_have_fsflags" = "yes" +then +echo "support for FS_APPEND_FL and FS_IMMUTABLE_FL flags and hardened logs enabled" +else +echo "support for FS_APPEND_FL and FS_IMMUTABLE_FL flags and hardened logs NOT enabled" +fi + if test "$cf_have_unshare" = "yes" -o "$cf_have_setns" = "yes" then echo "linux namespace support enabled" @@ -310,3 +361,10 @@ else echo "linux capabilities support NOT enabled" fi +if test "$cf_use_seccomp" = "yes" +then +echo "linux seccomp support enabled" +else +echo "linux seccomp support NOT enabled" +fi + diff --git a/libUseful-5/crc32.h b/libUseful-5/crc32.h index 803fec8..76bdda2 100644 --- a/libUseful-5/crc32.h +++ b/libUseful-5/crc32.h @@ -1,5 +1,5 @@ /* -* Copyright (c) 2003, Dominik Reichl , Germany. +* Copyright (c) 2003, Dominik Reichl , Germany. * SPDX-License-Identifier: GPL-2.0 */ diff --git a/libUseful-5/examples/Makefile b/libUseful-5/examples/Makefile index 502d896..43cfdf4 100644 --- a/libUseful-5/examples/Makefile +++ b/libUseful-5/examples/Makefile @@ -8,6 +8,8 @@ all: gcc -oHMAC.exe HMAC.c $(LIBS) gcc -oTerminal.exe Terminal.c $(LIBS) gcc -oTermBar.exe TermBar.c $(LIBS) + gcc -oTermMenu.exe TermMenu.c $(LIBS) + gcc -oTermChoice.exe TermChoice.c $(LIBS) gcc -oTermProgress.exe TermProgress.c $(LIBS) gcc -oVars.exe Vars.c $(LIBS) gcc -oParseRSS.exe ParseRSS.c $(LIBS) @@ -17,7 +19,9 @@ all: gcc -oMaps.exe Maps.c $(LIBS) gcc -oTTYTest.exe TTYTest.c $(LIBS) gcc -oErrors.exe Errors.c $(LIBS) + gcc -ossh-time.exe ssh-time.c $(LIBS) gcc -ossh-tunnel.exe ssh-tunnel.c $(LIBS) + gcc -ossh-listfiles.exe ssh-listfiles.c $(LIBS) gcc -oConfig.exe Config.c $(LIBS) gcc -oStrLen.exe StrLen.c $(LIBS) gcc -oSSLClient.exe SSLClient.c $(LIBS) @@ -26,3 +30,15 @@ all: gcc -oHttpServer.exe HttpServer.c $(LIBS) gcc -oPasswordFile.exe PasswordFile.c $(LIBS) gcc -obase32.exe base32.c $(LIBS) + gcc -ouudecode.exe uudecode.c $(LIBS) + gcc -ononewprivs.exe nonewprivs.c $(LIBS) + gcc -ochroot.exe chroot.c $(LIBS) + gcc -omovetest.exe movetest.c $(LIBS) + gcc -oencrypt.exe encrypt.c $(LIBS) + gcc -odecrypt.exe decrypt.c $(LIBS) + gcc -opbkdf2.exe pbkdf2.c $(LIBS) +seccomp.exe: seccomp.c + gcc -oseccomp.exe seccomp.c $(LIBS) + +clean: + rm -f *.exe diff --git a/libUseful-5/examples/TermChoice.c b/libUseful-5/examples/TermChoice.c new file mode 100644 index 0000000..533c662 --- /dev/null +++ b/libUseful-5/examples/TermChoice.c @@ -0,0 +1,19 @@ +#include "../libUseful.h" + +main() +{ +STREAM *Term; +ListNode *Options; +char *Tempstr=NULL; + +Term=STREAMFromDualFD(0,1); +TerminalInit(Term, TERM_SAVE_ATTRIBS | TERM_RAWKEYS); + +TerminalClear(Term); +TerminalCursorMove(Term, 0, 0); +Tempstr=TerminalChoice(Tempstr, Term, "prompt=choose: width=40 left_cursor='~e<' right_cursor='>~0' options='this,that,the other,even more, option this, do anything, but whatever' "); + +TerminalReset(Term); + +Destroy(Tempstr); +} diff --git a/libUseful-5/examples/TermMenu.c b/libUseful-5/examples/TermMenu.c new file mode 100644 index 0000000..ec48b15 --- /dev/null +++ b/libUseful-5/examples/TermMenu.c @@ -0,0 +1,21 @@ +#include "../libUseful.h" + +main() +{ +STREAM *Term; +ListNode *Options; + +Options=ListCreate(); +SetVar(Options, "this", NULL); +SetVar(Options, "that", NULL); +SetVar(Options, "the other", NULL); + +Term=STREAMFromDualFD(0,1); +TerminalInit(Term, TERM_SAVE_ATTRIBS | TERM_RAWKEYS); + +TerminalClear(Term); +TerminalCursorMove(Term, 0, 0); +TerminalMenu(Term, Options, 2, 2, -4, 6); + +TerminalReset(Term); +} diff --git a/libUseful-5/examples/TermProgress.c b/libUseful-5/examples/TermProgress.c index 814f9e0..2cfa50a 100644 --- a/libUseful-5/examples/TermProgress.c +++ b/libUseful-5/examples/TermProgress.c @@ -15,8 +15,8 @@ TerminalClear(Term); //TP=TerminalProgressCreate(Term, "prompt='progress: ' left-contain=' -=' right-contain='=- ' progress=| width=20"); //TP=TerminalProgressCreate(Term, "prompt='progress: ' progress=' ' progress-attribs=~i width=20"); -TP=TerminalProgressCreate(Term, "prompt='progress: ' progress=' ' attribs=~B progress-attribs=~W left-contain='' right-contain=' ' width=20"); -//TP=TerminalProgressCreate(Term, "prompt='progress: ' width=20"); +TP=TerminalProgressCreate(Term, "prompt='progress: ' width=20"); +//TP=TerminalProgressCreate(Term, "prompt='progress: ' progress=' ' attribs=~B progress-attribs=~W left-contain='' right-contain=' ' x=4 width=-4"); for (i=0; i <= 20; i++) { Tempstr=FormatStr(Tempstr, "NOW AT: %d", i); diff --git a/libUseful-5/examples/chroot.c b/libUseful-5/examples/chroot.c new file mode 100644 index 0000000..a191698 --- /dev/null +++ b/libUseful-5/examples/chroot.c @@ -0,0 +1,9 @@ +#include "../libUseful.h" + +main() +{ + +ProcessApplyConfig("chroot=/tmp/xxx strict"); +printf("I'm still here\n"); + +} diff --git a/libUseful-5/examples/decrypt.c b/libUseful-5/examples/decrypt.c new file mode 100644 index 0000000..c201bcd --- /dev/null +++ b/libUseful-5/examples/decrypt.c @@ -0,0 +1,24 @@ +#include "../libUseful.h" + +main(int argc, const char *argv[]) +{ +STREAM *S, *Out; +char *Tempstr=NULL; +int result=0; + +Out=STREAMFromDualFD(0,1); +S=STREAMOpen(argv[1], "re encrypt=whatever"); +if (S) +{ +Tempstr=SetStrLen(Tempstr, 4096); +result=STREAMReadBytes(S, Tempstr, 4096); +while (result > 0) +{ +STREAMWriteBytes(Out, Tempstr, result); +result=STREAMReadBytes(S, Tempstr, 4096); +} +STREAMClose(S); +} + +Destroy(Tempstr); +} diff --git a/libUseful-5/examples/encrypt.c b/libUseful-5/examples/encrypt.c new file mode 100644 index 0000000..79992ad --- /dev/null +++ b/libUseful-5/examples/encrypt.c @@ -0,0 +1,28 @@ +#include "../libUseful.h" + +main() +{ +STREAM *S; +char *Tempstr=NULL; +int result=0; + +S=STREAMOpen("file.enc", "we"); +printf("should fail: %d\n",S); + +S=STREAMOpen("file.enc", "we encrypt=whatever"); +STREAMWriteLine("Twas Brillig and the slivey tooves didst gyre and gimble in the wabe\n", S); +STREAMClose(S); + +S=STREAMOpen("file.enc", "re encrypt=whatever"); +if (S) +{ +Tempstr=STREAMReadLine(Tempstr, S); +//Tempstr=SetStrLen(Tempstr, 4096); +//result=STREAMReadBytes(S, Tempstr, 4096); +//StrTrunc(Tempstr, result); +printf("%s\n", Tempstr); +STREAMClose(S); +} + +Destroy(Tempstr); +} diff --git a/libUseful-5/examples/movetest.c b/libUseful-5/examples/movetest.c new file mode 100644 index 0000000..616b2ab --- /dev/null +++ b/libUseful-5/examples/movetest.c @@ -0,0 +1,6 @@ +#include "../libUseful.h" + +main() +{ +FileMoveToDir("/etc/hosts", "/tmp/"); +} diff --git a/libUseful-5/examples/nonewprivs.c b/libUseful-5/examples/nonewprivs.c new file mode 100644 index 0000000..9996fb6 --- /dev/null +++ b/libUseful-5/examples/nonewprivs.c @@ -0,0 +1,10 @@ +#include "../libUseful.h" + +main() +{ +ProcessApplyConfig("nosu"); +printf("You should now be running in a shell that cannot su/sudo\n"); +printf("Type 'exit' to leave it\n"); +setenv("PS1", "restricted: ", TRUE); +SwitchProgram("/bin/bash", ""); +} diff --git a/libUseful-5/examples/pbkdf2.c b/libUseful-5/examples/pbkdf2.c new file mode 100644 index 0000000..ddf095f --- /dev/null +++ b/libUseful-5/examples/pbkdf2.c @@ -0,0 +1,12 @@ +#include "../libUseful.h" + +main() +{ +char *Hash=NULL; + +PBK2DF2(&Hash, "hmac-sha1", "password", 8, "salt", 4, 1, ENCODE_HEX); + +printf("result: %s\n", Hash); + +Destroy(Hash); +} diff --git a/libUseful-5/examples/seccomp.c b/libUseful-5/examples/seccomp.c new file mode 100644 index 0000000..d3defe3 --- /dev/null +++ b/libUseful-5/examples/seccomp.c @@ -0,0 +1,36 @@ +#include "../libUseful.h" +#include + +main() +{ +pid_t pid; +STREAM *S; + + +ProcessApplyConfig("security='client'"); +pid=fork(); +if (pid == 0) +{ + +S=STREAMOpen("unix:/tmp/.X11-unix/X0", ""); +STREAMClose(S); + +S=STREAMOpen("http://www.google.com/", ""); +printf("After GOOGLE: %s\n", STREAMGetValue(S, "HTTP:ResponseCode")); +STREAMClose(S); + +S=STREAMServerNew("tcp:0.0.0.0:2048", ""); +printf("Server: %d\n", S); +STREAMClose(S); + +chroot("."); +printf("After chroot\n"); + +ptrace(PTRACE_CONT, getppid(), 0, 0); +printf("After ptrace\n"); + +exit(1); +} +waitpid(pid, 0, 0); + +} diff --git a/libUseful-5/examples/ssh-listfiles.c b/libUseful-5/examples/ssh-listfiles.c new file mode 100644 index 0000000..9ae029c --- /dev/null +++ b/libUseful-5/examples/ssh-listfiles.c @@ -0,0 +1,31 @@ +#include "../libUseful.h" + +//test running a command on an ssh server + +main(int argc, const char *argv[]) +{ + STREAM *S; + char *Tempstr=NULL; + + if (argv < 2) + { + printf("Insufficient arguments: %s \n", argv[0]); + exit(1); + } + + Tempstr=MCopyStr(Tempstr, "ssh:", argv[1], "/*", NULL); + S=STREAMOpen(Tempstr, "l"); + if (S) + { + Tempstr=STREAMReadLine(Tempstr, S); + while (Tempstr) + { + StripTrailingWhitespace(Tempstr); + printf("%s\n", Tempstr); + Tempstr=STREAMReadLine(Tempstr, S); + } + STREAMClose(S); + } + else printf("ERROR: failed to connect to %s\n", Tempstr); + +} diff --git a/libUseful-5/examples/ssh-time.c b/libUseful-5/examples/ssh-time.c index f2555b4..83e2057 100644 --- a/libUseful-5/examples/ssh-time.c +++ b/libUseful-5/examples/ssh-time.c @@ -13,7 +13,7 @@ main(int argc, const char *argv[]) exit(1); } - Tempstr=MCopyStr(Tempstr, "ssh:", argv[1], "/date '+%Y-%m-%d'", NULL); + Tempstr=MCopyStr(Tempstr, "ssh:", argv[1], "/date '+%Y-%m-%dT%H:%M:%S'", NULL); S=STREAMOpen(Tempstr, "x"); if (S) { diff --git a/libUseful-5/examples/uudecode.c b/libUseful-5/examples/uudecode.c new file mode 100644 index 0000000..9d11596 --- /dev/null +++ b/libUseful-5/examples/uudecode.c @@ -0,0 +1,18 @@ +#include "../libUseful.h" + +#define HELLO "JBSWY3DPEE======" + + +main(int argc, char *argv[]) +{ +char *Chars=NULL; +//char *Input="K:'1T<',Z+R]W=W6]U='5B92YC;VTO=V%T8V@_=CUH26XQ3F8S8F1D40``"; +char *Input="K:'1T<"; +int len; + +len=DecodeBytes(&Chars, Input, ENCODE_UUENC); +printf("%s\n", Chars); + +Chars=EncodeBytes(Chars, "Cat", 3, ENCODE_UUENC); +printf("%s\n", Chars); +} diff --git a/libUseful-5/jh_ref.h b/libUseful-5/jh_ref.h index da5dc98..cac0d89 100644 --- a/libUseful-5/jh_ref.h +++ b/libUseful-5/jh_ref.h @@ -1,3 +1,68 @@ +/* +* SPDX-License-Identifier: CC-PDDC +*/ + +/* +Copyright (c) 2011 Wu Hongjun + +Whilst there seems to be no official license for JH, it seems to be public domain. +From: https://www3.ntu.edu.sg/home/wuhj/research/jh/index.html "JH is not covered by any patent and JH is freely-available." +Professor Wu was also kind enough to confirm that JH can be used in GPL programs in the below email + +Delivered-To: colum.paget@gmail.com +Received: by 10.140.49.6 with SMTP id p6csp11949qga; + Sat, 29 Mar 2014 11:16:09 -0700 (PDT) +X-Received: by 10.69.21.106 with SMTP id hj10mr15325620pbd.87.1396116968622; + Sat, 29 Mar 2014 11:16:08 -0700 (PDT) +Return-Path: +Received: from SMTP3.ntu.edu.sg (smtp3.ntu.edu.sg. [155.69.5.81]) + by mx.google.com with ESMTP id xi5si1057670pab.37.2014.03.29.11.16.07 + for ; + Sat, 29 Mar 2014 11:16:08 -0700 (PDT) +Received-SPF: pass (google.com: domain of wuhj@ntu.edu.sg designates 155.69.5.81 as permitted sender) client-ip=155.69.5.81; +Authentication-Results: mx.google.com; + spf=pass (google.com: domain of wuhj@ntu.edu.sg designates 155.69.5.81 as permitted sender) smtp.mail=wuhj@ntu.edu.sg +X-AuditID: 9b450551-b7c1aae000004f70-3b-53370de52165 +Received: from EXSMTP6.staff.main.ntu.edu.sg (exsmtp6.ntu.edu.sg [155.69.5.101]) by SMTP3.ntu.edu.sg (Symantec Messaging Gateway) with SMTP id 74.8B.20336.5ED07335; Sun, 30 Mar 2014 02:16:06 +0800 (MYT) +Received: from EXCHHUB14.staff.main.ntu.edu.sg (155.69.25.17) by EXSMTP6.staff.main.ntu.edu.sg (155.69.5.101) with Microsoft SMTP Server (TLS) id 14.3.123.3; Sun, 30 Mar 2014 02:15:11 +0800 +Received: from EXCHMBOX31.staff.main.ntu.edu.sg ([169.254.1.91]) by EXCHHUB14.staff.main.ntu.edu.sg ([155.69.25.17]) with mapi id 14.03.0123.003; Sun, 30 Mar 2014 02:14:53 +0800 +From: WU Hongjun +To: Colum Paget +Subject: RE: What's the legal status of using the JH reference implementation code in programs? +Thread-Topic: What's the legal status of using the JH reference implementation code in programs? +Thread-Index: AQHPSb6Ogb7OadQwR0GgfWXQpHtu/pr4YMbz +Date: Sat, 29 Mar 2014 18:14:53 +0000 +Message-ID: +References: +In-Reply-To: +Accept-Language: en-US +Content-Language: en-US +X-MS-Has-Attach: +X-MS-TNEF-Correlator: +x-originating-ip: [119.74.104.56] +Content-Type: text/plain; charset="us-ascii" +Content-Transfer-Encoding: quoted-printable +MIME-Version: 1.0 +Return-Path: wuhj@ntu.edu.sg +X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrKKsWRmVeSWpSXmKPExsUy25U1VfcZr3mwwYJz7BYH9u1mcmD0eDph MnsAYxSXTUpqTmZZapG+XQJXxomjt9kKdvNUnL/3m62BsZWri5GTQ0LAROL0259sELaYxIV7 64FsLg4hgTOMEtcu9TJBOAcZJTqWb4ZytjJKbPrbxATSwiagJLGv7S8jiC0ioCPxeNNBli5G Dg5hgUSJviOSEOEkibeLzrJC2EYStxtPgNksAqoSD1v2gY3hFQiVeLD2BzuILSQQIHFv6h0W EJtTIFDiz8RLYDWMQNd9P7UGzGYWEJe49WQ+E8TVAhJL9pxnhrBFJV4+/scKYStK7L7dwg5R ryOxYPcnNghbW2LZwtfMEHsFJU7OfMICsVdG4kLvV5YJjOKzkKyYhaR9FpL2WUjaFzCyrGIU CPYNCTDWyysp1UtNKdUrTt/ECImdwB2MV//oHWIU4GBU4uFV5DYPFmJNLCuuzD3EKMnBpCTK KwQS4kvKT6nMSCzOiC8qzUktPsQowcGsJMK7455ZsBBvSmJlVWpRPkxKmoNFSZw3W8QwWEgg PbEkNTs1tSC1CCYrw8GhJMHLDUwRQoJFqempFWmZOSUIaSYOTpDhPEDDeUFqeIsLEnOLM9Mh 8qcYFaXEee/xACUEQBIZpXlwvaDUVv////9XjOJArwjzPgGp4gGmRbjuV0CDmYAGuxWBXF1c koiQkmpgLDD+qKlR4aZb1un2hUdb8XinXuYEsekxIQoXz2pOOceouGfBjPvFs55yPPnUETT5 2eNlGquveYn9NCu6/YX9WvjPwufm7Dqxts25SzayOkyXPcvG//Gpdvu1pxWTmHiP39coDRWZ 4vcsu+Xg50dv5QP3tWwVS32y6+7UGzyGhkfyv4TNTvgfpcRSnJFoqMVcVJwIAEATx1dIAwAA + +Dear Colum, + +Thank you for your interest in JH. + +I can confirm that: the JH reference implementation can be used in the pro= +grams that are released under the GNU Public License. + +(Developing the algorithm takes much more effort than writing the code. So= + the code of JH is freely available.) + +Best Regards, +hongjun + + +*/ + + /* This program gives the reference implementation of JH. It implements the standard description of JH (not bitslice) The description given in this program is suitable for hardware implementation diff --git a/libUseful-5/libUseful.h b/libUseful-5/libUseful.h index 53ea6d6..40cdcb8 100644 --- a/libUseful-5/libUseful.h +++ b/libUseful-5/libUseful.h @@ -73,5 +73,7 @@ Copyright (c) 2015 Colum Paget #include "HttpServer.h" #include "WebSocket.h" #include "PasswordFile.h" +#include "StreamAuth.h" +#include "CGI.h" #endif diff --git a/libUseful-5/libUseful.so.5 b/libUseful-5/libUseful.so.5 new file mode 120000 index 0000000..33001ed --- /dev/null +++ b/libUseful-5/libUseful.so.5 @@ -0,0 +1 @@ +libUseful.so.5.30 \ No newline at end of file diff --git a/libUseful-5/libUseful.so.5.30 b/libUseful-5/libUseful.so.5.30 new file mode 100755 index 0000000000000000000000000000000000000000..2dc26066b6418c24e99bb67f9db7b55c99628d9c GIT binary patch literal 1514372 zcmce9cVJXS*Z1Ac20{$`fGIc3hwoHYTh3O<1!3QRzJ(qX>pN{+kbD=CoC zK#~ZEM=%I{1po0+dSoTVfUnNK9x^1Lv}Bv|h_ogI&yPOPM?^eC*FOI+;RDEx0ek}4 z?Fid)noZ1)1&y9j2tSmg((A~xBhxb>|CH0{IiCx_&oQ5pw1m7FVF2jkRdi~>2PA+e z5xjR0zR$Ws1XYrn18>LigV2);JRRX=gi8S#hzGLHyND~#GNwf%tOU8*DBE0wBbmMv zaeBzEdpX^As`SJQfy{o2;E4oOVgB#XQ5(F^5q4vJB(oWOs|qKY`gt2^wgQ?yr#=3H zU>Xa5rP9$|Qzk{9T19W@{FdeJB0d{J7ocMg;`b2Wgs>Ou90$B5;*UVv2>6#|koGL- zyH)wtLJ@rejq0YAX}d=8(1_7-@{ z0slZwc}}waXCO4<3O+@=2=q;W*?`Yg@&(X$4E!aW?la(jAzl&TQG_nQWac%6+@GBG zW6(-~)6)*LIF^wq@Hs?AgFcH1dl5c{OjYQmCl-KVK|IqTcO3Ecz42=$xe>i2sgwPsm+IcoeV}vhM{TPTQI3hh*_G|5_k(n?8eM*R@5!aRC!;wA) zZ~*Wv=ygE*8u8x&^gKfN4d`#ksPsL;X2|0Qgr}i%JzyOm2{PpoRs$SHnudUOoKG-h zyMX=#Ku=?&w=nM^(;`3*1?^qnUoh=Fbi5)`pg%EfKV%XCDZr1gj={_$(OS@5pXv30 zH-!#*t|6=dxjW1oim-|*U1i{XA-4};gpLdq??uoS0M7?JLA+4K11ik{{tKW1pegi> zWqvK>`2phZBaB4&C7=VB=P2ZU0?=b%c^Q+WXN-T({1co;;dcc+gVG`V1Uxs(5x+Cy zpCX)%aIcC^yeW{akGkyx{kn?xE8>&DTZb?WVKLw;;@!C%KdWTz(6a;Z87aiG6SBF0 za6mcew#j7aF{gbO_(Sl%gbshe$IMrP%bL0eabDX%k48FrUgR(a@rkOk%m;o7aF1#I z5bw$QK1Z4+picm9LlFN}PA*kfHqr!~Sn z@SHL#{(YT!alpDl)*ny>_3sYch&Vkt2yIB$k7bE=9QbBHE5J!2;7LLJ697G5$btCx z4#!V(xRLedb2t)oJJPKLz7DX5<=*7{z5@OR$NeDp8)Rw%zk=|0gxe5K1km$2z=U`u z#)*~=nQsw3L)t>X+u#)t15W~Y!$CVQqvGH3;Gg02%Me}!RAzh;uGVa;ZSpu>38AUjSMv0;;f_DqUUJoSp-qjf1?ejEaAKfnQV0vM*!b%o=7xGaki z{>=$CAif*ve^eA8EQWkNReFWB8-8s;r;&zYyTfJsquf5Q^e|^u2HHweaLoF z_|FTgKgT|5Io*HZS5yg|hl~UH?f`68<*$e=WF2M>tAp_kha$*fEriuL{_}J6 z5sS`%=&_@YNeJTsA9H=X5`&*+oIaiNR_NNW7SitJ^wYFV;4iVBgy)oJJ!mmVTY-5= z2#u_(3hQdZ{mY`!{Q~4VgBJK4y+bv!3i>ze&UsFq2D6^!D&7{vRj5>hkz|A~a=8LH zogd>1IkR_Jb_@82k?$ek)0y@Qr>VerC&ra>D&atmOk@5D#>aA~1N~3dL8OMrry0UG z0jmK^0VUv9MA^Ou?>pd4kmgN5E6`dad>KH`WjPT4rb0Fp^mmYUCg2Z%3osw_>5xDm z4aGk{Q3TI5@LoVz6X7YO`vEbYEH{qv#lRP;^zBoXL7krB?>&e28q&V1 z75rcDCg5KHR0b>t)CZJ8cNf6c=i~vlcp9K>3;qYbA{WUrSzOnaNT)ofP~Lz4i>)rQ z9a@9m5NUi=c|}9P1K^cZy85c@M*4qc`B0|!Ri#(**M=`Z<|UO*h5xk@(S%v&Mk7b` z8GzczBUU9#bb3ZWeu9SX0=++IT~y_os*w?i`Ja`L+s^T~IL&xfIUL}P1^q?9UBGvM zs%iy@{{Y(ao=MLmYG_|_*+wAz5pa|F^AI-H$P!vv)jp+M&IQQ7yQT~$$u^w60*CcE zuP~O4L%33@t0p}s5ka^bLEIN*$Yxy{*8d5;%xQCww=eQFDP=(Ft11nNh+k6i6jqXk zwgim6T>e)%9DqDt0rb(-YZz#m0D2CC7pv0MTxDBXLXz6BEa9s(x}q5G1D;h$fH0Ej zxrq1Y_!bpki3TVUgqu}yb#y=SH?ocs2v?xI5vnq&W$S9_LsWGmxlS7VAC?~uUNz2R z63fg1Eep_sZSouVqge)I@f4}_jfJj38onY&;WEgsWWol>HD=j1pfzH;I+&-?)rs*c zDtb02ScmW<6Qjx^5aq*KdKycEz1&;jtbrVXsfBOmnl{||cF zKvw@hl4qW|(wFw*qbl*13QrvDcgYfm|N|Ys9AxBSBg`fbcNFMJ#ug(^h-VcuOM5EEmFZjEdkRuA7>s#JedGRhXiR|8LQk zp}RMPzCyk}sK;DYU6i!6ucZB{1fcz7o>Z~`^3!Sdm zFjzHbyaoE@**lqL3z#U&EMP#D)IOqmHgaNOFz>tDHLd} zHW7YCKS>{!7l6_?mMShZ6t*xl#(RaD&6Y|=|A1n=>NM&67MeaCK1lMds^m?o!VFSy zE6KlxsTr-(<{qTOxPVY8pvKyxI4qlCoGF>z<%%j!hZ?Fm^h*UpMko3jO-6_0_NRAV z2BXwux;tq0SGDqt2TLj!_Y_v)-gL`0I-tde~bksNz?_?WZ>+NXGg`DcB_GAw*AT#mbVwtk>uJCD4mPKfh3^ zm2MEqhNi98D$mr|O)u{ab*rA6Dq&-L|ZtSU2J5VO?53gZ|rs8tb9cA9;X| zqWc*9hwF9IrRs1nv})@L&Co6;>4PTjdiv?^u$BGFH8<%44G}HqHJJbG>77tWg9NQQ z$yi}n04m_up_MeOZ8=@Ve4TEpF5GPlKq*A6Fv;!b|AJJ6rq}74#I&eRg`(pT zL%krZecZ`L-wJ+JYQW^WW}$|qMn_RM6v!yKCEuy;IyfuP>E@c&oo=01G0(4=6jZT> zR5hts4_IGI(z*SlI)TgAwex>Qdm>1yb72E8;ZCNHz1!EX#KsB4C4!arQ9AjSgZ zS6B7|vB#q`6FN&$&h(9lHv!OC*&IMmON6ZeH0RT}^9q30Bh<@i+@y!rYqWQwcY-|t zuL9_Nxi^5$U4sC@01PMM2}el#VtUs=Pd|iFfPsvg5i0ZKV8m(9M|0>X0G$^n04xCI zQP$a3&}a^&{aGd;3*Z2Z1!MzU06Npi1xy6cGYR4A05@PN)21Pu4wwa)&9pfP=W?9R zf))Vs0d%&$6!11+Ie^x^v{!itK+kG~G~cZQya(6-*a+AJ*aD#Q*6o0g0lNX806qom z0elXiJ@^-ZF9Ah>0|0ssB0L13dHFbi_EFyfP6OyUgYXByIlu+L&wvuZCBPNHRRGP$ z*8w*HbYAoapcFvQU4(yeoYo=_01p`_{v*U61D*lUzdYw4a6gI8{^{Kw%|Vp_l>t=& z^r+uk)c}p&gVR|=J?6_&ID-J*fN6C8(Fj22sZ9V)0WAQn0IdP^sP{jFw*x%@K|>y&LHOi<}zKqrkoF&vbJ7?IISx&LyKoA!nXm-04o410krm71y~Ju z53nAv5kSxT98!EU;#&Y)0UrSh0rYG~xC5{g@F`#qfZjLJL;J`BfJ1;IfTMt8fUg0^ z0rZ?e_zmDYz$w7@fHQ!zfFA+$oI`jX@Dt-dBP;>@3b+io0=Npe2KXIt9dH{!>vVeG zeFtz4@E3sAx(@-50Z#!Eueazuhk@gCKA=3bw^7cwX^mVNK>I=3yH*F(0?=6zoxjo3 z5Fwr07y)!I0TZOyQ#40N552FX^G14J=CBAtBAyL+Iv^83XHc{k z9S@iQ$OS0p&a_X>155|d9%&AM)~;^?=xm6dw-7D_ECMV6ECbM^yqj17oX)~l0q8x$ zY5?tl)&kxGYyfNod;r)2pojL{+W|WPy8ycZp8!4ud=B^mPz0doD})CDhZsN1;W31? z4?PZ`cZ77ddIoS7a2{|GPy)CNxCXcZxCx+r)}Meo0QK`19MX!N z?r!-4=pHhisnUB5I%lSHHoE&o=b?1JiSFpq8Kt=Yg;06uE-1aXY0NZQJT(Pi?J6~A zTC2nU6ILJEePd00>-!DfZhyO4t=Rh?EIQuy^5oq|rdfYqU2jT{xVn4puL|hcx#o(C z0l)g?G@RYCn=?4Rspb5-A@dCP=e%8K_0!k8v>)}!y|s-#{pjrVpt`SKyIO5~%M*U? zJNNDfU$Z4`f4#%rcEj?=-5>Y+rWyTiRh!WCzOCHqJI`{?w(aFIk3F+1IlcMJHoKbd z{5bTyz4C|C#{ON?-ZApd+7Tc1a=uh0bMKxv?^M0>QStn#-A>F{Vc&MU`ofk4;eCHE zefOKQv!`}@diUzP4Srtw=|=+>?rqxk+uxb($lCw;dZKJKnG#rf!=k0WKo#jx%z#}68K@$Ru7 z<6VKVr_%mO8}#~%aT^yYnTCYNvdaN?c&yIwunVC{@ozjtgu^6f|d zR~{5pTCru+>0e&hRJt*9P;A2|&2LXV6jHa`y7x;in2WzTa(heLL6`lnIllUG`O%@t z=iZ-u^G4nDo99O~cz<8(YG3bvu=0~yheAGnF!HBouj+Tg=KeRoclBOn{VaBU`8q#; zbNcV_tjTju&Tvh<_xZ--KYa0c*oL`7i-Lbn+q!xA&R*6Z#$4*N*!*pis--cr?G27M z`t|kPbJmL!KHV5Heae&JMSUu@n=__)*RB4Yj5D734Xbi7#OOEt_Kxap7Vg^JX>XHT@UvKRDS7G0J zCsxc)`J(nz%jpXdmSs&gv~BOIb8zi(%S%$6WAwvedk1{ecGuUN`rSKoZE?Thf8DDv z{>vlzV{*6t)X~>e)6y?$#qN2jyJH_`Z`b8dzVgrOAKjcZubf|Mo=^9>FQdQJ1;m||5@|+Q^yMP;6bat*thj*?^U-S20jeGy?I}B&yV)^{CGpl!Iu}m z(5a+G?_nqJ{P0cN_b#6q@UUM|*XX=6z5i%`bBZ(g_=Y7r3!6+n{o1d;Mq7FmZ(esH zb@gwp%AcG((Klya*4GcJta|mrG;8JB&Ce`;;rC(Yz+}HGD<{2pXx#|MtBsD8-;s3n zrS@S9et!9jrbP$(+{(Q+$hc=>jYE4oo}E#5{M!uFjs$p#STgUouY|{4Z&z&DG>=4%I;b(tryi|G5k?8);4+iIz zONuLh^yA0VR<`PV_PfHB4|-kD{kbG6Cv^3N;~hqQ5#Y{UQ19JG-TS7^j5zBs-v9Q~ zll^y2{c?+`PlLZ#X8bu)deC*pyF1>SKjPSh_dC8;b=T)hhdt3$+d!woVCu zZ@{dBQUBgv@bHBlpS6B#eAM2`*RuytIJaj0jFESG6>Q%XzklAMElWN>@#<+uyWx{I z6fc_Jc|_x`C(YH~4ep-4W$KdQfvb)cvP$j0j_FLg1_k#^?(RXo+@zoMl*sz>E9F+~_4lLa?izLd&nHb@zOb!g_4!|av^Xoi&!j8;u1aSPKRFbztng{eRoyCd zpWMIe!HzlqgascTeA?;^9=v7r`E5m|BU?`>U+3s#srfG%J2$*JasK3>ZGVK8+ts&K zNQ?caYnld5tKMdB#c!N%{d#@<oE}KA#>LbbfJ7 z-Hwj`T&**&QQ*FtOX|7|KBb>+X+O2Y)~(g*F7Lj3XpH&SeV2ypI6XXP)|2RMuk`3t z?&urwdm<}S#6a_&U8b)o*9A056M zb^6wt&h5V1JoK$az5ZCysm;0vuk_HjPOsHwbX0|pUvkcBS~GuXMD4>9TaCzjF{SQL zn|m16&pmE!-R-kVF2uS z%6EL<{L^>C^-cE3*xvQKw~kI8KcZTfHgC+i7SLel=2dZV^>g1bjd|zGN_%SF_VK)5BJ@8^>M4iGdiUIGI2>&cXnX) zt#A3B`f}@w_2?PH*QGz~zPDV$JLjae z4U*5^d;HU~(I;+g3Gvxg|8cV!rz%`Kv+4Ti%X_6eQ74C2-O~8d;71eI59>5@$=Ze= zo_{mA9p#}bL?63_AdMC>sEX_C;G~gl~UNEVV%={eWC5}U4Pr0M;)dwe75Xf zG^^#a#z#Ak*sw`Awb6=4rwcO^M=oe{dUNyFn)}~<`2EBncdcLkJhNv>Y~z3Loz7`8 zD7CZCkuOGGTDkUNt2_04)AtP6_^j=j8`~G#tQG2i@$Pq3yZu~#+JpKvF7@y`|Nd8b z!xs$=oH(ZE#NHd1TQ2-ON_WuM;2-0umoxsXb?aUKM|p#1yxx7sg|SBhW0K~Ly&Au2 z)by(cS5)nPGv4jea9qxl;Em}4_da`jbI%!PR&|{-=H!8nL9NEe&ptJJ`qcBU)!#Go z=-Cg0`^V2Yu`wuO%A9TsE*75udclEfA01iRA+^Vau9v%Iywvpmyoa~jN0yJhTs3F7 zbn>--=5>B4_Ts~SCSzc;J*|!hri>mjyYe<$w^NPXGgdad;;-+sX~AbPbN~FS(UV#; z!eg@EU9@0Uqo%Ht%{tXwGp1L6nI5fFMmj`3Eck~%E{KoQzD}M_**lzv)u-g~9?{0U)H~Gy>7FM-D8bTxC<9w7<%;f*tcSK`TMkda`cs}8zi58Z~3iB{b}_1S>5VdUj1{;>TaL- z9lLMIdU$W$z%Mp`ex^a*2Pb^ryV#-X!Q(UEyQq61A@f1Rf`_@ct~_Z!Xna8b$%n@I zPwt*RwZqX9CCgq~SgrkuH@^A1=~sR)%x*U$eD=qE>b#xloBUl%%f_l{At%;-f2DRV z+R7R@rO)1wZ%hF{F2B5PL6v2T`&6!xl>O_#xg*Q>3p^P*>QRqx#`UlAP2Rs9YgK&X zkA7Wiw_RI3>EHI<-cH`Wr*HK;g`ZVw{n@4YL)!H<)vOj7r@L~Y-qd-$dSv_*cV%|x z*l9EUd>3U${XNd4kG|IGe9H0zU;FltPG7m!J#EhBiE-F@G-d@@f{+%pF4Fs zCui74E!ywtSGDQEprO&}J-**{WPOvbTJ6i2n-}v#k0$Qf4W51YO7}r`9}ge14n!jZF_O9jvvW zeDy0)JHsos_dPo_?eZhvr<=|-ir9K}OS_9NJ^fwU{Ojz`ipBksOG(j&2cOv|rE{ur1Wd))PC(#(@*mR7yDZ}AHS z&8Gj|twFOeOThI7f(5%D#UFFB+)EGJ}c>dLGN4~#0`Q6riTD1A~{oOBbebRZ_@+qGl zd9$>7_Lbj`HhZ^x-tqx=4qFV3e%$8UyjHIhlUn?-wpZl%<^7%=PPyE#Bz|7EXQ9%i zYr__gy8T&-q04XK5A1VB{1H4W+m*9u_?p1A?w3mf?^fDY{ovuPaYsLCUi0v#ekQ+a zJE#2cZC*Y5mB43jcK`9$y0=<(w$)e@eQHy`$-hiG{PcRy_NHMgSBKnv{Ue{CKW^Um z{?Dq@?HkO~P`~QZ)@nh+cg76c?QB2g>FXaIej)sWPlm-E9@z85@`N`wOhyblsE2zuxBMpluWXT-)xVWkO`vLD#$Zes#w5D8pd*{L>LV77rM@a8dn$J#>Au z%oEefi{i{*+ET78UPpDtMEv-+W%W0CP5EEZshFLXhs^!Xb7 zmsR@7zMpICmD#SWzB3v=opUJ<>F=r0|E31-rok_2>XV{rpC=lBsHth+i5-;O<@$xu z3s!!pJk>S&#KlY%|7JZ!T24PlRa(uCAI8-ff{>P*VNCcssBNZJud{7)puS~-gX-Qoutv% zNYnpnYs#;xu4F`3lQj8dX~zF%bXkEPvd=C}|7xQdpN?wM&(QemT1|Z?Y4~}X`n;;~ z|9pDs&JUHRyQ)Hjf2^5*TWajrO4EMdDasI1`koqp+oNgEOig(#n)1J^@wXeA`~x-q zbwiWiYE6H+q$%GKjlVb6*gIO&Uq@3hFi7O$qU|9K7mmZrQ{HRGvCGrp&2`onLU^-N0*|8GtGA~gQf zNz?zgYW(}5MqfQm`F%9)(Nfc%OEm30SkqqgPEL8KJ=Wo!7k8vmcB>9035{^hUXZ&lfo?AJom zp6_V#JKk0)J;yroDFtD%#}wEcPvn&#F)szwJdu{ikaD(WuE!uNiOm zX#C~2W_%y0slQHx@7L)6Rip2brhLA%$mWOa^@k?C`tAqupK9#!p2k1Z6=euX{vS>G z>rfb-$4GwcyUi=A^t49dk(;bu%?WkKt=r% z4dUJz@iXB+?r5F())C?L@WG7&To^gQ<#~kil;DEYBu;-8%9Ssetw0f&B~8^%4yO zlzt%e6%Eu$%^BZ<_R8O5kUF5>5#J5}DZr%)1Lq$IeTBH370LMBI?#_x0sT4sAe5(I zzfKBfyl*YwxM(z<@lV^pzQ6cLn_x%MA6OIqV$@5S%%6sQ^IIFlZz74`0OOrMeoR7c zM)*bGB_nm>dsBq>g1iHl$)+(s5c6RnE*K1AdrzS8pcH_o25zKwqWvZ=%F!@S>Ayz% z(nSoVeN$1df{r@zTR!5yh98+7{i(b}R}QMn)tt?fBDbUiEls=z7TSyO?4jsS&WY0KhH

mq(3848yrXS2Qm zuwQl*u z^917?p`R{B(OpO4zX?Y+MdSNtKH`2U@fV`J39Izt{vY8LVLv1K_XN%_6@0obuK05$_D9-$xqG`d1*m8J9$98YBJyBkT$1D&Y2g zhW?b_3g0kfemfeULJiVo#y`Y(S6D|c?!r-e^2=gecs$7R}6n0$?{7uuaqR}q_bSVe=wfWM{Y*@$mt)Wya{NZ zT$Z0m{)Y>C^B5n8_NEI~ft+6rnoq{*#W&rke0Lk8J@BI`xQr-|jr;+JEVND}{yyq2 zxa7Bo^NYdwS`?<2K2+o}o|$#K1Ino(QgT_ zP2)YrhcuS|1O5`wLN5(t{pB(Llwy3zV!jFWPr!KIhw&!x&jefuRr+5J_@;Y4QV8>l zV9$KmQ}NGkUEvQG(f-V*ySzmKI*Ep5Do-txw*VKB6?t?u$%sp&QOw^B|0%W@BopIb zqQClA_VwV_9+3aX;2EC|!(N4Ey#%t*-?<5JTsR!S_yI8T9~;E)yD9&N;FrLkPBK3m z`Iq$8dHj7a+Ru#j%u43(Fe36uFTM>$>EB013LhB6Hw_7YfbzI4=VM)+zL1@@HN6XN9lv~s1N2J`mGS*4d72j!3HUt@ky|MQL^4s{%Oz`0RPWp z{#mRS%orrY86SrE(&W&KJLsgZ8`?MFs=-tKrR~r@xQIu0m5F~W0O{QZ@vSAoqoA+E zXpr`^zNrX{F#f;H_@Kr}ulMoHSDykee91>T0XtCoC$L}1w?0x3%QrIu$3?*moy@1Z zu&16eDE%F@zsYJ4-;N=C9m-w+8r5aVUS z483Q)=!5(UFy5ltg1;B@gL{qM)BeY>P%$nvh`aove(1jmO}yjfhb_=Q)?hux`Yp|1 zA6!sX=8y8|9|0kH=^^XCiS{w=^AY#BN#CC+PvJ9zWMTg2ZP6a(44(B$EO1G05WlM< z`Ij+2mTvWtR5YqY;31W&$zbrzm!mOX6uggL7BRmZ=Iwyadhy*d(su#==4kGn&#FPcyM?#C5-`7%Vm~p1 z)2~DSbK^%IeHdQ@|1xdXiQl@AzE9E53is(e>y-~+pM)1-Kj90rq3+u;$oc@9l_Qw3Rlkr|Ce-YMK+ZaDq0sLH@`2H59 zUxxlsGTpnsI*9(~!2G4?a{y16?&Fz%Biq4W?if7deOr{bwA3KJQA+w2yn^&iVSg^~ zTC~4$wa%0OPPC6>ia~s9nB=cvJS{)Bcq&;Gjr{nM!0 zPfdnB^GgiU5>6jgAMG<%?-~EwU_Dhb3-)9FFDQ>0KY+3^zOV`MPw}odAEKj{-uCV< z9O!Qa;Ret8;WFywMt|$X_1j(z^*N}MZZp1^kIuQr+vit zuZcey<7qxN+p{?RBFwA#eRLlC?}a~^ZWui4&rxL0RXXVz>uUl34H&PN;0D58U!y-8 z`*_FyYtR>f^@?KOUx;t=`uj%o_rj*${m4DEuRkv9EA!Vd*w2W=iO;xv8EC&%7nS{T zUFjgkmtsuvKXH52!*~#I0{b_{Ps4wU9vM92-!bru&*(h!c`(YC(91i19I1!=ZF(t> z)8B)CCSZS9oAdt{{#DxBAcb&!hoZep(B5zZQUBL4KN@kKgJKE%IQ-N7w~uE(e7`mD zB(x9f3xGZSF+M`AkS|34Fip^T=Fi#CpP<@*--A6$v7aen`Rzzwy3*j85ByMm6V{)~ zcv2bTy?dR(}#j= zSf7S*`nKQ~;72t|ea>K<4T$jWAI>3vGuC@KET4e-7h*lQh4DXI0{_xSdxcF# z#`%|<>p!9$@bw012kcJ#q3}QVT!Y6xBT$|M^q6#8ULL8<(xtMzK7EP z2>TSC#r}-_b35wmMt$kGL&RTD3I6ERd*;{6gfI8{_a|uIfM$Bncy$T&@yB={%lQSP zK8`{kDV6Pi3Hj$^|7BzTawG76_2QdxlwVuqTinyTpXo{V#r(dW>wgyGQ^{eS_~s_b zr!+?SEBJ`t&=NkRD)O7E$FH^J@^8ZUVCoH=^J|a#IzHD+cYI}jca+N=uM@xhqx83d zJJNKX^FI^vEorIqtd|GFzf8Y)`$IDfR1VBnsFtwTVzhTcxK4cUob(03J_(Jz{z|_a zDhS4Yo#ktyob<8nK*j^%-)8tXiY@fz^hA1`Z-q1d85TMw?7t>6KBg}0H^O^?Y<6VR2ymUY8S+Ygv+22k;e=EfN*Nx?uSAhHsohQFPuy8DWOE11JO7;00 z<#%Iqq4?96=r2VDKH_(u#P5Oe#NApizVkx(kI-A#T<1A|=nDTTny&ZkFKeK`6u#{v zzMD+);WY5UzRLK10tG9^d@+m5=SKUM;KyZf31Oevz>D|b8vxwijj`V;+^UmeSpEaZ z6=8iI!T1rf?+x#MZ5xdz_w-T{>-&)U=S3g!`)w*u5$0=iee7SE|A@x_PxPMiq}`~$ z1N#Z3J+{EF3eDd2NCnu_z0@Fn6HNNvg8q`9e8lg>g?&)pLe+S+7UQcK>#J#8-s_a# zZoTxB@sXI1i^2@zTd$OUD)q;FooD~EoaVQ7de8jy9{PXrID@nZb|HBK=2w55?+jyo zj>bq|(MSB=oA}?OzWEKj>*q+yf4yGX#PW+e0$*bAwAWeWPe06F$o%O@@5bU6O(^n< zM|+#G|4(PW3I1H#2`8dysVtgp^j9<1i%R|LKt2HDEvB zFlV?tyCLrn`Js$QLw^Cr`vHuHprCI2xOP9|HPC-bu|N2l>-!GU=i>*uN`A+XzF0M% zc0v7&i@o!CBlNEV91gEyeeK|n`QQ6^{PSn{fANPt;#==j-yf*|&ooHoSiUFve-YLP zZ*l&6ePN$LI!}3*p?~D})O+UJGw=r^+B=BTM_{}y#C*`3@w#X~_d2~apYcQ^@CSO& zc(fD#kpTaQWd6tS&w!Q&DUb0ksK03n%FE?h3wd|6Ui_^CD*vmkU|;-bxR~YVqQ97? zd*26TBfnDQhiOmv-wuRs)q4I8{K0|#X<>c|{5b*p*};rIgFh#rGsG}XzjH3ZekFtP zV=$a)xK8{=pUPv0ys^alez;Q?)aO0CuVVQ#u)hiK=dc76EFco#{4%c!#}W}+{OG#NMD4PCu13J4u3MH7{s?P z$R7JaH(`FaGQU3RUy2`(!!1R9&~#FPNhgIeULN@wufblNUs_Ap4?hy$&3J#3!+{S=N`B}XgodT&1bu>^y;GX7q{`ZEE>dWZA-0Oc!Im2Vl+o3P%1 znM8i)f#<)X^UODEk-qRNo%mZ9WIq$>57kSjS^gCKH6QQ)6#pDw8~j)Gp7mH9#)ATk z2M(4`guYU|?-;}N`4R((5&OgT%8s$q^tCM=5ok@Rx@*nJ{4{-hu{E^>}*grGA9{y||rT3gK|Bdmg z&=2o7x%_8wUS-Dl*mRcv2>Q(MmmtQ6f$uQ*itpY~ezC}xKDM9A{2>@`+{M^GBOURb z=pV*+b>eT45Iz`m2j**RD+C`$?~)lGgu#|t;0I71M>)Otwhzhw4uA2#?6rSHQzXpu z@vJB9uwMY?uO_UoK8+Vw44(DhcJ%K;tlu$A2>tUgK9-=9jb^+K+P}zQ5P!Fd^3$Pw zB|W_F*NrHb3FAd)mM=tq@JD}0VZ0sITSacY_?teIejn^za0cg9%nyO#^Ra&F&Ukm| z4?z1U{k;#?(~c7F`|(=9-M@I>7j&WdV!d~~o(tUkfp@*ShwAUd{KNWRg1IslZ~sMl z&wA+s3hG#Akl>zz{|@R~fc7rWcoFQMkN$yb2>xOCcgbkI_!}pbe=_F(Qhe-3sgH#9 zf&=RrrT*8cJ+Z$=w-f2Np+5yI(TQ()Q2L&j?~9^zp7&KDsE>aQ@B67aDgW8TYG#_THcq-+Q9`!WyIgdLK{w-$K2MFu(0$ z`Be0`0*wDkf3w4Xi#O=S->#wbJz%c{OoBNqe+lD>3Fn1*j9XwI$1;QGJo6~p&w>4> zGM{!w{zl}l)Ndo?i)QFN=OyK7JjHmc*nb-Am48|9IX`#_{XZZ3k4~K53D}1&cPQl< z2>{B?#`@ZW6+P47fUt}ZlFG2hGe~A4T z=t4i*uMqv?U*_+{IN-+n2AEy&Pr+WL@IMUG0)MXw{3q4Nvp=Xq4c`!dPm{~{Bhs5E z>co3p(mxUX-H7#v;=e~R{uJZ=!Z_A<2KxMMINxIYBK*>X`8AaBh0TyZ4%uI3yae_x zN$}qHFk-#!-^lBqPf&lOYCkmu{h>g$UVaaHjLp2~)3r%ooZhoO`wj&yR^3PFi;iA| z_51y0!$ozct zclV3F;(Jo0ZyWsAxCZanIltrB?-cCCr~g0~cfU&QY{K}dj5kkUzW}T!6#vjdA3^Pi(EKN0ox$9&h1@c^tR9N1j^z<4~$6;Ps+DslM&(SPXUh-u6}kNLrT6Mv7G z{pktnS6YPgRK1*k4U7*3Sg!=J{1n)w2>Wlm(i7!-0{?Xvc<;+Dp!9ovJmmh%u zclk1CTRb!F@i?e^4{%$N7XZ-uc7+C0IY5WBzpbyQ8o7{2>MPFFK(2 z><3;#|8}5%V;B?dR~_Sd!k6Cm%YmK}tcPA_{$1o(veZX{n+f?M_@6)ga~I>a(B5>I z_<-?QNbisRbZf@lNbkUW=VW{l+Runj_O{{nBzG)nLE1@w6{#is)QJ5Usx9&}053-W z8^pLj#?NBa`1yzokN${ZTFAFV#8e;m+u0rmk$w5>|Q9^CK=f28$j34=HF#a;XLml8)e}yt$ z5Bf?wWB#k#TwShGSbNom%|ESpP8 zvSeh~lhovJTUN3f54C2f(ZP;ni>r*DpyXs}fGu&b)0&c#5uRa5b+UYTwmnniBspE# z8P+TcT=qn}J%eIN7N<2S(;*WDC1ZRxYM$iEby(wF_6+-YYj!*p4#GJOH7m#A@UpV4 zLPsWtNom&Lk&-noKF#7x zQ*s+)h5LG~?6A4~zkF{sJtjUyCXrek%^~ly-Q;HHFWOKH4oDv^kK@y_FP~J=g0evz{ zCC+;sfmV^c+Wo9iC*CQmw8u#1eC}P&~<&Wp%~F zjuuHRL?x6W&2Z;9J0+u{$)XmQJ(q2S{Bw znLQ~TO@nS|4Y6mX*iun(9)i(iLo69NR*9MvMG%PDV#}7oZ5h_sT=c0-klE@q-g?Oe z=f*gDeb zbsw1$YB!@bloUz@F$Cv0)2M%z@!4Qn7pP=t9T94ejU5n@VY6moa7wkiZ0vs`KW`~H z8Hyy^Bg&QmudpUzLW~LFI7IAlaWa`R2dhwwbq)(s z5nEMjZ(lVikTh#jIu<=*q2jTGn4Ii6ifLl3 zL9`rIRx#G3oNO!lt-M4PjUH@q+LEY~$a+#BP5C)(6XH`W$>Y%K`0=+>-QH$6n=H)L zlg&&;v&wXjDZP4S8R4kX1T2VP15cUNz9i;gS(wHb%+>as)HHS~JDN%64WLrWQ6BO* z19a!m97~3$OH&b}Fa=AQnHC3Xk}2xP!Wg}&X{h_c*~mSyL2y9|jvtC84oxT7R?*4j z6k<6_Yo8RXps^Hlk#V>fH2l$gAf-5Sv#z7+SAr?Ryaw9(`rpeq2l9Hl*-77VnOFZ#ir%BlI`QOg#U^0fJW|g^l>RR zHbNf9cDvHj!D59GC3S@CF*8FfEEK$ogbsYQB)1?CilxgvljR~Og4xuTQM`v)!ba#-v_Vo#CFh|+MS2Y2 zSfr?^arUU343~|lG-1;kLl{%^K3Y(D8;nSUv7zc1sFEQHL;gqWOB~)EYxeWhNG&HYRz;bhy!DwB|ds8kGQ81obvU6jx&`(NJ zkvU4El<2umL{i{H-cF6lfrZE+P;T-V>;to$77XUprqqA1LEse(c^(AqSp#XE7nVgE zFu6uza|c_BHLcm=bdI-Yi(ExhN@97Z^cb7d;&SEEddHeIPG&jf-H8x$A{WV->&&pH z(oBlABwEes!bwK9l)_tHOCoInU}`D>ddc9p@NNo)9=7vxf&tt%)sLMrR8Sr1&9y+yuNNi-Rb!-_@bZiKb zB#I^mI2Lo^yWq3r7!C<&ccC@7yQC@8pMxcBfu!1mpqg^h6r z^3SnmVWA@h4UCNxb)^VzA2QG$ikiMwj6kmJTn|AkdT|KCV~!#hlwnKFDpM66f{?8z z?Q`_QaWmrVVOh!1DPk;D^zm^>PNF)!_l!gl<4n9cs^-$ym zC~cjTL}WURNyYG?bq-8cnOHeuBo}>EjQc=Po3NxbJJAshv1HlNbu1Yk^ChA8H_UFh~kM>7j+q|%MvYE*eGg|MU*`UbF)GiYD-SV z221P|#Rjk}gWW@}6RVD+vIaRE8D0;Rwb0tSY;s;nl_e@;l0uELX60xEi4>Y`@v0+2 zoZVY%!m*N2s|cm_hnf(b1q+m+@Uo%|tqejVQ`sJqX166-HKhv?#4_cRNo8}CY1%wx zswY>pGauI~MF-_S+zd3i#>o~e6;+Z%RpaDo^2$Rcq$xg>X`29rOr?_+jif>rRfX$_ z0~=Z$DasWAO%;TPc>G&no+JW8F=h0^u!up@Ly9Fy zoPed1l;CHkC-b=phMBBXYuE(LadcvWvlMw2Mn@8osTuY}OvDtVWLs%YRwP(}rtGi@ zIIM7rbC{5{=@6qw@+wWmC`-aws1;{!@i~}Su&{JsB(=sTCMCxw z;s9R49E){?2X{&nU@uw}xw0*sF3V-h@S}`nE+ZeWl%c|8 z&!NhFR@uitZ@cS}>oh~V>e;OBZaE8f}+z^aG za~M{ac%j*r3GN(GngxX9O)v(ye$?NE;$~B`!{qg6K4iX#9Rk#J#V$yr_u5_d?QgveK>i`!;xl5#HfPNmU5=! z39lg(3Y%I%l*f=Di#Xap@6*5R_DOztRxO|2x+baa`HEh@lP%`1^Y65L8 zBQS(wkfS1_6VPx&s&Go;l%mOCN=1>L788m%%c31glC-mxuy}M}Q)3l06f%dlCG?(w z=21}!K8~h%6uoFk7G&fvtHA*X%Qro-xi!wu+6C>m(v#>q8r7qRKti;;jHXJOo!nh!yWOWD>l>RAbaA#&gP&qY&i{=Mxv8e@4$mpBpZd1NT^T{;qOpSn?Y&@ zoV_?Kso1Q`Bx$eNcprY7-J949H|Qoiy8o1#92~tGVP^?O>n^ep*Bl~Jr!OJ zZC+eizo}`?P+T?Op;k?oa-12|t>msNbAqVGw18I=W6^D~0hJQ5D(e`CTL5D5!DzC) z!Igr6G&2aQpZ3s$B7uP7eySSjE$Cbp`8UEq1g1N z;N?3JSrjn{V*BJwvvk0_X`2hT5GKeNttY&gL+qE<_|P&+gtGG>4|IvR%uINtJL z7Wl9SL5o<#WtW(4QjWN;5|8C{R&o*sAuL5)Qdl?9$ngGDvCalA(j;3IT2z$U5POUY!ae>r^n( zsl*ix3N9-_V|DOq`40@9ScVJJ3S7>{Bkn;Jd5?01;E_-?cq9~pM*?0U^6*F~1gZ_P zEK?wbr_@g2%i8)ys5CJmnt?IN zu5zjyk1i086B$;AsXDk{{J@~7u=r%VpksqTTMepp7;RH83LvatnIEQSIlb8!E_&~W$x#N_o6rQ|gqMa4`DMHH7(u=m1}0&z_IbQnWXrJVF)h!+)Qb{O))GTE9!$G%b-7A<9P`9kJ! z7)!6l%1FtJTxQb<#kwfURI)+5LYEO0C$J0)SSW4R9CSb;Tjf9ZKXReT70__BHBvbk zQ-p`bi_k2bSa`%~ zuvQvFBP*QWBj{O43)dl0>JwNnrCGC8eS-5!x8}xUA(4tzyGpBVoSKMPnT9BH|B%?u z@$fo0T|D`QIt6t?rGKfaVWUo_QY@zVcqiQ`BPttPu~uIz4shT{^15DbJ>FZ0xnHG- z@^gy!=*iUayf2$Vt%*6QL0Ago!ky@TICsL4g6FN2Ov4IJ-ek)ty-so}))h-~1;JWQ z;No_Lh@o@DSaHUJ<=)_!NO=LT+FW4Ki!@>zB*d`?#RMs$k(rJRTM`T+>v3V#*@5HO zXkcj~wmvdNluM2dp!K+%1ZN&{EXImP$2v@qg#(gF1r{{kV)K+xCeeNsFFFP&7n*`x zI5%_QkVM%u;F^Z;LK>aC`!B@?newI?W1&}tupaG&X|v)bQ%k}?@~sz7exT46g7yzy zQ4r-OP>ba_xNP9cuhhirUDaVGDl1<_BZj>HqS#<;hrB1AVi!g$c`4Sj4HuhG@!nOv z)Tho&=~b(LRB8a;OlMo@1rhlcWeFL23Fh6%(ELe087#z>%53zWGWXZr=`{WE9gGR(f4G>ipF=aO%9E7)3@!^99hQx;r3k!)4 ziH?d28W<{BC(sot`Zq&z;J{0YrI+BMV91!>jZeT5KV9V<(OGzzlrHgTBVI7DBt}g* zmyoyFrP%Q{+-HTDdK6qUr&3cu>@U zaC=6w6^BQ78!M|IVlb^YR5bKQG1#&Q#Uq_+O(LmU1R0|&=!!W>F5F(?gk*e@VwBcy z0!@)m2IT@^`;0Z3TA54 zC@a+=)@(GN=iNkbWOTeU9=AaxiqWJT6g#j(d|V`!uHtrppo>KV31GCsFc~`_9xI4! z+>#JGIVsv4Hjs!GUIb%jXUBb=v`lAwmOTkWf}8|X6WwLCXXB?8G*${tR!eR?9nRAr zMLKA%#&KbM62>oE3SO(a5GPwXT&m5Ed9~f@D7A2 zq`;XYI*CdS)J)jO6>P6H|;pcKq2V&y|89kSm4$KKnA$5oa4-#ag~DTHQ#2tjjn z!~ud<&lD@9T5-U%4W5eAlB5Bu42KdztuWF_3CD_4lSrmRbd;*~9Ml}G8V~g_NYyA6 z2U^mg=ozp;6qHdb?3jXsmNsG`&-ZihJxPk3-}U^i>$#r4C>Qz8XTPky*1Ffrz1H4) zZEv*V{l1cC`Yz|W=;;{xsa0>U8|9@0sqpDpVM`*pNABq99a;Cf#C1ny{grx8#Dd}w z&j*y96}+D_E0x9@-)p|%^cD4tpdNZF9d4U_kB$V}1d*A{b5_}AnKWzL+N(BPsb?ju zO`o-yLrdktzkbQ%Yid@Fy+Tj*H#J*{U8PP*$tB&X->PG?~9gxlXfo~Eiu#xcCoob(>(gA0!*+q_TAAy^ za#>fcva;drhGv(2&L%=~l=Qp-Q81H{Vz)| zA!~GB>~dLX<5ga+`#Y>QcU-69uKT3XrSI20FV%;pX3H_n?p+#G&$n*F$ehx6>01sE}`FpUCdJxvnF%>%`Mj?bo=#+I8C>I z_ew3rT8(T}SaAu|+-&sgtCylz*uJ4t&A7LB=4uu)4vF$`h1yXY?b^sLdX4uuSI3o| zAJNRWdA1~-BlI+~H{+=Iu3B*ok966f-FqrcMdJGPY$O-G<20A8`VwWjSl#UPJfH6G zx#&9eOEg#;G&a>EUwGhMAGu8~ zzq}_^DL(I4f2mmmb+T#)K5~UU`Rwnu(S+^y20}Ra+%m9XtoNw2dfO{_fXhF_o;dcx zwmVsV2F}`2%EVcl7grl~|53HoHqW|(PTO$f22E03r&_AQVsyvu|^984jMF$~ig=J%pX;@@|t}Y**!2 z>lA2GmG2C0G-kC;dW4+!Qf8jQEjc1f?FRhpJ(T&Q*zS=#Egxu!p6|U1$WPwsqbOVP zU4GqlSL^X2ZFb(f{6ZSV={U>D{4_hU!T z)8AwL^JezW{LeRkC>;lRXA`1#j8?OG^}knh;ME*>H3weJfmd_j|BwTY_8sTksWr4%SBHNaPQ6Ae zXz4pd@AkIc{Mj#P1*GGglYBn$nrpNo*Rjs)eLlr_p3~s-hBt72m2`y?(2}R zJABRhy3^NTUw8SM^ObL{5?;aA{l2=s9`Lp3>p@>9eLdo<^BXUmN?)sd4f-1LwZYc~ zzJ`5Wj7Vjz8>^-($^!tI$HAzyG;IKt~2MS70wa#5_v`cBh})( zm8jM>szQ&ebgI#y$~3A)f@{%v`fe(!_08(hUz9sR^iLH|2-P}I4e0awzASoTg%d{K z=QxYdNQKjg>U(`l&@0NE2wJQ4uu(12)Qo;d>xrSqS2|HN={POuV1?6;R#iG{P^}9Z zL+{sm*60SUyM~@v?yN_@UZHObOUJZ6CtB1x$mkX2&L;Gcawmx{()w`dV_Mf4)%wr3 zpjy{6gTA2exu8GSrybDk70zvFxz-&+Yqb6#y1K#{LbX2l4pfW8Wzll2=Y>9@b*0g` z)(=Isu5%8ZaGX8pvs!l!)naiEqOYlR@~GCo+lT(yamLVVw4NBMbyN%J@#W5b^pNT| z`fP=B0R4HHQ$&BS_5IQR(mG=3x3u0ZdRc{2ouBK>)%uP zAez;8s8G4i4X7OS1*q1~3ZohzEke}-HlkW5ZwacQP6XYkb+k~epWBQUwJs^Tv%-m@ zr&TyDsMfn}NAJ_R=BPf77DN9_-$k(PtttC>qT~>YFRg-8!EJB zwRB6F(~Evxc1EwLaBe}LDswXETgsfR=!do59r|;9R{-5z?hK;(&dhf7I4y~W9;k43 zps%TLvZ$8(+KK8T6vOE93TGFp9w3Km?X*3p)`S~Hwa(>(s5+B8dV$tGN3|x~7^=0& zoTg;9NsY!RAJJx4#L zdXB!o!ik_Ct#F#q9pz55ZC5=*lH>#ea2g{sx^fbp=gVt0yF;w4iTZ`)Z7My{ow&nR~$(Tmj1 zqgsF0d02Xn+IjS*3a1LyB6ij20@)vZtlX(Z-%;k&p=Fg$J^GOfCy4%9?L4YA{2I_M z*<6+Idv#Brif2mOG7TNcKmyreg%%Ec>HcY_S>DT8b-BP1Quv>-C*0REz($qgwQD z4f=M+iJ?nne{{R-k7}LF_2?q4fr#EB`=eS9v>W}b+IduK`X$kG9H$pOMfOLvR_iUO z*6_=qT1#>(sx?8kp;}AvHdN~$4x%Ia?iRXU_D8i&529CgXouQ=v|8UyL$w}c9lA{Q zAAPOtkFHStM~~C`%c#ENvH*Qp>ldTT)&8TOQvF9)$^K}w?2ld``=jM*|IxSWyUysz z`W_kDruHAbQ1(ZI`VIhkjOstyt@a;%z5HABIoTh5L!}c(qZLj9{TIjSMw|3qG<1dR zkA7YKJen$Z`cbWOc? z^&iz@&@QTVoe$V{*<c+JAJj)>B76q3?R3THo5y!k2Sf)c&KBYX8wz)qnJlvOk(v z`;RV_pND?F+^I)btNlmY^=W1Fqw@36OVt0Pm#Y0o>s9~Jy;_eKz07fzp!yzm1YP4e zO=w#7M?a|gkG@yytD`sSJN4*?WPelHAAO7LkKV5OkG@Xp&!Ug(yHjYp+JE$7_5bM2 z>i^N_)c&Ja%Fja&%Kqp-tNx?6%l_!)vOgMA{YS5@aJHc%^7GIuG(JMl)OQ%re^vjF zUgN7t(UqgOf3F!~Mk|LCyVf3!pPM=NB1^lH_A^mKjC2Yo^HA6;ASjG>+C z|IyE>{-f78&VE$uZ@Xwp?LS(O{n2%*|LBdfKl*mrAN{cU|3{>6)SNH6UVc9M5!oLN zR_YrA(rfjp161pg*P+*`{-bYF{YT@nKYEV(fAmh(fApiWKiaPTAAO(NfAnAF|Do5b z{-au?wh2wh&quZH?+WxO)qk{0{Xe=<_D3I=|A($GcVei%!?qS(qWX{Cp#C52R{M|M z=r{@VtFk{@A^W43tN%y;P3=GWF~{jg?~wh`O|n0lm;Z-;T=gIQocurZ$})ZPLwbh% zeDu?5|IwRdfAkaT|IugF|D(sN|3~kU{n7Wx{;1ZC--Dj1^^MU@>i^Nr>i^MCs+ywT zkp0m=$U-E# zsJ_!ujrNy20rXR{KYF+7KiXX3)T3{f{n1*r|ERu4(tvK$cQ(+QWq-6^?LT_C+J7{q z`j2jr{n51SkKQ8tqXVk{=$}>p(f?5UkA7PAM?a(fAN{84Kbmozwdi8?|LA9BfAn** zKl(cL|LCo1|IzwNXA`c4H5|A&4-_D6rF_8brGMpz|u60(z(XfAl|OfAlu>|LB+H|D#_~{YSql{~ui_`=f)h|6|g_vOhXU z{vSG~@gMr1^8e7U$^K}U?2mq3^&efT@gI6f_D7G=dgACcs{iPA*&lsK^&dS=?LT_8 z`hRq?+=-wOjsMV`ggeoOuzIwbp}OEk_$zoPaZ zeX`7nqu*BjM?Wq9AMIEFk3O#UAN?=cAH7}mA6=($KB|utWzZdJ|51HZVjKD$_5bL9 ztNlmskpGWn)&8Sfi^L@Wq?<3Ds%_DAokaEfS;zVn8@MdLs864@VhDjnxn(g$RJ zG^G2@=(Vyx`iTlBfPP5hKlEoB|D#i~Kl-5K1kpa#fAr__|4~f@EkN}>l`z^R{}1g^ z|BuescYe@A6;1?wK>j}(lKs(>H2z1QQ2j^souwA^4VwQ!wHW;x^sX{}qgwh)*&jWi z`j7rX?LYcIYX8x^>OcCB+JE$EjsMUN)qnJ1)qnI3`TyuIWq=r85}q5o9j>_<OVRp{}26| z>i@5$wetVa*J=ER{#O1U`aRWu^wKh?7JX9oN3W9qj}~Nq^cmHE^mnp9`hE5P=(jch zXWLc((TLiA^lABj=(y~U{$BMTeW%)gbX4O%Q~7`Bk5&KCOJ#rbuG!{6F*u zvOoF<*&m(MJTLkSjsMX7vOoGq&HtfKssBe~6;3buM%f=dqW&L!TKzxz8QCBGgZh8e zmHpB0tN%xTE&HRNm;Z-;MD|C|RQ*TC)&HYE(fA+zlkAVaQ}##O)c>OkJXto9#$x7vU7hq6EVN7)~JN&Y|jCAI(P<*NVa>9RlijN>?u zOP^K!M|Z3JN53Th4=t+yM<+D?L!XoV(Y>-i`UUxa=nG{|2>pxZf6%{b{D=NP_D2uO z{^;{+|Itac|7cYGKl(S>AKk9{kG`PxADyFle)R9^|IzQr{^$|;f9Q*9|IwG!|DzAf z|3jx_e{@3qKe|u$M;*=opk-?R(XFcg=>N$6==rig`f>ID=#{GfXu0fMR`y4aQ~QtpNbNuR5!oL-RsBEu4z>SirP_b=!}9;pW6GR8sJ?$Oiq4V!(K|H$ zL+7ghN2|)5G4$VMe>5Zeqfe;*qw_TWLw_Utqi3rAqkmWZN53ckA3ay?KYDDLIuhv# zn*TwU$^SzepltJZD@7^JhG3Tn`7~L1TV)HozI<5FCb+#_Z~BgyY5w z;0PQu=FrY&IBL8Ij=~XRPVH=m!^TVC7#uW?z@2cwxCxHKjxj-ZcEiP&wBhS3;3Qly z=2D&gaNf8D&cHciF5S5e&Kj?Q2jM~E7(4`LjMu_hIB87OI)~x7@p?E1$Bc<;=O`RC zPQZCMVocOK$KbH>Cb$3xjgzno2aJ2+BJ3FV!;^6FMbdu@tl2xI-#7znHcaU^-U@40 zN$EG<25S~o={LR&4#I=RgKz_!G2RY`;iT~ptXY4h-*^YC*=wcWI14w!QRAI(6pk1V z!|ia`co!UlgT^_y6Al>ff#a}aOxAXG!^I<{|3Nqj7mUg3&VD#=ybsR6Ib*WEa~qsB zegYnZ2aOBx5S%gI4`<<|F{bGphU3Nu;2az?##Ei7aMbu9oQEUEn67gS4jUhV3vkfb z(a%m74j5}fRQ87*<0^O(F8-bLYhqFM*WHTof^h)WT@a<;xE9u|tkQ2>2iL(_V?BT* z`@@6ALAU|V7>D36oHTBL8{xR|0yqN4jKgp<95r49N8yNZBis&$jdf#M_J@PU5x5f$ z7&pOj*fDN~yW!#sR{!B7TriHp{czs61){+6GmgWfaMU;f=i!KPH#`Q1jW@vsIB1-NT{vLe3m0L>xF4Q`i+{8F4?7j& zf^i1cY_QUAycO16L8ae#8(arxjcrv-UG*B$9NR(hKrL{|KTKDFwVpMaNc+yoPl%3 zWAHXOYy1Q}2oD+;;2}6;ydTcONn;lthU3Nu;2az?F2bX5)c7Erha<+5@E9C6J^~lu zps^#W{;H#@+B395&VsaoHaZ8Yf{F4jA{sMc6U!hbQ6U^H%?1 z=NNIpI0IL~dE>2c0L~e2gX`d|@ojJr9yA_=8{mxbb~p?tjfdbyIBvWHj=(YFEZhu7 zjd#LPIAS~ux5HuMU2qHz8t33nIAFX7j>C@eDBKMf4_f_)lW@T}5BI})<9%=j&KZxv z+u*G66YwBBXk37Y;EeHpI149@U3eId8|#Le><`C`i|{BMH9iRE;fV1hJO+o2kH7^u zXzZwJce-%ESPwSK{;*?Q1y91ozgqo=ojKxyaR9D@^Tv9BLH37p#&vKVoHf=1IkG=I zXdHwa;EZty4#P>~2DlN98!vz(aLhOiH^Wh5J$NMh!x7^~xE&4~FM(rl&^Q8j!U5wZ zI1W3;&2Tqd{EO9pI0+Ywqi{c*H*SG5aL%|L-Uerl*T94Dpm7Wyf-}Z?FjV%3lg6F! zFdR2t59i>RaU33nqs9q14@Zo<;W0RDya_JALE|Ls!U5x6xClGO{qQ7Qe9r1Wto!#$ zzi|exg7d~(;Q*X7-UipfS>xN_AUtS12sgkP$|vgxle;@e()&2aO{z6By$G<0d!` zJI2j$H(Y$y>OY)>3&v5nAI=-Mz!^Aa+zxMpv&L)SL3q$O1`oj*ff#a}aJPLQi#RFFV;Uruz&cpq1-gqCJfpf-V@HRMW`~*A* z4;mNXAvj~aAI`!_V;3HVDxHw_;A7%xg@q%#xu7dN%wQvB=8P~yeaMrjU4#I=RLAU|V7>D36oHTBL z8{xR|0yqN4jKgp<95r49N8yNZBis&$jhDbNIA|P!JK=zF6C8&f<7T)UF8;~tKb(XM z#!O$KbH>Cb$3xjgzno2aJ2+BJ3FV!;^4v-0DB9)iacS;|yE{=Z&|*0XS#84X%T; z#<#&ic+hwdZh$k!+u<;rG#-K*;kfY*I0DCvvv4yUHQotF;fV1t+zyA0cfm0@Xq2*-^Vz!5lR9EO|W zsPQ5=3P+3^;dVG|yabNHLE{MA2?vau;5h6UH^bd<@hPkSa1t&UN8x@rZ`=ZB;GA(g zybaD8uYm{QLE{)a1ZRxb!dWp zPQor6Fz$tmuw&d0Pr}7NTK$KeKu7k72x4}Vp(0CATfHTJ1 z;V_&u9)cU;xbY4+0>_NAa5Ee=-U&zHi19Go4u_3*!7(^!oP#^zfbkwU4m-x9a5r4s zZ}lHe!Uf|z+z;oC_rV!BXFLXPgR{m@z=QChaRDBJGsgSjESxlU;bAy#d;reDG22^Wl`a6g%9Tzrv-UG*B$9NR(hKmKO|8Np680X=BIB&cU z&cHe2F?buCHGTpfga?fa@DQ9a-VbNtq_GPR!*SySa1M?c7vWJjYJ3pR!x7_2cnl63 zAAt*S(Ad$?uG57B#+7gpc8sgwNx1kV>92-aTW!2x9Du9fym2iYfOE!ma2=dAu7`v0 zpm7jxfHTG+I1DF^8{kGbZoB}Fz%k=6+zdyJ7r{|DV%!L~!(rnka10I_M_?XU7!MdX z!Ex9zZic(z;%}#v{uOW%E*MAQemHO30%zcyaXY*X&Kj?Q2jM~E7(4`LjMu_hIBDDo z55sZe^>7Z38OPyKIBJ}L^Kitt8y*95hbCE*voKg^RFb+z(H}#ov(rTVUq| zaltqPSHXGXt#AO&8E=E@;H>d&a1b6e9)ug0}sN3#xZyZ&KR$SvvAV56CQ@+#_Qo695ar? zqj1zX0q5a}aW^~$hmAME1vqG&gk3mb+zS_B$G9J!gp0qj`VTuNi3`RVxC+i2Z-oPJ z&UhPK2WO3MgM;v(@gUp)XN-#259f{d!5KJbJO*!rv&K)rgYckn0Um-g z#{1zcoHTafVK{Dl0M5ZN<03o?M~x4{c{pM`36H^H<0EhZ4jMa}+Ua!RfN>>UgdO85 zcoHr?X7wL-YQ+WP09*y)@<$JsgAwje~FloG}i;VK`~r05`&M;{|X8 zjv0sHW;klR2#&%L<3_k04jV6lV{p(o0(Zgz<0d!`JI2j$H(Y$w>OY)>3&v5nAI=-M zz!^Aa+zxMpv&L)SL3q$O1`oj*2Cyj^TMmTP~1CGEk<1E|^M~!#FQ8;2e47bB!<6UqJ4jSj+PB>t^2adyz z@hIF47x!8Hhm&x@I1l&3dE2F@9e!Q0@h@e}YMJZM~ihv1CyemDy!ja_&cjvF6< zb8yVK2#>;1ju=nEV{q8`2wZ@J#*U`;I$bzmTnQIp$G8ffgp0ql`VTuNiwnj9 zxC+i2*TMlfXIux@!CB*aI0z3K2jK=dV;q9RaMHK|ZiM5;3*ZPGGY-SeaMXAa9EBss zjc_|0HeLe9;Gl5??t}xzO>i7`jGN(ZxcIQue>e#jjH7TroHuTPGjPth9o`0Kjn}|~ z@St%F9)dH*YvC-MH133l;kfa7I0wg!hAY8Yf{F4jA{s zMc6U!hbQ6ULstJ`=M-_lI0IL~dE>2c0L~e2gX`d|@ojJr9yA_=8{mxbb~p?tjfdby zIBvWHj=(YFEZhu7jd#LPIAS~ux5HuMU2qHz8t33nIAFX7j>C@eDBKMf^H%@iBwR4g z!~JmHcpsdBbH-!vHaKhi1Uv{28W-RpIAgpY&caD!7aoS=#s}aW95XJ$qj1#tAe@II z#*^?E95y}z7vP|=qp96a7Y-O#!bR9Iu7W4w;{RCvhn+fc!8ia{!Fl6aH~{C2>)<*# zYg`Wp;X&gd+yG~cLvR>Q8aKd=aNKwS9D!rTVYnHN8ZUyQaKyL~ZimChOW+tBG>*W$ zpfDaVZi3^mW84gP!^K}%{fCoq!8i){!+GNtI0NU5+u?0+)_4s(2oD;^;2}6;ycW*F zN#jm<7>*mShjVbuxIvNX$V`2Gfv-)zuJASL>l$CXeckTsgQj{Y-2Qd!Jw{V~`d4$D zTX0Of7wWj{qbD(zR zRK90V;DOx(JI^4%f$#Hon!Jq}9eQ!p)naK1wBu!go;7;!WO-`$y%TRJ8+&LnQJel8 z9a7)JiDUH=OLXPb!wNqA!6P$QNSxsi-b#0wj@!KZWQCW!J4kxE8q&9tF*^Cgo&(kC zo}_Xy>i*)TsVN2Go}pbMJseqfRDc_u@yoO;U0ce8Oq*Vysdk^zd7F2CU$-LCiBR3T zsy6rFi&Imno{&OF-PNGK>84O9)zho1^z5m<>_eqwXWT4NyYFM1x*}AW{v@ZQKgTHp zwfV*Q4X3`Vs%!ql$$q9~7FQ+a_2jA+=dXW$VQ%;Cj4og6UTv2@moS<_^-*`ZCMuK+ zW&NDJWU}`j&w#SSJN{fde(v<~r%WF|H{BAdEsIv#i$9#ux|$T$yOnmzzT0()O`&kQ zr;%(3_dHeE)t$Cv_T_4N@6e^vw_9>8si~$=Ro^o;pT3>#US>3fs(++YrzTGH?7#SL zi51I8(DR8vx~lJiu4hw!@wls~#8fSA3N70Bnw}S?5+4^<4^-w;jf&%<6mhJ->_eA- zu#}Zvcrx8-F+HDqZ)>Gm&;L z)&XBS{NngV9Z)L4%AYosF82u5AO0`1exUDA;?2qP9F>2|q(e?+;>{`}ZSMK|?Gl&H zSbt!nvoLow+mSbGqQSG@NIFtE@$;GLrt)^N+illtp1IydTjuoU63t64NknftZ^^ZZ z^OoG0Sf-Q>^!)JCFHS|<-0$nol^5VYuUvQRI;YKTnY1kvuPLQvr&Y?#l8d@V{5VweF$6lj4zYTZ)59@tIpr?tQqwB~+96C-*`%6RGEF?h$ol(sk+DTl-Hq zzviA3dLQn3E>%3L_;*?Fheo> z$741+GFO$m+#+`hk!uPCsN%fgmuz&p!fF6lB;V;ImTSw!+LE|PC#;IPy+5@ey>`I6 zl(io^{umwK^(!kFNA0%sEX>W`){z;u%0BF;xr6qn%KgFL$gG>c^?wncgSz*mB+d@} z|C9Lm&D-e~qvyY=7$rgrFkzefMm_E^u)IoFrGR^e8t`hSU^T^}-rb=&A!TZP&z_)) z%x>C~=(;lZ`NJ07iANQ_JF2?2dG|Ii@LC04$N8KUbys-#tSh`@p!U4Qk8XI|mia25 z4FmO!srx48W{lpf^0{pBue<&-QsHowQVCM|P3=BBXf0>Us=rlsmEq-+UQvNbq%He8ihkb>8>M+Uz^Tpa|eEFkxAXF>al;Ik_ugwS`n(o%nBk9 zbY*O8Lb@2I`kNtGj&jixWJ(K2TyeV+Qa zP4kbWHdP%N=&tN}`p8+6XN{EId+&JpU%x?U6WLN^Ex)&%+#fh}Z+YSi9qGjUmpW33 zs+T6Vl#Wn95PDYYNq^ ziYiIK ztgE?)sJ6M>|1h(3&GWl7+ViTjirTl+>x^ICz4`v!$rj#IU$YoahnLm!PybtZYyX$< zO67CUL9%G8LR164NPPkYvaxTfrdJD2k`ImDiG|NBoFc8Q?m5b?)crcLzQ5_+&Pda{ z%bex9^5Vl?PjYDAp_^9Auj! z_q@zwQu#Ri+ll^C5wP-SwI3R))Q(g0MA^a9c;nm#Z zTEW@+7tc0RH~rIDd;6wt`qj$St!?gkYQmNF=@T|OsTU6a`mFo<9=>UKRoUK&$9;RB zVOKk(M~{@fT&+H81=oE>Qyw~7X%DVU{iWufzqCc&aVrMq#BY@Ur^~xf>FV@`=U0tSQuXB2Lgd?MFzO=n-e4z3>3eHiPsQ%HF{J1~W5~@;S!vn2lI(n5b z(B|H=TS1Q~>CLNF`!)AxmW9Ed$*IJK)OhOt#rJM{OX|M9T=)Apt≤lZm+eg1h7w^z3PvZutF+(4M=0=Ja7sPlQVT zO`A?rf3aR=F!e%zZFr<9T!u$s{rXOC20#(i_*_9SrudqLay_AZygJ<#NH49$DS3a@ zO7~0!GEm*v^YPls4X;nP*7iNzMRPcC)xp_`F@G?9a_R&fk#0HpNcw}dsg_fZ4BTkF z=-)%xJO{F1ATd|@rl$LbN8Ri60>R9P%i2eIK^JM? zk819jpAH;qdS6+v>%dHiGwnmKF1UGjix+_~{l=$N_O_hT`*2O~5T)>?h0jbJ+mY%2 zX=n`r^WEn(f=$x|RHdHZq7A7>x3KG{153*ou05xc zSaqoBqh-OwE`_ix^{9HFXxT)eRGcinXSu17fk>Hpn$@mz-_+D4A8cFgeoNhr()dc_ zkJSAO4_PNW@u1l!^|CpB3;b^rw=gV+^U2DnDd@#i!IxwS<?S;UNvUmyCZ)8)n7Vi%(T+)P4BJoT}Kop})3a zq%ut9oYI-z*(w2X%d`7*#woM`O?sT%db7a5wPjv15+Bteiuuh7N+GNnscc{tt7*## zJtO4`F8RW-iJOuy9N(4Fak}K?c1ay|{VQCri@rjEU8*F#VqvoK=f_{ioj5E0VXn+c z&yFvi={+c5-i4pqMOt;xwf=?2PvkJ|FZpL7nP>CvgL*hwZ5ZQ+Fb3gdkFn*oH z%l`%Lc4eIE{}(O)oA7_m)_ci{PpP=C2(4J@en_2AYHvzD+Ln`LZW_O*Ei2Vg1;|G_ zEX%}VsmynkC0|%m)3;NW9Eg_T=BQB{xZppQoK$o3SGDnUElBO8Z|SL0(^2-Tso#~( z^I8PT8>se-9r!7YwVeMbAG+P)%GyVCvA?Coc&=cFiBuM4cB=+wzylmQf{ z+V)FTx7R3NQ+t)iwKKJ@bV(J*3_iiY1(XRo{NuN*DoZ`DWcDp0%hb~xktbandVRdTx5K1B|sDnss@zi;^`+b>wT&ROjqtEa+s z(vnnpN^bCW9jAP*Pt8#f{v6qCpU3lczOSP;@BWltjZkZ&vh2^Dp6$M06SZj#YSc%l zn^FALzi4lw?od;-tg`Dlrq^cOKG6J{im-~CZPVfYd}^D8f5tzC|BUSYzlLA+e-1yr zAY}I&s@%hh<>uXcZ&mcYa(WiUP)_Ex^0t*1p;TaRM6VSRvze&^l4JF$QuFQmyjE#q zq*T;)S`VDLmxJcJW|5< z+LLOx#iAG@ikmc|OKAK!S0}z{X8P5;pc>NX)T2z%ELCK23!c%Y)owzit<+S`OuuVB zTkR#0Iux0oOq`gG)C(k)rTLI_gfO1gy&13l_Qr=JO6}&|U-;Y{XI)UUgO91mq()N9 z0;y${3NY9)Z`pjcCu(WjUF=#`Uz#WP)6?MgS_mx)L1|f{0{I73xBAqPx`~N^Dk8hFvLn50{yeuj*^yc{p8$w4P;oB}uXLL&yt-0&7uBmoS$OI5E6eh!^DAfF-zbH*i16;6 z3Go#Uwen1ST^+0Ok6wI|ZH|g>V0LsZKTF~7``uCT^$w(b>n5P0cXoPZpd)?${GLKY zo%x~;6!VICW~V& zaa4Ucw0wRp@ve@ZPw3XdqJ@VBZf{rbSE`@#txo=lVyCw5A{#wdN84K6KioAnwM^N| zsa^Bbf!NS1voP0@US7Sp_=%B;2?F5$)R@w?dH2v~y!<${Y<{Gx%A0_*`2bE?R?Vbh zaHU(XD-q#kl)zbb@JmgpzBO8XJ1un|_XrbjN?$;k;AUl&%0#K|S^E(6ZX^CCbwTCC zSVu-v3lEk`AmxSfXJO4rN9(69s7yBp(ktuJ7gRAJ9HF38ur|>9tQs zpZ~s@^PB(i{N`6UpYk$XAbHw>w?tPyBG`mDmUg7~eu4^pSRypygwf_OP&8~0;S5QmP=6>NKvxS<}6Djt6?OK%aJ_+L3>$V!FL@@m~|?E{@kF zPFoyK%wPQ5t`Qkw;$ClmmH7J;&z9`BH)7{64tG5^@dxI=KUBGRcj8ptf>i)rKbd&4 zWE?+#{eENN;}c)8@Jj7@?~~+N%Yag}No~1$O?<@9DQe2Ypt3Ad)0gon-5_6irGG!T zi@OW~n>5g!^8?kZrXEu!=tsJ>YL)vuqx4pq4P^@h_f_t{si1pDw7S>ocj|fe9_soY z7xHc@`-w_L0;veziFtaOBl(0kbSYI15}>`S%~f!}>+KxB6wk*?t@4BUlOaW7^X~3j z{PLjraMF`_b2?s&eG+dh9qxzM=ALt>;%M!y8SqawsbcL5?OnTt*Fbn`k905Ny^4j3 zS-qy~j_7%Vv{g2m6f0P%?^=SrcGlap(c7fmZSFenx0Qg>c(mF*_#5K9CvEl!%GnGt zu3D}q}eLJBotKVB0a#T9q)9<4|*QXd|&N{>VRfQRjrrTuQe`bidOg&Lx;;VihE<7~r zaOG!d{P!z81%1rHEpu#wLD}ZrBI7pF>-!$>I%(oG|NL}C>bHvcNvYlP3@@&gYdG}? z&hfh;|lzMwX(M`08n90$K} zOxv?xY2UoNU6J$cdAS*;Os2F;Cyup-)9bI*Lk~r|nun5IwdswN+XWNhQiv8ljc+8~ zrYcYsUF9yos~$=FzRwS=I6dy)Ez#kb^v2qWAI&;nnT!8ZCznT3osN>4V;4sPiDOPNqBK`8yHnfjr8sH2W_g{=hNJUv)F z*(>IoZtn>Z-_ioKa^_CjGtpZd|=|yIrYKPKqv7Q-6T0{;UPVT<6YU8#fK9o>CqAOH)od)?V6C2&0S|J4?LtKCnN1l z%wa?7q4Wuwj-5=ErJ5@zDl(~jT1{!!WXY;+7wc#ukKx~`vT_dHTUS{9uAUJ)Yw=I@ zoJ@OV`s{a=B|`5yzcO(~-{b0@PEv=G3UilO9&+l^%2fGu|8s(l>iV_1E@h>zU#h=r z)x&Mxz367MUt=jvHXk3x-%MJ|tG;Pb)6`^oP`lIs?kKl$SmZrPwl%eOPmsiP*=N{IF3iT9b-{U$G zlX9Oo>i*^@rHtyj3D?}z-rnF5Tu$#0edpGV-=_T@gYF2&P-ihijq6BY01Rntc&ZmK@KS8o+6w$JEq z&(py~LwYG5`y11ZsmU)Xj4DmURj2avCcCaJl?^Y?Q|mREc_{JD)br^sN99&09q=;d z#`%Z!Z96@>dCN@le|wJ~Lv4JzvZimJ_A7*=Vt91;vb!x->i)q7_<_ZHm73~P^BX=z ziCC&>zTfXtiO_xXuX!bKe4R>vDGblQAnR4qmbAIg-l1bP1Xmdw|L2!@?iQ13%PYn} z=1~1CneH?%?&Dw9c}IuuHVU1rMs2(n%-OZ8L`5!SwGcht(y2)DLRU<7vHdo z+V$H@d3{-rT=1#HS_X1Ut2KihO0;i&%8_xpBFe>9_werNizVKs&^yvM_(iPi4gzcm zg;l)XDDTXxoOhHisONp2VTRdjYiQqlo(iZFxUSACKYy5tR35!w{bjX#wT4Ez|GU`| zUl(1+98~=(m*>H40xDfO{k*Q520fPA&Oh;@tyx#kj|Hsvo0_|D2#oHR`pkaWr^?-{{Mx+xiv-tXj)3M1)eXeF`&

LwF`|90C^CbA2H>o#IgsQm}uF>JC~1Z{ky`+^DawVri)bj zzN)5rf2D>)wTzC~g4sM1jGezuUT)h!&y6bAQ61MH|4TzSm?}dNz{_?l-4P^E_OLK7C}|ku{FN8pmTz|0xd3Kc$H0 z66;ACKkAe_dw&0-bxiu1QHa_aQe*HLbIU*Pw(pcwXUV)EFf@wyw=N~=k;Tio`<=$OvkJ5dgSg>Li_ObdTIjW4@=Ge zj=HN$jc!ffGIi4IJ&#_V`ltNz@AuRuR=FSinM!Zf7EJ;A`C4<2|1iNhJ%2hs`NCUo z2yOno-J$Hgb?{$xhjMJHP_lse=bLLBd5c~*v)jfajB)h%8s(t$C#2^dZdEPB0SJ!Q z&Nv(vU%6L}E8VyMyY}n0fF7&yOzX{`(LOSTSPIGlCA{~R!c#u=9ePoz)R8LUQTIQU zrc1p*zd-WlQt|x~o3Ymq6k?;=S8C95wMK!7FZtKh{We}tP&kdc-)j4HYQTHx!qPiy z|7UGK^Ty+C)E(R3Hgo<*ZNK?u=S=VKsVTF}s_FZjvf&@^AIet#{_ENQoteDy^P?u> z?_b6KftT;!T$5Be@DITy9A7uJ|Dy4Um+381OX;XI9qQ^QZRc`}p5yov!k$ z{;0t{tnsn#|J|U*jiG=Z4Qy7cR?V;Ix^<3)w_Lm#a8c%*2w*kc5~qFypp2gwCJzjtodTDUUyD& zJ(Fdp=6VXpMAlU*GW9%x+-Q$5>$%vQzDR`V%ujiRd$ZKfQYr4lM;_?evsO*fK+hv& znC3L+t4Qg5BI(~BE{)&!YsjtlKQ<~$m_Oovqn=kiJR)PO{U&LLM_3(&xXum%2?Ht~#L-ku9 zY1Z$E{r;N$PTKE{_S?J8`@G+Fo!9I4=BJ$?=W=~{+ckX;@S}8phb#ZtQa`8Fo%&Dz z$`Kt>(@U*l|4X+2m{#}6(*C6FKh58Nyv4kx)%{6nzs00?zQ4cT_6J(suTJkLcD*mC zP!j%IY=2p+`-$oOLH6_39sAF<{in3LmwWqX*J}9-J(t^l<=lI`{iVcVZ}v~0{|5j3 z=Vxja`=_rz<+)Vj4;;OJWhwqo`uk@M={SET{r>)s9)13F{(aTozx3$+)A|1ifB&g7 z`=hq>_PWYe_mf#Oj(wGBroMaSGvqdnP(EuD=8r5Z%#T-DCHw0)2DpExPFCZ{13PuFIvCZe=8k)Rs@t}$$285J|l`rMrfM z3UIhy!S}rEaTPDWo6LW^fkM;fuKB#hT7Gb?9FYXi%0*rL+tgB8Ze5w{s+rMK8qSxe zUA^&ZiJ-!>`5#?x^X|qCN}J|7b-bRvDRZyapv0Rbn^Lmg<8&?ZZ)_1*$GxM9`Z7g* zPC1QOAQfgwt)t$qvGz#u(fd^dwaj{|`$}26(`M;3Uefc|+O7M)*IVB5Zj0sOI|lAz zu%Q6-{$0tH>3Wa%9){tHVQa|gyryYLEJ$|Ni-D~_UCESuSaVLGcJT3d{zURj; zKi&5~!)}YkDdfc|DtiZ&VN>drSFBVft>C$rP}IF=+EMAfSWSWXhINNWXj&7k8s$gI zYI@(S9sJb8Z-3VIpAe2>6?Io`v#ZPQ^?iCmsb0r<^GIFmdY&rlTKbQVE6HBEVWLPh zuUz;*hi-U|M%|y;qj@s5rmil)G!tJdWw8!tzGU68tKHXl8Tb!D%3mm3SH9Zq`;NtB z;!{c~5uqKo_J09Swg)xlD${({XE`W%c!aqrMZ3Cd;mTH;Ydu}GQvs-4FHj5`6q)hY zDwS5g)}64fV*DbgR36qZ9zb9DUcr;q=Meoc)(rwXeWt#;p< zvv_)2AJv`%^*tjXwo|=1kyJmmu)HUnD zQ}x&SVdYG@NFF)(z+04^DlPS?%Fw{w-%%7M&X{E&T~Rq$txz8Ro_{hYwNhv(`8$+g znS6byRw;F_RgU3=^2|yzMOn`bz4mjKCF+y!axc=+N>o+4YGSUJ-!{MDJzjgzicY0o z>~POeI7(GrdS1;vIEaUuR_d|k`SO1w+F;c6ybjmRwpF?dbU5=$hu2`=qmN%7TG6WG z_v&~>qrTlTOu2Xt0jO-I?KW!7J=}J*NF`od$_u|exIjC-=yHACELpjFm3zbg+w0ql z7kYnN$Lk7MfwDaQMHLkPI?7aq8d&LW_>3Ln56vl8?MiOLD)%(~B(5cw`{)RkEITpk z<*(Y$%?EDNMeMxIyZ`bLD}i-1hO)ZGlA7ONy-xSA(!HTw+8A{&RBNPaq$c|`|LS+B zJexnYdC#B@nLS^w^3hqQ_C#lAwTmKo3C6o6v{RTWyYv#>EOy+b6pRrnZ&I7pL9eS= z7mSw99QMxaWZ!D{LXA{<_SAdtG2fzrSbA%SBkX4I_=i>BN=cS|z53PUHYtkg|CBnF z#WkgeN}ED!qVBw}a&6_eX5Ho_KdxEKW0@H6hS*BD8jo@}#AFf=TI1~&Iuz4jxf5Mi z(>ky|RNv};{&wP2-P-w@6jA*CZDt(Rgw*S(K0VYM3U;)$^He)xtBzoh6kh3$s|!>% zsIJR^dfRTG=d;vsy}x#+7qR-*&ez#Vm+PcUWZQ7m-T4nEebqbZb)2MzOgYrrd5WFZ zV5cz;?0$UaG~GgNiw@j%yH0EKN=_j=>(n>esn7g}rAv7hY8~jgqfhaYwQknd)cty5 zjX0|su59%~_zEE?D{EJ~@0DRvnnu6X>!W6Jv}7Ew!cd+qL4Qy)=jFmc+H#9dVdvieZA*8XZ_lR~9FL^*eCK+_L#1F@V!IdfVAMTJF{fa7ZvY>iyy^L% zJ-dkD)^&7LajM)$Wa5t0(#mwt0#=UDgU+||L!0I(Y8sAo>Yc$i$yRIi;Lqy@mR6}p z@2srp;r@(_-$@6~KqI5=m1Q-bW`4xGG>^$vrS?Ab=Yhm~%FCWjxeFgIC6WB>$(7TU zH@{T&)5XQE=gMe$s?M6Uxau}fS=XF}xh-?b?n~wGbpx8pP^acY*?or}#(PwTGvj!g zV#3_m0#uDo=!g0)jUI>i>+ODJ^YS~U=cy?QnrTpJ3Fv(|C9bZm)yu-)>OQP?El~+< zbx&39C^o7IvW-`pb$@14Xf4^1ZaMczswI3x+&S=pDZLk@r?L~FwSWD__}^vc4y`gjU?rlr>rSV-eC)2&~K5d=5S25Q7 zcPIDr6{7~P=Tocl6;($?PjAzm>N!Tb(W3a*yU%a89XePuGBdNarRVt;xCslgNkJ;l zypi{&kmgr;0=|~{Yn{4=>-c}%yKbcjTlu>2wF`O3RrhJ+{>`eGX3tW4-4tr4vEGqZ z5?exRQssV2{U6#u7e2d%*1K^!Ru>EDN%H@)>R`=ttNYCNboz==ELEmtPHeIH>ILo( zbX~pwf3-zEh{1L45&~GlB&M8#)9>&z#_nJH`9(=>VP3ffCwfKH{j(;~m0hxMtv2Yi zdj@7@o6V1_+15K(fANc~UBA{n*RDTT*Vkzaq6&5a!7dKo#!RoYt34Nxle zKFE3IJF);tz-F&jyPGtpWzXKLUg|a4#QSC^=-KHE>^enNW!>9a-34DM6|`dpmd>3h zSN?mi_D67(pZ$WB{w8xRtjg?>i;SaHx61vYe)b$a!u8VUJ5|K{EQxmHQsY2HqH zhxsXTGme)#gv;VRPMF>m$_aF{pY8ngwk!HXv*fJI*ZVJukC(cw=8Wlin$u?;(Hk1o z$yD2S=s>we4+<^rG!jXH8dlvrSsx0tuGXbIe{P;Pc9H{reYCVu5AA)opX61~Ixymm zR#kdW^}RhDM|G{U-uI2_s(Z9`l{`FjrYphA(VQG*ugYO8gnQnX-OPyy2}Z9x%H5!s50knm6}jW-cOOsS%~>*}tq@7JoU ztcnN}iWFUR(M17Wv?}Vo#s@yO)C%i;HD z&3zhMn5eCB`p5>LcS|jp+bd!6d9DM%QlDWW>eJ4}aJ6)|i0CFYhkuwysp>>4{4cLf< z(h>VG&R?)HlsbKVjU1|yMlbZ;cn}dZS@fM<$Gv7L#He4SyB*2h9Rl4xyZiSSScg0A z!lAiZ-RQRq9Xz^FFJp-+WL9H_6?K>wC+6gw=8gF1HYYMl@U8HbXB4j`zS6G(zUT{t zhK@c@8KmFKVDE!IfvRdS2fyK}A(liiAjw8N6e(J;x5^OJPiC_P&&Ka$S3qTQaIT$v zDv~jO#dHcczzXA8LOf5Q^jL>Q@ZKiQ^J$cZVQ9rcGcw~jgX@t~?2{XYU?d<*WnQQP zey^iF+bFy47Q|*(Dt4Q=)tMv!2~*f@ACGIn&$<4uccbIx2M9Ln1Ki?M$|};VI_)$b z!Ahm>Tb;nMu_#*3^JcgZj{%I%B(9 zJU0Pwcd~Z{GGt3$J{vs?v}Vkb1L}0)kwq=xgFilvai?+#i|a!Wfy2cf@VZG{9HBSz zc_wkmnN(+uPg&AN&+Z@Oog8B~+8bzn{0a~kWdeZk5QL}7Vr5bNHzXWm6J!ZJN!<^5 zUd|W(DCMt3dGal5E1F#mb$+(3$zO}s0U>4n&2^L! zOEt#3n3Td)3gERQqzp98-JG5l@@4+i#`8a%cX`*$E>t|d~=rARqSL`sz{ z2WvJttEbB7gCIwCM)Hb{@rdg69697iRe4aoGk-3p`!Y`VWp!Q%E{*71jWOU}h!uCp z2d+(#HLwZqHuOe`S>dW2`58xRvXx6PNCJGZ1$@5OI75!#xU>$Jq+1e6Id+oYhlb2* za}b-6vMl05-=3xbXLW2X^9^8FzcAa`xT7pQj@pA+G`4QhLOP0Y7R>X^t1<|Bf?O4GsK&V6Yh#*C{ZM8HeIFs5H2)B`4nD zvfkGkZIB3LZp(R)Sofo!qHxRe)(@s}pKmc|0+nqLd9bWayBgF{KRT*E%s^CsM!ucG z55cNyjfEH%RK5}Os@wG8kCLY;FBl+bod4BkI$-pG5$s&b>d{lTb+4wOKPU;Ci%Woi zzz82mv5$OQ04xRo*_MFqi{S#jt{G1Qm@X=yxcqMIFK?1k<4_74NNUqL4~Sas@2W6y zvf&PFt!(mYjYqhIVE3PmT_&#HEFBs?@GCniu@6yN_ugLPdG-U=J6RN|>m3rWgt;1H ztFTvhPbeS|#jj=p&m3(>t*u4vVt8oRW`i!8gTJJx)Sp%l*!q+gis z)uU7mXj5iF>{)v*trd|>w2smBcPz2>Ew;#XGDIND=42ZHDrJnFI0uP}9yrjDa!EaN z+tI){LA@yiJeSPF13B3IiOdPIk&uEy1C(>!(Rbm#l~37YwUG88+Xus22b2ypM|Gc9$gL%{=Yzeb?7LN8g&p#WrvG4A9>gS2c~2>8WSuO1XYL%xb%}W&<_tu$qLw}kT8!-m_mYjno+`Q z+=?ZI+c0-j|A1I4=MBD(RVWX}@E4g82;DY`fPlPJXuSta>BVI-mr*Gij6II^M?^NN zK~J_Jvul-<<>x_BiSEgHiQ&Pf7ahY_A$ZV}UL2tqvlPhK(@FJN_~(A92mXU+0i=~k zF{)?c)j*{s{BJsn7^Y*)K?LwKh(_Z8qT86@SHqCaXXPB`G?Y#me{S@9R`D5fTExf& zv}fWU*f_i^0b=C(*dsBt7X*Tu=SP?H1wN<&IEao5!}J0rz*qP&l;=C$4s!<@n}iNo zuf(U$7|h_y0S1PGg=(QOp8{Z^6zmwa;69WjrQpMShfsun#%BSB!I}dlU3TwDr{<+e zHRAploa?|y08U{cz!}F|^qS2_L>=ZCNm&*9VEfc8OTgdzvkiX;3w5EDc8_fPUChcv z{wL%4ITg(}e?5QlEM6=nddy;}YIRakt9=Ub8G?AH(E#Zp3Gqt@@^J)*S(hk>j3DN1 z_Y1YE)RIIh*ITAPW~IxJ4NFePem>i1gE9=~AD2Me5O=bd2mgdC2{m!L5!X*-8}~?w zYfu8HcVmVVG8Z^70kzQamsh~ogCRsRb)%o&*-u;X7k=HX7r<=K`9b%m(msp_Y~m{+ zcQ5}7y4z+6tRi5#$tm3E!B*^7u+9TLw%IKAW%WbrjEm;8kj10=gD}zMNaZANWCD~V zx84C-uEZHlcE{F6E!2eSJGR1x?ivI@3U$UIoC_e;8gP+M(4*{H;}&ewDMdr-oUeB5 z)Gs9qHzIG5zp&{+tl!qY3?onHjA&hdoX^}CZ=LVqICqg0WW|CE)+9`;en6cuHc_1xYR3@3i|j}WLkfBlzNs$J1pcq$d#cD^ z$@pev^~cm1AKZ}W(cjpkTIio9LfJnMJxap$RTv7v^XR{F{$j%4$@I^!UejnX#% zPP9Ln!;xRr8N1`@jZ8l^QHe@_*-qC&^N_|ox1rJ811Nbf%h->p1^d^F)r9358NDH` ztrF7!)3stQf1(YUaAzDgNB*pDo`(Zhb+()7bl?t@F{Jb>ShFHpXMRA+11LW9$Z#I){S8=HeDpv_Oxg3A1^ zH71DuR_ztyX9H^eL3@l>FfHK!<08Qo?`PZoz}?vIp{O!7WJ3nRdqMa-X{Xdef7nUY zK|g@|Dq9 z9#!QYlzhI}HspxvGvw>)qoC9(C{og#n;>tT2M509cEj+1HNgMhMA@%o-+(BaCmzea z22ZWvzi=rsZT%C%yn4ldt^0Dc4}t$*l*VexqvO9I;?l^JtSVy-2NY_N2!64^Bwe18 z`Kj=oV>}`dd;%f7JN#C}Q5MeJ+}_I@N%I;*Zv~9rks;CYot>B%g-PzUvJdj=u)~)* z2cA>lVDSn5k>eQn|Q={b`2-w`L2R{XD^@zwuKzA8Js z^Wg8(H+N;i`w_jKZ|*!{?zs?dP*)pz~=aQEKLd%oYh%rj&T7N;SNJF@1W{+zuqFZ>YBH}E?I@!4VL z-j;B>=YuTIM_+yPhNMnUXCn1d1<4yK=rg(_L#rb=TU~$^Nw$PZnV_#>`yFlLME*!h zvDZ7{FWJWDAWi5$D&gK+xr)@Z;Jqjs-e%kk&1MAl)2ncEbWXFjv8$tesnhKrtA91B zvFnn>r(65f*VgKK=vMW_VWx+@NPKWt^JRRR<4s%=lTi>2-zJf3K9p?}4ml*jNp+IYAx#GvhPvgWfMZVLc<6Lk$ zHPC8Mcr&cG#?0^Z4H?h(5^!9x$JqW0ARkcU2Pa>dMQ=PYP`hVy`0XdseeL?&X~^0JpCe2w3&*3F1W@0)p}u>^!1tJ}FFWBjdC5_5=NBCpMl!V^(;)8$a3M@wwJ| zl4Wegx&iyQ3k1h*tS25w5gl98{MF$tflnQ7Q22Q+Ulq{xiCb^a4!1!lSV*?C4!xrH zg4^*Mz9FyV2G642ZIvE;IZAHGXE4xZkMYl^D2<2 z*IU!QsL-g7R}y;(S-ThIN#V1soP`NuW_{%UmOk%qcN0Z7jh99IdGte0wzUv30ACdy zmHpx2pcGTN3i`g+5Lt(F8UDg@`xveekmNy*OY#J>>HaZKI-oQ0UlQ(2()1a(G=heq zeNESbW#lW^HCdOo5AJ~p90w)c2mTJ{e&RCZL#%m-1!w{1`v;TKZRMT#(8v|x)7_&U zdp=SZxz3G7hQBLnIrQVxktwkH$GEP17;&3BGXkHS01l?D4B}ICx&QgJ&(t8t2ZC32 z9Z(Qe$0!TIW5T5#oa{kITInjo{lM!~pQ$`rO+kY0&C{aGfh73Ck~sSEWt+Q*p-I7l*IqT^0Tv@(1t;^V@mz=QmrbO%uE%Us6p zyEu}MmtiE!JrremFb0Q31GD`n=wGMvYTSNB4mvNn+qJ9qN%H4VGyvs2l9S|xJi{kd zl%onPzT#mf4Wo$xobS?)bo&;B-|8sK!pZP6z-v)QQA_BXE-ohd3^$^VkKh6ndk-CDBTf%h(zI~BPitDPK+i?o>`ZWURs4~rw ziMf%v1tq4oq7t|czh$1!p|FMr2x4ymrrPU#yB7EP6c{!*{Jwau-H7bnCbsO>_*v^S z?aSf+^?Zx{Oeu)e7KaZQ9D9VoYkEhf6kzTH#*0i*HVJxyynWxgiJkZx?h_z;t6Q9WzjI<6MLt5bRMmVMY^Tg{Pz< zUt7_a{0Z=`Pp?^rAl~i(=v?ECpCp&yHJYf!{|HiDQ7<*D#YWEmxV>q(k>$lz%hkvU z*w~j`mPAg?ktI1ivB#-Mab$5iin<~rBTMmWU4v)LIdCFa=PG(5;ZYv`=XdK{Tw@k= z`hGjEtyR=oKqIm)qSiria`ze^iJ?^TjIiHpC@_A2QXtT}WekLnigt_+e)jVRPJ1F{ z6T=ldz?Oq}xJHK1zoXXpglp6mjDdb@HhA?z&<#W?vcnZSi#pmWcCaYP=s1#5&92z* zEdHDGI#a?m`y&&I(Ylj5Cb(R_>15*$ybTep8coCLs?zGnh2>Rsd|{G%#mKF@>WrIM zU&SsNbjvY*#V(9@q+;jTZmc?sAAZ&0hG6_~GCcrrb)=#l?_JDf>GpVY2TM;-YqVm& zH;Nnpga7diM|WK@mtHqF?BhXmlsC{TB<{fb7XoHS#NQs7yc5qtX*#JI3t))z1<;E+ zkS|=3Wma@kqe5KlWRK0Wbr9Cu9YtR3#<=o1+ojdobySF()W*{X`3d^ ze-9xv(y|Krl?OLC5Kbk5%lah9Z?7}%kAt{NfdINNe7{eD)Evo-)a(dDU_I|pxcuBh z;hoW&)uUJ8%_Fz;LR)Q8{NyK00Ssu~RnwU?MRS z+AiC!q8eci0UHuNU=IO?5o3mn2WMIr5BR31vY*Q~>QE%mdg^GAKjcIzkB-$04eMe; z=c7~guKb;xA_Y3m0e7DY?tTt94tY1+J7!hSb-1bfcoFg!F3<`(D!C)WR}K#ZqWac3 zIO4&*-vgp$B8!#N+8ljKR=Rc8Z7tx79G1Ppd(iU1-%hQuW2R!}M`g9}OMj*-(H!`H zMC-uHvpKNCjN;{J;{5dRd{@%tS@b{EzK-khL@A%k@{lP3BPZN>;(;>%;GW7f!N2ig z0{|}}U@nxxKV4FO&u`=9b0ZT9(M#o1?xM@32jIDRdOMhabJ!dDCr9+nP~Bj)x)%nE zb+|CN3h@PtB~UgZ(p{@jGl&qAGr56m|#36&5~ zK@&%1I$A%d_7~J-8sjiLf!2ZS##&KmQHYPO{|`ow!i}++))%n$$b;r9$6Hh1%Q!=q zYM?7+U&{JnVORHoJA$6O0kYZe#r(rPlB=zJqB(^&?~b`V|2_#v(oww~@S)H%`2(2$ z!pJKoU1Ka>ffjAO1CW4g7?JzL-x$hwGV|P1;^iS~@cfoA5cFV&Yv=+e7d_DXUyIyE zwKSF@l_MHC4pB64%)Aasu(xygR0R3mZ?LoO?EDz_(yvghTSEI z9e78(JgjN%>1Y>++lvJoCOf^1gCZ5WlNIL{i^6^b_}Pu^A%=?!A}5f7HC1qw2Uy8g zi7IWYq@Biktf%+T=U!qT1KgPx0*F-s=da6{b32Fjx5Y9;KT7#3c0(OZ-4&yRFY;#Znj*YJJC+h+|1X}kLS>sRt)aW@3H7nsiyuZtTG0z9{ zs&H|7K#f8q=&j*;Nz;0`&y@2)C>FTox$XBt9lw%}tNPaze4#zO(vgno6$?jXO$tfXBl2(upAbdHBxFnGLOgmWU_537z}IqZov-&c5IGm}qjI*-IYvM>h!_dWMh z^arsAwo%ys6)JoI4QcRiU5Q&?{vu^bCH=3y1zntyKWd7n=);lQhkby)PER@=i1T~w z9v@eWWNb6;FIIYr-c8D<&JUIuv!%{r)~QZ_AnPscsKhSodK4+C%wIf}_{8kFJTe4I zv1`$+Y~Phsve<)f%O5zu0u9IufxLMI9ZWiz&z4y-USn{F1sKj6KGjop>pQXn>06h@ z`8RK_T3YL~XRQuuo5K|EL?`H_k+*qgO%n2102>#~E_S|2jcR76( zJvT1ZxS>RPN>kfgv{*GpRRVnhtZsnAtF2|4-(5~W9t1<=OlV=8Z3F4S8#>#^G2X0T zjNX+7N5ps@2M6WTKBh5V-p|x{I=7$$xY;mxE z!zL$Ou|2k|2YtZgqA3@(qL!jJusLyPcWqXm zF9&fwQk@eSKU%dogq0jpG-~qy$7&@C)EOr%XEa(*B@ODwPAIadApAW#8G4%Ry24d5 z-@V{uBDJQy+V~DKpX5w^QV{bENcR>Sp|7QW7U1S^qg?=1FZmZn$QH|+Ba`uHgBF5x z&t)E4qxK{5wOZ%{`<*QAcLp3{puF!P>>-bO=vN(Z2)$M8irs9F0O_kNFT7>s57_iI zZAMSRoh7>)(%^LaRu{Bl&hM$$)p@fJ$j`-S;CaKEoht`E0p!wNLLtIgku|bnS2U{- zoeNJa7&FnWt;k{OP; zPdH*fH5JTxYJxd)GxfIp5Hh;ExWGIMShjJas%s{-<0Rx22P!bX$F46W9s1h6iCrAV zx2BymW_-QOCIPcBF=9wB%QLeR)iA&BZE6)*=w-XmF0++DIX?a@Y|6MyOm!YH??`~M z+JW8X0PHq-Zi(N?`%Nv;8kT+TVwK2hhk5-bcBsWf5d4&ux{&2V{kD?`|ktOMMhIhIG=}UmL>>T^AR?^!b{?Km5Ai%A777psnm_?H>#1x{R!Qo0lYPFy2;I)J>~5F zRYI=bI#IQF(j@{od;}WTs{ymtcoU+Yb^SBDO11z?kQa4;!blH5Uk-fmV=ptyj`z0^ zZ3G*okPJlpZ%Q1j-@XhW_(cy$Q&3<$1ko4w!6Gw&`l^V3QmxU9m@B45bc`0Z0u>Xz zMg#LiaGTBeFCxRZ0y=N90Jh0U_D>bq`BmUNuyL9|oQ${8{l&G$P54B!lPN;k`!Vkw zfXBr95@Rdv^!FOyfZ73nS2r z$sim|QBTQsZN-Nm2(C`c^P@Q>BdMS)fr9cjst>5t#mZb;SUa+D3387wO3>e1`a^VUD!TQ5C=cy! z$oV49|G|53{_g>*ai)aVCOrmO>idPlfoPq^m4A78&G^zPEkJ^CJ)+w8miz`lwDdvE;~p5DI|bDN5<_g??? z$G5icz5ZK>LO?||R4SFihuqO?@K!?H8Gz7-s3+QR-U$2Olcl|!*CQiklkjtrn%;TP z72J)TBe09e{*b^Yzl-Dm$n$Igp9z%)1U{p?o{*Be*YB8@Bk`sD*k%kT+f+ zJ5kyS_*8fV*~iQExnpla+o=Vxp;C`B(QXHID`Tlz(Slb33K9I8DEqKwetxE41S*l? z@%gX;Oy6PtmNY5yhNaQjw~(wYs#BAL@%>`FH9A@-h5|fJhRPw_W;X#H)w zPr104fR2(ZFsiRr%MUb`#tCE`xV#>&7!A|M$mDY9zqnFXlmk7);0O*GMtv-Q;lC%T z#b}m)0SaSJ=D&z{&+Znq!SpnY89SYtW7xqj05mK&8}SP;Jc+Y5yNY_|G;aV%hxtWZ zexs`b`XiVPk%;8>Xisv3{h1_(plm`iHz<7p0o@vhdlOW4uwN5oLT9ViX+aEQckD4W zUbNbV-wL2|Jhn&{h@k+1%PoT4bz6{W0w>*z90;})yT z8zecbCyLdGz8)B>F-Bb=m@!AHbOrBG8I`Ah4c;h$2M2Dqu^*uIcNJY>X!^%drAGDk zqs#X)Vkkx(^$3omeSf*!*a|4H|2j@g*7AT}nyk64Uyt=GmRyK0u)Yhe-(vnopQbxi zy2F@u30j6@0PFhG26P5If0o5SK?Zb?^e~E8_mg-P2pPNy4lDZ^D|L%1o=EjwXWgUQ zepE`8b*bv#N2Q!&mDzn%%5fyoW#AvU>U_ghG8kB^dY8p;OZ*g0Q!m^A6wtZF|H~h* z@h~I~WQJ=q*gL5Mwv&t4t(;Z3{c=_5G1`iDjEDW4bsp5)y!0sk(BTh=yp{H0vA258 zZ!|8dPpua&-)vK>|3a|csZfAjfo4yI%NJj5xYHQ;9@x(0p2aB-NA*w9X;3?k!YvLI zd>t!-tp8~8RFeNAXdA=0jgI$c@L_D(h1}Ft$<^c>D79o}^G?sT%&g7|vK@^$E8t%( z*n()B7C4~HAVZPe%M4}(0y1E!w74Aac>Ao5$L9~s!qYkBj4D}CC}QNH6~3W0>MH0( zVDEAiIZiEd;74c@u3qm&eqOnOg#9*xyqD>zFN<=H#TAz5;RD;L*TtlME9|ywa`Yzw1s#Sp0cnXQ5^6;NE3ZJ z&czh|cVdtQ9`J)i(8g3^b0kq@qn_tY#)SWLcf+vP#=hQ?;WgGkAXI>F=FGL%Ga28H z6#V%K_?+EHLN{m7WzP(~1sd4)QX7OEM%(-r?#5Kd3hnY%e|gCk{T*gUL%vcRCaJ$W zrr0n)Lz>lJkxHa)W74^HpMx;`<)RbSIR|+*H>29vU>`wg!B0RrlFVssQQcn?$!B5B zlw{6rD|vY$xsXdLCYxmWR^ek-BDvNseX|mnD&k3@!>U<5QRSbBZsEv$-z2MhAOas? z1DDhAR9ktqu@GxMF2B-0H5!H$FNQ^-NB_lb!=w_s|DijPfdZq`_)-SKHXzuGuS=)n zNYepC+jA^*KXQXV!(UWCt_=2g!!G(-rr6(b{&7PdmcO-?Qjgi3NL2G145AJvqlXnr zCdaqvi)3AYYqS(YEnNS&9z@s74dZl>R|cZ`531BqDhJ4&fQ2cT_)oYodRbafLzxO>BBZK|7H_X zg>hI0S}P&J9pM!F0}>{DYU2OAeu ztkLDw=6l#~=e}#C576dm!RJs2kH%ex zO$CoO=)Z`{Lg1y&xCJV56ht?miL&lw0G~YV(Lz&^)7q9=o76}HuVeqkI&Vtk=l;<8 zQu~*dA{;$qv$ODQfuDN+vE)tdHq1?$!GsF%8~eLODK`DwkT>cE-v6SY@f@fZCbgMp zCzhAx3tA_p%8uYJk;I4_yKal*Y)EawH_yx+>8ojaG32(MbDIj<2 zKX?1y!*Kq52$#|h?uqG=U+u@Uj3CGg`ft@nxj%q?ziMYz^226qUjuZhyUyp(DbN># z(ovcJtdgAz->VwAr8@9A+|W8|ptJEBw_r+3Hs7oAY#MLjW+m3^lAQ}?Y$7&sD+c6= z^&9P<05OiX@`Q@A06RPttj7lHe-c|H-)rbtx9S+~Tg9uG)0|rFYo)ayc|wrx1{M@1 ztshIjn`QX0TnAdq2VuL{ zBHRs4Kg;7q+Q;lJ^IPt#tN^_PTI&YFJS|zz<%KLHO&uFG0^v8Oxs zQxg5;8|4Bb2OzMDmjY*HtKe)MuleQTT{AFaz+r#Oi@Fh?rS4=Y%lah)SC)@;Oen!D z_6;Ai%rn||j1a+H@lyT|umJTOLZ0Y4MQC5Ifx_2jO>o6|tzJWT&q_UaC)0Dc_Cg<#|@szYV>+-fr>jM$uR1g8?pU`jHEF$NR13< z+&7tqE&7-8bu6ET@$L9Sasa8y4=woV-tzz>!?V2G>QL8OBJ;a~~Vb+BE5^xwIy%&H{*J!};vgW!?vSK9Q)QLJJS( zX}yG|_Bupx(WPR>{d4@tp3O;;PuBvo@c-OTa8d@Om1{38^GxJHWms*PEFM{F{C=zu zAJ;0(E;-e;MXzwD=sQ4~xsjUuh~GmL;O<~c!?k4Ik;#S5?_mf@*^8uCWkfBmvpLkl zsjdXxXqj^qhy~@K%cQ?qAfd*%>QY6C==!D52|oZR&^TM9s3sHogVls55VlsO8GX+S zy|MgVfItQAYGcg|0fQFPn~Nj%ij6x3BDvY@9r_NDSzC=hcgJ3k@#B;WfxUJ^ikIJ# znmp}xP;a-1mE4{R7FcxC1p-I2Jkj)XRM(9!e`8}Xt1jFoLVyoD72N&uc?!t!fm+T( zSbqf9V)0ZK4?@4_M^t}CX2^)-88X_MA&2D58vfCqRy1q(Q@z0@{4dLBLmK#BAMh_O z2Vyvj_j#2*p{M^BIWPL7AYz67;B3Bf1Vdr850FuF2SkMIyq8F zaIpW8_grxNbW9xF=@_ZH9m222>=Q517u0fv^PCH?T;Y0x6ZyolZ#_|(_}}aM1DEghc81^B^UlZZ`}THhtVVTIty0~0DpBsiaG_7BSbFj*t4cV#Q>)mynj>$ zxDr&Nj^LN5L-qAs zs+gp&Zs=!g>^|DRb;i9SM!R{*`WRFnR)Zftf`h~70VOsn3EjjWHk4n8o`d+?VJR!2 zVAzAqMCEJvB`W!gAv{;WgI1Tfl5}Li8kD9OBTW;?xDS&1Q9^CK)M$af?%TtT{dcw} zn|L8z>Od!7zaZ63Ex8-{aXv>32TbnCQ3iijP~ce*Oz#)` zY2LSo$2s&6xd82+cB%O)V)yMq9bf}(s@7aVmme?^C3%%1I^#x~bGVyB=Yudx`4I_16|^Pm(>?GUB{ zV)R|2I(H4VgKB&0-=P|Jnra*c(geF`ru+B;KKWLFVf*eZg`}hmC|hTIhx*WDOTe{C zt071NC-_d-d;EYxxc}D+J%V|MKL>BV!4Q)3Wjm-SQp07jpMJhmyFCqTfIAtjiSJWd z_Ndk)#5*apLz9gQN}ul8=VG77)R!BL0%!SjZjHRJ$ZmRYFq*7Xb{?E0}*{K zq-r|?^1>!WA+)yZCzxf{mu;l z$_~;vCeJtpf>fZj!$Ajimr$}%Yw?XrZ-!|%8gGZ=B;VS2{V^Zi!79a-DR!a&1}lRe zGuge5!V%|BQmou3d!?GStwe2<-#aE`Wy4nY9Q}yXH;(SiMN(F!Eqy;N?64?3c#>3w z=DdTBdyNBVhESq!vs~$jLEc9K-Zwa%>cu)2@P!_hAr%o%q&BEE~nf02?;atx2O z>8I`t`U85e%4-Y;%b9s8H$lJ0RyMqC`lV1EedM-l94dw)I2Qo2d+G~t0Ao;ItTT3k zNnJWUy5Yr*n0ywb$NBzqGCNVt^_I>siSIJ2Ot*a~ck=mSQ z$eW`v3wfGc%3t(9iuWZU2D|wTu@zX~fM<+x&l^72BY(gtGLnnY$K{l@z(r-1zfHJQ z(Kk`uiQ`ZVuRE$=?0}oqa){FUNEMfF22e>7{gXjMM}tkJ_%F*dE*mWjzxR;^YAvrbwt%FlyT(*~8No30R?k`U1S{GsG7|s^Ow1yOJ8Hbp2E6xjL?Ht9 zIi>MdjEF`~Pi_V5U)TzIg-yb@lrI-VPW9lJ?2wH=E%-MXet>_biQuJ^`{KzVo`0~5 z+!!h>D`)IqoyQT#ibgIB;Lad&WEJpG+mW!y^{64<#@325f$fYF?20Y|XRBJ;;UBj#ekw~RjkU6ugkMbJLX zD_6k47CS_~5PV#0H3h}KKHhG4=pR5Js{?r!G@dKZ0*Lg^-d7vHK)fOU`ca8zXiOHc zeJjd9r?VGGDiF}q6TNhzkx-a`BkcYS%7XvRoEFuuPGo4u8KKJX5;JU5{1U!#`K+b! zZXR1ECwuaqyKD=z}4Hrc|uDAQEdfYDK0HW`>Jo-MmBAnB|3lVSu&rTTb<80i;&lds2 zw?2vd$X}x`-i7S&Z+?cAUET+&HO8rLS~w)i6Z%5}eT(#81SFidbX$iFNz7j83&weI zi$pY+`oC;r1teAIzq^1Q9c%!^y{2#gWFX`15o|(Y2R*0R$X?proiU188=1%630i%y z^wD_#M?j_{Uk5Z<>00P_V1LF;Ft11BP59Z%$(oD=hbjqdZ)0<*VEO!3uz-c785^QSF=)?j5d6pGlX-rI2bd18zDEIVQN| z4U@8}$YL~nrbKatm=vCnb2-^Cnlu4Zqg+z5fklo4CTT?HSb2@>6f)VtmoN8zLBH@U z7H%G$Ov9KEwm!v&DscYAd_4cEaA+F~!v{vRqd8++@W(e~EW^I@lQuA%Phe_%KId}? z+NgS>zkTx;nSn1_&>6s31vh)k`y5E#Kw0_!Y3F~QRlP*dEClmcJNn+uUt|Toa2#;r z@MLp)<_H4pgEKZ8q%e2V1N66?(f^#t=7&1ae4i(uTfsGGE#`rT=wE?w;7B)MXifc` z62^h0*0dV&!j+rV7#mY8p&%R2c6!np2BAe2JoZ4YLY#LK65#tOwR(X7}@pV4hSWs&O)W*k7T`T7aJ({!WR8k8vusO~K9hKsg zu>Jh3MsN7Q=FUtN+)Lyf6mzB-5k7!P{-I327`4N zo`#ySm@G$^%Wh{P%&HasP?hG&t5P&&}g9dV50nMR{An4o%NrjK;LB5eHrj~+ z@j{e67c&AQf?eZT)$rZrh)l#eNDWqnnOAthJ15oH`-jxUG@<|ROMDmuAroJ5xyXN@ z9Bcj1f`3MBlzBo|O0{6`G>1NeMc`$EKQ+c2RL25tG|PI&zQ!2HNLmT7&9pB} zCkgmuz=SxG2QGz$na^h-)FY^q;0u1)pByspE;iETXQ?IPQF_BCs~-(*_D^V_8;X zK)q*uo{Yyk z7})7Efw74vsa|o6H5m%3bju8h^VF z6H`P?wL%+y7-x#nVMN*2l4&*7N`{ALzR1M8>pA%r_X;K-c&p#@s0} z_hm3-}HrY5P(DKS^|A(%9VLpZqwm{~U-?v58#6Sz6hH9?y8 z6RU1|JCkKDmY5&17<0eGOp+LfK%9)Qe@Qg(2~bw8Y?n-sZFgN&)74M|6C< z-Z@jdeLAYqyZXY~P6GY4-~v-wK zS}EHgWyeX(3sTl4Jsr=O5Z1Ir+4%SjlA0bt`G%_kU4!Lo4n(CuSB}*970Ep?1a07X zbD*oY^kphrULEM_BVV^m?GMWM@xF}~oGrCa5yFzoL7|5LhvPX=px!M|f5F6y_eS_* zpsSaZzgr-lClE6vCQTsD7Kk+B)k0oEv{^;GKNEm)E%=jASCdf3B#F68VxAG~Pm!2L zspD0^4Rl>1F{eu%xl#uWSGCaBkfq~w0N;97ju!k z43d~h5_5sX6v}Xy3#_fbaF#RydVKgSeB~4YQm|aG^Q^+Z#Jmf54YLAW!{w`3+IzaR zH&0@!0X-TB%J`0BOlTJBh(nL}_Yz4fm->G|?syKX{viS_DDXcLZaY+BJ_Tt;0|nsO z;5Guo@vHEs2==9X(-GzMU};S|BxaDrWDBtm7FcV$h>t$WD}vRY@lL@9+S9Ng z(8Y5p?4$|n4zIMXLSl-gb-$I~S28Aa6(Ev-A%WQ>XDRb!Oq%uN}7fFBiBR(3~@+0P;6a5pP&3V^uuu4A=e zzVz({l+e3|R-73Ruy=gUPvpe%Mp?(t_|b=xC_G)(G}R(zh=FTJM5={a>U(5ou6wEp%RT zgRK7b(L$#R>?*>BKO*P@P+VIbkh04_qByP$^b2N~aGza*tCyg<``zMVizxO0T52utbNJ$@&QvRZp z@7Ge=dwI%teG2@?Q{aD*lAe*$zhDZyYg5Y4O-Xm8q@SAt|NIpAhaD-GH@ zkEeWJo6?>aQ_2rYf&Xku`gT+%cweRDpPG{Y%@p{zrG*hwK1isN1UQ;7K1?JWK;OK0rGO@|wZ@i2!k1P8RnxV` zlZgcGzf>J=Bs3=yUPpqe!-Isyi3IL{S%RuMoPQ+}Xe+2d6`({#B0-k~cCZi$1$Kh( zm@4UYF(QZBk^ZYNN?E#AW}yrE+ijWV_9Kv`EO{5{U+bDPX1~gW?_Ro=rfN{QEmTul@eSfBF>9LQH@PV$mV()1i&*KgK@ug>LD|qOuZs^~w&$gs#wBAnQx{svciKIW+No3(j zawL*&vXdyyAnEfVacoc{AazkMfuuJRNvGOLoYP2pE|HXmq-tC(rZk9@dlD(HLU{K= zbQ<#q9n?jomqRsG68G{ zGmT@WEeJ`by{g6&?M#+CfR9vkUppEOgjiN%rMKHqX=WnnGkb`(siX@MNgM5?w^UMo zBI#i}X@*MbA5RLcfp%;Yee#)MgrtWQ-GE&Kw&gPVzRM+gjVk+2JX($SpH=j$@n|*P z531;g?Px7Dk~K|bO(!r!)R@OGL}iD#2iQcVp6O)VC=SO#XreY{G4u^XCo%LHLvDun z!1E>-L;sdI^wE4BA!%%bs@@Z?KKPoA16?KcNhJNzPFkswcz&aL4)+2e>Gd=ut2K7V zqiZC(N#$;_qqR^a8#0JZDn-cFv0wq0{7Y5-=0yG>%+TZAJBBRZo5*=>fZg=c%Orc9O3_fc=9$ktw!9dqW@t>YoT-4Y^uV|-!MdVzj-o4R4bdq7@`u~)EJ_I z+{|Ezif!{3XsM)aLlre%8V4J6qO>GkrfNJtk#r_#N0P2mNuET~W*Y}{RZ^cs(qneg zjVkHeY-{|rkPpq+)Q=6SM<}s=lPpH6+%0x)i@_AC=qK%HEp!HfP(5vquzNLJWeVDv zd?nIsw~D^rj@CjyLMgS0M<=Gq5Z_lZKW69xhTda{szLK#2nmS8YNsSi}rNp_NNiFExV72Pi$T_@4is%1a*x4NzcF908sr2VSI zUOUMmb5licv7@!n#Dl=aEaKukhVqH>Vuns-=ro2-VaUx8&#KHJ2+96NIgiZ5QFEa6 z{dZ({Ga3i-l+vqyI70hUUQ+1TlIA;m)qv}*H*8QhsINabKTj6-$))lh>8T96C#d5!;ccuFeWH<`# zNM#R^Z_I{CLZG!+wXhWX7ngM=t{b@cTCA;j6X=I~sL=}`b;B=~E#Cu?^z`xQP@e14 zc5S^BG`8Z1Ufd;jl+Sg#e8(eS*w8i_HFd_)c;3}^CF0Du&gec~21!3WMhpE1=oTj^ zo1p;~pUXEPKsyF89hi!uK%Cxr7ElPi^5axoH@PJ5*;?>weCnMI7&?rG{#6E*+bc>D zjy$tw7Q93A7GIBx=yrcLaBe43n>SEhAKMw{j~mF7Vl9bpuJN(w6W`=su?OSd(%8p) zgBs?x6Fv7cxI}_?BB&c~_Tn(?G{;lp-;{;o`r$J8Uz5N%ElBpNABI-E2!Wz+0MJW^ zK^i4lV17(DOzdI0!S`Kqm2^ApXGFmyZJIKZ5GmAZQ1b?!`kRL_ITe4~APe$0iEkct znfnsoB6_}+_!gG1A@NPS0`u>QZyuhRe@T4vxJ*6qDEj$^Df;1=*8TXy7$0s!_0Hq) z;uh&EsAnw%eeLOPx7!Q&AP8)$oA9wKP9xfFY*!ycG>bso347KMX73p0HK z%^8$SVX1!uEhEgA6YZmMgZX&;o1ppu)FBHL&|PO}I7!Da!4_mImSMYg1uvcDuSNL{ zL)cSVYHr|hrFpM}FlOdzhJ?q%xmEWDSpjZgNTdafS@#AW_R|Yl_XZjQn3qdFhJGjc z7`l)lS!K>=NLHD%8Io0I6hpGgoXC)@BSRUIb)-K-vX1m(NY;^`!3H;o5cVBIB7}X; zkg)#`8IqO#9SN~VZ4A-S!rZ{n6t?O`hIoW(KFQE=3_ZXQkFm^q7#hw{gdy6xm;r`p zYG5vAhz1De^$gKO!n|5StYbPuJj^yPVTi{xW(7mT85+Y7kFm`nhIqtnp2|=zL&q`1 zgJp9tLxUOW!_Xjxx*>~g;BmD1KZYhV6k~`-J?1A2(Rjq%&CtaRy~Pj@M$J}+Xo6v` zW9T@Bo@0ncDkh&D-XJ@=`y`(ead%2ShE_;EhHhnuh8X5ThG-&T{+^-93|+wx57|w6 z$=XoK(8Ub#7~34j5RbS`N}(HgJTFqHHJ@n*BrVrF&(uOB8tcLa{N?qscxHp}%uoRm zg*Oh?R=5!cZ){uy3(k)d0->_^{xZ!fcot6JWWt^eZ)=2a0;$5{wla$`PFQkpZ3T%Y z@{I0S3~e_W1?OLpGROlfVqpR;*HB+6m@D8_e{cdFH4*Zst)^ zD5^R;DG!=6-h#v4Ic+!tlk%Xh29h1kt@j}fhh3-!()T|1*+2Tu3$mWOkdcAfy*X!ULB2kpK!HyjW zr7dGFe`}3m8}`}0(jvU3DST`K3el<#j|P+?I30G$aNkpeAXmJet{D`IwZ`9J_3ljn zi-MN-?T9h{hrIQ@>9+MV?7YKmFkPh5GOF{I7z~p)z?ukVi-^Xp@9O9p9nr9pv>qnpTeC~A_MKAnP3e3sQ~|zU1Ec&BwX!upWJ3CeAGqj@M4A_A zr>L~6thDc$2H8!?U$D>1F;*N)WYuj4ve-IfsA_)HyGidlXYs&Z_pkB!K>we?-su$@ zQz>I%;qR}ISH`}z&_Ad76>`z|^F{b3e~rDJNGIowZA^UAR4w*w;=7#Re@%RoXUCna z0iLWAx3KxDe%U2lm-v>|uu^dN1JP_6DowY_9#w3!d#$&7&q<*I1#L^n|qIhY8|HN0&az~Qy z6_IyKM=5*x(sO+u|GNJ(0sbhKaT|D{ufB8%-ZKTXV2l6BqL$cp3q2T*Ct7@ef z809ilI;`hQh{_~+18{pme+n(04fm+>X|=}dN$KXEgvi4CR=mIPKghs=*4JMbisZfY z36yM$I$(Y3I|GkO*%q;!e|5$Rdonxqk9bQcE9!NUi!?5AI{f=!pP#sJzzeWRpVs+G zt`U?9r?Nu1jF5vFA{M{A{sAEinti zd>}%Ij)_GbcoQxwHc03zspr1a(dHVX-sVL%a!QUg?A<10Os9`=?bi@=j|~XE>l+qra5i=g_j|OBwP}qF&dYq~>f6$S z@A|(?zKo{2kMVPX-`(DqTew;$fWYxr@`bo)L)xk-z4UFp8oLU8S+Qdqf4<(Qt-8n= z-W{!TMi-|A-|&B}ZLCX+-L7qXClR?tZAzDWI#^NQ4%%RmQacf!pc~qdfh*}#TaKf*1PQ{Fw`m{awoHS`krraui-U`E01^+WAA%A- zjtgAYufbEJ(KTGXfP-%Ai{gnEqC&edn;8Z^LI(#@q4{x3Y{r%-K+MRHTdZ{-&B7aM!$j-7-gZu*tmD=TTW%?f(%z<^*sZf zGmmG&b{ada1_@j1LxLKr3@^MC#JfjwVRa_f@pzq!a1()3!JNuSkU#HJx{Pz6VGgwR z#?Bm5gjVw-@rZPE&4VzC1=jXrlt5T$5PXXyJw74jd7UizJqjhyVE#jKi}~LobFdIh zsThKU3-SyO$waOJY><_A?%=7|CpNh1jJtq*-U`2%1Bv$x`=PgTO{0&P@V6qnboL6B zuE*2maoxobgIq-|bfnWa43~H6gU{=vzOP19!@Ee+LyH8JCge#&(F^T4uC4IQBis zpX(t&x@)mYxOvY6zOdM;8skSJ-Xi}h<`VzDHP8xM&crVg1@R;~dbEK`{Xmc#XXEce zYa#@s1sC@M+JG(~X*C)sHPjmah-U~b0v6Q+TtF7?Rc8UI%RKYNL6kWiiB<(7Pek>N zKnO^5z74=n)XxaG8qq&NKtGk?5<7zy;w)q)-IZ=a)nxza`+KXb^hge; z&vE@=S6Gfd?|5huQ&G90^ z*U64q-MuQwpGbPjPWqclx-^lr8cEhW08bz>@!mivBhiF1$g>@g)-8U?N{&@c&W=M0 zy~pjW&=B~v!`#+0|Ff#*b|n{(gsIh&_P(N$UQZ;QW+%0%q^A-|nw|8uYQXAvQfR8x zfPl+^OlAcefa##d?<)mqRwDZdE4%J0Glwy65B#>N{DpRYd%WG!EYKHrBHdhrM9fbhQQjX23K-5R z(EFEIIFNI;%K3ZdwA+ge(}>Wi$@yPq{$-xIYJQZYq8lUl_Mt}Ez*Kr=xhzPmu@}*;l}#&^QYhhP_-6ue-8l%m(8gJ_szyc z&ket~`I{4*@4a(4yk+xOCpfpf(>3zFFvQEqQ1FauBZ^gme2r37R-||6-G+;tUs2Sy zI@nxQ@2>G0@00!Yu0XyLl=XiV^VsQ;p;Dh4cbcXO#4!Rf(i?fTjRS&j`0T8Teyghh zZiNC@i44dFk1L zDyogYDxQK(2845|DpA&+e;_do7jI#Rn8*~~1|bR9D5l$7xSqdD%4XG?dz1Mo?7^VXV0|?A zz<9%O3liMQt)Ox)bp^o6{tv_}X?0TC$4G;eQ)`~W%0)kc9r7}Ms2bJ`l%9>o|TDsRA zcTS@U{S&>lH*lIA9){Q2NI$E*&a(Bm`$U}#zxCF1q-Vv`_126Y`SsRbDc_krzAuP> zsUGUBY4I2ZpO1JX>R0t8f3v>i`q|#(Z`Pmu&H5AHtY3X4*Plq&TUmeN+m@&A#^458 zXa5seT!!~6yL}mOUG1+b>Y#j=t^R+@WS8|tM9PYG+OUY+oMBAXw zkPSXEE&n>ci3S3|AL{$o8SmMmoA2~8@CC22777%Zv2op&qL+lPEBib4Z@V_))0Ss< zfz$%6kE})eaSa;_)YLYR3C7g{Zk(rWOye6xA45)qvLp|Vs@!CWv9p_@#0nb7h2)jo zt)hM2NT%0FM-Rd@YAk>TfpjfU%ACO#-@MWp{_WB6PVh7U9`7u@0sdJ~bos*4E43g` zTuQIef@kr!(EpsiC5>f)MUS^0x}Z9v&nMi7z}q#QO$~tGBH#j5fni3+%M^-N<-ezy z#4ZS0k7>c?*si!NB$WEJ;GfWbYQ%Q(cYzifjR{0N_ZJ>yV@uJ4)oy4Eu(Uj+o1+?k z{++hsB{1{ACpZbfd1qwwGO+Z0-Jh%ZKz-7w?PwvG5byxEl3djDfE5!=7SG{&>$S*` zYUANuJrQQUiBzQ@>tjB}DKGP%?dom*xyN^3b5)P;;pWYW?_~64*Qc4UG0Ex+2%z3E zmwSIa{JdEBt$e%qeXV?>KFdW5k%xCd!Sm6TLVV5j&gD9fknB=MmwAnkpqN4`9(~F~ z^b9N%vW)$a(pG$Y%mWF5OUY+S`y&fifenA2XKu}0v@D^#6?}p!^MU60ZmSAHNFgPW zLP#Pvf-+D&Px!H;odz}A08G|t9peVTVGwa7eULT*6SUE5R^Bre!Z;t~JKd}&miSG4 zH<+if#R~sD@rjokZvIH-Gex75QK}nm8f00@_nIdWiiK?*&C(S1F@0977UzWIRJT^#=ab8T8YGd8IN4h5x4dQPH zPS-FU{|P~&2Y`7N0F*FiB?LsgUunLT_>}iMvy7J^*#%lxJTFTGcBeQu;DQWq(b3N! zX>y8*Q>Xujuy=uvvnu}olQwMw1hPoL01*~hAe9KIL`flFz%&immQ84q777$CP-BGx zyR;y*37bf_4-1hNQM@Y(2ntG3?zFVDpnwIDtCxaY&Jww(SPDY>e}CpY&+ex1{r_Hl zHTyizxy_j~XJ*dKoO1w3_gyZt?6Z_zq1FsRtqu~XmD}Q;#{p!$oe`Ai>~W7G^`tv~ zf+CsHg9k&jMfO|ymj>33^AN$2$k?lU$V;k}UFPZT#p zp^aZ>cq0QR8h!J%(wyHlo3GF5$0{2CBw!CQ$o{~F%_$u;h7tDCSFAY9rPrPM;ljR- zVV1Pyhe2z-3|(@T4NdRio3^r_EGf%*468@}5|NC?SLdfUlVf0Qb z8r1b!RGxNklSS<8i+0xQ#{W5jjW~CoW+=D-dr=SVe+vZ|U}&GX>QU($zlZq3`R~8t zY(rYIleOw}vev?<3u9Ny*u5a@AY*sBRbYokUSQ|FFSGKqD32_R0WD`f!ILopo{J75 z$TuScIihhEXS^PXVwJ^kbN*j^ZM&6#0|LB!s&P$LXN9k`NwbuCn^kYK2&`G~-5Sck zx?Z*MBI`4qV~D-zX)zT}w)>r8H-PvSeqm9gOcUXF$=>@A$@Kr1z>j?z`a0eaHR)AD z8mA4uC&sG7PFaAYqqvR+}&p#O7$XR9d75XQ-t;qw_B zR~a%nGs7*94L(slcq5<8Re@44vU5lz%YKiAe81%#<*ohiElK|ip;Xh=3w6!|ozl%1 zWh~`?r&dlbUV03_cs)38em|Klhcp~LZoW{ze)ef3*7JHJb2=i9A#+ZY%pVoII2^^s z(dEwdyg&!9jeH-y^geaayI(G#8rDBI8%DVge7s*dWVY;`+NIPaEBg>6`DzHkmJ?Ek zF8ODaSLw$+YHNuaoFO5793^+Bj;5rUBqEz;z-vA{w=cA> zg&xv=NaUp1xLbRz39^3Zct4xpvkboa{{z0gwuA56rSN_FL-5H}8^U+%pZ*W{LhtS- zFlq4pP6LTO^&{Yu|MHIag}-ILF#Ku3+t+_|S?UZ!WM~W-=b0hg?o|66TFl;HavO%^ z??RCXO=V9PJ}2#SXpUR$KNE$v=jzO+3K0hKXf%Cn?*zRA&8uwW$#8h^=VE>;8(CL) z_xz*5y^TIPuy);z)`t%GQY*}|mSJStPUCzbPjLwGq1RA6!^2|FfsV{NVaEQKH2*T+ z1O3?wdFI+OnG)mQ$C zzi25ZWIkY*xJ4s>u+<+-PBj%$DHQO!zAdrur*c!JFzYUuhdU(!rX}5KL>=Ff)J%se zsW)|g=7XJ6XKx0$@^rla;>5mXOZJpAq%Cm}K)v}G1>k=ZVB{1sA`T>wWr0y2&3OX6 zVFOE_w|uk)AMqBE%m;g?j?8?pG}S{()kE@Ns5SH}JFheaUN@)jg&P+R_Hz@Z*?KTX zekzO`@CW-9jQkU!wcg~j`f4XO9zxAP!o0lMX5vqgpCleyc>=Kd3m;%F((kK;Cnm`@ zncon6+d#7Jl%VJ>R&>4>z03KWzr92yQ+dc<7M+=iXryK`AS(C+_RX z;${ksGJXlFbAS`DR|!h5)6FcWlR9dQXHl zFtl{J1va5$k#rJ23(l_Sc7qygq#1H=Mn$K4nUO5K%;H66f?k?#>2(u*74P898v`o< z^`gtZa=T~jX3Hy~Ts82rndw#*GpOdBiWwpx!oC*eRgL=@rr&|J>7UzlO3-dSBo;1n z;olyh@KWep=62zs$2D#Y`z+y>nlLZ};Z{-h&W5<=!q5Z!Rc|?=-o5f~%LzN#mj&#m z)^|3@5?(zdFQ(?`cxFXmJ(SDr)Nh>o0Ymo@G!9q8fAE|~^_>`e4At^)q?b?^JR*JI zz^i4g{1Ps&6Rf_6wqU#^v#wMJ1plI=C#~jT*d!JCf+-`MT;@4TO8cad-=G@sZzp%1 zAA~#yV@0$Q$}83P2P@R-3z?-Xq9cz175Si+RkH^9aY~QWo0$& z-YW1r(lzt~@L~Ed^`QT%Gu($lI|Yi`2S*?yA_nkNNF#Li)k8hm4f0j~ zLwN3S@4OLaODzojd*ea^<1Wc7jqWrm|FKc|1!O~=e&FA;PuK8?8%cASG8}2FZ$iRa z4eLD3==F2nc!wwLw36Oxz`5J*Cxz2oBmY|n*4zSESD9NN>CX04Lw~OP3Ipv=;q<5r z5faUi3a|2%wr2bjb2H~Z{#OWl`X?YvO9d~qybkVyb?Tmu;I;hH&+6P$tlJ0H{+t3~ zP&4IN?B6ffIjd1aaq1*Rhb-lS<{VlvD&`uk-7;;2HIQ3*`kRkPoj^}W`6SF5@Y0XXA8W*JD}Un?%drvHe2#7iM@ZVa1qb0htVAB@j)p?&V_|_^x#G4s%%PTsWO-B zqE}`|`e|xt3|ean>$}^~AkZaRgHCQ;ie-;A-9p%R$Jmm<3%TJ*PmKH{?2PdP4}XW7 zNha<;_3$@AlCp3#>ld(_yP2gQ;Uo^v7sUKBEwQlE%{83^=(w?(g4y*2*DzbNKc6*+ za&6SOrz-phr*Raf8OX~Ke{gbL2C{rY#+}|$yJ(X4AYY#8U|*NEA>fbM5!{fg*R6qk zLDt;tu@#x)8_G49roa2ULrJOA%1o>L4ZklU?g~+`wKtJDsOZS%F1L?O$7vt2AS?0u zc1G=u37Z?a%Iss*RtML))GI3z4>DyLFCYo`S#4DC*h+x>kiVErampWCEPpuVJv+nk zAUl@Z{qM#UECe9Jpv@oSMh9uvTdylC)G(-+WJ_xHNiTb*BH(x$Re8`_&-v}J5|7Jz zf%sc#DaHE##j$17|D!@BgAXDOt^Tb(Nwrc?Lw^@WT1%>;X=YP`l4ll^zZxa)<{|rH zF)1D;eZnU-7LtYz03hAU(x{nZ=Ds-)Klg92T~+{(6TnPg$;({kSr61(UhoR2GeUS* z+`E)W9}K$nz3%ZSS)@`us7;wxdXq2xn<%+@=z6b+(X=0rAc^T|%*F_1aY2xg1ua~E z-Ro;uSg2uer)WHu`K0b*k|G+z11gG6q1G%=wIMh z)C}61gf__NiibVAo>G?L_%?ccOP}|HICMK1RJ7RR+AbISW7OkX^;q|3dwk#FVdyWE zxASYQQ|o-v8HJ>wleVwAHGzHbv8ZZYTbKXbX!y*P-Rt7TN_Hnh$<+KU_AF1nRVx0@ z{|Xo|ARhNXZ1T$vO@cp@Bac;lbSE_v4lY2V8^^?q^1EqhBYp)-Y3$TRqH}`9HNEa0 zFdF5%Z+kLn<-XkKanO0t8l!w{H7V35B+IpE6?P;#-A#r3QfsaK+eF-j_RTvxY7#V; zz;KT+=kwZp5DRS7%t;st*rcf}$$##4`9}@9@UeFRo&r7;IX^ldVUz!1Ci;F#6z8?w zQ~*eS+Jajf`^UB8MCW}?*#E}!#f(?+Y`fM139}8?XWO-yZOFEp4?5dk72V=+ptQdB z8dNGfIKMZTQQPSTXffMfi-nDQw>#Z=_F8AJ@lN+;dyU&GXq{=V345*YbW`lL{xqEk zuk$c&_Xg2Xm&q9ZP)}m+@PDcU6X*ch>rjdPKe~&L{94nD>qCE}w>PPO?Em|YX^h;@ z03FXy!2N5UxSs)>$!^3`Jn6pgpO^_Nd_G{z>f1>{Fb8SS8MMRgsvo4sD7NR2 z;;q&GzJqIcA6R=9&9Pe5T(({rcnm++S*eru$NdvkB(qM?dLr@ie~z1JRU`y4flWbg zj1aOfFkE2}T$ek{OlDO+Jgr@;NS4vuR^tQUf<>_&7c0%OKUpAz;Dic1buliht{z+s ze-C=AMM5U z$!yMSQMu!jW76`mh90(7a8D&n6DmBxZvSmby6^J7jXG5?otn(@t@?@s4JEq&05Mb; zF!^Hzqz12vXKv4&Chcn~Pz=h}v7SqpI8k~r&$+hovM)6Ti)v{YzVl^1Ci~P(lW=$) z(w6iFh=hTdJfBk${qA{R-Dktxy|t*$ZjmyB#`xwb)mVn=ftYj7sj4N}<@O@bf|{h~ z*mw>#dNIH;=5v`k6t92Ca+oBVSmeFN56T}X*ImdTCfcDd8u!Q3G7&Kq;b2JnOrXV( zBU^lx;p0h@`T);e6kDX%gZgjVlvz-!g$^qNfaAfKfcx1!iiZ)v^S>5Yuvh4{PE1ww zdIG9$Fx5OW2Qm}sBM#phO9G+6RCDTq*&Tc$UdlLwUz68>h5!;TlUwmyIEdE$E*{zk zzEC2sHZYzHrB(;^;V(W|qPLEgAfbO#vGXtfN;gAC4Kvn+sGtk=+$SxkJromLItf~+ zfy|f`FfcxKcDowcynL@7E7~fc;VRd;VSJR$3eLd>fiII4I-QgF7=u)mJD!@F;~m`uoI} zTy&Ine^w9f%ip84B{bb0^uU*we14MJ8QHUhUa@zj#?tcC$xEu1>}!}vzh=EYrW7hA zFMWaU+&_G~(P+s((zfFCM$3OAYY*@?@_-0Bvt{Sh0ZaDGY}qaK zVrI+7)4#MV2d?&6emKmf%&Bp@wQ?on8nlA&s!{XBvM;*J&yuepIis$47=~3U3HCYf zo5ann@P|QepV)Thz#~`E~1Mkv!KCWEDL9&9Ot2{Cp11sHzmFg=L z@f4h06HI|j(tibnZnp|GGCM`|F!Fo^g8J|EgI8Fr53K#|H;p3jM}2M;q(4%p^~09( z)B((BIBzHBDauo&0{ns*u}*iY?-+io^i$q5VfMBz5y>6?#bPCx?si>9B*-Y#okmUf1vDGE2F#j7AY+#IE+bf#0aVm=98o*$pAihT&^+ z^y`Arb7{4Y8&kEW?{z1VTRtNhL!JX+fI3&4vhGJE#$8sm&%cwqqhB|)cu79;K&Nk|Dldb^lQrQfmqgUxk*>) z%PXn;fnWyLbT2t_^5d5rF8|CK@EtN%A&Hc^*FA6QdyMhcLab`y?>i@MY)zKG$1So+ zCJS)T<N1ppD;Cq1IThn`|~DZwD;U7i~$!jJZESo3tmkQOPZgZ{HEZ1k^*v zGcgFvIe{NThAB$juI&CWPoB*vp*>;J6Wo{aRWu6n-^!2Y2Q}_(6g2#wmm7m>fQHe* zOTw;hzb~vRv$ZAl)uod&Tk%o;NXXjCjSR9TwwtFU>CUGjx<2Xkl8d=LZJ0hZuvG_g zr0NH@>Y$EPYi8@w_zN}AU&5#*s$%DJC^AxJFG2^CNa%9q4_gLE>5oCLgzd-%_&tfO z;*)pVs7!~gQwcohFC#aayn>-v7TtB*?Owk(?8ivp>C@J~I0upcfz4gHN~O$Te?m^0 zlIDRctc5exf|&;tj^-x) zS|w(i=dU5@eu9$1bhb-a+qI}S-tMEgBWre%-?UkcH6G>`U~c7p(kFc9w08*qi)p1= z+AhA0+IY|m@7uvmH0BfEJied%4j4Has_bAgNT+0W?C5zDk&}MbFryYRVZx<8m&Qo- zJj2Xcy4E~4@wF~3jee@eajFC}8eusvBT0e_8ojq`NB3L$2IK5?-KMgJG_LU_-eoXi zA$s@p*kcDo-*WQp72-q-HEMkq9N=(nK>vy&pTNsAz@?0B?5JP9m| zUsLseyeXp4o%!A^oSI*M=ygsxqOv8O=E%2G_deJ$Jq@13!l9jDIdcST1kIv=NXWw` z4)7*p(lMNQ85dz|)q#v1C(#fP@Tx{}MlB*gH)WIEnlg^oC{$0FV@>&=CqH;`)x-z% zoNN13dHEWKtv0)H=!x{9Jk?3r(k^#&XNk^EH{Z+MBv*E^BMlL-K}#~lf6yyPy@M6; zY{S^uBH==Cz+3PWn>pvu5n1k;wDUZ#MJ!mP(x`}8jd##f3li2>j41vKM?UNM7b7D0G>#_k z<47OJ_$a$9CB5zl71rRvBqy=_o4lkp{cy2ZYtU6sNjBvKm^ZuKO;O>IHR7MyH#O$! z5BoV(6GS=hqOA5?{5%xtbO?N_>I;NZ(vZD)A5B7^QE%DFL_7WIA!30n> z(c~OH%Ea5mqfELTo7r-7>L|6^>kgyEQ-Y~*iOIe-T1tOQ^d$!15`NAxMjN5i!kwwZ zB=YSZvL)R@ualT?i#(oGP8JC_z?hbFRU&l*$lqCqnCFz4Xq6Sok49HP7Y5coIcPDQ zw#hUe)^PkUeV2k(dIix`57v52Cf%E+gV?tUzD1LoJEnubN*P5*8#!<^e^MT@Y9x~G zmZ*H{v%$j3JEbUs^GfY2e4zh1_VTBn36eFN$MmNjy0=j1qNq^%519|RpY>Ww=~leL zj^Kw8Zy7Wrx*f}{P%Me8_26O?J)sNtVb(0;2FEH{n24iNoFsX*B59R66-R>g^zGty z#VW;Xk{8KA`Hvt!l`-J2HHB|954L#R=*hk{yqc}x5z3ef{5Z?#&;Bua`1Q2 z^=ZBCNDm~;S;SRo+n^#8GXI1>)irX5pYMJ?b+|U58CYABvHA3W`h$t)h&Bx~#?hu> zj7`{((VwkpO|Y-a7yM05<^wNm7%qR^p0wU2XT7|=(_0!A9Tx2uuE0rG+%F8+@{fKJ z6)_|jonaRC0o3^!Dnx6!TaV;@`ex00o7?FhK*7er!lmK7%xaWe1bJq)S=JV^K17*7 zd!Pokc64E;3Uq0!x#iUB^LS5W24X2L(b%+;Eddr7+Ft* zKs-?9;aw;3!uXfCsn10|_#Bl2`zPe^{_SuN8xAid&Q67T3jV2dkpaMOO4@BjZ+jl4 z$JZKXtg)iU@(Qgh%D>Y5tdVajRFb!X9Z}?f8cDa-6-yXP*KgLTFMqKWCrt4&^eBF{SirfBRHFTf$Tx zqJMx7xBx*oVnvL@13#utq}6ja^I~MHhthY@uatP%Y^Y|PfMQW!XH*o$3+SZvFL{nU z@^myC&EDkgL+dFuu=ZO^P1@r>0xw_Z6Ur~1t#f%|nU4kFEdPYWIE5z}ZC?MGk+N;g zlu|GMP~0sdbztpOs>@~WP?xPwZZ!)K%>43ViMiFeTSNi2ERci9;PLowa7|W4g@>q> zRVn%otOFIEPP4+UUiKN-pkEO`1Viz4{Q9Qux|42+=H=j0_ymU?Y3o>uM};_IwO~|w;Q67>Qaw1?!;y3wk!?WPsWtiA zH*cQ`+Z#|~^?epS{|_F8 z_t?Q&H^@uzxV(9h@ns$Lni%+E1ccZc^XIDqWDPP{U_`CHLS;dZHi{1Zk4N*c`GtI) z+tF7*Ulm&%%lxwTa$3x zSoO-7@Q!{VdByQY8c9UGt8BS2d{-QJ@|+hE+5_&e_e(W{jh?~*4`WjSW-cz7Yu0$+ z;`wumtik8E`)6f|;_Q~WC~Vm^>VtKCNM={`4-Wf^*n{R5Ca4Lv)UQf*(*Yti>Q#=h zq+~u>&nnvwO1O>&9AKDA%zk)nHq{jjU^ z#}u2;{%G#cHTeB-eoys>u;_3}vG5f-X9Q2+M$<$>7wbRJKF2c6HXM93lO46LixdyX;ZT_uj9MD|;U1^&AY6#v7Ae&(C+$x1%5Y) zI&CLwk1ARDj#Y9{l<;Yvz_?ek-KQn`yhoVdG!zt-8BxLq3mR*Ze2oSZJTv z8~HS!*q^~`R{Oi5g4vj`>$};9TF>08>&yjqbcz=0xfK=_C&Ej*8P}4{X^URO z0!$O;4;{Hgs~_lsbop=Ejjj{(TvUSBkSK+Fx1 zJg~O=LIlX&8mHiJ9MjN7qzW~G1lzF(rkcf!-rhiis7x@^Bvlf-9Eu)lD zPk^7F?yJbjk)Maur}O4?-oSWk{;9>|2m%Z;20$4|I2HgpyId`j6SC!l9nGUV&;8ar z5JV1Sp328D3SaL2<vME#oyyCME_kwz^0 zXi&DitmWV|f}w%~0oPZw998msUaC*~Q|!FGN71zXP<|#D-`~6__4zPiRUu(dB`i)? z?8FH^Vd6DDQG3Hj^@jDp4sVX!8=~IkOZMrJm8I|Ur{3_8U|oEHjfM6D`TcRb-WtJj zguH0Ptd8F{dHs1G8#%J1f{w}SQwR4qADZ5*!}L;bwT|o-rJ8*5mO%5t+Pkv;%d(D) z{0aE7Z;kfP3Z7bn$EAz#Xn)carfrYA*lQ#G7mwd|X!>KLON$=}BZqPy3N}aZSX#Fy zNYZne#=pV$xc|pEQ)#AXy^a5u`HTHSFc4;pzH*rKmDH#2L_cAns2Z|w6b{%)?QU}N z?{G3&&9#l&Mn6-#mDt9k`L-VIqG&OX>@9UJVeP%0qCG?lrK<;Dpe4Onmy&LbuROa! z`~A}U7NpO=1M5FMS{=%Lj@aIq>sTB;w{Sh<0TQR5>B zLkci_B;C{BvZBoeA4IS+F-Uo{c;W_rS{^^zMwBzVY8Y9LO>o~trKT|!H6%gApArHY z5?-5wiW{`f_}fnjV&YV}9=8gWX$s{zKd505{%T2dwELZZB%ih_kYZrV^#iryp%plKV=UBN zkYR>Ow3s|gJoDEL{BtFpcgIlUz}j6ohM#s#16OAn7f0_?wjEd2&(Gjh#%L@7bA>x12r@rP)5}CQDr~Uif%cD zqVrO!HKUNX>X%H~HZ*4Xl$UkWH;cdz=@>t%A~wWpF>qAu*itc^lV!l8#U|uxmN#-& zV1>DzN3EcK$*;OHuucc!dx;*-A2T5{wm&J>GV-kwdd2U9LeG8!pAJ#R^3oZE#e83J zZu$9!I<~+qqBYk4=a?~;HF;ZNv5?Y_&|#Ija<$prGV2zfyw>&ucUbmXveT0HRsL7{ zs1!1SyLM;2s~wAVUG8j#(>|sS@9cp=Rb48^u?yo`U>uu6#xd4LAU0Ls;s~t|p4_N%{A{gc$UJBNy zLa_d6W;?*jXirqc4^wU(=;HjduYrSAiDl48a8F{GpIl}OQxF;->oo>h8I+uT5E_y>eQA%%+3+s}V z)_j*6@dE2ZS;G>Oww0vNf9aP4{}hDoUyQ)O+BFO4(me^0eXrXETg9oT7&{HMoQSu8 z_|p~20L|6TUk&DncR|0KbrREanO9-aD)!R_f$&_U-pSOS-7>IF{VkbKMwau8EOg_9 zCkrMgtm&pE#-JMv%r{gjOqkt+dbchjbZP7IA5!g_HSg{ViVnl{bQl3uJFH1@P66aT zZ1sMZdYKOKu5QSz&gzO21aT%)F_gCxt~C@Ju=yD!Q#8`2YTT310rKywASY#R)yBvt z&6@d|?*qhmp-FQePy7X_2jTK?iLP3)wdABLm8;jR9<5!j%T$PXiIUB5$R1eb&a%c1 zS7Y!X`6xIXLr?CPmxsi#MA0xY^P58D89T!@EMMaevhwfrX?{=xvP(8Zn+f*no-zXr zb_Ldh#6N-);vdLP-w5#5c`1z8>F^Y=YNxq{K)7ET&?W0KG_Aiy0zmEi^~yANoz6S=RZ2Tfr;^Ja>FeT7_s0N?8+zc2)q}U9YXeQgJ^XS`ZI~BpgMW(U zGClr@?Qp02C!8Vk{S!Bpp5ve5xlGzWC32Zd{8RnN!JeNJ#*C*)4pZ}DAPA2i4TR3G zBDLjCd8Jr=le@(KH8%5Tx%tH`C03F$e&A8;-~Gc$3q=yq18`;V_~4*Ui>Xkwq}<2TX38(DWiIaSii zQTnYOlz-4_k*oJ&3DfY8yVX`SsBGzpWT4uPPPfjp%TOqIDlCOZRI9^n=k=mlE=2bp zWWba2|Hdd5MA(n?3Er~WEW0(d*nwTxS6rlR-+zP5&c%xOM-jf5;Cl=OIqu_JHJ`S_ zhh?6bnAPR}Ar?dUi}NVk5~rDvO_ezx{t_xw|wA(&!;dXI|tyw{!z$@S&L?ER@ij2Q85+mfj?f z1k%7d0cae6h`eWzsA?Z4{*YqW3n+N&8{k>XwpWqn^j(-jFRhck2^*Po{_lU^cot(@ zM>tE0Fv%2KZheE9O_da?;O!A=H zTZ$4-^hP~@p&rc~*uHBbvEwrH5>@ZmgfVt%jJA-5C3H-&oUz)`X@b(q8M6)3MvDVuw#AgOMK;_ZHoUqH zPgU_9{wz6WumkaEhw*kyEfbv@H6CuMStz zHE4=58#Le-#I&rT!Lz?7j|@%2z&cIOP+#IhYtUqo5_rMkTRYKP8|(Cq)Wq0%_db>dp7j8jnnfC!op7F)7YnR}W6ENbemLBx1sF43PSPE@L2S{Rb z`A-H&HvlVEmn!>Cv3-OnouG9)i|tcqN$tW7^NhE{7Aiv~sIsuBlZ80` z{UfhHmhAsH4N=L$L2g``N0!?mr;7Jrw5xO&saDcUE^axedhjK_wxp}=^52%Tst0AE zLH5XK+1Gk!KW}%HkvaR8`;^0_uofcMjK4FclsJD#iIK8{QiL+2qr1@fl(P9%Ql4R0 zMV6{y(GQ72%no3re9r>e%zf`0s39)ifi`ic8-nb|4;|~|5RJwFdr{lV#CM) zvBdcl1PiAsSUt2*57`R@WaXz?`HxecBUjkipPc_fDG_c9iLen1xB6dXQ1bs4YBPHd z^;Nldm<0oCH=I(CM}YAKv(uF{?qQ&O^_vn=R?K2}se6u}^W9QQw2`Ho`wldSv;-wJ0k{*x`0OFx_I*mjpF<4-TV-R z?e)q2qbH@u?69%@@%JV_mj3sL{S$YH%1X{V+y1;XFJJ52+u&+o?YcQOBzE5i{HM7* zFMr<;pHuUfG3qF~U4!3_HIsJn8VO9FN%ytHThJRT2TORHODSu${#`AZN+Vb!$ zt8AUTG5v0YV85RJxOMK;lNn#d07i@1O;>-2(uPk2+R9*0@#XU8CjaUDy4)Aa`;RP3 z?=o_LtxsC}7jM&{S>?3yA8#Cs+Ol-)XQSRv>{Rz@G{#w^W0&vRyfM{6oZ}uNpY!9l z?78NdiLt5Ovuik~v3mLJ^4u|8W;7@L>frO~u_v9pc6sNR+%aQDo(p?9tX++z4M4x_ ze`ngW|DFEPP%Qy1U9FryijkDXK{2<{d(Vl`Xw~w4?s)L~bpwOXr?%%O*iv4Im9Hs( zxO`2n=Am58#_}i1H%@wD*>jUNwlCiYp#C=LiFcs#>_*6$`A++l?sxbTIREt|Yro(( zPKf8qbiw{-Z?^De3O`U`hr}PH11c~ux8ia%e6kW zyd?PQ9#~0fuVt^Swd`*8I0UvJvN%NYzICxtB(eUfdejP;X^aEi0kr<|+!@9MqGJz5 ze_E~}dZQsQd+Z%>EY3fqevLEutsx4uwmfw{Ar~Cox2=oC>MBBP%w)Zp5gIR#sLqHz z^&*1+8}($39ETd>8P(y2n=-5Ar(?HowPSAV(*6SAuRgW6LVRACF=c4#l_Ili=$c}JNVG4XhLel$nlUDXYidR|j%+=t7 z3MxnTgMJ06DwFC^lVmA&qy`EPh&(%rhk&eXYdv~Jt5;I6A3UrC;1bf<7LO6a!^$35%m-Ql`M8X zLw-TY3eEUKgeH6y+JK9EI?+9IgT~^99?xE=A{Lz23KqUhyKI(E9Z9$$2f`&bwCiRZ z&cfic2+IHTxW(QJA>pL;VbZNzd z!gI#+Palu@IfHP#AWS8Q>45$1zeu}#S~cV$AxjMs|EP2mEc?^l;e>6KckndaZJ+&^g)vp(;~}F#bfJ3kptKkOlcjQmaDQG2)CBy!4G8T4?fNyWE~zPBr5_$2GM@F8T|&GmF~$q0kc zNZwZ%yid*q-US?Bp*^cu&e@51DA#S3|DHCRC&wFFhzc*#<3GJ?^c|Dns(SP z-)C9v<~3u|=VrUhwiD8HR}p2}ztaK@xCW+%)*V@0iPRwkXX&W6bLt?_>k2n_NAfM$ zCtDlL+2#H0oXYoeiz_m(zCUrx#P#KC*5t?h=Vv2Vo=Mu)GfCVE0f;_)e>ne{rRc!g z3iU_fbnIW$AWue&cPQIJcOnZK#&?FV8%u zL`k*;;-Fez;*i2;;6 z2Oa^?c6?{M;BK!tO-a$wA-Dg&M|lO3%veLOpky<|9?sr&V3L2&m^b+wpEYganyf(`B4A8ohib% zb@IGr1sn_)lV1kwB`DIExO0oix@6vxe_}YW?U`N0en zD7gf||MdzHkPlsLQKlZjOd8hJ&rnS?A8>2Gt98VKLFRIg=pb{CJv0Xy+1Ik|EkZp4 zE3XqyMvup2zJxV}Kkg4HAv#~76vi(aTHkWpAjs=>mu=VL3Tv^aDOh1G_7qy&>qGSy z+Yf2RSNtQgJxewWVqYU zqroXJsiyN1W6x{MY^ylGX=qz|?uKK%a&@ffRE`eRd!To&ziwUyf{^J=oRx!HO>xPi_I=?tt8H8afsYHX=`m5jb7{|o96q{vz zKdLU?8%DN{5!JJL4bU19q5RawT8gwk1i28q!Zs?64Q33*B{xuVwF`h z3nWshH{n-a`M;M~|3u$?vA)X8YR+^hbLE%^vg-@hXc+TnJbPR=OoEmOcW4ABJ>f6Q zTV+nn5Sh6Z^T^vZUwTAtMXjE5D^}@;iog9`^{J-YO%1(OCD^s~{8@Y-SbO*vAy4TB ziy?QTi1ejjBv-97F&KBBnjj0@`HW%evqHSQ;9G@9bQt`d<1t-z;x+=5HYl#j|%=KB42 zCQpx>$#-yIJt+wy3H85v*JQv{_#Uh*@%rzC^S zEDjk?y1#$j53JTt_3T8oO*fp-)#LtrF)7T4Q_i(DlAWN<5!p1kVY|`VO*-( zV?68JHKcO>-*I4yDWEM{F<3IdmEDOivX1|lcnkZy;RWVdaQy2sQ`ax z#huk6yVcpJ|8o;q);`iX?0<$@A%u8#BZm|K);rG}P=>{M^8=NsaXagz_sol9Qe*oc z(HyPVyuOC7>poATSf_>_zL13Y=Jn;4wSugz_EcH6nRPM;I#EFkO~38rA~W^mUWoTt zMFNHH8;i4Zy9m$&bZ^>Fg?_BwuAm$%pO)4aTWH+~MMMXRl!^SWBV z?P7+V5tJFJarHR)Jbh!j3H%&2_K-Z^Aq26qlJS-C4Y{!NbRE99@YZ#x{twrj;`xT^<$IKPgSFLv@SNJZJwjlEcP57#& zjcEPh?DY0JIQMUn23c!SIj$<^7``7?RhB=lP~ZJKsQ$^t_py4PSa>&OyVm`e<_6Y2 z_ywkSXg%9nn5vs2iV>=@_VT_AwO+#^9-OS0AeyV&?j6MD1eQc zyM#t6-a)G1oTPhgUI>qmr$J)@0u{(*4z4oZL^#{ae>IyY;cU+Wg7{VF&wyU4%JGVb zQz5IrPi5g+rh4!ODghl0^n<2!7TD2C!nW*o3qES&|HSBH`eU$)D$)GNFAMxMG?ezb zF@Qmy0gzyQI=;ge4a89Os~6t z`#iC-d~1~FZwxVcz8mF99bwgv_eBQ_pZ8Bffp)2QuRA;Xn%>Jd+FF)>liBKD%FFUE z@}m4Z`&y1J81cZi8g28R}cP5-!4wfgopl=N4pVV8wWPHTd^uh8fV97 z)?P-M-5<#QcUIiQzqcB(BWa*rkvYSNCF@$2*Kk*@%q(Vwpoq&1=eTtv`HcO~s;Hm} z^pARN>TMOsuIkGW^b~X#iQi>EplZNPx<7x(z-{&RI1$ej^uIU15q*{11buz;U^W-3 ziuF3Q03q2rS3lk|nO!sS-OQSKta&G`M#*8dL#W^-D74p~6(S=&*UlP#l_F6a|MR9b zUVGeB>srYk9kbu&GLr=Q{2!IF3{7Rl7|uaMXXU~5Y4;laN7b%Mn+u)&gJ`JX3{D04 zOEgbBC3^l%{#@o`R{v!mRsZ`2Ufgqd7?S1R&+;$(sQizF`Tr>Lw)~ZSV|v`xr`u3B z*-*nOwd1NDdqdLteF6(8M#Pl)yrM=U5M>|HmNCyWul=Y7PYxTjIfj23S=YdEKuPzp zxmM}O_oK>8UU_}7&ehN)`@fDFS9bqGMuQ`3GRM;^I3ZK8*FRO=_gRwc{zPpjIrnQ| zQdcUC>2?oNIRw}m_UFQm_RQ8J(oas!Y&&1hAaFX*aP;7ZK`wJQm@Sa?Uat+FjkjMS z;Q#lB9(230)*3`ahgz&dKbF5{TB6Nvb(epIc9;@oR=@pn>+C4&k@c56-R@0KW8tzd zT#a}t@c4+i3P9ofpBCmz3U7^s9y^~%b=P92u<4T8Ev&#>YCZiVmF1nnWWPGvo8t4F zIqc@%y>;8TudCkvxoENl!Fyt4ETuuAX8s6H2rPxlg-Q_Hzd6Ym{AZ}UNhNJGjd$uZ5l6^M+uQlh6G~urG zN6i5U9~14H2VN;FTfJ>y{id=G(cb(m3?T9Q;J~&rOot;xvuSUcqeN-5_}Di_&poaV zyEOALJn%2tFL1HDjy`ez32oYXfLb@VjvJGT1+7h)br%=ZzhUeM5&}y^J;sB+I445? zUY0UsDdH-VqLlPr!IWYx9q|O;;TURHc%%~sx0z8Sjtpl12%Rn{ zK-#E;8`U3=*W25N-}VtqNK_((m64jHOfK^SRpfqb^=li#^?KiyZgQt0Iuv||+9lVF zTT;mK>T6+^BgumLJf&&d!fCQ?-UK?~N(qPx^!B*@19e$GGj)x2bw|jyTyQgOC^#p( zAW@n9Z+87iB9sS}oRTr#LrE{$U;Zx36AL|$?z0t@h)>K)CyBeDPJhE^oaki#G=an=jL(R zzy7qMgo424@59xDx}#A$L$YtVdr{@tam?Y1Utp!oQn8{e&Vp#jpTC5Y#Qjh6+w{8_ z#)*n}_0SfP)awwG7=tVp6@*TwG~;-ztRA|PM>?kYn#*i5_mD#WyWMKE8MEUBQ>&CW zRz3Jv^7cPck)2v4f1cj(wnD&F*@q5puRF3mUVX)0VjaL=o}Hls<-lDtN2IL$3U#$B zYh8ARF1hG-13(HkXqxy$zc^4UW2%R4@DPa;5f_!EB&MY!_$B)&rfvGbeC_*iW4G`3 zpq%XhpkDpP2rv#?KIJ4)@pwU_kyV4O)q_9x4bCrDO?ScvxMtdcV2l%Ay&TifI_@3L zW!9+{N-u^0Kr!}PJRsGB5BtKL|K|-}=8}(rzlA7Kg;px62brAP+}<>;%Ko6rKnI5e z*8BQuX-4&Ve;AyjY`gm6rS-v_rmDX0@=^6YUaapKkO_QIeLF<(-Fl8;umImiln{e2 z{{gzDmtXxa{m&2X(Egr$8K`F#SUKT}^W~=T-H+4YEFQbC^^EihG2`7*ul}0O9m$)6 zHHnO?=9_7SF|FdHi6UWq{VdYW6(80=0FjbRyK{ZJ`Bwy8C?9pQoj(Po+r=XIBihdI zTg(|2fdAbCl;NA5Z}a}>_e>N;XZiv8TS)g{)^&CQ#YQ%)3R)YuZ=&0f$GRo4t-aBxml!FqV03>5)zB8JG4DL!Ji|uu zupw2mh0~cY=Rw2!c1U~gOWEF#tw?0^u>Lw&!d+Yi1m$dKZzQX=tuqLM8LR{L6=AhE z$fVzrEELH40(Lnb^3Zf9tsYd_*L)h=|7MFvh5K81jTV&3Pt}FWS_%cePJw8>QRUV# z*VzAgnCVY(F^exjhSK&2XY&wbr2L55ziw|*ZuItj-asE$E33af?v$A!_Ns?owBA)o z9}>xEd$agpcr%qLO6MS^vJZ08pdu?isaaqvo4|A@m}P=0;^_&TfxiP96kSeayDNf@ zn(TB=P_7I*sDcR{FtaNqig(P&m=rdN#VMk4vHB;8f4 zFi=mK4$lepUUxdMdzGlyO|cbOJnP*5Hp9WEG?g4mF-k$P#!NrqzPzZh)Z|haj*C85 z4_!fr+@9#c*$w$OAzSFX^jztb_g{~3XNnMnvHZhD;*ZuxaI|kos@sr|$D@nU7(z-$ zGbfsVedVymvKRh4uJ6+>hG|!IezBNM`W4is1LuAN_wsEr1EOk(m*RY-jA&!=B%=+* z10SLDMm`(SMC#-Sg486c>j?tUN~b#=($}D`PVGq8kp)6YzbTD~x&SLs5x#}yn~9Cw z6$0XmPJGScfTqIf=^+jCS%eqfCrw$S=DsS`$ZC8yPZu1$c@#jl?c@Fu`QOKo%yE@%% z>7W+7N=Y4u1WRgysZI2Y)Be+|DgT#j{@@epjyxg09B4}D!t z`yN^3*EP(C(@u$c^cC2s?-3hL4@AnN%T!`uyVmG^^T;=%5%&0ohrK$RfoRw8=R2fE zcv>;~gT2yd^7YZo01vKcP&dkqWPi)FA?{=0Qt3~{hWp)%A=1^WM9jRb{^h|{F>AWZ{e=A#&n51KQSog3qc71hb8Nb>5$UY&CIR7!u>6_nT zK<(tp>>EcmCC;B$ec$-(dsA~~m$w{{+PUT6)U!QF?$Flw+mf68#+(}|{|jO4dqG`b zorN#aE;0{2Y-&SQ^?j?Qb=qxj96EEDZ({veV5N=ozL$NJxq%x-MG5b=!6kI2XHpH%3KF75s@ih%BSz*D`9c7$Fh=~%svPkb9?({b2a0$Pi>=3s(~r+ZRHZZiKwm3x}1*#CNvkiC~Sp#yrf ziRfTc!t87qO$oDaUT^sqk-ty+{2hy77qV;~8||qm?#l7;>lavob_%HGU}395UMH#p zOpQC?d7)L{BjV2r@q(YRI>xAuDV0HMtHS-7rS_+p8|i~`6(7$|*+jr#&WY37nxMbN#eIwN3$=`mEQnqYd> z@*S2<-?Xf9^OP8tjdF}5vrp}!Fr|W{dtDvNV+v(^DubhQRUgkz-^6|p5f2~?LpaMP zv~a+_>=W6oEjy;m+k+{aCcc%O@)ynl-m%C15*L`r;Q=k4WT6DO?8a>OUnXt=y8Bru z1>JwiT~r=Uz8*IXolFsmcC@z&)j>Y0b4&IZObT~W1=qD?{}}9myn^>|=_5j&CPJ#8 z{6O`kE6Ege*9IS({J;fcvJV7PYJ$q(l9z(RGw)SYXY4#G?bRZ#aq|Q8`CVl{JXf^` z$eoz1oS3Z0cE5zFY}3Stl5AY~1JFChJd3dx)C@$o`jP-_AYm9?!X~ z!$Z{`cHv3~6tL&-!{x^ljM=sak(j%dL}HddZh@E@?Z(m*<h{8Ym z{p_^nLZCfgC$1kmCB`N&h1=&pQ(V|Y{4%$weEHP!JPNt@zY@{82LbtQyKeQ3{g(u_ zaY^jVVA^C-rZsQPW9t+V@HF90*Q zK3S-|Zu6A*nCig~m~Tu)_-7mr(+XsX;F2n`wuOD@2!E%Azsc}-X81cR{GFp;ZsKT5 z%=Fx?$9=Pn_5FBGe4F2i1ZiNq+ETs9E;#T3jq&tZU?;J;O>D1!f-PhoURvfA}>Q~?Qu%LSw zbT+60?q_6ZB`zqR6kg&oY0l$%G;UxeMEX=MG|-Ib5vrY*w++5G8h&e@GWE8(%$lFi zdHYy3(V@IG`n*t>a7R&QNYA-UV4r3t=5s#smG-QojM(;J&#A=4py&pB7D&0wZQ(P4 z>l?MqgW@vlS}kh0*S&(SE!_eG_47Q=MlqPlJyG_RJB*U{-WGLJi1uS-E!!!L^_+)e_IKS; zRVQ-nz}S5syx6a`24{ngQ(22ulnGj}chwgn>{azJuWOi@KP1zKda4Qi&~`n&U|yl8 zleYEBXvX*_-8u9CS{#@j@2C5K=|3mWEgV zDuCe_!N9EgJu6eN%BqlKr@H6T%jPb=gp*_FQ4E+6p!f>KTwQ6}uSpB0%%gOxrsPb- zjS=x#=z28orS8#u&0j`Num2K-u`M%S3wKtY=)3NCmTQ{T{?0{gNlFw>=jqQZAf02_ zvQ0Ig5U_s2(CLQMF4o>VXm)CEjYcxoslAxdbh$a?DXOWbSa-APUKsvieluBaST0Ir z(>nJ(p)t{^mdv`w{M*IgFm(V^#>?u9ryjGHUt0R^<-;8J5_1Xr_a{R8cLOY;<^N)< z?kp%Rh>cVr&)Zo#Y;HTYJf8lqvHuR>h=GG&`cnaqLIh&z0=A%1OgsBn=9Txe+HXH| z_AKtZkfVWkL63hFgB>!DX~%j)wozJH=5b+?^K}a8+Ev$(sT`x!+q4dl3$fD6pJtSG z-rn={(K!1Qz5Ua_wfeNb`L_;`ul2$qs9}X`m}2l>L0_A@Nr$IPl<~$fXwLuyPehgd z%|CGr+Kc|FX=L8$>1peK8Mu1fmvV<~D-+(5N%t3KV#x8z5&h&;>)r6{xjpWFa>A_nh&JBUopitA z14*-Ht8^U=o>FLV=vbQ#l_bxU*R&z&ZuMl<=&?0)fwVKW#04K$^5!yB!8iOg_pH&M ztSW-+a-YQ@3nX(C%MtgC0AQyAp(Z~U2DI>~$v+D}Kac)a6L%nw0u2My-r-|Q(#7m? zW}>ajjpH%gq2S(SnND8fLn7u1J$f`F)9vz{H?-PDO45V;EhuB&J`>7(YJSY8w<`V0 z?bA_8e&y3eFL@>i<)JBw0pHgJiH>ef!B!KH$(|&1-OZ6n z7f-XX`f-l3ebe2!IXv&h^R-~}ME z)Z`J_&uiQ~s$l>7o`w@ePc?zd<_+x$Fay4A$se=>=iXnWw)VDYt0b44x=Q;bGp+`j z$RXm>Fmy*V&bHyd#KI1Yf=AJaW+t9ScUguE|`9MccS3tWY)~C&(4Ng;u`ktV<*CkZ*lrl|@X<`H){xdT%O`60sDX-HoA6#ma zKLHP1+^Mp&qIvTbdz}LexfO51ci5@(AN`>3qL~Mo1rm0`BR5Jq=)Ro_X?B`aYS#@@>dN9oo1UwAhPWFZm|mxV-2B||gO_i0t^$M- z|FwtF7dF^WRHSF-ZmQmeD8o=#1wAosR{El}unjOsrW^bG`CpO52e_ZQX?S%WmFB~f~xkCn(X3f zQ3;F%5@c7a1JiM#VcVMik~Pj;J#=!^1||yartefgzGI!mWTTep^2LCjbpJp!s{w&D z&77Y_dXasH*%^;OHh%ny@#A2RENdV3&(Hj*{qx^O9^)Um%-78oQB!L2vr1U9-Dh`s z#Gpk#%lB9oW2=Al;7MdVlbTu5&#c^<*NvP4$kWp_w+as|`+sVTp5~${8KdI2p5AHg z+7SLWhQAgt#`jT+Zc~}q>6o!QTH3sfPbJ;>&xr`(fK4p(FYb1mO)(d;_Rl_$#2|!4 zcB0eu8gSpND7Jke60auLR}Kytg=gVF|W&CRQx}8pIgEXM)F!8}0LmH?m9;3Hdf?NaZufYix-BpC0nl z>cI!;wIy}>qz8*hzmJkm^+~@dCVf6i`kGI=vY6BsB`xwvsbbQ^DCtt4G`pB|QIu4} zJw`xybTKI#CEdrNGbHU_O!`uk^pH=gEGAtSC0*v*dVN~dLZ8OwT`lcafp()kyYfZ$0ye5KXZm0X} zu^O_uccQJYsHHaZ-pN2G~RuOPzZi-2wcdF6g3j@bBdb{!gp1$=BHGLm1)sQQZpY(dWSkA0t?DHlY zNdGAP4*(kr-=QD#ADxBol>Og3gU-wxNIe;>ScnqZ<#zduDk^%9B7K?t&sL;DMN*-; z)BOl19NIi6|_Gh`>rxERVgFE;ocM`L<65i0I&2y zjQz=s7~cy)mS3e7-Z!_`5zV&?xqAC{%B}b{2xdmkh??+*LQr18x&j>f%NfsMdIn3T zv8=yh9mB>PkqIag*4RhzoBqM^xq^k=_hgi}}#iWa( zr0OBgiz;w8&ryeEV}2vdT$6NPI}#j)B*&E53cw6?(oKOBOR;bU%7NjM3%&~7i-C>J z?Qs}blBb}3ej(*4cs(h*abKlS(7u2anK6^uf8|zuf)Hf_>AE;IGaQ~es@UH$%1(FX z4OZJsocf6%zdb?vH+j4P(z_ql+?jyA2{#qvs`rX@c*b zv-u96_G1e$d)w!)DtoW%h(1>jDSi=hVW`IfM6wTsEc2<2?@*k-L6DbDn} zlXOVoM4KEzJL@c@QEHZ<@dwB^>my&80XnSoF*?r68+voy0IGb15w5K6^T^R}0^%;RR1o~K$R zs}>|$y4_Bmo@Hu!%knU>dzlZEob-e)C+&6Lrg_ z*fY;977EuZHb;6*9|LUh`VMIi8fm}akp}8sIHFJ^IDrFvmHtNaUFwGEw^BEvK~*s_ z$ku<6AN5O6ZH$t95VOUb84>SKIz*g%DJ0_j#}&HFc`uY5tFqJs3_FWK6zA8^ATJ|~ zml0urUf?q0ntVHq9`kANR=R9J1=3n>IJRH}v+1zA)!#lJ`-Pln?eifyuLbz_*A?e? zPV=_denZs$8QZl#bXeGaep-nPOcC$bw;Q6yBV#U^06M>=I3UC7@1$aXKQX$!$Gix` zJ_G@l_ILL}d%G1YlYT+3gN%d$WIY_oz5K31uIVSqzJqg_R;^dN-A1H^&93}f0qxV_ zZ|e=7OqH}MbfNF~zUE)2CC<0wJd@p3ou@xWLo5D#y|hl+hu$Vo89xYU{XDA#pEpcD zoO+GcT#@OHV~9K{4n6lC{)DUfqdY5gWSJcpm%Cf1u=TpotEtRg$|tk~{y{d0)lBWBqGiXH?u7uJHZ6LU-DDW2j0tc)EbZvxt{17XMMPv*}CxLaM z?$>a4kTBbW)8n3(VGU+vY(uvv=Q4Zv>@|UrjIbIFxXpL;qi*Yg-M~Ef8gpnv=zuQv zq=}lWCmjH0*5Yp0NKdls-9$F-feda*DUEUtTJLs>rudwj*}_Q(6N!>H5U9_0)r^_i-G z(d5prYojDKk`oXY6H8BJ7h|{t@@R(CCEa<2d^;(}Kt~;$2gH4Q+$|`Mr|}WGy3Xs6 z@(;DZ( zs0m=7#<^QO7MvHJUn$CtSS!d_yz2FEjq+=8DA>`kA_iU@&CebV^Q;v=GoWtp=l&7|zugA3(%m10qQ#A#No{y$sGxl%z zc3~PeQ{7B@nZLfsBMqLfd3fIPfC`==awPl4ank@i6T)s3{cn_mPL>oca@4m$dlSM&Q0%J*4}h8G?p_B9nVI|r#8@u# zh<|EkyK2kG^iuiZC(-{$+q=L=UEO*A3>m_JgEPofqm7!>X*aa#(~P9sP-7i6K(?D| z&~UMfF1w{JwXD*bD78p~6OMsJa~c3R0T2wK0^V0Aw-$qJZFL8w4rIT{c__GsK#tnR?eDmC?rKivy zUDxm%mL>uRjdRhh0S{3Bh^U87?MnQi(3<_!XizQ4YQva&M6c~9F6I5EK-lfmhr|_VK9x;-fDQZO;LpZHO(Mds4CDk+zFf2JBP2%XEa; z2dO_6xuX~J`a0A4yoNruZr(3BrdDT8Hm0wiH9q&R^3Vn2(;sH^$)v83Vr0ca56rTE zf+f^l!O-z6s%${l|DvX68E^)4E#}SH-$r_Xz->z!{yBi*Eb=>*LH*6XV>Yp(Y2Vqb z-RJ%)`#wnDnNj)r+?F6^N5mR)?|cRb=^YaIE^=t^>7}N?-FzrCKIhSsp|Em%Q_VWm z{f8m^1uJkjmeNmD-MH}0ll|zM^f;8qd`o0Weq#E1u9*9d{jBdCXEB%%UN!$vHG`0o z@9JFhpG&^$jw0X9oRd8}-hgalk(rE_`OmnXnbc?h+7Yx&71!yg0H(!q;avscBrQD> zqcH%HVXN8LM%EuM7WYeik*R3RU4piE2HmO1yx}lKL`qMbNynx`;idZ`Jz^)d(lIBD zhg4toc{xE!n0nzQu5ca0-()n=q#{@2e@xGr1!(f5=(K1kCs&5}U<*`Q=KE_aq~+J3 z%8aX{KHonBrZQ;lu7(&cno(tieiNd$&cRXuvi?#`8<`AmxzN5l4FV9|^ahP|-1D%T zS9y2h6LMR5)wqDYu#Q(l5Q?y5(VJzWu<7li4^QAv| z7n&kTSz~UQEb+QNX5`!3T6W@=++b)i~LEqX=)#$8YH#r0>!_dHxL*`EG^>F#Ly z?pZL2{j(;FSbHs>{J>%?R<>~779akB59x;#bussiR%)ZEA*-4vva(w4SYKq`&zSa*ZuXj};joMfpE0G}jJf z-xV=EjHS*!ZsWu4&O>X<*AsHjR26!G&hM3!rOewmA@{#~KK(HN$viNe=iT#ZcK(w& z%O~V!wkV z9QL2$7Ni{4nGB3P@J5eREh2#EYR=G(B5@B&yeH+pcnRztE2a1-=XQKZ9c(CyqIb0O zo!2s6Z`EsXKoze~lR@3qh0-i?zVn~s18QE%QfKS$18m<#j3(vIv+*%%hp6RwYVmM* zT>psUh6YX5w0#_4;fq`>p7l7?gXWrZv3tnWb-V|B#-p)i-m1B8Xyxru##pV7>Uzsh zQb&5?bQvKR@oIW=CNEu*j(qDHzYMguoow`=kE&=l}PuRt&e%BGXy#QOn4|VG09ld?}gxn)I{(SG~IyE5p3a!ZJ z*8Q-p?}c;QShSzp{?7-Ie$!9pXh>L}QPmnaw6T(p7$^FV`>(+vwVDeqE;5tDb}rF? z?T>uGs+&Z0ST_DrA;mNz*wC8$=POj01KwzVd~UL3uTbmFc0VyE+o31241e&4cXx58 zhKma1%DPJKYgUD=D)!a~?2X-!r?&8Q{kt;v9s)hLef0s;QFZyT*9E4jS+A5AJgGu(2zGd2H1`|)DA3k;yQ_W_W3 z&)!D=QX8$GPkj(xcU1j7dPw4=4Y{uLd-(fui*DyUv&U4F&5qt84NJZE>*i+ads^RH z`+W2HLHnWH59w%}|Ex@PaWy+qXgnk|X!twGfP?0|)|$(EF1`Z}#ituUZu8Quiwg2u zXH~{jC395dl^{Q}6=VLh#DAI%`4L9pgxtjlG%z8THg}gQw^g5cys&C)3d6`LLD0t#GVNmAf#SMZ{deLU-R4FX|eE^`4{ zF)9}fhhweBE(eEj^EX?MjcWc>>#;;+p3Y>_l;RfAX=3gcvXimvfYhs#=f(-+bDhqJ zA}~k0UhBt`v*}|#-6Hc=oBBqQFSJ00);UFG&AP{pqhVL| zWNjX9T`h_Ko}w55cdxaCyXmF91~u4Y`uky$vHt{1T|9~o*Alrc+gxqM9=^!f132dv z%#JTCh^F>jp7>qsu|VVpS++@N)%^n1&-B{{6W76j4Mv~OAP6Mgzh1XvpXoCf!`-MpT3MxR(VXsX320vYGn|6epsFvZA<6~g-ZZfxq$TK#p-HvZ{d7n z4xB~Ew><4a6x-(9yrO9dro!={J}7X6^BNrKpt?RVVoX2)!w6U@P3IZ%I7m~G=4o^{ zRhb_Z@{Qh=zf-$_w8OV17pDaL-viCvT(Uy?AoKVFz~;PvItlcWuTAkX-Wu!lkMIhJ z)}P#tEF6iYP-w9P4))xE%S^zPU_$*AOVG~3{wijYL5%VO307y#nsxQ)^sFDL^u*ld zy$at-;hSzoU3}JALIC2QB#GE*Z2v3(N^LMAeuCGYd7Ai5JR-)0zYyWu$}W~r-H993 z4u3(P;ghKfJM7xA=hj7TL^pQ3!{B%&&L_9@9KXirX;(#V6`%1gc520ITi6gr)h%;{Qb*XSJe8Wj zWZrz9fm{ddpBYebshnKOW%RO{U@@V{krcy(^JpnC0s^X4Ot^Uqi0@4QVE_XY0O zMbvUzGO1WwnthEKsrKpi(!h)nzZAc_w0_3;$>9R;irTcxIX<#>0P=dCB3>#VB<{H5 z^f`U&5ntY}LNVwBRv@ln`Dp+@eW_jJ6YGSd$i&=oB#LjhC3V7oZma=TuzE93EBay* zZ2F}}D^@p4Xud|jo!3D8o(RuKt<}5pSBUfVjk%i&Rr6aO=p0(Apc63l8uQ%|g)<@d z{?RBwD@1pa){c(AP{fn}-pUJz;?6 zjrE{!oK1FpO|`I}9PXvR=zYnavxk1@%|7?T%pBd&;~gA%4B4w4xy|1l-US+`lp?8H zP1TYO!}xD#^Q$+dRt{CCzh|gO=1UJ_*;AU^`wXMKbG@%%RTZ<3e9(uPd#$0akz5Ak zU)k2hG@_6l`s6`x`zGmZ5iiyj@j)lMrYIZV|I_-0scZSolb;BL&}sCOdn>nkhz~Wi z%OnF`b$NS20#IaU}Y~z%D z?9cr3*c;eiJh&jGzk;YJ1H+Vh( zp0029RSz1!GpUUNZu+|Z;0-%?`&8^m(F@=6t^O|6f6i(3=dM8TG-NO~Y3|SXcS^10 zZe(WVWTEX8+QsDHy~f7_G>`j5IP}G z-w(mVr|$t?efs{9SD(HwSq7u8;=+7WW(}`E+4VCu>)L}}Uod>T1<%J%gU9KEXl^wH zIsbCE%`bF*c(v{rW2bHI9^67c;<9h(yj=b^Jz>N_Bx@RT)0wz%h$ZeeL+d7f-aMI~ z7C4o==sckNDnGw(U(eyEB;dw?RoinE*iazob^2F9e$k(9xw$bH!8E<;FHLj!7C$*756GGolAVrJFwGWB==GT-zgm?h!PP<|6cjXYt+nwEQXD@H!Q@ zP^O-3h9`jpVNE671g`l`9ZHT~Sd02M3Of28MOSeiN}j$?Mf=eAF@B1^hmca5>Y?u& zE&)k{T0e1e+tr;eJ6s{6I-mw8Y3>MzMd^oYkM7Rpgp! zfc39ev{!%P?RM4JP|oF@WUqQXy@m+AR+AfV#W*n@Ykm(-%Pm+L9T{g@n` zHeJNp%ngMDDdO=o{MeYyD&t+}`h07CPz5{z%zmpp6z0+i=_pX7-fyl==c_86q-{%xKk`TZ1Aaxuzt|G~?_0mP4#Wgg$n zc=V*kBq}@fvrYtxcPD=?ez74wdwlL$hlhktMxs`fy)}ss(!spjanaax?AIJ4b;OCu ztAl{5Gk5snlcxelxG4SuO(3D8w_T$)EDid{3p8_Rc}I6b^D)R4G6!xr9ejfQ%+TUC zTY%H4fy1;?vSu73%IMkg&|OiQnUGtXpH(+!#Ryo_l&+3vg7D1 zH%!tIrYi|A@2UFV#p*Swj-V>9j@$VytcMipM#}uD-y`%w?cSYXD}@fz_kt%+{0!9uHP+3D`RG9vbh=o zeM?%^nM3M0e`-y@hTO}}$EJlTfHbF~GAJSkcS!~3>5Igblr6FG!cGXT!;#lL*?!Y6 z^ZkH0hFg$e!(!IwT^yg*+MfK7{)wj4wE~sefW+~qZShuGARgQmP}6`kK($ZG&G!pH zjTW4|a;{j=2;Rfb_JAu=-OlJ-U|Ts#+Ft>F^)qfS8XL#A@TwsZ=+^S8agZ37XL#ie zkDOz&&r_R^335iQe?O-{@U8_K6^-9{B6ZL2J>Rd)Eu}*EztiUX^3PiT%AW;`zx(vA z>yHmWKQZ^VjWx#n*^c=Wb9W+ej`c$TYfeOwG98%~qT@Mua&wA3o=bf*5y7SEbnY!k--?g35EXo4>e=tPI zPa;q_SRvGy`?@L{8?q!KD6~2721^n-E4||UXl=cTV4shf>!bH-mM<^v{J=l8_KIl_ z8kAZK-L&b>&3Ij{Gp2nD^@mjSI@6c|+tw!zlVfgs=QfJd@zAHEd&xhb9nJ?ZG?#HJ z=HY=st{7~2>$JN_9YFp;g*w!^v1?CAOQKq+!vsULH)h`-W+h#@}BE7zWrC4YqmP-R0k_DRKU@o ztb8`#k$L)RqEBp)q&m%qbixeBWnIGnXq7gP`wT=>mws*#JbG4xR_3uIvxs_zpz|;_ znn&MoTY$;@bIzpQy!ZN+9QmvKQ$$@;Elbt1j%oCnWB5{#=3*R2cAqQUo$Y75kLH$R zk8%FN7VAQUTWM&+MExaGw!EXdj-4IYUWKz~^Yg8Vxk*$#fAF|ehr*1Y*o53$j$(n_ z=#Fo{{27%Bx&EYi6yJx@T(6ZD#|u^H?2mXZZt%SKg2AI>oH(w@8Fo1QCg$E^G!a}n zw9CSHYY~y$bL?{W`--4K$2S}QLT96Vk&aFpR9IC>-gVtqZy(XoEx?lJzhLD<{H zHh_h18+04PY!?=ti;1~|x3Avhc2y9f9Cu;%ItTLVqwY=-?qc-*S9A>_hJNxurk;RV* z*VkO8eB#u+cUvA}I`W7UNYPIWM|4U|m(C`>?&QG8gL5QRcMVt&UAbrA+&50~i_ToO zpmfCi3llFah-TjirrxMpFgdWYJLtVK_bp`@vL~PArT}>w1KBqQrrxMsFnQq0?&5wj z4NPT&3mVCCRiWIe)XJjN-Xb9Q-n@Aq%$a=l=E>IbB_D=YhaB|5WK>*Gdj5Q1c!_V` zj_mG%sok{;g2nT%9_SsJe{~Vfb_52PMq1>TVN72TjLyG0;2q)MW1qv2%dMw(vUV`H z{fCP8B5i5D>4@1M^YkZEk!NSegI((0w=Vjiy_K^S_|`hRbU2ZU@}wqyx8S-WM7-@% zeteK6!w2MTogG#Nc}18sEC4JBDd@aS*(1Soc$q(D!06*#OiPZ;n1O&0Ob6qsm3j+X zJO9X+$g_2&!;u!RJ$roMkX`d91k}=2zGQb753LIipFd_`Di|+HttoPwljicNc3AVh zSD?u5ynFP<<~xlBkG8gaZ9!d7SLy~&u56x!fKB8)+SZn@M4oMm4R1Yms`*+Ne#<~W zns+`!LmsPnpXLV`WRK;M7_te-$D9hryEBVA#sp5$M*Xi>cHN=z1d{PM1tN1-i)(J& z>JbPkGW><3PZLNHroyfx7)gtei?A1rGd>3GV)oWKfii-f`Ltl{z*NUTSTpbI{PJ0I zT05+7!bk`(po@90);G*v8Hd$BxBY?*edQ0Ah{YNF&Wv9FL}uC#cIt}3Q|+d2HD29U z%;^c)9nT|pY>T0aM_r@=}ZQ_$DZHUnGBtL`KgCHli|CXE{}F5U7SYJ!Zax6 z^mQ$2xG6nYglcAL^QW1`RkN1fww=lv(=$V(W)kwK50{M%jv5;dY|5@2Tr@VAo)lzy z9ZcU9&Mdxs;(v7Jtn4kpQMZK3+xaiBCEFejw5PAvNrR#EU7^h4#7i^F;tWIB(4)Q; z^bVBoRGCrN1z8gMT_mtGeTVK73#ac2W|n<^?}lfxUPt0p?_l}5#Hzra?7E?Wb?G~z z9vJ7XPi!e~Ppl7gJ4o&* z;bTc=*{~5~s~+{XB{~E_VsoI&Z@iSxrI}?P3;fTqC;Dl*jL&7XyyM~4Z}ii0oX>Gu z{?*~S^cgKz@UeoH|Lre`={U3HNT0o#pfzo{>1P_-|VO5>df+sANtnA zCv5NfhQv1SkgzVA60df6-(90GndRp`cCj% z^f5gyBICb$%cs0-VrMx`1&(I3=fc_AcxJ@~zv%pJm$xgiuAHU z!Cz=UtsP(sgU$oPw!U{}J7u);q ziDlY~t{Hvo6hfTMX6Z(B*|N-%s<|J0>jCdbViP>ukzILCU@dv!%oU&btDpQW0IW~6 zi(^qZX2_o(u6gT(M=x`184}n9>To|&x98cVLY?~Iqv|&T5B~YaSO47GVf7;us-N`~ z5S;qwPk+$2e&Ve%i!YeD;<;zN4RpA}iPr+#vm1v5Udt>T)-mVD6_UEdvB0|QsvsDJ zJg5QHRtyhEzDyRx+<@-;3Vy1mFkS1-u-i2x85ki{~>4B-Ww@j%3#k z3G4uvIE{|p^x{q$eU(N#X|yvK=tRXr%%N}n!%Kgpg>2#|iYI$c;3#CM$t=0#$n5`p zDF7Wytb@d>qDUwA$w1<-Ph7T|mL=%z+4VyLTNo!YZ8deD82O&J;qW%^@Q~LM+XJ21 z&f>sp00looKRos6YrRc}Hw`%gSZlK@hX#%qtrwsFFPANT%-eZ*^ANxJNFXcCpILIz z=tmy<&^vbcg(1>+@c0}9pbEaV-}Dz>_u3C{86xE2TrnV+a1Q?a--o~Nt)(5fq5e74 z(5K@>?tO3HDQ~m2vs2ttJL2l%3pU@}HqU$2;NEDY*?3N1BQPL27hON+(L20Vz~B?1 z7_NvoZNfT#e$(gAr>qQ#jXwf)H~us0k)CAj?9WH|7m#Wx?T|c?i?VH z@?P<=`{vwu*xTh}dMvxD7)+%BS6ux0gI|2c>i{;jVz{am>pp{@eqsBkd*ezg#_AQ3 zzuR(ucTYFc8)SCidc6j&R%Pm5zL(v6Fz$Hh`71F0RSM3wB`i?Q{_#j;&RnY&9;uV2+X zE)zWWsU(?4t{dGHuZi6EW8NA62;yU~j4}zlh_yEh1{|JahRC+Az*gF+XG|>3)CE>z z$kb~lLGZ>^cYQ|?q;kpB?v>7w>b497$S7mN5$;=)!ATue@F}U@~t3-!v>geFRrz^zgKAAC{-_F+*PhspRJNvY<#n|C%Dx8vlV70H zky&po4SxIEAJJGQJlwAVz`d~q-{UT5Vk*bl%y(%y#d1p2KXmt-dw`@^pmvUJ(!)iw zj69jSZgK$(f5y%Pg$Sm{IzaK!fz3a?6(rfw&qY2x_9_Q1wp|E4mB-FCRDiyp(XOKI z?accx*>n3}f1$lI=}6_wy3V9Id(A+E_1Xg*N)L_vj%ydb9OS`mSziw6$?ve9;q(pB z$T}`LZujR$%fJ(#_-Y;;BaH2`g(c#hG2S$d;e}I{paEIUqtgp z^fF5>8WW4$chzw6y5Ai3h}y*2Q*>%f2{26?-Db5$QV}w7bJrC5iMAFu(M}^{{8T*s zGm!b|-VSfQcYsrQbUvgPj+@!J&Q`G0aYuZ%CY^(wUhh7b{!fRVGU9g95K+e>aeu z7f?x@AZ(%a12s05Z%iD9T&++z(>BO*bTYpI(jx-kwZulOgV)H>rX0&Z zZ#fQo9oddSfs?{uV`6)GXJR8c<|~Jf#B1ImA#q$VVqKIUPHZQ~LgiRE%<9R9d9NRs{=rbT)tQ=>B^kL;VE2K-54BTP@fsK+&Dnyu)&d3aqoRAOyA2aKi>+Tbn4-x*O}co5Z=b&g|Xc+f$UX@ zPSA*f#xY13Pwb%kZbU(rdYgczEVDRj6&>^TON*=$Dcc9@+1D799IhLD}o5&=pk`785|ZI)iG zPCz`cugEOF+$W%Et!?UcY7=_%CnrGz08@xw?g&;Xqc5}g(>}Qln_7na25^m;3pg8sd5Na|DM_Q4i2n9qvDuPtTMLIHn;{8jGIVEZDxsM`XO(d`pv7*53ZFYx>0x){MFFe8O{^TZJ-qxc>tvwsS8UBW> zDnIBwU%qC@9>#0>k>gMU1*-Y0vqE9-wILh56Xk1|$8Q|6kM_d2vaG#*jv|M}FMQ%Y z0c&`Mpgbv=<;B*X(YnK9N>{$t+gkq0kesO>3W-e>qpC&tdMgw4P7c`y4PNn1mTw!f zm*#Md4YTI9Y;$V7&)tYnWiAF(*`N=OQcNl zS7zjlF)c$`m!FV}$;gSX?PJznx3dqnh!d+C?PZzW}dZ% zUr^(aBj)z<*M=N%#8gYxEu{}!XD;#f4%t@zs<*Fv`;fy>y9AG!HFnsMaw7vVY^PK8 z?rh#(<3wd<`6bpMvvb5Av0Goh1#&(=q&sj(B4%7m!nvrJXnhUlq4Ue1hj|?^kKxy+ z&1^41R7U%tbGFA#H+NYVt$*s#H0kiRP9 zcgWi_WE~x5AN^pva%2`?WYpa5Eb7<1ZZVIGktkBeUj=`qRurXmxwVI9U=UPTH3Y{b zw0s3oIVf7vt6)KtzY_kceHMg8Pxwdg8}dH-}|1a1zEr>yA#n!r6jtoLDssNWt{?zAOe{1$mBwk6pZ#}OqYDIFU z5WKAcU#v=zqj4|s*IhhNUiG%d)#m?rXXPVJbg1ga5A96H( zRU^2hzckL97$_T{F0sRaeuSn;4r5@bP@0={nREmSMg#CV?nwfw5<3lEP05f6tc^pN zWsViy-WuWgifG!alO;A=0oj!3q^UTGt(DSvCVY{13^`pDSm*S>W*9rwcY}CC12b47 z!(ZY1LcAM;NJfBjwdf{I-nF3s=RgA3WbFR6)Q$5oFgrd4(oA6zV<~q>?MAMGJLJ9+ zEST0R(C?Zm4hms!_u_OhPo{BNbX)kMb-|Nd|I->^#46G~IZYA#%fpD>kch4taW z&y}+z3I5Ohsg;-VGpL`Ot+YSYaf!Fd{50BJkl>maZd5JdjEvyb-d9SpuNPrr?z?!% zQJh2#zbVUvwe5|NjO^Rz%zb;nfKvmQKT_JDnCrKPIL??&_z2&l64gR~#Rs_y`yg9iN*?Od!XSq8N$F_ya%s ziI+$}t@7UJ^opVtdYK*QeeI~bH?;fbd5;kB67H7N<{#XeZq`Mi&BIT2FL=)AsoPC^ z-3RmSfuiU&zlNe?qUo8XEbPzw5*btXhOdg;uj^_*7!%^S5p7!`M`~pmUkDBRB1hhE zacO4abJ;z`-h>^QZwIn}EG}vZc`aN*8%=e@y_T1KfH=QnLMVM6SESq8fw8f(+{ zzO21**^x)nEuoPcQrV0zYK~_!A(!apZc^aSn2?;hTm0VxL-IzN3I=7w}nm|h^_4V*o0_ff_ z=PS+o7PaMztbUFb*w)kPRoxa>lfLFTti_|u{AYR_KksFG>61Lj< zQ11Q?py^@Q?%bmabo|>lle)8aOf)ldYU)%F&P7t%A3*2&O#0^Ng1?wL|K{EEOSC!V zeKgpT?ae9jCw!RJ;+TEa6F+&ACBD2p3I|U zXRF=Mx*yKtqx*%pnK#LPBthH~rk`GZGCd(|UA5~brMHAg)JDzb!N4lH==y`wtrPkc zoZ{$8xz1S(x$G@Ea`rpR=*ZZlY;e0JJ@=6xp(_Ta=dRH6n$pZYwo!D`$RnA5)2ERg zbmwetpqD-LGjDC?%N3p1RKTkNo!3m$BXdus7AcPUz4NioYs!?|c}-jogt8_a3$Uq;#D*9>FGH{Kj`{#MHBNO z#;bxdcrD?z%)OTK8uM5zZCxpZG~KCB(u4x-DhXMs+j>jsV?2{f@4M>ndDb2ne&8ma zHGi>c;%J`LKYQsnT|BEc9$)zzo+W=*_l0jg`|#%$Tm!f>(icY7r-N~?grTKWuESz4 zmtA{K!i=-QdK`Y?GHmwCW?KgQ%>eX+NS#m~epO%w(vwiGcl4;=S8 z4{y4x4q`A%pzJ2r{xBB;?VbWvLz&VNth5kbF8qy$vg?N>+U4;YnrP>1G?6Q}_RIIl zVjzOyJ0ZVKoxT#neq3K{EmCDD-)1}@e^khDl~*rz88cIss&^GJ#Su1{(hF#l(HmPy zU=PFQ!zDA6$39%>o#pQ*_61n(PTv%Ups~33RmB!Zy{*~jt+hQ+DwoIFiq7c4}kBVmC zTWw$yvQy^##qD|w!wZF}Ey-aj?j1^Wmme?Rn>Z9`&jd%1HIgyNY0aV3oJu1Sc%O@U6ps(lrGv!7rfRB?;Ijd6my<-7r^tD39*M@p6zZ zKS`@wur#SIeRZkds5)r8|3<@wMn#RXLZfw=DTB1orSqGjHvLuaQiB92(I7R3K=gQd zcdsVHMB|mE=+|XPa^+~I=FMMDWy{i4X)bzi!d7n#@!(gOM|HX}%A<(Ytsyy!`WDPvKeri?-%3^Q^n0vg@-vlfVC`aGYmt z$4{~mo;CN6dv+hs>g+du{3Zr!6g|jZUgF734^^k@>rh8E>H2yewdwi>9?5ilBagat zeG`xRbp2!=4e8_*=-TL2#+kWfV!sSh6G5ubEg0AZ@Rgh(%Z}{cq4cs;`_R-M48wHkk3h7t=pt#F#Qs31_eFuJdW$7n=Ok9Ca+J0y zQCjMyME59S1k7p#aHa{-M5%)UPCm`T=t@0(K`4_gnmFNgmkYya`H4ig-z!2wF7}&n z59>0)i{NTyx&j@wac~cQY?$2*r!u7}xfWRc8+i>{ZY|{1)N5!7ZErN zPCJR|NMv~jr?ub|2jv}xQz=7N34v`ysezMxE75@boUVUwmgi?Zejwu({(_;bcZrQB zgfNbaZoG9T(AZ4T{hn?NlVJB|n4yD@;@re`v1{ybiB@$=42o#L8J5_T$0MBQQS3*+ zUs*H)e71{6>c?IU?Z!1+`8o?VmFH6_I60kF0&~mC5Bhvc3Shn=xV%O2{=g+Xgm6g% z!7&nJo))h|iM_NKEkDF~ciiVu*zrhlpMAU6rzIzYz3n^-Se@4!EBTlDO5d;^%!-ER zv0_eUt4_iQGK))_@?0tbYGR=-L&L+DIB|iFOLYR-Fp5ErutaVkjwX1tS&a@&DBdgt zj~E#fTP1n$XlsE-C9YGI^v9!~E;V*UZ)|#aB&B)L8NElNmr0u9ujoA{Y5CscB+Z#1 zyL_(HTkj$01-{6sSR$4XvDk+*()as>BI`t0E#-{eEW+n`bF`n0Z-85{HQ z0EGw(uZD^B8a!9&kLUYKrgX4(Ax)Jz;X0h%cnkphlvrc;8@Y1 zKCRdt&``K^$c;~Uyrtf3eA-EJ*w833G(rr>y*mu{=r=-6`QoWhS3e*M<;_HoI>qkkq7y6b)sZU60aj_b#H3#AR3&d&hW~@rg57dQ7I$ z4)6HkEf`2Tw6F|gkgz<`8%5wu>=M+N>mbGmGbJ{`4a8{^4V8H7$QL3M;~2=V3#@Xw zDxAWK)(~5fI+2XbtJd-2gq~0!9MGv*(EwpH4cIV5%}_~zpc(vof%+(qc%VMUqbyKg z!Xp-_XU}ny+s}~q*TfENu zWhaXm^SlEDm!Zr;Ew`swJ;WiQ3r#5EM~6WN;=u+c+34&~Mf~wy`%@<5w(X?#F=aX^ zGc_Sj(3PACqYwM>VF+!FX7P_m{_?wz{PIsENgTO0(=e<8(}Q?6orw7BT?w~p@R#Xc(9D<$JU=4= z7VsRN50o&qgkRM*$HaePl*xRhLZ5MQ{9aHnln_CG$%0Gf-(10=Cp80`&r{m1=_!|- zq-@Qt-V}m*Xb+E8;-$da;k!H>Qxn)^><4c7G;1b)3l3bbCc(^3p^D5Oj!(kQ;!_$E z=7E~02TpcXkZqBHai_)U;mG);n7BZDMndxgc}QeBfa9&{x+o>?<=qXqoFOI>$~i*yiMY1;(hyI>uJCcIhZy=O1}art8R!-qB25@klvk zZpSHe5vN-b4A^`gfq*qc4CebV0^!i&)iQE^B*0Av`vY_oE_xse<8H|O|*_I8NvB{3HNfeXYJLe;ibnNlr z=NcV(mi8Zdtk=f&)D%PHAJ0T&FhKcKWdHK&*4$mh2|I^WbfHY7a|I;1#p8!Sv zr}M8R*62T!(M5kH@Q#D zEz`*mi4`PP77}CWWR%1*5*3%EO45y`Tn9#?=AEU5#CSTX-kBt^u8>%nPF9duMPhX! zu{xcsBC&?V+CpM&I;s7&^&~a`V`JulvWLy>H97OZBYJC#m(h4W93V`>ZXl3mQLn#aG@TRrfiXGp&uC%L4{H|Mh*Bk@^m=a;@>Yo7YeLYsGe6 z-{jSNZDVl32c>@Ek+t9_|5qa>Et)UrRe7`YJBbX{VJdB51M0HP=SG&b^S9}|$g+dy zu@NYXw?HBIE>}ln>81-JOAlT^I!jap*i0c_R}*hm(Y$qsU(ifR<6-$hEb&@zJ?~Xa z=9rUT#;P%Hh^F}Tgdmwgol|Lf8Z)WsBbxZ_pbB&h-(E!Q$q3fYiQ%?3`U3}tAEh?U{u`((%I8=Ci&C&C1=dS|^^#s#xLm^GLcUxG77OG184N&VN&G!t zXh36QrCD&Ywd1VI9k<2uX!$yDlDnnCFscNjI2bLCA5jf!5s?p715DFnvDH@uWBD~= zv3)BF#z8d*`c8ORXkm3^TV#W9>fq4~hjgoTQ1(lZt4_R0a_A{^zX1kqh%8$VbGDre zwBok6+$iIJfo0pyBl77W3x)d1dZ6S$;b$ygh>g&d>KnX+k)UTz1R zgXfZXPz4<;U_%XTsD%wO>tKUE`s4?qdPvdGi|JLy^lDm3;&!XYOVJG52`M75dK-IW zmd8UXPuv%;;a=^y57e(jT9bJ5OQH?(HlOob^_gA<)8jB*lh@LZVmb@*dA##E`!YUC z{l@s18p8etpO`Ve0xGed>@&W^7+=a)=DXyJ!T3sJe2Hoh<8_N5j8}~?UiHCveTDJ* zmS=p>1(vgzG9hMshr~YPYmM>fC2*=`7l=2>rXI8x|9`@H6Xt$6Uj}%_`8Y3dOmT>{ zu)Ye`SHlc_hZ*{ccs%o>#*HaqP5tabP~uH0g$PxERsH`&2#nWqAT+5hpZzF-Y7{?3f=B_< zXNXlYoFNfX0i~#bps9e#Dlh&|QTevG>VyBP4gTvZ{MR@5ABF!q6~-ApHqAUc|I55d z8VHiKSoeR;e>Ndn-1%`3k$3UO?NF5D?b`aRYehJ9y|T@H^A#%uydd zA|s^M606{P()eG^TU~+w(^Y}v|BT)(wZ-*?7L-bRGLiTt^9VQ8HXw4U9>*4PfOls2 zLEtcJtsoz6ctj6uE0yP$e6>cirR%W*wp~K!_T`$b2s=$83f-RJ5PM+zg@xg8CSVvn zngu00e5Nokqm2@B>{K$AX~igN=*GO)_*zjeQ>U{0WC7J#l=M-ZtxA@}RVib#sw`R( z*Y^?2GJ0{<{9H%TjAYU$*+1~YA6W*nWkG_ z@LfI$e%^RvhX)Ot;J5LTuNjt?!SXmP(05p%uaMeV;Qu#c{(QBg4zkd-QwGecU+L7Z zRDQ`)=9jEwW4N!hS?jIAD zY>#3$0y}H~1XF1{uZsn#ZwN}f;5v$jfXXA(R$^S&(pswK29JU8xuYsQ)LzGo@Z)06N_l@;CtGw@4=h<`?mOE?R84-OM z{s=7^!GiST-EfYGNiYhS^*^5H1={89tI2;YFl5Is=Y?i^%()U% z<)x;|eH~>plahitS89knp&Eq93f0gSSB>a$)rW}cDNif8PSU08lVfP4iE)7gL9=-S+2LClvXcmVT|o}$!$yg`(pFSTjO||QB1_kzw2xf^7*Tp! zEZ>8{-3|B!*88|`5)2Oa7kQ;|v*T!~%yf3#*V$&-mme%wPcAFpKt2uSjP;H{@>1vP!^VZV*!DdyBk{+pZxyvbKMPeEkfau$uKMQ)Hx>u%>msHb$N zGZKGuKi^JjoL5^lcXNxDfuFgF)KXGy z4c*N@zP@DH-K54ywH0-AE3d!Vx-d;@m{(h0XNcwX51+ighSVUh{%ZTw7ruPpe|55R zw%4kA*MH#g$-4yc2d^+=Ej?JLvoMKgl$w?vN3da-o}*eJrD{yGlYLT*G__Bf+D?xv zNlz*zE$Y$)WqMp$dQzOU5|<`?(&H-9lPXCQ_LLRo>2X!*N!6rPxHQoyJ+4MUj*g<_ z6E#zvNp!d}ZL&#gSok(G)t#AZ6j_job*2Zh8@i}? z#Ka)3 zZcrzeL1fu}%!gg)LY_t#+T_yY1=^*B4y}7NStsn*8{~JwRw#nAMG8p%%AWcU6P9aB zf*3TH;TQ5Xi}{57>7l%z*7+8yB<6=6m>)doeELe~)3?Bp;d?+%YoZN-&f#0Vliogt zv8fDW)9CKzBKk<*&>B2ky+)Qjmq3_Owu-fTJAt;;JYCL5w8r^}_FU-8gS@dex-8}e z9-5a37|IgQdy2A(CtmS#r1$a?fn^zADiy@$b$MIKvCOts8lFp3kMr_^r)mYyhk1af zz6JIVKL$6PqsXKF@q$axB>}xRZV4SexLdI60o>SBqzsXeH)e z@?Ome5=Q8Hh?8XX5MP4T;n_#DCd80krZ9-J!J=^X*A6d2$A>Vqgcih|S|3<*Kp69U-f~b=& z^O5;EpNTR+mkqooAB4F{S`t4mc^IzN{5(?7*0X-@=h}409gBanx%XhV?Tng z0G}k{Ac!RV4T(J{ttTjFBC&!O(9v(|@qbC9^2;ZY0EUl zo4lw&@;3FFAm}?F+1K6PS!5&^HH?s|ly3~HgDrTGl29A!Crs+;lj9bTb> zQmD=UB@=;PW+M2Lgg(x`yjxV>zJic5x>lfYD$&#!i+f}&R`{Y`X`=3CL48GiKkXWp z@9_c^TY_F}90>H+8tgoYS#TL1sufnH-#bcQ68B{FYpfu_!TgY`VEUm@Z{JLo09KvmRr3DLY=|)ud)=O-7 zI?Qnya#H(iF?pwK;sC0zk(SLN+r$g9TLUKYsK`FiTAh4z1gw@H1D_a2y*Q67Ux-hY z>tZs+z~vaPQ&htWs}UBfzM>WOeZ(^RRx}%LEXp1{N*GQ{B|5=(t9&VUR1PkLc^Q|?jH9Rv+=Hfu5bXrv^we(qUKHZ`=*{wr%8;swxDB=&& zvsLHvxKgOg|5fH>*Zc~3>Q5+rlgi0%etIE!&dcu+CV`|wn8TP7HWLn>mX?;Vc%aCaWPUwhP-z`$pBh#5!F{*SjXRh57^bUGQaX=!} z2LcLc@5ei`pE^xEB;lv4ZZ6|Gh z%j^O;Q^1eVZr&bg^zD&lCibXl3HTyqD2TjFlEp%wBb9i-e*N-i^bhlDI4p5F^qU;| z1sfZEQzS1OdCRlcBFmohKW)9~DMn$5}NanA*QTaV=1TB^31dz|jBO{GEzQ)=dP zH}y=)>27ytQ`d3|oRr$56tju=viLI9%S_nS=l`m3LT-+-{;ldBpL@Xo$r~QvR$0K! z+0!m}!SwKP`!#JE9hdV0%x>z4-RyftN`2$Q4K*xru~deoO;;`T@pyuQJ{~Jn2cCC5 z@VxWD{LpvI4}I%nQ6p&I)M=HCskb8ZH|&JH*a>@GQ1dqAx6>w$C?-66?IF%1c%F_k z8&PCU5&b$iyLT{XI*$dX2amJhajU3u)Gwsv6-rM>h09RCg7bn4W1oyG$(i z*mP541p01r(d8rVQLNQeeoQm};!0tNDQymg)xs0syzs;~uTPb6n-{L-9S2?zP5gV8 zNhxH~FNAKg=hjlZQQF-2QFgO>RcC%(0dshbAJpa65jveNK6U|0sS{>wI4u2@11t)iXQI$GXE6&)R{V}#XrUo1;=5_s$MQ{HY0jpB&`>J|j03(+Q301K z3FOa_R#v`|d~U@+rbLc{hRi#vfe1W37ROZ|Vymx+t-ci%0>7N$j1ihT-pGBGIpV-q zxVT2*0%$xI7(9HEM8%*Ej0+7X0<4ZnJBwq1ana#K1^KpCU|h*?!bAMfyui4!;RFl# zYeRu?6~iZKh1jORfpJyCCu#A}#@@iVn&Fdb=dM=7W}ma}mw$@!V8Ei(8bt|AcK&@A zRS2qYiY4QGFMp07q`hNlzL$T$OMB1Kd@uhIm-eBh`Cfi4?Ne4u`vot*R)0y;>Tkiz zuXRJxY~662@8#F>5@}jq>MGw(oN_bqzWMm^SXL3XZ{F_5kI%Lp2W=}sN%7;gs+&+0 z#gtd+y@k#5b@|?79w8S-&S9kAV<-$q<~>Bw6xDn$a{v3n0BWXIwx)Kss-Db>;#R(M zU~jFWDLMMws7Jg!k;&|bnE3D7G@ndQs2emONIfqM@Wv#)33aK}(I-#Q{^+cC;KI${ z4yDG_2T~In2Bh}2UQruwS(V0bHH|jmcg?&PBJ-XV5cz;`i^qOK?T*}(Y4}*9+b{9w z2$=1c7|4rYOP|kv2|b&*wD_a;OE?1L58S{xurBetz_#HVy_TeRZ`~EBm6I24xU&Es z^@YK+Ce!?-Rt(gh{S=Mtr})Od74}nnFY>?^g26=+yCYotDMSU&DaOoK8bwmJReVgq zLQ;ad=iTYQ=l5{Dk z7bV(uaiL#hUKD(Igd}@0JP43Yyd-1FZ4VJzSCD9Uaf9}$uFC)sdR^+>>_R=JaM;8Y zw!7Til={PmBX@cy3)?Kb*Vv!2PJo}bKLc=phW!~Ae$@U9AM0CbYr&=SZ*KGvx|hlX zDLYyQgUl3mpWLP-@o}6QO4VDeyNB!+g7#-x(Ei6)6k^>)zK$lNZHl%#fl z&)rXwY1F=s#@5uanUVV!z>K-aTKPXR?-F$eJ7)RCf7P~*Mp6fKj=4vVOyTnGRCbQP z*&;o$K0UU9={a|bC3%#k$JX(P(@(u0tfUalhQ0gc$mT8T-7jA@Z!zzFxwBnU-=L|K zf8h6`CufpAatLgQLx;|h4tID>9YHV5ft#H{&RgcZaewoS zQQr~7$aymJ;3j_hB(=*+Qq?B0@AQ_~M@?eC@nk__^XIcSW>p|ocqphD$E@M>$&aie`8xvp!y&FMTlq%ik$J%h=--5DV=@WBbeVl@;<@jd{ik*M*h@F2zO$<~1{*&E+qx~nPigf6^|3shu|J#4U zeL3OW1%}((w;J>OYjR|&jn91+WKyfSE5{dKlgAt+n%n+_viB#CPcHZ`%46|=OCF=f zv1@yCY^}-T&fgX|mY2ucT%Exfb12yYyyVgLbN1Q)H2abN5As;$_CHPS7&{e7to`pv zqRWo-8D7)Q#47+^+}G#J-<|&Lq^|NbS8(u=mfC zUxJR!ZTlDlLC5Pr;$goK1Vdt`u`IK~{CgQz-${u4_VT%Z)XuQ%A4?J|7hDs_?v5rp z^fs6aq`o{b`?^k=<*mp)f{B+ROV@K$SqY~CzN!y{EG3$KJ(^D`wv>>HuJr~JYjk%o zwJMbA42?d~@_i4~$+J(Jwc)HPkXam=VjDlbG`v>rIna3n18U)m2i*6s_iCAY?as8%jOi9x0ci+dX*?Fv=v|SN)!f&u&l&TSx~R|?MM}X z+3u1BpyMuFOIN-+s&Z|5_NyFAyjFYvx#lJ6f8v3akNt~MPk`E)?lVYm|k!3rh+3tM3?s)rrmMQU>)IF+l-Kg2?f}?ziz-bDkqnu#C zc+r<}a&~r~V4s037QNU~XqQjoys_+;nz;rxpN~!219{>HwbM0G|3005|ss zFp+(yLF-u2AHdNw0GV*z0GTOVNcTSQ`-1Gw=c0G`o5z|E%t3@grr*7fc) z05;J9L)I+T-m4Jp$htkdD ztzY2K&r|v|O*f@~sGH7!dRl)_vlss~sAmFo^Vy)D5})OROhkpj%UYVI2vh~IL^Sma z=|VFB`Uke*3}EZ}1C~=7P6M_IV5`p#Y=r|>fTEVAk5O?N+EB~V$7s119kt_m1S-ZmASR};R5vb{dfRr^H*v$h3q_5$?n>;|EI*&ljM<4)({UH!P z4FOnnCiL#S?=ujv#qhHuknDqi8C}k{!B&y}wy;(iI4JU3r(=?N1Wwa2VAvl5m1iIj zKNA5KR!)Q7p@c!SkjBrBLwyepLG*zg_?aHw-Q)PDpHwf*BzeFhGd z{ozn{8V>$)(b=GP_X+huK+4?^I3keU{bI(34;=~(Lcx*eBe1CJAB);Eu&C}2i;6R_ zD5EFG&xQpHwtY~Lx;GSL<6_@R=Ue=!3|;JK@zgP*RpbU5`NLj|76nqkxcI>?Ws1UEwkAsHK`|fzYrGW)3lR(>JQ#ihR`w#)*_z-&iln8 zmrs*c@=55trxq)1nVVEEb2FD;JnZr%T|S$_Jhen=Y;Y!x$*bR@8sYri`yO#0HM8cL zuKSkqbMERT{OYs9XzN##@EL|W2a4ngwIMee+2s&aH(Q#K%T z&Gfme9#!@}?&wAN<9dS1m|7Vcy{YA$GtW!b(rE4B9jV=e@j~e2CXOtf%4<+5#J`fj z0nH?6wKbV;)Tt)5iI*}nFHNju>aLralHJ9cAbTe{R=(KVHDq0Lg}2ciG88xx`R$kT zuk(w!NE>MkWxGR}Ij2Uy-|~B*%(_x-C~|)SqC6P_RB!EPfP@xxQ(>69=s&|E9FulD z&o;bf{`@ePev(p}nR0G`*<`Hy6KX$GIhy5Uf$kl{Yzb}o!~7ldZyqpqG+y=Qzve>p zOGu4w`NP~l$jKG??VNyr5E3eD%c&v9Gxr3%R~CfhTizX_4J+aK!QlW9EUJr#u2j%M z%l{GuazA?q*>~-LdpPkz_uu>HZ!_|8xvcKhuFW)WID!kKRxoF#Tp}oI^nN-N?2*PH zcVNrDAxAifi2#_|)XBkjC9W|-fVTh$tWE885Hw#Nz^%OH4+hnMmxJG}PwA*p(|wti zvh;nLV^q6U>*9Sk<3f;Es3B`(8aVU#CxSpS>BUeQp`~^!Ol)WF^@>CG)Qh=6^=Bd!qBN9h45t|5`Es zT{}3{9!h0HqYt(GyC~$1nc6vKnnAca+@}K~K8qr4UxgNiz{pjB4k2;h6{PqJD|P2f zEet5!K^nf??~%4V$$Dc)vDTI%Z86HQN_0N!OI;yR*LBN9PbDc%&HJhO&QBE9mNDGMz|Fq(F0RG@YzVMm zWLJ$CHR@`k1{-T)qXvx{Fb}LjHi2vaQK?l*Q);R10__D%x=GD9>uM@id)s>3TC29& zTC1(%69^<|)l$T_R#4Pg*9X3MspS7TXTIOv4e0ORdu6|w$C)!{&N*}D%$XS+#hq(D zJRdhcPBT*2LAp;pE}o7Md6oMCVaVSEZjkX?z2iUeEhC=!EdGYCr({&^nKF&VUZ$c% z*$`3G8+s+`U7 zkH3+hEI6?81^Ht{C5k6-@+4mm|KD#jomZ13Or)!f&8*zessh~gACNyXc~cRYiIURJetEQjAid{2`uB#1dYU_WgFOet zSLIKd*dKe}`KWVH`fmBZH^28=zMio?lYQ|u`4gXyebBj9h-vu*dRh6XHIK8e(7EP@ zsk%op11CofVV8OtJNth@^GU*NvK`O#e@aKsc|*Pap8aa${rMBu zK%ccz%+kQVFW~mS%X*@5mG>z;3p{yEF4(@_*+V@uJ9-b}rHM89vcLI$LSpHPk~fLK z%3uT)rbK;zMErH%Gp{3-{uz};u9SA=_SCY2yyr08ynrXYv;U57!Ry4I zCvQ|~iBA$u@K6W;-ZLt_Uxt4E+McnKC+>`GkIUZmBg=IA?XeSt;D}G3rtY{32YXei z`R(^LcUml^$qTR3KOwcZ9ckO2sqL3Z`|L+17Z)WPJu&L*y>S(zQ!%~)R{j_$ZRXGa z1724Pb=imR>%F!^^2aqy+!p&d2eOB6WO~@_WTT_AfBm_@7vmR8VQ`Y#OM{cd6v-Q$ zRA_&K^5aw{J5^$SE@xMC{5HgPCMOjoe=d!>fIax$_|98B;GgIGs0b9B&0=a|AbxEguxqx2_vZ2 zmCgy9Bs=mR>yA;pTO>F9;>pexqRBxY zmr0y+3Z3bMmv}qeUT<|hV#C`t4$0C)S-)JK?kWa$pzCFzuAIa_6YQh!fuAaT%PHLQ z4;G0gBJG++a*eJAqsWc#GbX&BEM&b6t)vTyg@uVFK`<`nY=fMWQGS*jXJMhUBLipC6p#GRB_;Wg46fLoyR%%I z;^i8zqFaAuZMJJyT%o-gmnzK~bPPwBdyjuB@a3N3KZw;vhlvtv%HNZ^fj=cM;ay&S zkjlKWgar1Cm7*`WX*tE$?ejo{RNe}ZoXS(Rp>>i7m8mTuX-y;LT4R@xslSt%YtNUM z$NRq+8o9NOy??Rfm$H4gfPK5g1&L_|iHqgoFyXU6_fzyX@O1KO9p#%u!Fk+ZMZnHi z=(_JJlUJMKo~z~Ds%U1&USyUMt$;KnMyqKV z=vpMrUV9w>o+*kt(DiHil!-miEsN>o;u(p?8BTp(;%Zr*JM}e|iySjyCl4S^vGS&h zDia9mN~`7H^>SFqi=$Ib#P!G98w+9G>j9X&UpmPGCVE7&YxJ|yqNcdrw*B1}+X->~ zRMbiNK}zL4^Sb|r(L$z7*M5J!Ogx&jHaM*Q0QK9rXp|6P=O!Uo&(%t<+l5@bwZnSl zCLvhrNg1~;1#8jBw6EcAtS`>oOxv-E$;C?&jZ1RKQaqe2`0Wv`2Sj6J$fEQRF?TQB zUK~v{Msq-v3YgO2WE2x$FKE2WSqnmD!3HG~_bu#nf zj}X?xl;UQy`^Ul&5`u(!ReNK;7O$4#%=g5WwU@X1%oT8sGca>@BG8-|6*gas^5>|T zv)c>Ei%4Dran;50xEuWCY}2`Z5%&R4H^mCiFsBPVB#BwrpNx0Wa9BXSaHW8notOqT z?=E4k;U1Riz`q4{VqCNN@nw?jRLg`TWF^~8i#^3yt_B;E3CM}@D6s3N+0hFAA zQgg>bV8-u5X*dm`L|iVTb{a|(@t}T`Js|94je&W63huiK?lb`xpHHE1dng$fODk;3 z+g)neC?8w?G%Y_`%0tyKin^plzLdVdx-^%**1jk;1zKfOEmanjRx5!I5RBK%oW%tL zk;Lh3VrQ5~t^jpDoP4M;6H34Pb2ouUe`3We$Ah{vh!U?4Ig@b}@EA}j7qmH(%ebe- zy)oL;Aj*HX{UXyvW5mBo`viHk9{}i|1KL@~084m3oY89j{k<=SE}q#QltKFVJ2DFH z^jqkJ3%w9P=3VrFH9MU0Qu7gD9uNy5!|1vCz>e1_ZT-2kwe@1{*g?{|9k1$c8Ly?@ zc$IkLwcxA9>wfBX_FpaF;+u86h&r74Ga0X?^S@-guGaExQl3~@E^L+|3&|^tp=Q&o zR`EOW<+ z*C9Odw^Z@qe?r;L{gv*EHYxTa+>k7a;Ao~AH>81EyO_9$2HfelceBT*1A9&+CL#vc} z_)Y@fZxa_iTwff8$boOI;M;$34!&Zp569Qq4TA3)z(q zGQHW{p~aU-aXGJzb*i>a^gGtB=`s+{lP4SdapQnUg zuu4cKBbhg5=PV&*{uE%Y_)N+I8+Ek+d%y$MWg!g_mfn-=&EiUZSmjpC*1^6J_NuGkE6xTjU1v@c!*Y`VcFepNFLZk1r$E zdiE@yq20{muZbnaZRYR}24awRX-O77e|e7Zxx8@Ny7|hZyN6;^ouX3no{iDwh0?vA zg-wig{Jb}sXgZlCSw-e8QRhD_-=5~dQ17|c2i;k_cWjSe-bnqkJW@(6S!z`5N&nij zZJb>3?=3nVah_%OhwD?RZo@3u#@6eH~eRoc~^vkvH z7D?V$+IQ6o&+oz$3#@aGjBWIU<)O|!G9poaWe}poH0PLa%uk(rHX}tbBXT1v0cbu( z8fz?`Ju4D6uVR5D;xmOU8!_Ev;pa4Bx_ypm>ojHrM`5acWBKtmKy>ymI!*X-Cq*Ok zrIlp-VP%2&s8V4`mjTyk;&d<3a?pBBJj+Y89Q3p%PVf>f%uSkDb+D+!_h|6HsUs$Hacb+nwzfKl(v;6hO zcLhI}zs5`6m-3gj7oQ`)v;Q`M2zSlDgTaIVo0)E0ZGCWu@JXJkFZkqd`T?KFHV_Ie z$He!nVOPIeep#gO8wCEncTgqL&KPdfkvZccJBE_7T~j7#iXAK0{@3cGrTV_}>9;O- ziQ}!W;_nulky_)~D(#T^pO`gAn z#n*;%g(=6rFEO`5o6i2IG$66U90t_g%;ZCPuhPQ6$F~J;TGR1TUf0Ih2zI4eLxqjn zmjld2JmgeurZ1vgeKB&07>>vIw;3lvmnS|WCzOnb{v{uJ06t@Ec zht2QWK)+tm2N*aN#)lijIri#S)&QOT_k9!mmzG+4_`@#29NM(!C4T5{4I5d%DORxw zl|#}<1C5*^jaV8vHKpcK;AC21zG_L{*#X+Ez?kN5HW$vJbU`Wnlt;={{x;5wK%j7Y zp2`0y%?(nQvSCw2LE6eZ+&oPGo~Fo-23b>s!lHIEUi;){eE7^6Sk=0`wnB}*E;6IF z{PQQf{9@X`*)0>9KHV5P%K0D37W*Y09Vd>%XsI2G2X#FugY?arImSoEUVuDi`~q;- zdV=$y$Mf``g-&rxM7DEbpl~7~u$#@PG40)#z|;AqO%XaCgvmAM7G%iK(N z%`ZXU#D5?l{F#$XZkr-sK{H+fyj7_^;w+=QqaJ5wO`OlO_pAAuDO2eKd@zPOq*39T zusIWs=Wo6vrc%FiefIRn+NXu)KI&rsOAFek?#H81=;e7CW|WqGoLkK}5sG#A3L@q^*-EjOWLanTvdwv{*wfu^ z@4fRa$eXzG8rEuj2SV1 zW&|v*R|-Q|Fs!GrYXmhq5$O6E{G3=KZWdjs-VaPwz1-rV&YO8scocAj5$X$h-rgUM z3_WkbE~U>PfGiy^BCsvvM}XWykNCjIh*>*dKvE(7ACJ3K-pzTSm-+^hY1e0<0LvA% zB;!Y^TwRuo2jn9eAMeW9SX4Kfta5w$YUCgI5px>AXI+Hg7a@-|TJDncfa*`nPXlzQ zv;W4ERDeQZ^Og#kjNeJlKr_gPgoGjb6baEwzKbNG4D$W@yGlN_+v!l{s$2`6^|JFO zF01&vb>{s0F@RHFai*?sP9|gsovBYY zi}UKqu=Y*{MJ_6K)^t?kWW7skZ*}U|I?Fbt%RCB#52sG|$4Mq$1cBr-<`zcS&C%E;puzP6v%oW<~HEGW#RocAO>V+`R(OJ~7A)c@A7dGRWd_^Gcnn}73lQDWKVHnWZ|YJ&b= zcCt$nS-*f{8|&X@w;|eEC(OQ~skcX7X8LCRguCJtqF#`;G&rJoks& z2ZCUqm@$sa2mCpG&UQF;o^Y?N)i+qbNouD~lQhQ19h+!3Ksc;Fj)rFV_oS|Lv&9}L zGRM=a&i)Fi_7tSnmg?svR>3P}S`ZCLZucKc(`~MD*!Fpvke0)5URlgxo zU&Pxi$+}>XOj8#KAJ~BwEwMthgwwjVMa0@HSEVci(;dgSmUn%2`Zj1#joxaoESLx+ zVw;?C3BINha31(Pv8>2}A-o71=R-!9ll@bzLngkggq^Ggfi<COPUH8G5 z(7ZR$GxbSWwkNQ?zKAWUn{9F;Rs<8Dwnv!R;WyPSd~Er9l)QC0e%KqAyfP}M^*{dO zFxJNby;rZ&^CRHj}L&Kka?jOrVPZY>>GIewW* zlOB8G>1u*a&S?3HaoS~zCF6ntVAiMtK$@W;|VZv z9hZHAm3(2pr5|?Bcx0A~2T})uSfBJ_8Pw+8Nhl(Or#E|2&jVa$ry!pJ) z)Dh*t`;QY4@dc%2a)--LEyb9yDhW(pBEGh)BL50^ue^ZJvFbdIo#$> zQd)$&S)Q==U3}+I>~%(<&HNr`jh)2UU*w!7XW*aH)g~J)`vlO5{p}_yzsOuxVr~RP zXaBr14mZbl>b47ajYQ0Am@~@FQQrANHg0 ztKvI-hpvimUKKYT8PeLxK^VkcIlCm!+7D&s80g&D|Iu;u7`cKcek8`@fc&wf*jcu9 z=4{V6C1nb-`5)|Ck+G64e|8AAh+MmoYmsAZkDRG!LXVCEecNcJClOR z!U{=T=y&~3l}w5kx+Z~&JjD_3L=eSF+{H7UBw zPq(nqoQ6Wt>^qqZHUxh99qM4<@U*rBKX`F6_}O-49%Yu9MWEu4+Z0javM$*Ve7sSJ z5Zu#dc1>|pg3c9%&J{(%t=nm1`ALe2F-);dIxwIgcI6MOgG_jA&|`(0f59b*_>-c$g%?6rJ>M*;ts5L%i`QGB%?zT; zi}uHjSA}qcb@`ve=Q-i)nMZEvfJ@nHZbP?O4oXZZjPEMA@+v0vuD3{Kp!0c?H_-JW ze=yQw>C}zgWAF8G+k}5)nwQCp*;a!p?$FYi_>2GLPmhCC9}VPd^u$r5g98z|`4Vdz zlw#iemQQ2w<5)Me$=M*02CjLQIxhzx&1d{$_rX=H|GtK_5zwQnp4GBL&5B6OqKCvR z;%(X=c#CJW&A><)iuDvpI65+3fC%Hjf`0_-IN4^8mopT&I}-6G{V0{SUb&r7K)~bo zB6G50kS`dt!cm1x?`?_6jOfY+kE7ztf(2I|fsNDsc&ve$$C->a%}lL2-&mWRd%yR# z$wyG!&V%W79z|)N*q7q%^}+n;-x3!FnF5bwn3{_Bq<`<0vFoK9AqD#X7^M#DZ`O9t z%+C5rQ1EN{bC_m#>)Z8pnVF#wN(BP3TwcTvw62Yq2dJx#8CGnya)6??1$+H_0#F`_ zpVCbF6o~%-#)k;cd&|#7=veQ{bJX{e=nS^X%vLI!=1pRzjA8~SA?)NMqdH2L&ZF4Q z4CU{$Hoe|wMx|;1wJRXtr=Q-(e_CU1Ah)ys(xVB$;np55NFsiUUdX3YPw2vuPKO@F}j-W`tYj9Vd*=nXJt#rAwKU#+B66Yc25~#3-XG6a=8DIOl0#HAE zG5B3_9)DvJsAc>o$|vKKWueHFnv8!}CL=2ML8>y*NJ5-8bN(Dlu~o6JNeb)R!zELU z01$#uH_M`KG?gSe!qzLM-uO(tBgiXeQF*Yl@w-|}Ysj@}!8UOrXAoV<^x`4f zy#S`S9jgkPLy(EtjA(VUDddw%<=zEBF1z$`nxSh|bOr}94pV-vSsWV^eS*-!{sM&&z=d9~|GcT_rFFNuOu{`d; zxt!6Ix$QBQ zU!<4Hpl=UcSBpX7dSN>$f$%KIF>$UZm*z?Z&+RnLdSoq0n3mm}`BmnWSD*{C%&AU| zrHp4S?RdVQUdxgpfdf2sx8gkdiJ}rr#@Dkj2TV~i{s+r+C8>23bq9eSRIQ|MhzXog zl=Tw_y0(z2HkD?TuLxqH9b4 zEB-Gc5F_Sy;-#|Wqaz_12Uc4`0sbk%9rwetDd6?{7P37FAip+jI?i&XC(tcd?uFY& zB;&sZ1F4P~RVkJSfRKaq?H>OQ!{xVHn42}*Oi>n>)M9|`Q+_14|B3SHr#*Jo`OF&u z=>P}{`kWPtj!`BWk|im8lSz2gCKP89mMM8~V?HjZz*2XeuYD44f-Jw!gtjg1f#ixb z`Don>u~nRbSr>=VR>4;Df4Kw_Ms~Z$&_;2seWv}ZuM3-lWvN|XH&~x{fRJ%*2((~$ zd!3zptJ~_owgaUZ^dwwSL7H1z0WjEJfd5CP$qzDALSam$@oZ{aU~g< zIX9Wu-1EgyGfFwcxzi4yS|^@a)^4j8Na%H8a>XH3ZfP^8=2nIlCCv#N{Vzj{Kd^yn zF6XrSK;{VB<`5$um;D2lSbZq*%%&|s;J9XI~{9DTVv|Gb= z52v-8&7Uq--ke%Ss6{Y=FqLwzjI<%7vKZBpE;~rLCVec`Lj4$6QLZou>`9&E@r>29frxRC5`4(_o ztMxd})@nB7lpXIbu=gqdn3mU3{9R7@XQh|XYkKr4BHXbo z@1#K2oqVlCOR=i|258uowcUD*9_nVCyjMo-C-HS7?g&N~gX*b@JGB2uCb_|k${_1Z z$s%W_*oI-Z&`Jr--z*WVG0 zId_C&jdyeex~~Im6`1J!TukQggGnoxq<(}Z=}X=zVXf(v-u#eTuVSBilcnCo>~x~> zI_x)^b*jf<#>%18ak=@q@HUHfA4ZY$1YRn4yu|)5GB?gw`+vMzN1=hb(m=uXhQd(n z0Ngj?tUrtVxSUn(XUh`9{1CBMYb=F+Qit}N#g4e?!wv=|tx=e%ku|pE%i3clrc_(} zrM1VPY}N>6;9`&cP9C0g$6+^?Y~R*UJ&ewLp| zVhn!#pI=fowh0s~;#2(j5;N-tXIlxH*Vnl^FN85PRRl@qq$!EKuz4P>L)%SGerLlJ z$xk%Yh~l_7J5t{GQ_P@X1DXRqBBP&&4me^k>W9yXg6bUvCO zCvb|y@Rq^e`B|Xrc?K!Ib5Hb`z_qe-C9cWEfUILMuGp(Rl7*DML}P)dV~MZh2n%N} zMk*cag^r@BrpW5$x+%1Zlsdi<*kMj1`$TyYw#i8ORy)&zz!0hqlaDFUn-z3yJiV{j zKH2Y!$xADBa*|i#0f3P1^KgQ`@tt49o|g9E+BWmwZ(CO3@ALz9z0KiC@i@JN&~Pr> zLi)w39WS6MWctsL4Fj%FMsL`ivo@Zp`Z5_i|3QqM#J4Z5Kg#t`NNak%m`#cahZLHxskx?enOErWQF!kb@P@K#nn5#FB!Q%QGkp>1i_ly!{F$<9oi)w374`-H&DdnD5B+ zqU*kgrz!zzmSQ7>n-G zOrpC|EyZ}8<|W2{9c~}1wtsclq^y0!sw$X{(_VP6wp85fgSBPyBOJYuz>76vu@4N^ z%DRp`a+Km+bWrRIbanApTYGi#Aw$3MO?1r=cZe<$2a#$1*IwO*+A42l{KDo_H4nuq z=0sF&BECUbO&k=Hs}k`V{%|H&C*npwYAiumFTV{6?t1wZKHVs!rd&HPgF^dBVRN^} zuIz;bGrqt5Nd6nCn0#NAaD~n`jL-k0|M2>k^q*1Fu}|%R<2`*{VWQyI*HWyov9lV=T7@QtIB*httQfeYTQs~M|SFIqy}=H1$UZ1ZE7z(c9|{Nw3T zcRs1a3+ExD{uzAQ;)G{YdPGG;yxV3BQi~&gL~OIeRy_!avpmo(X3S&!HM1dD(C_-U-RIZ!jcAl*8xqq( zavajPjX;UhD}@#giC2Z3onI#+xA0^(39dYr*=zp+U+9kfSe;b4D)jYbTYYk6?25!_Y5W&+(tpJ;`Gn@+mlixtGD`F$YI z-fMPx^606;lCfe`KZtw5h)z1cxH+-h--aG-C=b(4*u2j=nh(SS?Ouzqg_$KKnFhst zu4@K^kYI3GM1?5bBj>rMTqJ!dwtaEuyHliELq*tphU<~IF4nOh@-+JvMeo%|}Cy5RF4Jm-dXt>@2V};aXzW}@3 zewBqylrQj5zIS8DevH}8-}DngNcX~Ko=xIAVqStjP(cz(2S0iKeBytA)Y*SBI1G>a zX|HB-xs1N)CKhu~@c29q{UqZfUXxk!{IX^<`b=^g%8(1fH5@J|sNYQJ0vc0&!i4a+ z?q!K8VBg0yo}$#1iTW0qs0Rs>0+>_3Dj7dSKOS~so2TO4q?#S#pUi)IUu6=xq7|rbE(`@vjNC5%aEH^Gegdw=T_OyuxPvCz~}M-=5Yw z!)E<6n{}R-HO*%II-3>pyR|N|SsmG|m{;p^n{`<>>vXTyQk(UyY}VOcmSeL{^0J~+ z6uV#97A)0)>P4;=ovBOA4L!o#!B^qFwwlj3RU=qB!H$wT1Vfpf>6V%*mv#aQPrV)MS8di4*{r+0tj#v-?rher9$)RY zSvO>}4pkDta%I>UwDsd`);GMYV>WBnMcJ$o9yfl&W}TDGn(5W5u~}uAtnOF6tXi_t z2kLq{8GjC(Tm=cse-8^>OjB9NM$83`svYQg_cpp`hs%c9Z3>(HCs0;`=yV#rN{3#? zLaX{`iCQDL#_VD1o`6NTVo4c()kT8W{IN2q@fP_`#xIs1X66zN^$jVT0soOxwe`yF z8o(Se{{Rq;W#?FB;ML%tl6WJxKYx_JPu9Pk`Uhm(Wd??sQIrW*a&9zUqV<93I9eip zyViomB-rGH3sUNR)AA%E(GFToJ1!S@r}AZzU&MiN#ZMxTz)$q|JEsA+!LKCEVi-L;7sJ9-RD5vg zV`9aesjGxsvGo!2S8O=~@0>}6GKs8WAoZ`35hQT5K%5lk>4^*)rd3$YC&epHw^w?ykdYwPdN6F;`*@1&+^0<%%4(xB>r zLfG!wHOf`%oyKzWGz(&cu9a5T zfR#j%hRvUjmyroNzQMfd-(C=9g?8Dc7hjwhlV}Vk!Uc&uXOiD(Mhh1W%5qLt$&Udc zFZD7k(Knpm8?XX?#pLNU1oz^nQl?;%#0ZAti&CZH@`ayNo>C$|AK~m)d1{xQ(RkPd zz|3g`l=#^FNl9utR+j5UOgw@}>Hq84F zjb)-U4$C&>QVD!TrJ@)s+RSx!P*Qhii#3Cfor#kohK~q8HL&yxrmonT!RI)^XR_i0 zJXY(sxoj6qRp$%{g=hT;lrXmtJ*wKHRB{U>my-j8Peh65 zZHCt%Eh%H&l#!y47Ukhi4VuR3Vj3ReE68iF!x)??s%8ZMhMaIkVns+lsuL^L>PJ;# zMU{TwBIH#0aCfQe@2N7M00aMDo?Z~*=PBubvqlIBpYdBNzwKwYn5WTrU@Oz~LC6Gq z!m?4CO!WQO?w+ybcfm1GaGji3V4uReW6blUu_kEuVbd29cXV1gW$*(4s=c;N{LTN6 zTKIENtC;*{tOJ70$veedZB0IOH{@>%rz?bCfhxO`#q0;79ocz9OYYY(F)tR$>`z4~ z6AZVuwU{4b<7gl(E4cwtX0#bL{~BQj4rUCvGHh~-bR)4k9dQr3aI)W^=pbo-vo0W{;1Bozg&XNw>4QY3aS8f@l=WXVj zld@Uu+$Qmc;^j}o1tTylOdl`wm4!6_`8oPk(PEa%KygNTdu_JziRPE+bjDy4vChp} zROl@OBii*m%OdH2dgFn;uw}#TNDXjpb zhEiGgd~S0md%2;o8Kt=)8q=j6-LwAJvoKCb1Xt$&VV-t(O!`{khC)oJGUyYw#F1Xb zY{gVmmgV>5=-+TFJP_n~$*odh{<{cDGX9ugl#CC`56pdsofaijb$FXX@AjeOiu)

pT(VEu483^E?UI}pK(?teiFqrjsI=W8=p zn$etlKgx~g3wO`^e1xp0ixUk6kah_tzrtpL_5)^iSH_=zP5UguN-1+J745S7aK2c> zV@w`kznDEn+b??a1s$avJ1igbMY$6EwDt>jc+GynHqY8}tdaj^)39V#%NINGa}b1P zC2ph4!x(sHtKP~9Hx~au*sP~QXa6rhqc`!T_H5h~Q4z2e7fZP(sAiOw>4tiFGaMlC z0%E4PF;2Ex*c=7RYC8b5E&%Ay+;5(fX;EQA|MVX`j)S1+|3cHK2pl2^Aayjk{}$oa zIyrBR)UH?aM{W@D?%yakMOtO+?h%=o9Q3-{&t4zw%bzXnvLiADCH?oWgM$~`axC_w zhG58h_V7r174yz!tYK$>NuZX1H9fXQT*Cz=(w7ja=NC3}Zst7xmOp~>$61x_^b>$H)0ZVub(9NAQ|VZ}9lrd;%bQgl=9R zL&3aGM?Mq-ni@00<_^pzA`4|YkKeCtNUTXR{&#FWF!;`PuJjZ#)zMPyz{BuTFP#Tn(Z3+?>Zf|HW2Pa$-bHRgA1`&Bvl!WUr zW##U}vKCWyuIACN5SYE700oU#u#aV%MCkOMt~OiE9n87fh6qzb8=RqcJkUs0*j#X= zWR_?n8b5Oaja+C+_ix5Q*bK>lLT_m!!cL261c0euW)-D3UnK99@sC6Z3z<;3hwX@$ z>*Y_v+(auU<2q($fJB5Md1u8|v1sDI<0nj^o37^9+(9mh#!dX1v};z_DioUkrb60k ze@@ig7`bE>zNJ|m_NQovRGe)qCgZQz)T+0&%pCip>}5`+3{#d(y3|krU^+_XaI&mQ z0O8boVtBg)toFC;=a=gGkn@k*Rhy_5@%ZZA<)48W6s!%KaIuoDqxz)SIFDYn{1x3T z8U%KOK3?R=3=Nu?$wWHk8qi^!>zbJ>=J4L4HMg){;kX}QaP50@8T&iQY75KC{zu1C z2!$A;aeUgG{js(cXx2r{H<505L_&@(6%|5-iesrDi&LOJ^eN*eHgQd23UOSmKoyo< z6+MC}-KI-xXWDd8wcTN^anJL%} zGiS3*xmc{~0b{7Hjm4T(kL-_Gjj`yfCHF&Cs0@}VW%+=Bmk2C#u$CuXZtoP2b;SIp zfx=jVH}Fda#J8Jc!Z;5|e_dNC*kaDLlt`~|?RA2qlkvKoGEDo&+A^tyITGdVpCAfH z35N4m(VL7hb&4cG)C(9%#(=n>xo8j0|D@ywY?r+_&*V{4)_Wh6=4f07CQo2Q%zBJD z8JAE>&bxW+ZMod?Pm$S*7_k5S@d(&dXZC99%Q8m-#cRabami#0MdshrddV=M6G&O- zu-Seb^PFp>M+*~E36+eFlts$XmG42#HuJM0@-Z+PXhlNvT(dCB{q-yU2%|vZklFGv zL$YqKcuo($I>oOD{9wN_*_<}3WvL-d3_@a2GQ+}A4~2wYqSMMq7vMJi52Po~uSjr> z>`t@&Lz)^ik4^FzWeIUBBRkH{i=9;YULqnVfJb8V3IBk7pGagDYgawkpTsxfZ~CIM zTmi?BwlpJ@2Ga^ttehse1rOpA^GbgOg@%xc2?7nF^l!sdsg+^M+TOchanZitlksK) zS5C9?J}b&a&6AYaZJF^G{p2^tfnjI=_79ahvQH(0)U04->b_kKYcVHEm`qe{CKgph z%ypVR%-*x~E;pNyA?`o15NolWG_KjRp$Ou`nxV6E1#>p(!)E$HOv8lYm$ee`T_*NH zOERJRFFJ*-(3ovvT(EA|AFeEoGH77yWf(d81X{@bM^Jy4=?ggobvD!7tP+H|3m7u^ zvT6A*Syb3Xmo6yG(PF8D6PL5k{q8YBf6RVWb-M6UHd#xV*|RW5@F}j>GR5wsc*|s& zgjMt2#OGe?V@sbJb01m6zi(5MbOt;*6WWxajq>Q0jW*`&gD5UQ&BT+-HlWo{)(=3) z${5*D>OMTD)WUMnyAuT+RXIUXUv|O;%ACX$*29OB3roy(CKp|Np-en;HKILqs3BPGX8{iBS7j>k%fhR^uxWt;)`k0mc+fn{_fAUC6}bRTel?6EiO0YW zHhB4Yc)}es_!(d*>>G0-IMhULTFt^*OyN_e>XPCh`0DYh{FQ#DOCYYKS9Rsu$X zXt+W6*YG4?bJ_1voTEpG>qE|t$SW*)L!g%K^$@V}7!UxWzbWN5r@fo+-6E>YM+a4+ z2t_Fx8MyZ6zyVyj^pI>Q-d3g*FQ0W$GCuotVQGR^I1eq`iXP?M*{MB0Y>H7OmU90m z>lSfNU~82_n)iYXTl#Sc2*!`DPdP2l8T6^On)MJqoMdhkz~qN*h%18W-OrDQD2E* zh_zkSV*bkKEQB~1F@NCmVl3?9R`W|fsgCk?Lx>nqPb4zS2c!P7xn*=vZHYU&AV=C_%hSOebr%HuSl!KH~Q1b)4zAkoEgt(UD>y z4(#XgO~m{ZAz&EX;4({=tUeO@#DzWx^0sPfyY%Va%$Sggu{T$8=WoHWkTLeIlq5)U zIV6D;+|6=>3(}4s@!zyc{P#OL-&8Tu8qXr~BKEP2(kYeiRSs3kGX(UP8R4ZfEbbfS z7nyrPez9V#9qWQe-u33Iy>ueZA*Wc317u3Yn zwtgn1pfZRmbPdm=zSa}_p(Cps>I zI<;FTgttN&qswNU&c+}?si7>lqrYl_UL|V|nQ+f{F$ku9Ov%jp-1@7=W)mZU{bSUk3aR19ADl9 zo}WzGo0!>evT8DG@uFXB`*mi9wqHv7jJ4Vo{OXj&Zv{gx=^CeMBj9CIArHcce@gz3 z326!=f)&q4&OeE+(he$z%|V4IH||r9uVrdqCj3YICyOfRFI-h>{a(oxm6up|4>9}| z*=#rdAsIh|Y-)BNO4A@jZGeVU3RZqcvvwbo0V?->XjWhxu7fu7S~lxe+H>cg3JgnG zRf{-QwQyg9d0Wg2Idy`kOkU|MZ#JJJTNg9bSo|OIDQX^P$6M|v^UBM7N?$xXt6$re z+5US>-@p=G3JpC&M|K?L9N-+bo!cl&mc2PmrdyyRQ5#SUE_viC^)t}wfv(S7y_Y8^ zrpnF3sA8RTN<{*6KVhAFF@oGdXHV*J$pUaVw^`zz)7ww7a_(Q~j$ws4spN_&@8}dn zoK;F^nN~Bx_6stC)LhYU7)}2?LNT+l&zv}ZwDpOx<+C4C-bEMF1)b6^#N-lMu`+p3 zx3*O^-pwZneVIy=cEsV|W^Oq|$tFXbDi)FR*00I9@JMPqPH}fX^M5Q;ER-69cG!Zc zBdKHee|=DS!XIBolG@z!E4~+op z%zjr%`Vd$D5iS1KgbXrKu}8UI%sN2s<`gPMf3K>{IOWA~lCC>t=jE z+Z4WTG|B}W6YMyt(1`uSNEc%U4M?f^^BDY$8Sttk!7JZ|P+)|w=W^KvcPEdGKeE`I z%4l)_@9Sy}h@ayShFWU=1^Ff_T&6afsZk54CTtcRtlh+G%uRZ$>77VPTn`|5&}}33 z{UZwS{?Qho+xu$U5((M8YBqmWddhO55lb8(aztM4f#gRg@(^>O_w61*%{gts{tW$> z70bwPSa#Z=@~rc5I4r&p>r}pNj2+UDS%8Q$COV~gTL=;E7ThG(oNOWB*+yP|K?j9f z#AlMbzuN0>8NMVTc&xXz77H4nk)6v&Uhp{NaZ zLRdmH|I3egjWrLgn9)*evRBI;9{Xd$7xVDQ_oc0lE@+n79CYbx?}u2#0C)B`P>L~o zQRdFL6o$EyEAB#A*a^BvemK|4eB#;C{US#8^gBOK%3oA}0#XY5iwpk+NlPRIReM#O#B0VgH2p=*!$H6N$c#t={03HrjFCB zGGL%X<}>Q;S63QjkizEwPL#^B6KA_Sug|xFmiXrR3cgyv zvjl_Zifk9;YLthq22IA_m99n1UFZ#lKui=_59%20uvtIPW<|VOqtaSyQ8w#vFKfKb zx*(gi*#kJiX4Pi1{^(^*v{}b`S<%ZCg$A2EE|Yv3c1vP~3`C15!_)$25d@L{w)TAU z52!*?sz%ICODk_a#o_oo3n=YmA};(I=)O&w_ZOu9Z0q|?%&mXbzV(40GOcdD>^SWO zpZuUX#m(RUEAkI^^Ec+qz}|e{21ofgA8LE0PyTpKAm5?SQobzEKJ)8h=E~CrjH|!6 zuMOGl?4Rjp}Lj# z6QK<#ywB7sD1_2Cx^OGs8x8>XIQRc*XP$pa)Ge(MkePc!Bq0$$J3xk$%OS14dmaxw z?;mLSeQKClUSSy!ORtc*RjWj)02nzyQQY@5RxBqwTZ_lPh4HFsm1*j0LI#Ek=Y2%iCu04b3Y1L8ls_%}8Z$%T zmjWO2Ob*8eg;I%p{wnVcCKviTc9#aao<^B>>@Ev*9gGdnk==6hBupue5TfeJsZqkg z`eJ8Y;L-8U1`aH5uWR;&VyAR%j8@iA{WYuAS=?MER=c=rggt;Ru!dEN{)?UzlN)p@ zSS5zJsH=y@b^8scRm5D0$wGa}3vvGm_{e8%Cca;2@LOp`SV6J~^p((m`Sb<4<*E;n zF!%AWhFHz+?7>BBYkvHU{HG`}*s8E2(skOt`q?8PX}k((Jx zg!L&`X0Ask1I=53{XyqN=I7a7!<5EzV}3%zN}81G!jhi+g5Kuzr0Y~Pit4qcGR*K{ z9gA$Yqn!RcMzeJf-1YwvCa#P3a-Hfz_K7(dOwh$6H4J6^E^lI+<2d5bH9#w+qnUB& zmT)cFZZqMXsytKQ%}!c)e2(KO}xZVTz(sC?qA z6nc&v`rOhpwT0@Qj)Wep0d{3m=E?r=CE4!D-0<|h3p;f!!m3w%&wdfRJ=F@=drDdRCl_cF6el{5 ztz0B`KjB0gI47rpmvqgc_?qth_Y8HeetDD9q97UG(6PI2@!_4X%j7!ZnxD@|L)|SN z!52Yq&vv!;%HKxs^|ybozpvWs@5A@{yKt|+$L{s_{(JpBX87M$A6A(<_7?E}N;kM+ z!*wA-s;00RgRj84nYjq$Rl0@FD+xR*7lQ@5oO#9sFDN{}n@Q=*E-y3@D7UvygkTQqS9WOp^JZ>ECdo177 z%DI#dcI%rY2vRZ9X0~8J$R^HA(Q~q~!={$Gizs_b9EkB-5EYg(i>w6TQ(Q;6lGH(B zu`0hvmx8fF8(Q0sNu?3AaQmFxTZQ|Q%|5zX(mM%?1iF?BEslx)B=G2ZXJ>jW_N4QE z$F5_d=O!=rwQv;1oQSxCO}VYclya_*K6E`EdmhKw`>9`NMcEw|K?hy6-TJg zhK{(R^MpmLqJS2K(X(LkszhFkvuna?+!^Py1^&xpD55@hDM5aPQzoT&vQQe?LU!EU z=I9f?90mbpJCg#!ks)ceR9$Z~n$0ch+pr<-cev}x8l-<+94$kCppjn0=3-#_W9>S)PY0*h&|>q z3;2^Q_8tCD5D+C++hTgqh#o^T-*3)!a4A0?ugLCrN`+m>q`o-bFQMi6@5;Ke`+avl z&oS^-UR(6OHd|=bXxv&4*%hd@`1QUOIf1hd%av#3r3IFQI|ev6lNbGFBJoQW<}lfW z9RtFGu~_^qwoiKaOvEMYf9c?t`2S#3mMonp1BSoYc}R-Ft|bpXGxd_7vwp`rt9OrD zz3Zq6Pb3Q-OBQtK|F3c4eH2^0^C%~N10O)PjYbm*%}K0qlXDu>c!seFtq@ME5CAP^ z;?X{-y%%aOKilyyGn;U6G5$|#hig1C9trCbS%eO`0Wvv*vQ1itKWrC0;Y-AECY@ui zXa!4$5;-7$B1AkWf8_9(FHb|NAkJbj`XGbEQAAr! zG5Di}N>}bjh00aV2Or-FLiAH_%{dI>AzyNPzAj{Xw`=7RWes}$5^N&9A8Xy{R4R;n z0U2ViW&Tip_Vi_u_Gjx8^oP5!IQ5NfR3ej|t0P^B@!%-rNzqWsGlivalyvxZYX6dUL@9{u%8X zNVfaL4l`$dta7HPx^gX%x zdA{`s#OlrY>0fF2Jl|?5zIw|@pERHD@(L?Gl7$@>x7Azn<%$k)%e^+M&o|&0(V258`71_oDKIir_|-vzWpwIlYwj3&QL zR)sq|bEH!UV&fO*X$z;)f!N?MZl{=Hi~XR}@YmDMN?;P2DgMYAOu7)Bn)AMs)L z<4>1qkC(R#b9D*b-g(r7HO@iFg6pk5;VrcZtCIyz<}c@*0zE%6z4P5)GT3Glo?PUA zJs5SB-bxBu^&AGTV6dxH^c(-{p!2X3@gw6*H#Eq9bI@jL8cg7R$ zQnZh!^q@`pAD#~P=9^2ky(($XK2~1SO;F7U+z1kM(X|`ag*4R(@L(xQGPj3`lpe;X zc^)4qxQU@diH@^t0$nK@7t4U3Ja051xBAm?vSXTF!NN(Xoe)i!_Pd1|1CIur_1o*d zg`ec(N^X+LtEq{e=s{SNS94ahhAHoGhN8tx6Va^CYoO9-fN0^^tGIEGbSup3>sWg7 z5VsOGfWPmfw7;*B+jr8H+XwRDB_30%NA*qE4JUy~om^3NjZsw!Ru<;=y2-v!)C&Nb z*C$PBTI|!D@QTHH(lRkI?P~};I?j1wd)+j_zhf6o7typw2_&+{+0n84ti>0&7*;;s z^Pj|BiO_pU_Nzm0_Q85pa<^F*bd%8iA9__)Sxevw7~h0KgU{;ZX%M-gj=l#TjrbZA z^rE}kS{TD1`?e>EFmSraVRu#*Dzf9O1=G*E&G(_5YH}SGwbC9K=cTVzebL%}diox@ z1SszM|IYV)lzJ441$A$+I2|;;Wh7DS=iQ3HXG9|ntt=|1y zb!HP#k^i;Y-#L&(V{OzKJSS{!v~yHQ`yJ@Ii2?H#+zHEWYA%W+OHB3TiW~8TifNs$ z^Kh{mpZ7?ZZ;RZ(gdy|>lnOc9)UubOywDXZHV6KRd_#@G`kLd2w}dQ;lOD9=P?&l0 zO+ZM5Rn1B?1DAm2!Pz$IWOc`j!l_-43o!#-2Lh<0`fJ2L@ZrAcF=ANZF81H#5@Yw) z&=X(Fg(R70XER6dQ!`&OM=B0u_sKjsn;Fb0}p3$`RB z4xbgrmQ%b9x|9XsgLAeQLXmE0Y{P6I_R4zA=%K%zT zp7xmaVXW2_uNibJb0t3a3)Dl?VcT?l%+Q%6!S4Zqntl;V5$H0T>f!mai;;{Ap&;&J z`5~0^R`vabZ1F#PgY2Eptuaw{894th_`+#G;DK4VO472 z>BXY39<=4s*DJq}l8is9_~)6s-%$`LxwAeazXXfh{Csnr&Cl(h29w)-pZTF%e`dD6 zuFn^blkPV@jPh1Ra)@<%St{>uT`v}4(FYw*hD5VT90T>F%Q;a8z$-MzE4&>K0Z+J- z!k#X?&_ZT#(INPLfG3^+l-D0{_GCsDdWb1?)RxT1y4{ub-Nt{VgBeV3asq)Qaq`K*I2>s2Y|*mPTeF7NAD_YK5rlJ&t2Fr$uFj4Dc^IpLuh zrE_F>l$Q5?2rbp0NB5&g3mlCPO?%5O4mQZk)4^K%QmG{b%&wxxhVL3%Fhs@-TQGVB ztxw@>BKPS@uQ(WVvn?bqTF=x%Ics>eC%DQw`gLb#>N$6UvG)tft5J6RD&I@}I6J4{ zPZFy!mCdJf?L?0$N1MA}L05R_q<#oj_YKRx&gR>GrB0B1_%mp(#P%y+SxxAm~~BI&1`{3mk11umFLI!eVlA2vGhO zLJ7@x!~ti$%&~S$RBp@o0rGG$WonrJaj$U(bU(&PLQZi=ZrGanthaJQdMTrK!j3^v zfI8G-2UfK()Dj2{T*St_nh_i5AtM8@5g7=&rQqnT1jC%6IzEp=1m;t>xAs2HLKA`c zI{S}%fbK?1LlQ9A#Xvh%D%NFqGKF>$!a*ebpWhY&$X)WHz`XTZkwVydze1=L2$KbZ z*i$??z#C$!Oba!@cZv*v9umNMx&UyxfGA^TCBBk#Im@A+jRL1dh`8jFjINGOldE>S zZUmYHeY6*Z%?awS!Gv>T4k6GX0+XgC=uqEA;NCk_&EP0RT9zc~{WJY{Z{}+=hYPxU zJEZJ+C}>hE2TE!Q(S`}QgGBx@N53bSgRz}FtpZi7*o(Zu+CHhvAe^VbAXjF8Wh=vl z|MQ;}{|E`~E*75QvXjI^!a&?70>`VD8n%s?J5Zvs zKH~a`n?;`zvo(Cr2ZC{)Q?^%|n$0D{@G9`|5_6a#-}IK?b+I_emA%ka-_GJ?XVfhH zYt5xJ*x6t859L=mORHyGs67|a<9~e3v0v6slrblM`$Em=Jm z+kTa#kCy!gAanPh{L^aAa;vF&l6cjXW2G-qLU6EGGM0DjaoIvsJ*X0n`q(O~AB(Rv z`6ksEBkmW3$?1c7^5LqegdV-{nnj-U)Y859TNsqO><$7=E`=g)56$QH2w~;zy{i~hs55a}>;v@7BQfXTLUdR^8VfIoowwb&dF9NxdaXGC7FU&0SgUtZR+ z>-gw5J9f>9jf=k?iq6W=vo@Zy-Hd%gD8jqBNjwq~eHrAquToSJoh15PR%T4K3uPcl zp$oj`VD)Rq5*7x3j<3p3-=_AnrGJUJf!!3|{{tmzR4@iri9=wb>N5^-<3&VOqMeA; zi*CcFb`;BFS(5!_JEo?hO+Ed2Gk-IkAm9 z211}0dqQyG;PQ3M0xpfEQ0!&lSe*P#>>BvK^g27?M_F-7Dd9{lscLO6zV!IZv(KWS zhyUZRI^R{dFXjCoq)QRD>w(Jm(j%d#^F?x*uU7C|8a8KpMPh~rnJ|@ij@2tWmY}0Fi zP7wH`0wb*+i!{!(pxIo^^ z)aG$>cYmgsQd69KcTnsuflD6fD9&~J>N4iTYPkGZXzrsm;-BxL zKUj&>DTOD?5X5rAjAh1_`w5Zj3V*a|;?C$aXF&cah!*x9(y{xP=#-A#$FrZfd*YhK zKZw6uFku5BL1vX~n~T3q;)5${W9^tTCyCj1f*8WqFDE&{=)KOi^xY~Sr-z4P4@^n6 z`O^34->hL5qQ2YA3SI4yn;tZqI7UA8 zQ%htht*&wTrLEcAn5oZI)cPj5ZNu9?LI2Yi^gp+WKp(El)i zP9V8XyG9_3zmtxfBY{C@5%9yQ`8vDc<6a6lBWz9)cTst%gi7EmwSmf&YMh5Mf~Wn> zk=h)7EHR(Z(a!$0e^&XcVBD&}vw9!=(1!B9r|h&I!>{t{p_0I^%p`ujU7u6!Be0-!3fH(&Z=S9bvRxTQ ze~(%`_A-tIw+f)N?TbwoAnsC*<6uZZn9E1Lr<@S-@?-()(kx=Wz`$X}TH7yMmr*(CG+an5L-7BQD|hqU6CGYoED><{hv zBUzWyqP!N-I*CBDxfcg3FYVF?;lhu+`GELmc`ZAm-@upinRp~GobB5No!LsG@^;0M)d(-nwSp61XA58x%S3cI~rym;jw=eBQ6N>y~YPM^H`y8d+nmM~wb_NcVKStr4k%57Ayl3~Gc${?E0o2928w*D0 z9VXqNIOVXIT$KhoeR4m~41GZQdg{roNeJQn7{OKu-RffiS4h9){3dW3cVrF0+q}-& z4%z-xnHy*d`M+J)(;?{x{VA1Sk9|dVo2k+gV>}Dx&&^SCNeq3TD@)(GBI-Eae#N{E zi=x-BbOzYevF*4&%C9oxyQPT_p}6>cqyq9_H*_d~gJ2;&6wR_K_PEW^#TJI`plj-q zncXb5?a*IaIk8hTqh2%F!6%6@rd=NA8sxVB=s(KP|J$_xcA=j~_jsaQP6g4&TFyhS zck$uQpn-IW>Ti3IbS*j{pIq006`jcV%I=h0zRRT*w|f<18y-b<$e^^EcNmm?93~Q9 zP?&yA{^dx}^PYY#H=j@%{r5+`f4K=&R2}%|NxcUq>z}Qe8o2s4W^p}!mbfN9_hZ*W zR{hz7+G-4AEWviH=`X}$VuF!PQ}$QwVw~sd0*_KGdeFo*(W~|vubdfG;W2YL|IneMUjD)^h*nLQN6MBerS z4&rppLzy)?XKBfdcx3u(7Uz_&3;PIpKZOeEr;rDQ*ET%Amh(uG{}(U+w4D5cFx9uC zk!*m6*8l$)J0HNR%j*AcW5C48ojPUN(wj~lx)h8ObmG(v&_>=Zwt=GJp9mKv>K%{* zZrn;rRJYBttga+AgGz4qGf7YVLjKWnST%o;rDu<=kvMu4*Y(E3olB)LJq#Bjy0$|6af0%n_o-@_xxJM_EW zep`DRV9MeAXs;sDn^Xz;$#!qsi)Rh>OL4H(-iSz27iP>yc6OiDziM!Oc05fgp$DP5 zw|zR2JXXJ+;-A@ly*%DqtDleX5A*Hbwnrp6N(uK^zO{Gk;Px;-egJB-%P8UJKRBQJ zQ_m~EGtB=G!YY^#8=YS&|1|PbZai;Y{Zv1X=jSS^7au;iQl5qg^zuUv(!Z&LPEPF~ z;&qiY)Pa{)b?eV2E4hlzeek}3itl;Qz!R%VmHo?=TDsQg!0Z0oYQN~eyH(~7tNsln zEn#4}PY>#vyW>j(_pBn{7Z~)ySAjlK=Pm#Q@c-Lbk25(M-@u`*9NDBHm#4?3cr|fZ z1sdA2GLAsv2Q6)`*&oR5=f2PJa2hRy?`4&Jk=3LxD_;tG;SI}@_`z&)BE5IPBE~-% z>1C%bGZ3m|0soi$J0x*HCE55#8I)j`S+xS@*WfBgx14Sgkn~)b-p^^mAgQ zca)VpGm`uPA8^KU9Q=7Gli?OE<#AIuza6o!Z>-tRE~liPUp5uXL%fr+%rWs=Dbs}N zFQU4phW}oLdlbWbYHeh7W6l1lHR(?;D@|n1Dy~1v$Lpy7T%`A0N@FMJ{YZa5>-Dkm zbQkG893-U zed*!LDxle}eHuLdq=q*vi@~Ljh<_l~EF+l)vZbi3s}tT9V_T(#N$jGEOGbjuSo-tY z+oG<^NFQH z`W94R@!C(FmTD^^7RPBYtQdR2gC}5iSWr!mG2M;s+9xHS(r~(A{b^`+Rhg5EnM3KN z5x_bPuu{zO6{>&FlW8`nl|D8H;_t9*C~fZ=3)I;g!C=Denb=x9|IZ#OSsr|Na~N%rx_mufbIDF9W)j0~M2!JC~GA*b%wrA53p2kc7j5@LE5LG$%MC z7zUi^1F=1WV8KKp8a`C`OTdxh`Bp=d3YPf9Mi@V+)y^*Vm7@w|v6Zya( z5~!aenCUotnkN>xRL!Q+>^@o&N$e9KmG_K_8oC$mEb7{liZDcIDblM2uJ2TtOiPj8 ziHuAa9FpV7$d2JxND}ZvQDk%a6{>Z#1 z(r9W(_G*5C-(bIx`V%E(CK(58$1^Q6ju$_}dK|Vvl1N8e!!``l7yb|BXx|*>l(rE) zOz8h+YQd7o!eND*?w? z2JksO%2}%$-Ua_S31$I(-7fcgg@Algh+piVj2QdpP3-R(cgQ*TYtiJjdR_%b%P>CR zyU*9yw}N}G9FTa)?dfgu@!Y}9D85bV>9PIY+ZJ{0J#au+g7IVQ9gfWxd+!IScSb*+ zseDA3V3n0+rtP<#zoo4)1=EQpqmQvRAXm%mj;)AfoJ z(U>3b{Gy(}chf-pByqzDJLXSJ{b%$?^kew6z^N96wlbF5Mrwsy%wjCoo!wcfXA)0D zA){Fg1@`N1=9!=NRKv4T?ckc~U9WKqmpC*_$dj#P0e@=?@Mp%%`+KaP8_^bPj z4NHMiqO@iNP@pAl+5mxRzXt+17gQ`GQz*?e03UP{ST~i ztCqch)(@WM>F*h0 z9eRHQ;|=Vng;}Fo-HXbS)gFlImOViLau!&#$`enJBFv!K4s$7n6@Hgu&AJD1jfypc z>tb4CEN17Rwa$h%cZw}Rt>8uGM~uIYfBc}$)&4qwr5`|~S4_jsm>W1__Mso4n3&u7 zE5n_b$n6vnPwxF59}KNQ8sas4)1B77jc4b28+HtR0Lo)bX3vbdKl;-R0^FV%|E3-B z>+Ih;YI8T!iJ=I}vA598T?1>|1GHvv0=j$COT#qe~e8RIY-D|*R3zqI4VqquL# zYPaIxw%p$jup?lMzzK&AigD_z6xK6`dQWB0KT$0P9PDq$q$VTWmiS_wU@W9iGqf-d zu*shQ=V1$}M)I8W7~;WU!9{Ox#7kg|7&i~xaG^x@yUr8a-DE$Y)MJ{#0nC8(l#`{{ z-LpxfZt}7ExIeUgosqySqg>=GEls1PE?86pgZTzsaInNk?27E!;QS1oGPD^4gRrD4 zAIyR451zs@i6EHi_j6gv{xIv`0*U6QIEjmV|BxUM^fZE*?8}(RQruyjWahF!i8lR# zlha#S@c{>)-N#t9Ts!Ox=4cx8h!iF=7Z-PbtN7?h@}hi&zDeB^d0!+uQ%P~;sUUVp zyW0mX?CzkO!^HS0$>DEJSu4!<(RM+$tr_Gj8$g^=#8HL%-1c+W^l znkzT5M&3_;NT?dakLghI-u$iRuYYymCB~`KsRuR1#J+%))lP8K&-gD8+w+R0l@E-D z9?V~9x{isieL!P?XcSPf%_YL0v>f>Vm1_)yl)dTxfKuXXz$m@jsT>COE5eMfRlbpl z)<~eqSXX%`r+Jbfd;QgxYh24EI*>GeO@p-cY2;SC5fW`y1&P=`H$ARp)}F6_W7&rxNkT03)DmbR}p_}^f!2vhxpFngyM%Y({`9h zeY^W^zfGTx3h%P|?)pr+ND;LUyvSrGw|{_Lti{~|rkUV)YLlStl|-aRo%~l@coFCr ztp#+n*B${Q8^DOx_`#gQK3FFlZ0{)rO``L#}oIIlU&_l2{3FkkXx8uMYnnCpTuN6jH5h{tyo zo#6kQvHR$6Am|e2gcOHgS^OW%9#1w}pbmadqty2pg!%Q#{dWiv|Ig*zNWd*T z^Wdz#aMs%cgm7E^C(wm0VZ*87Z0b5+jKR+BaA)4g^$uRaU_;*ux{ZY~QM?r(wQ{L6{&qbsE zQy=ZRl>AKTh?BdIi^e~k@Yod-jeezw+iM4{?uT~^s5$l=gq8&$HLW^D?*mJ|&nWxJ zp8#nCuj|&S{yT~A7-0|siBEDpPDszOlet*?DNm2%TrYLl|E3J)Q_#wqnV&IR=C>FU zIz<%4i9t9+*@VaL?3>(OKau%iVDt8Z!ug#)Xnt_8D~=1;Z)TNd$cwm-{A|z+z4N~5 zRu6){pg+y-4nI3M<83-uXLerRFrS|=pTD7}$rGjz2$ZH{<+BspisSq8Z)tq5*$~YL z2+aKNca0xrZxMS4_YH=}jyp64<6#6cpfbSn7rWUkp+$xgMOLG0 z8I;}mwyXl@@_W3JHbyGNE82RmQB^ajjBz>`kzceK4m#W;%J-o4>-RS@_heS3g}A~8 z3e5iX*l-rFK$c0YkYH$YQ*FQj0(G!3pHUeOhy2cH6YnMutwW?5(i6_U%#RgVk;N5v zCqHEbex1)I?*6}%JwW@Gfc)a-uNdxh#p+#o!GLiR-U%%yV5^$Sb#=x$B@G&|r@Guu$86u#g_d>ZZPi5p}O)2OyMO zYidpE4btn~H*)r+clinzTo&V=OwHH$EfghLVUS~bGWLqUXzM;%!FjVsiyQ;k`ac1` zZg!hcV2FQ^Fp)Y7etm(RMEw?O;3VoPf?#@oY`Ppznp9_7{Q$J{#5Q+5;wpgm8AvgP zjuCYVY@$-uRDJLg-6}l~$3{r+onyRzfX$hRU7kC~rQS)sjjGaTzVi*jk^K{oxdXts z03R?71=?Dmno6sJgD=CM%I)e-*IS zEBQ>ZbGVGZl#=NyfT-Xh=r`9al(~Fi>J5`_?r|N;ii;JL_2g#f%|<`aO)wcf7*Z`> zHTFR|g7|sblV6AUU$r!YjpSU+;!qyh;3beMG;p5>Ty=i_#!qd3s;AZNyUlQfi12zw zeWZ7QQ;GVC?3ei~=l7TJ+CZvs|2x=9UHh!3x5k*e%0BIsXAz&DG^1VDgW=VrA9#Jj zGs#*Tg(d=H_|D$8c>LK&4xIx{!4&F85NMcv2=Hlz=;1a8{KCK@DuehM;+~91@>ee_Yo?v_bhsEhhNDvtqykc2x@N-@1+b0;|h$E#o$scq{+V z-QAu~tGj_~X7|;Ph^Ly2Nq4=UU9>y@D42hEMru=&N#eV>*^nPaB~Y6^ zD(P;Fi{ne~oB1g+7I~k(eXAxY5%2MLNThd9Zd66CZX(b~{RxrYHT;cS{Wbl9(60b+ zBJ|7oO^5b?Ab*Wfx!bgnY~+6DTk$gq(DerH_VjmhWOd1w#*>I1^nqWJ0z)*WNRi{+ zMRd>4<{-4nR*l$pb-B1OhF0?}&WgrUBC|?Of+e?4#Q1Q3Kd*jD=R!B{H>_8-> zRlg$O|83|a?F`_3hH9_^Z?dXZwz>ncM+jqT7yFlvjb1VyuSG{>%zrYcv*GlO9quJQ z#U^XH*BX3AW9~6NshnSkAvnhF6oy6uupIwOjPm@B6&7Fw4KCm}l>_sG^H0oGknuGS zF)McN{)w!K+BAmN6H~ z8~byctSC>K#3eME0x2|6E(gj=j8uR9fvN$UKu3cf&Sb+Dxq3eoP|?FT_*H*qq_+)9 ztv^1}djh|;lsepV?AyKJ`-wmB1?hi>-7$UTY#X*;Gw#=c{n-{p9LLPg*^FROOXu)5 z_j4AD)*CeI4_<8C-%`s^iN^g_B>5M(Ux;J#pKW(1vat$uhjDxkLP%KDlS3b%n4=xQ z?5+m~^uE1~X9L#V{CI{?W>HMzIp`C|Bco@*cur$HSv@^y^UJjlCqgXPOO$|D9HPx# z@qItP3eOC|$v3bB1S7u|prnZGcAN%71#*uztF!nfZ~`lF;^m+a27q{GD;--TPCqy6 zKOmE!!;#kE^fR(|OY37fN}ja4Kd~2?p*{@$CD}dmd`HM^cf&Nr^(pw+c7~u)t;2*6 z^gBcS_67~s?-j4BuZ#4K6N`Yi*727?tX>RCvvRd{uAl!6~g#vh5DKC zrgAX|0ju>E>V(X91AXR1a&iH`7%2CA&r-v7+%m-PuZRN_K*RrmSd(*^9>r;wm?Ri8 z4828du0cmcA~#a1FrimiV|Mqqia{5LgBH~_(nj_q`W@VSU;SQ@Ug&ctMuc9JVJ=}jWDpNMDZBI zjW)7&)3vtU9q30VlF?)p5k@3V7?4P=xKBrYzGAt-cA5KDg%<-_TC@c`YAy!r#|l zcEVrqd=*Gm%PNfp`qH}$1yLXjUNVVWq@uLDH_={bP1~#=p=?X&T+0~EY?eK}V6-0G zef3{OUlkL-kTBAxc70Dc%Xeb-0+1DUQq2a8POi#z()%!-PzRH(?|*JCD_QTe7_Mh4 zo~@U(xj#RunI||%I4jR+0t8T6XXf5uugi=nhn|c@PHOjWrP+)wbSLS{jH_tq9xwY_ zyk>4>`RAyiDQE%n4^;7`I}J{f7FOiy!vO*-Cgwf`rewqC)%%frO0GkuL-?d@UV;x^ z;8ychXenpaqZ^s5b=ssZ$H&~t-&&XTaFV>>VomnLtF?qRFuH(LYg5l>mwcEfp+Npj zHc6S=FDyjuqmU+}CXlz=c0(N$-7M`b-ygV^|e;hn{^$lt?m{0abKOXjra6r$Cv=4PR zNvotm&7t`H!R-Ohj_d=x)*f`iZ|Q=y?(;z#Kq-nkF->i3fIHaEHldxZ*1!5+&jOzb zHHp?28%yK1#`{Pt`m;A7s;sVhuPlJIpA_(vB&}=>K{X`i#`kMhU@tqZV6{8+YIps<>vV8hmgO>79ad6{x^hV4lw(Y{(3? zCz(cs2b%=eWo_fI+;ttL5~**K>mD5I^Cq?8$j*wev5=W8ooT%76XwAfS9( zQheWhaquyCzr17xD|nktQXloqaE&i zS-WXJ4KspVwYu@zHl2UY_t0w2&TDA3?C*X=X}0ueXdQ04|4}pJoPe=U_6b_k+1K;P z(|qzew&JP0-A6NUzKU$;dpY=Y9@6FxMT%;L0FJ%^tW7SP;t%x9y@)IGTCl|zS(>K? z^Ec?oejUERqBes>_U8;hR6~MUF0vO>^dmh7IJbot|b=A7iTj0>wMrGuodE8T_)LxUYE|zjTxE zytjJ^@j)(|6#oMujbvJon*tWARr3BCh=%-0k!xEerPLf9--{r{Golq<@ZYOR)>aJ8 zal`Dy;&LB{koV$PPnO*EERW7KbQq9;IJpwyXvLWTPmh~)jh zxd!jxeKdC^vfFnnw+ifKzp>wmg5Z0!@8MnUZnq}lY66xZ$#feqw)^5bs}+cJ9^|T} z78}sGCE5G5&%(U9N&BGYWGrLw!@(0okj7L{7^u*>6jS(dfWkA;am@22Leh1TaX<4oiVf6?eiA!|cYRumt`3V!hdbd{ zLK{to@CBZ{AB>>zq}v13TrqhgSCt(`+U-0cz>s>m%;zp}jkz~~>= zL)abeS(FZ6qVWEB3(2hFe4=C|oWgLxE~*QO^MjYcP7joVF zUWTavCh@~~P>|8IWmfc9Nk8`N$N4e{BHcawu9Sk zCGow@L*eVQPm6!e7LMsNHl$Uz&_RcuP|K_+`?^j2N2cCH^~92~-)g||2)t#+8LH8d z{xYy!@k1Mz>+)p_SEHW;EkXd->dp;s_Ig~T)fdxGt8xoVv^|s7#zGJY`aaa!8 z*l-unFaFPPU;Ljn$2jtgm|megW6o2O{Y&;A=qdLI zU;3glxb%0i2^7UwK-Gf52z%bj_4u7nvL7bE9dOBqTyM9jH&)VTWXTeh=Y%CD^t)w# zZ%bdn?*FZ;$k)ObXBq>rG<%|NAyvJ9j962JL7{{NlQRP7a?Lp5Q${Y|K2s@gAyC=P z`6j#8WM9q`m)Kn&M{in98Ua@v5(8ZA(m1=qcD$w5<6ad)etI3JwD`Y%HOFu21a?M! z%{Jzp<2`4I_nc|GC%L8&Aom*hS#Ira5Bd`L3)k79Xaz6;*vyI>D9Oy8lWHiWBjK;0 zr4XZ2x-KCSW%YlBO^&}2X`iAlo0`cIvpN1Y&iGouJDyEwmf=g4ZYeUG0dV=VmJ2UO zP_i9=__Sccl0PHtm>5~}jd{ke9{ZN@$PP&dXsnubf}@_`8Hf(3^gIcP^+1AQ007=i zdJov=DB_oS0F?Ru2LYfalLNqSJOG{zX_3fLJ>l#X|Dl$Bj6tJ52dXOwj zZ4TPTxtBpEv|S4e)@v4fSu-b$=227KV zY8k0RPtP&8?jeo%y7TaNLNQG}4fm;o%5$2mHShZK^c(QlE{&`p5N{6Csd*WWvUfXl7PuL@xuhFe6*N> z@OhIy(>iJ1{I1PqqMmbXq!fi41aj`Rh$fqJ|5!<4ojz;qiZMl!icho?! zy=LX>CsiH#VRp^7y@Ka;GNtNYhNE>-=r>FK1%%#B9 zg3p6msl<6drATiKvV#5@&3KK5e{|FiEfCUL{MP+ZOU;AIM}_*kBhl1n3KJ9 ze2e=lp9;s%J*4OOlw}3`;p4$4R@X;@Pk`|YKD9`_H*N5~_Xqb`Pi8W^JWtK|SFYE9 z@M1~)JSmofqh^OY){hH#>cF#qn=Px>Wk%E4nfb+%+b`6)IK2}8ZPq8=4-nO7R>`)e zePwgZZRxSL#PnBz?t-|p5I~B{dUlx!&|r$W70+e9N&|b8bOO6g7dq+x%-TZAkzofF zY|npc+@zwRAS`WBJ3cK-C>toUUB84>s4^v%e()xyq{~p(h>nH@e#xB=c$n9=xpVlW zC@#w0i8A0uT7OWi1eQ;k?Panfi1QgWrORE&sG)qKa6U@=9WHx?{q_OW z5+SqpA}#QT8spa8Z|nbT#y8jY(xG>QIfiQ;f)~v$s=p?^gWG_%>3x(DTSTtfnA|vK z#oRwkf38*pQh_SwuDr)cPUlZsnkq`WK94g~84Z@LV)a2*;R&V3Bx zBE8pBEO^Fc8(w{^m?^mcvytBS8I@l}nZ$4jLs(rmSSLpBbmaMCGEVV|^v7xKB}rJP zH7;=~nhWBSq3^IP7_SUKnN{NI?9a|H@I_5!WXB$Jr+RoYD;^U#hG+?NZRb0}mo9^S zT1=#xGVV-fgv#W;8XrwH8Hn?3R={V?t8v& z{so|r*gOIgP;6;dPhxm_lS$m}vEYA}*lK`)re4#M%_QE{9{}?&Pyu)4{7lcHg$)|L ziZR)$(V0s1c9oyATm3t7^*={_fxX;&mE!wpU4Ch|D)C$u?K{FQL;C{n|1wSV-~6!3W;!!*0(jJ*eO!QR7G~25E!Mt!^V0M`})4 zG7NQfXuNUk7NFneexzlxt7aUGNb%Dw8vit?4N!14hz0TL+>OUR;%mr%vx#hi;oYku zq9Da%*0+`co$xs==HBr;d!n>N#y-1j8uywn8zEn2Sx+jdV6^ai3Y{^dcqeW1rf!yK^%jj|G z@C;F>woy>~P4+DNYii5(ApT6*($kB#JW7ogYH)xz`t4ZHKX+29JpkOVyG4{1SNN%= z+p!9Eu%m2q^Gu6jNe7^x=PgK6B3Ivr2m!{t^L`Uw+}kEbAdcXv^%esu#5T)A?|Yw6 zC~qvzO!fjL8U3+z;L9&84j=*g#`c?^XqmZI7=F@wq)wM2HznP?_x4nC#rDL8p^1NO zPp#o?Tf>f$``1Z`=VbrCyve6$=bB(Y0 zkOrjjDh^mQhDv4Z$=$nr`%dtA5aY@!EEK*n!*-~t*|fDIyO<F`^{oasjg3&x+L{@=$B%<0)`AQ1TGPOc*N%~D#6Q~A^QD)FpfQe{7X84MGCyKl z8Y)VWpQ3_Bh4m*MV|Z3I`&wHGnRyCpF%zoU#}nxs&Z~S@F?xo@JUw#}pkD(Wi&3*B zm^K_lCi+X47Oy|4xOgxFo>{ z-ez=E-l!CLor}N5>@|<;ysBz;>g1B3|6!5d4hrevGj2~wVVKGLvMd!bNIsAFHlJs7 zVzR&Wa=H^wXDV}wr~?yOt~553<(=jTP5Iw)=A$xO*`rS6^hNs4tQOjy)xn{dINqFl zwJt)Yc~Brte&JQpu~OmM-Awi@XCo@>+FT2t8VhFXNx>)D+VR0BGathzJ&J|zrY~p? znOJG|v4G$V79>)w1(PWQ&#VyX5fEKUu6ucb?FVM1PA*NItQ}qhQIVM{xiuc7$r75< zq}b=M9A>t=l?y!#1p6eu$jm^R&MY|mLYuGRcJ4OcM?nWdBHL83i0pivMsZb1a0o*8 zYEtiC1?XH1#RcfR7DMMJqBD6Whr~2emT9*rAiy(|m>?*-`+#w3k_FpP+iyvjMS81f z6uv1lb({Mh`!r1(9%#9VpV7PV!Kp<{M~DwL0**|b4wI_IX`ckghO%?>H6vHvPObF* z#L-Dl8%EfOq40rH@sMl*7icYZkVX0Et+6b+u;&M>r59z{_Xhk*uU962LvHsK#b-p4 z3i^_sTq>ws%c#BE$M01+;6DM5{_Gh=+4{*PLS6Ox$wNxPN~VMG6>cTOomn6c_71-? zCZkCRl(Tg+zdX}kV#C_j+5rL1Y;$GMc(52glL!~X3L%}vP~JHt1~JTRacj`xX;XI4 zq&)PyCk~AycQ6y3VMLPe^Hs2LzM}f*oV9_LTL;9AfJ#yvlQkQ) zV6f1U7lo(!!X5xm3S1rl+)YZ2NH-6KZljV@Y0UbOvg}DBedTN)QHoEYWYYr z$&4$>cGITL6M3=yDMnY1Y3K~H>X9)Dw}YKtY5=Id@M^VOKDM7yL1-n{W@!~@m@gDe z8TlvH<5_LYSdSh~-Hr83=J3Glr;q2)GW~qb1u6SvZvN?!hJe$DN~VjZ5*zl=I)OjOl1Gvk($a)S`7DyPNfjo5M`Em+v&o?h8#@0cFMo zt8HIep&m|5CNlXY!Na}r!DF{pHXvsy2ejw-cEEl`yJfvOANA6{N>Ha~oFn`3!Z_oS zoXkF#KROQJavb(7~LBy@nLI^-MhthX6FGlSmL?#r(tslkg8ym={c41->KnqETlM%Sj7hM3<1iei=2k| z$}N!PB3A%;*bmi4)HXC7ZXG%!6aG>I@tb3_|k{ zK(+!DGHuLkNc4SJkUVSF?)JLK)R_j<8H35fKQj3-Kr;ZLe_6p##rV649gl>QXz}dn z!Km9@38T)P2e7oe1S{erY5c6uC=;&7ZBHS$>+$y$;b;vA07=$!_5uDu9vHmN3*q(3 z8@k$~GUt$;p2!t|*{%%ix6*@I$iPOGb}M25q{({2R_+U^X$sumtfQtcw!1@397f$E z-`c)2dt9C!2|l#&E9hBRPo0FBv?8kjC_dx+WLP*J!sQg$lbT&66u|p0&9;B|UoEt@ ze;Ciu%$E(lUJPa)_Ly(x=y0+WEWHj8=~YBTp%jejZ&ZKbO1gg;gR$ys558%R|2Hg(-hm~2aKS2@7L0p;)7R6d!Gu6nMmzvxd^bl;JN)@Ff=Xog4LcIqA)?=>d`_kuRPIn(b zy}`Y-H~5szx4zB2%BK`QhF`~|`5Kc5?7NI#QyGVzS&mY7FY_Rrpf5WQAyP2aYz4zt zS?ZMQs!czI(X*pj#Ul&=CXR$R4y!`$ICOYqa&RNNobL)?LE&++Im=*PR1@{xspSZ% ze;v6%(lpR%_csT#tG?D2$~Nj0ZceuTVHUpXXBi;^5Rg1uZ02tEcM+aHCL zaZg+v5PJL=n=K`5mU}Zx)*okLerClm5WYkOS*e`HZ$v95k~y46RN1&L&QI!QCY3!b zzntM86weJ!d#y0ing82oa;e}xyqC9?u958&_ODYpe|f$W?z(9%VBX-S-ozg)h>wX6 ztUqH0V)nNe2GhBMIB+O-+myxD(jUUbI%C)@_fG|7mb|>4TaW`U1OW2q>3;@_J!|j8 z%{BF>R_>>|3+;Yt&m}ZeU(-2{6|9M3^Kp;RKbW#}aN|FUXL6I(pF@53{mZuRbSt58 z_n>xHFtZZ32VbcTuwqzAQQ+Sc`trPmUYKLj9hntx&{1o3`b)W(jsFE?y>aIRXe)voEzMN0|=ybINQ;+|Cs) zmYAIV^YiiWuXgJw!uc1RQ1|=wDmZs|(dI4kK&yKUfab)-NOCi)Zuz_TUmyQcsx$y_ zU;3Mzk7Ey{ADxj$dVjAT&8YQ^ACZK~3qBG0%xAnpMyzw6OrmrLvuJaBVSe+o zogM4kHCry<)m-xU7L`8MCqEu0cb%l=ImsWBDVo=PZ1NaHg9W%l zYMcK=`kR$)@R=$$H!-(d+d#X*?&Xic{MU>sgho>FOhfAP`i|<`rJ5_eh#7b?zdrR? zm{`VwkbVKR|R#Xj;kwh}vSgTuy@OS_II+TH-;|wHI zO`9%Vryfnc<7Aji)zvVu>hvgnSMeK}!|$l=9J)*)_CUL4ru-zqR2Lv1G{fpMtWAqbqr=tpMt(y|2_zsr32Ye_{5n^tpk&ra2 zqdKjnmyrB$DR+u-byFl_?u$VwCWXChA4;-mcz}|26NB>%X$h_YatWpl(7fN*%f8nR z_xZ1p`KYGp=CJwm<?&^52HfF}GCmH9SubTvKHDkvB-$c(8yRvdV(xS7>eVzb zR1x6U>eg^_KyGDz3P1HjyA_#2!7a!*wmXl~VR}*{kg!Nd?U@yGi+8Y(a4*Wsyx)hX z>dUP7S&^l#wN%=~P9+k7jHde|3Vxux`^^XTg7DMx3$N(uUmOB(4TPn9i#apc@uFRL z?Gccx#;r-YNBn-6Y;~h*F)p8c?W?vt2)^Bsm$f;5#CtwS94407dQ9Z1b&}4@6Wv30 zSOf>D6KDGA{|NL`D!Z3t`-+(qV6ty|=V!$M%&e&MX@B-R@r}bM}hfj<9G(94bS#iH_Z=g-@GeX|sHL+qr?m8O%6K8{^ZQPm5Ywkx$#?)5)N6I#oChzZ^;*scaqY{%`4-DaE1< zA0-~c&G}`fK+X;1uypYl82X4_9kE*f@OhV!cg74c!A#-}pY%0f94?~Qft#gqoz7xj zIfMacPb**{yyv1#uN|Lzh|)6inU9((R*@C?2hz^}QCkY6oOo+Q;^UIYRoW`0d+%;8 z-LW(K4&QFf!`pWb{n82Gp<4X=5z6o#{p^dAGO2# za=O!So1qP8nMf6e+uc#;1aOJ;CPMLfGX}6wIqQ}GAyX3Dy=1=1N}`2!i&?hE@M-@M z;0}G$TKUvps8cD8~Wo*#7tKra7yI5on5pAkG>6$jLKipxb5YinKL!PLV`mTHUm`QgDO7&3yI!!dY;>vL*h+`r@Jw z*HgAAzIrxo@6f|Q0o4ceSm$o1QS{&ApvSnycQ=0^ov+CvpSI1F*2YYJxerB_Qt*zF z=Htz?1P3E4GpRZCh8x8K=tw8tVIAoh!5w}9#lW}r3#ko2|I4M^(<(mSP=&qxc%iD@ z^`B`8n4kl#^5;HbP7$vcqty4Inwg$4M#@A@=5Cp&+R$-g?s_XJU3pCR_@l)by7sjF zJ(rh>FU;jIcGmMK#1g2JkNUA4?r&^;02veMaIdr7fFbA#2}}B0To5W_VVrXY`;XWT zG6b&kV7MDe*14dW88$)}sQzP?0)^t{fxHg~ib5_GUYf5mXXY^(^({|ZzP zTxC)zK!3w1xjau6cg@&^EN&t}kS{_id02M1_q`Da;ew9}NDL6bP|6?*MTC~y>C-dA z8tv{%XqVc?s0WS<;pL8p=>+heWdtIwc#bE~6VJ6Oh49>!AGlR-BP1q)X#i&rpAEcR zSl$!Xu<3prjJCIxRf7Njw>h`HqDRyv>WKepzh}~(Jk`7_5CpFHljZIO zhSIb4r(Yl%ZXiyv6|}flJA(e=`yf}uz&?kaz>j#?*nas-lgj;b+o5Xy*Y}%ymU8@h z^zF~L_9xLkOO7A}0l&J!x4&i5-W6T>_Bfw5(QN+MzWx`j{;*x^pSXK{38`v1{pmK# zt6vL7d&TCJOnT?QE4pvV{Xc-j{l9U$O!uAkaB`z%;SGXj#@td*eGuK=iNf1};t#%E z7m%#?cdvHewhr3qfZ=cg;8m0_6AyZ3h(f)uP@axewt}{5x1U%oAFwO;qVZ-}9=eTj z`m`z@^2rtFLR?|RTYbfz*%dpv^qa7lq23ZOcJ!{u}-bOSYlUC=@cDECL4Of9& zi_`6;#D~>d79C$v%gxt*Mka$l8p#V36bG44E9x!W)0%xN+`Eqj8-zqC=`4wfGr0%M zj2E4<}6`F*>5B{Mx*ijm6Vmx?Dl$CW3am9X# z!=4T>CZyrHMX+2(#HEU=GZin%j~S!KbTrV`Ip?!LGb=9EcV@-q`on87Tm8UPZQ!>d zvkAr%=%)S`?b-79b+3ST)iK1gE}k=TnsMxE;y<4!aH-#*cs%rHt9HFsWg1oJW(;qY zVU0+wxF6jko!HEj(zTcqwcS6G5khQZP+n3WrCyluZlw1`0Fzi#nr_*Sw*EHrJrZXe zG9P6;yXQmex`H)B{h(X&r%bP1rR0V;W*~eBDHvj3V!aFrF&BrXQ^QjqriU5AyZ!~C z>PcvNVpmZ<@Y$dO?{8cAMwRC+vyaomeT9FDd{AsoOlyfYR|UWeYh%^QqNj923Q+} zfks2x_llBu!Um~wD2c~-B{An?lT#BhGnomvGS=Se(w8*y6d1R?muY^ta#h|jo}>#lbPjnx_9 z0gci%`!zf{K0)`G{f$QoqMv7=-q@T?6e29QzVXh}9|-zzTes0ifa1;pITuj;UMnv9 z`EJFxng&+c=1%vjn6Gz@$xA<jO3j6=jM!!*%!btDlOro7$*IBQ`Yh>x!#;V27 z@1%COq*Ze<0*NeLL*I;Lj$F%PZU_w`e1~+bc?EVk=64za*7B;x-zYA0f=*QQ;bGYii_etaU zx*tb&FD(Ik|Lquk`PPlUg3QOQzHZXxkQvV7NUP6P!7DK`0QuihduR4gwL$lN?O$ni z!Z-2HKR3ibav4q_m>=_>Ow~!$?b)FXY1hDXiElrG@Ne*w_7ZQ_xu05#^J#I8V+#Na zYG`#oT4)1!F;R(??8PVk{LHJbZCN)oKJ}FsUtCl(5-+Zrk=;+piL0jk#kn=*uh!S_ zXJopxhU%rHibu*wTg6|T#uX>S&gSt>xWRHXM+~woH10v>M zH$)^OTC@L_x)^FTQZkn^#7(pmwnbf|Ob{3s@PG&aU}RNPCUhPL>1I}GDRO354TW$^ z(A~1g+RP+stjt8p$XVR=S~~aY3!4N%fV0wd*Z>b_fWcUbI}dZeF!OAFbcefJErll{ zi!FcyrzS?0F^wZ+2~(BCI4Z;b25Bt*KE4CpJ!@AU>ETiAs<4o_A^c+tx2xIxi=C!> zSDSL&e7fW>#|-xI=7h|u)o*{S-E6yS@Cc{K=t;Wn{)XGZPQ7q~<{wMl8<3Qqzw0UK zb~nkkC=~;b+y1KO&0D~iYq4Q{mSJK4zkn3|WyeF-KQBkhm!*4a?&sG)p@URIWHko- z7RB!rY6v%pM$BE0MSLi3SSD?!OuAo)4S5!}O@&B`xp8fN!Gh~Z@3Dlzq%XO$g3)sT zq1QVg#=1=60)C4uGl>iRS1#Nv_)9BNvK?oZgbEt(o3bWIgyI#%H0!M?>WBy*L57a3 zHs&+hd`2d5iSXCvewoiAM1ksL5|{a`o5L)-SHtrzJ~ISlY&2Lhv6Wiq03+M7|JBh=A?}FqnShl9G9$L_a`UZcI&$=aIA4r{pzI#viI88P-R}f@@fNqYSH?`+aGSiIm3=vXc;M{?dT$bv z<|@e=Zzj$DCSSzlF`kI>&1iEK`SJW6dZqKqiflSxS`E5AS!XgA9mT1MC^#{U=nFB| zi+;>N8zRa5!i-A=ggM`%rJPimMUte-BsRnhYFz5E9$qLbMw^b_RfIV+k~|UU>dDuv zX?p%Xf?khuYndP*8K*^OJitN+**_*##hH$d1uF$;C--3-ABqX0tw)j*pewD(Xe9Y5 zKIy!cLf8DB(eYiQ@B93>XBtZ=WVMURsC|g9GKRg2KUO{rs`A;TWS1C?i80NIxq}y= z81e}kM+Kiq{Brx8CcUDVPi8@p%0r7dV>vScgrLm-cxY9U2qGfpx{PO1UJ%9 z9#z$zbrLcNr~C^#q7M%n`aXY>!HZMaifn-oR{@bdgMJ!7G<%n{yg~Ipe|nBJEGM(0 z11IA-nZzZd;msTZ3$uF99I-b0h9rX1=*v1_xuO1{nnj|Kd+U_2-J@z{tzMVGKK zFTox(%ad<1)_{d)$g3XddF)<}=uLcrN#T<+z~ zzG(lzil%#IKeVhHd{$_0BI{~H5-j8UKI@gUbG77AtHj3h7dkc61_yS>Gi{)w7kiqUKdQw$|Le?L+3XZQ3y zDs+w3-}jjo>o4k_H*GkY{Sm8%JZ3USo{uo5bgOZJ1`X}UP921ycq>+9F8FnUzMzxC}AH? zwaMv<-c?b`ryowd!>o&6-TALr=cr8L6)~AM*Z(D2)@eg*&QgsiF-uIP&E1(x?>w5B z`otCa#1pvLJiFeZq8`szrRBB28{uhx@Rh5JX9BsR4|h%2pJh#v*p9BHn2=xQhJ)OsUo$ zi+sS-2n!!TU+^2m7*5<|)#qQ$iI4jYNb<>z1<9YWoj5+GF}<_GHV1yRGufXs6%Sh)~Z9x!YarmZ-EjpLJB2^?=WMBA=ye)GG!KJ|)R>LjH;>PK~9nA)|MUuk7U+1ClDs3IGDkzhZ@Vw`G4 z8d%+rQpB_;1XSE@`Z|u+XR&*8m&N=_yG>2#PK4z@L_TNLu*Nfj{40Yl{^-Z{53lfu zK_!`sbrYqVGY2*Eji8w#w{OtQ@s`gz*S1srkAQBp_zoVNQRMz}n$OrH$hccI+8EKF zEd#dQM)ltZrT+1*hrk~^1Z3Z|6&V1jo1ygwMOI?Z0EM3oi^LBR=$`cz_Y70J4zM|) zvu3ZNqWut;yo?`u@$@xc{-sbJ#9wK}>t&g5`>`-J()&R`1J0MfJD>AXkn^_B`A$CP zp&;jdpR*vJb90b0cAk;pS^1nZAzsbnBVXr~e9lQh&QQPpN9S`+rZvrFh|h`Sb9Cob z^V!qqd=MU`M0!60+v+Fcb6(2lJQ?Iv`J6TR96kE1ItTikJHnj!JoQoIQ@@i-ZBp5z zeCp-7)B}_{&ZmAgOpPROv$i4Hd7Z=D=U~Pnrsp|Dj>Rmo)KvwE{Uo-uSmJOuBuKnF zU$WS}eUh(!Lq4(0y%;3+n5fjK>6irQu6JdGB>7;}2YeKb>eS~I(ESNovs$31WM17p|2TJBlf!uElu8Zhm# zd7p+8{Sdblg^DrGJGAH>^t^QyClocvGu-Z*`E%zl*27}G9eLqm$zRFBn7atAE5$L? zjo#>sEGT2t+Shx<_wJ)vO&pr>F9KH=STl)pwZJ;3%LBVcmfHVXUA+QHr0kz^L`z0h z&pMe725kVZper65I*Z?B)gCQnYpdU(hWD@Uun*}IK z;0T$&6;Ob!SrnKMSds!Q?oq#iU|@AR7qa(!cbQPw$Ji}?NHkK7V5}M#8|)CgzqzbD z#G}@R2IqlJ`UA+SD_~6`>U`b&(=+wI)M%L=f=zagQUb;Q?l`J=cZF~LN?=EAO4pCq zwd&fo&dL0=U{N;h2d&wtHMigaN>pW+Bd2{WxpY?<%ue`3n9cW<)u04|yiLQoWhc=} zxZyE-WndmWMzpxLWRwnVFIC%a7Akip4qhU%;tuJ~OY^v6=Q@)i1eAd6iER$R9?sxgD%Ft?L!mi!jp3nLS9%+4r#7WS3rnp{0nx1(>cWSe+aDf4wbxPCy6q^w$j=zkR17^Cb?%*_*Xlr$4Tr zZG|pB(&)oF@q2!^D)B7T4wOTi11BXgy-mD zhH(la#keO=$TiUQjE52>>)3PZI>n+E_gTOF1X|NMZT*ySZEqwyr^zomZltoWa(ySl ztpkUE61vETkev@*+6`GM!(#u4EjBz*UCXyF57zQ70-p-wLj<>b3rhT`;QM;M1rnIy zGCqZyDDRx}nR=&Z-J8I2kdT<~$wWe%%gH*w^Q*()LB+Ehso3Z@CNEK7c3;m0H5EJA zbY`FOEgV(X4PM zb;K}w*f>jvYY3#O@s;y|C{N1%(~5IEzD9bDGXDtY`?(2BE=JPtMb8m}E#^YG9!0qYSAtS!+suLQ z6?AB9i7{lCLqyOUD4Z3b>;nDO>e-zRG_JOEuh9YTi4+V?VUF>?L%F4;U5Owh4o?g# zj5FYEl67>H!*97T-{w9~qcAO@7vq%a0e1ctSU~ZqMQ%$!gT>T~{h&Hsq8K-_aw~*bRdZ$I%XXe2c(1S3XCoxK*IGl7k%el$xSIQ**SR)LiSw)Y`~+8tHomO zCpsevZrx7E7bo5$lX1t=EsL;@+wFTvALIUVB>4*jh%RRSQgeXG9OL!VVAOPhkuV0t@|T@Q@~%sdKJeqRlFs_fci zSr%T<{y`os3Hkwz@s^+;Ydw?rXV}}I<=sc)L=g!3`y(V<*k7CbTz=rY^f#?$daE0$ zY=jG;0OL)ezU;?-DSJx{3ZP*g_Z`C35`VRD(CzLIM+FTGJmT%$h1oPTE9QO{77=M? zM7gWpVJ@B+1;4z6XF-Sc^%?>CL%wcYcR(-T4(rkOMyf}6o2x^OAb=uZpV#94?QIJH zZzXisG3PdVBPYg=`EjF~Vz+3f&>tPRF(6_3Q*08ZNhq(mHFMhBw$FtyVZ4v11)L=Y zP7KOJd6KRm_Y$NbuHnmTmQn`y@MpatqH~xAQ^8^71NnyH3+dp3?h_gN$0%t~V8x(a|;nkqtkGK>>))?XVMHq#yu_SLbX(FfTlBj!btgSm0vdj(C za3g^LMz2xs0~nwyvR{#2M?IIoie${geFTvP&=2|3Tp4B?@OP3##Ud%L^Dc%*_0!>qJE~w8wp`!`Eih}a)K%1I9rm`=eig2)qxaNMAFy=8pTdY3R@(1k(%+eh+ zsPzaCf>XCh4gf`^?%6Q{pD99LJ0-`1bUy)#=-h)-U6H7}oGEER0?1!}U?9L8DSjQe zF9j@o&wz#BV;GNSQlitwJKvWG@CHHeZdBy~4r3LVe$s7dOan z9@vIB*W(1AJr_xA@=xcttch7I?m$UujM=JpE$10VFP@%Hsp>ca&up+esbWn#GiO<=*nfIz4bux7ynKU0Ov^ zb}`-BSg-M8jfa&Y$@9pHWgb-fLb2)Q$hs2N1F&h#U8HIkqS*1I5H@6RKoiX#=9|^7 zZandiJqalWRrY0`(V|1uK~L{0$oY@yb79Vz1vy`aEe|ac!y|I4}UQ@Pn>+0}86?K9i1**ObM1v~*KlcRS*l z`%gn{yp78kD`7zQ)bsXZw&I&V4k^4VMfU|khfcj z-2I^IP_^*?Ej54HG2n3AGBmNJ%{383+W6vsD@^T#k1xGAvihTe<3n)7iI2Q(ulR)S zZ6o62jw2v${3ziw=GJ>fqUrd#VDp56;(d`{brogWkBF>(viDiVvo0e5^G%dKV@9TZ zPGt4FSguk9mAn3!2(RCH6nOkqyUnO-ynn+DP-tx&_#3aVyph$z#=gaaPhTA92s*{> z{KM4KtqDh${T9uxUSMqcyg{Ep8PFPWb=Oq@@Ix|71n@}LlabYvgn@k$Zen762{!?A z_!m(X-Un>|N{gFrW2yCHkt%rFvSHM2Ot`W2r!F|b2mHM*(LItQ&%f;ad)QcLkKvtl z38Qw`jYiH$B)XzVKGP>xRzP8P9mNj;h-DIAr6tP8^5v(SicZ#rKI;o%R(zDz_=ZnD zFih^cV`U8u5B$V(r~BNZFgNhbJIg0$PY8#V{3bNC5?e)4_Cje$;NR*`@&)_Dg7IT4 z`Ba~LS1wtBv@?lTpL}hY97&E+v!|%pebj6K>^yvq^EGCLHG=V-?2}Iolkw++b*(%^ z4Lu<#6^^gg7mS7lgYg~dllRCa`|*wQ$?xVAiR1z`+o)zQQM0>^uhQ2Tb8rBt_yn71 zl~4XuF8N?fj{4-1Fq!%1TU|Lx-5{TH@*Rl1rJ2hsW3T``~j6$o~$0ft7gLbPy2%Jc!`gk^niKRC%+gbN0Mi&ewpgeD6Icy zU-160U{L=xpZwi0Ig&h3^-og$PZid`-xr*hE7<#i-;(3L;j`NES$CL{2$UiouE*uG zt_-st@wE;Lvw{Jw@yTUjawM6dpOpt|Kuh`Z_Au@#_;Rm>CW4^)oj&=AFgcRMpuck^ zhN+_Lsj42rbMIGmcH%0cA^v)Q;MLYl;>wpTD;c&CG<}P2`kP@gkF8)YS@~Ht{kAM8 zo(4@nV<+uPH{?q9zC%GHw(ES>q4_L-^#FK%-)D^ovx2T~^2zU^dUiW`r z*TD#^lOA8CKdch0ucS}DE0^raDC3i_4U?gNb{IXXQLX8FPMCqs+e_>M7$Ub3 zvDS>xpHjRvRa!G)LnQHc>S7u@KpNG+!k~dZNv}1pRUArqyP`eTpg>Gm8~OHHijq;X z=Cv{|QWROnkO`$Vk#GNk90I#e9lc_b!O7~xSO6iv-%&aNx`t!imA+9_@_c0Pq8hr4X zM+CUkhJoAcns#bKwxvKi1m)X;`}j5PS++bqYj686v2wf0c~m0|+0#_U{R^2Anl>|u z#Lo7}RSTGUx_8x`5d?BRmY|kvUna4xQX8`-PLAxl{wfr4U)4fYcDQ5chla@9aODl#hMezfBgw{QpI<_Cx>GpD3@mMf4 z4U^qW)xbrT!^ix3m3;(%v->GO@U+PX`#nd$R|mgouTj76%jZY+`v?36(_A08`Y1@7 zak4*ZdX49p6Z>(xo@#n|pqBQDTXu{M5}Oo(B3j&?H8vXU6OQkCEz;WsCycR*he1;> zV-%gEH3}Zl9J_wUh13nD&N9Tuc+`VZ;PUl`x2OBadE8#bb3u z5O;m_Hlk#|Fl1_lJ$W&(hB91Q<2j3|n`xYTYkTh)xF_V7b?&w);+L0ffnPS2YtQjF zUCWLRODHmxHWak{N6RYLTVOE1txm*uJiTU}f+X~6`#N%yWO zB@m~vRq-D!F0r_fpFy(a{NGyZmuZ3a#Y{Kt%1j?RjFyY~Ht1hWhhw(uua7-5dTXY9 zSP&v5dqsgvpu_bXE?exANUxrFolQ;dyJlyol*Ti5%Z8>+YRaw{&hBdgVO_j-v$(9o zjbU%?$CLefSl;+&Zp2H_82tSGHcjtM*ou7~h9P)0ZOV=*7?94FAqeWXm9@Gt6LanB z*07C-Oc+h^`c&7Z3GYM_7Ky(UWG=2O8_;cZW~x__e}f6{yk(6fo0&*y)e$T}qWePkwKB5&V( zzGP{3NdC7(cJ@7O5IFw~sBxQqLZEhEe>i>vJ!}8;u768H#=GiPG^=XffrB;kGrGRC zq-e$&3fe@Ni<@9z=uOdt?(*+yp9}P(a`y|)-FwzvsYbiXF;aY0!6j$GB-r1v=z05! zBL|%?X>~5HOpQ+w=n4BwdJ6WE{r0DesS1mpSX^0pDJ#7aZZ(ou9LlydRr1P!4slem zp%gmIt!2@x(!vDjWB*hIt*56=|68Zwt?@83Pp-yL-j5?LcoQ{)Zowa#^+T;Y;V1n}nFPtg9dQE!X_)Pi4G_R{Pl}&hN!4VT)SkTbg z&LdY0U<~&nP$UgMOG=72qJ8GYr7YbVT$ZJ|u(-R37&{tW5kq2%>82P> zOpG*!3+}G>-*YBdUGiUld^UTb9o@sR}So!Q( zUQS|n6)#^0Y60c`fz|pDUP>zCQ+?O8Bq|tki`Rk&{uFFFVQjmd*iqC5dOS{EvX(U-On!WWN%Q>`Dwg zHHsv|90P6jt`#vhreTidN%r&YY|Wmf3Pt(MHmtu-OGXT|gz1dwnTs3?Vi@R9(x+T+ zKhL!Z;u<*2&d`>h7=JcAz116LCp$^>Gy5R={%!tjrTk@=|0RR}Y5r^}e-w)zujIHk zp$xjnxv*|eW!oG57x}Z3^7q&5{R{e8XlIAK^`{s{*@IDBOaYDl75y6j%lxG!E5#02 z3CH~(zk~PCAF%d}{lZduQRo=#0(a_rluyLXP2lAur>gylHuXxecQ4MB#^#>&OhQcj zvH@LPLtVX@-{k&o9k2)P|DrUsbSRuXe}?3|(!^4XpTHR4RGa&aiXFj(=sx_Ms@lyy zZ1ha?;Em#|X110Xk!OJSFD_yLOW#f^qd9%- zQArmcVvdI1uRPwd!pot28Vw)=(I-!&_rW}D9t9pVC_E2h%P`|-r>c~`LLzN&orSb% zN)&j%_?n!!r9az^?ilxf)Uooqp`ae7`(;<{jE%RE*n>mFISZK?7)2<~zF(~%eenHi z61f+*E4zZ*%xFBMn>D1)9^-XlzAf#G1lja0QTBsq>Fgme$wM~Y`(>{npeIOT?iiGx zac6@G>nUz^r|`7&P&ZrVXu^xmwACBoZK)?YNF$qsUM0F>+Yt>p=rC@zAa^zznKLNe z2fq&j-kG}=UqjikEd#lA!A2m3ss7z0%=**CQeb-a3nSK%}{87j*1**EsXGeMyXHd)LC4&+&;`{PHj^gJj%;@>Gq@1C&-N`hUvgFI<% z2ZnCWwA}-SuUw@uZWb(%3G40{3~ZU7*s@p;*V+o=I{-K)n$Ns@|6z#Jw~(J41;f&* zWLke480qM=;4%zA*+-KS*_DgM2!Y5kt(ikRJus6pMb;1&5rB5WlYnRA95E=ZbOh^> zZP`>uysWs5yiRolwOW-=t(osUul>D9M}QkTyoBrOFi%j5k1+*8%$URA&Yj4k0HQT% zVj5=Ph{xmy7i;7_QNYaNXu6cAUxD4EJk4H$2pO#h5p8p65@jZLDJOSpCY>a5cK|Gw z+Y`gre~0cR_NXiex~eg?FHgm=;`{_zHl_4`VtQ0Don0-78KSA0=7^4Lj#%3RodpUE zv@`%{sRrHwnEF4hbs~F4v)VQ=%It~yVV7U#iW>03%w2u4(*)H$iMT4fIWL_t)>KVf zIB~Zh@;-(Mj@X`(G+eDk<3$7x2a3D7%)$lxpCNYwU8tFjv*rfY-u>B)iIP2%m+%iL z1N?JU;%~I5d_15n-lEy01l^{&BS%2$A&?_DT$|LcFl#LxNo0m@&(!p@{$_mII#8i%^rrI@{>Rev7 z4jaCygwEwk`=s(1=R|Qg%?a?Nrpc)yn!= z`4m-*F+0NHY28M;PY$?)wrDw*w<-@O5r;QMv!;#0?E-5`TKgZyk%v~6+j=lR=u{EV zDX@OxZ)H2}OegCunrv`6d$_at$pOxPzkz3F?ppsFt0M4Unz+lJ^WUT~ro9sX(OI3d z5N+{m??0iAr@A_%Ll8)XGWaPgzz*r+eiqU(AGHiDNgOhl1YkI)a{~ea;!L1@i34%J z(LKu-@uO6Kjv`taGUP@X0vZM1xRob3m#5oTc(p2zb_o;>X<(qE5xokI=Pf4?!dT?0#=M^jAyvm_)ANst z*v52^@a?7Z+Ej#NNaQQ*C?LpF$KMJxUX-6~Yy8yw0*a~bnILpOqP@5mozBc%?_5IW zSkpixlqIEDC1EC*K?h8y<4MxTy~uYzvRSm5-g5mKS(FhJCC!gOG?bOz`%V*2fv>2X zDXg6O;D1-fYTKZSFck9Hx|X_wN@Vr?{1@kq#oLJVav)x##S?WXul(eO>Dsfw+5Jl= zz^5~JEyE=q=vg;)l*=T(V+Q)3@?V9z&-WdEF&uBQ-`fzXUeYJ z3tC}qUy$zbn27U!jq$=*wt0O+sy~Hz8T}gezg(~daG(lPqJSY(J#{FM)UCLnPKfCP zCB%Y7y6wf7Uz%H&BoD;NnQ{zb_W40{$+D|hM@@n%9GjvcRY(%Au~i}}`v7T~0DFjo zu!k542ADkjx1(n9pfGQ;=KVyttq}QhLH^)xfF#A08>7?gk5R&;e0%fY(hibzl)MA1 zg^aP-A%@Mwywb;0Uo4&Jn>HS&0O!Z*Gr*cG>a#yhJ| zR^umVYC-w2|BE~j`KMF3ksA@i6V ziOAqV#Pvv2qE)(ztpMl|Jt*N}zEYIx$F5vyH_+M8wmihX-0t}Ux6jK15UE{xnB72I zLtA=85JHY}yII!xdrrO~^?%3^`oD9G*HUR&gwI$IS-%yNt zfFyV&=A3lldK!*~hhZ=mgC$NtPFmsxIhS@uU((te?M)8|`?CEI<$%fQqJaek*GMjM z`$7ukN=LlelKl7XZ2rgcI0hk|TG}1NloYU$h;`C5hVsv9V%RMqemM z-6_o1E7o3i!ag@y{Ez+Dne=VFKA#^_&VndKUz}`{Bf$MR*dV_ZrAAbs--7BULfza- zaRrr$y4BY3%$#ul9tO7ZB9~fPagrOq)M-%phpG9pxHCrNXW+hc3}U=|6%<*KP3;`ZO1Kq&fPUo^CC-ohX`vq?0sUHF z^x~1kAaL#XRxz;lCb6%jKGB|2#HJW>u>OIA5ST}T)N_$@#Dcy=Sti<*J!tMUcO6=I zqYugi+)&qWNv1isR9&7*90jD&Z}?cC~aS-Hc}+38!16}YAy-l>0bk-mSFzg?y8 zE%LWQ`unZIuV z1BtBwPG|1=^(5N^#4ZyReTXFxV^tQ4%hCfsV32Rph!G^dxSse!>((z-Oh#uXK4p!R z?~NAgZ4er}t=SeLaTfRkE=Wlb(U$|g`=``W6)2HQV9hjJQw@<69`VkNCmXWp{siQU&Al++*(_Hd7(|vw1&Dh1ow+OQ z1bVq*N6Q-@;-g1kdbYO+Xm;TTh{v=Ov)a@eNU7=^Y_Jp?cQo+lX`ZJ0y`~V`?Ur#dN8EhXe}rK{iQ(9sr&faPzj*9^5mJ-83 z7WN^n@|9h+HNJ`DAu4J~Pqo`Wt(!ycl9UJ~p@q?5#2jMaLl8uQQCKjEJc`w5Y~pg1 z@RQBnz^BtjDNXgBSUifXp(P|Lek8)M;+OtndH|6bEyL409R++GWF(n$oq7+5rEZCP zuv|)u?Ps3vPo4?wD}}CIZ}Ig^PG5V#Q=RlBk^Vw1#n)LIxcLhD6SicLhv=7Ieb_dzNN+|p1# zZ6L(lyz7uOj1P1k$<2TNd`CaizI%{IIeoX=smiV?0K_;JWzOb3$0$4n+b zAj;xDhxzZ%{O3OB{|DK>)Wsowd$B+B-xU54F%71kSZp@BF`EByhu4A81pu+^dHgHM zH!SZHu=uW`Uh)3Hk-v>kl3^f`|1>@qCSOMRrT8Eg=#Oe)+-P)$XxJ)C*_BeYN_Jp> z!pFG(nB}L3IsDvia%29t;R!!=V8KP)8C#C}1y$0-_4mwe$Os#{z z4^kS=@7n&s5^AH>_BSS^m0rqVp?qO8Hp2(wQA%0;d`iN&1MDc!5gAucQ zoAPuQ?2Pa#L?0@S1W>?y5SC8ZJt49PBAK1^mAqhUBgPKfaJ-8Hg9xe zrJR3L&TY5y5Em4~B2ESVAbMHZRH7GxC=9H!C;(+m$}g!{M67~+0v_z!Mtlz=3yqfW zSht$^yMtK5l8;96;@3}*8jZJY%q--{lI8LxDSmptf}+cP6`kW>QW#*BLbZ&9Bpv;o z`KzXtTKb}``*7p1<%~|>OouVB$Mt;M*oY)TGgvL}qSbCxM>zXmV zMZLCDmA&ae$i0Yo8%6PrvTKnu9(6AXpLvn4)5mtVDJUqL(Xjf*;l>UjGDm=4@&#lS zH;~((b9EEXW0X6KrCmx5NuY@6@Z6rMFS0w0T?g=D|99?)-#(=7OP)e@CBB7_x_7O= zT|)44dZ%Mv1NF@0e-hchsRzNP4$c;0~F@iGg ze|?(*iOOXxw!v#1_Hd*@4}}Ez7-8L%V!brHo<(4~NG;Eq5at_fGJ(_;r^dJqI%TG!vb;POt1yY;1oBWuX0R)3 z3hzLSRL*T;*{D~UhU@lyXiDJ2@9y_Pj4rsi-|Ng6HxKAOaHF@Wy(!u9%@kd_*v=|y zT=!Y`iJ6}C7&N^&Xu`?1zb*7*j2&mO1VE$$BO>;3h`lQ>)K)Yf0PhD*RSy8Nk(Cb5 z77k)6%7IdRlRV0Wt9=nEN)1G+p8?`!EZRf<_oIcQ_o5siFHM;|z_re_2Eq;UWlgx& zYQ@`-MbHU*oX)MsAOq47*xZAFroD78S0Ggl+CDEa=*ntTOolX{POqb0J7A{`8G$o` znJqh%Z3|mI^I#Z{s-Luj4>htv~nR@L1!{Y z=nT(^!RVOFo$DOT^&N#Hh4&)D(DLsB;o_FC)QZh?-xU_JTU|#LAs`}j!~Hg8HqwK} zo8(c)Y4&s^fmTsb7E0BRcRFMz;{cQmJbneq(V2E!<#q-}Iydi@Cf2}6ch-BPihE!* z7n90^?FIal=^MXO?NROE#+8% zgomM=fmcC92&zFgv^klO`|3bQpkQJUEXtLo@Uo1-en$+&;3o2(o+^G!9x=0UMGpPY zRV4H#SmH9ersq>>E=_`3;&^)SP7<9XGk6Og5cLZx)TeOr)c@wD&AcY|M&4N#QWH2fT{6F|&qX z9Ro=VYktK3nMhnrP7HMizP*q*;X4!vS5S!4Fbn7Tqcc2=ce>4^LegC{Vurwv5@2mU~wr= z>>^t<6-R`oDG&0G!_8e$TE4>Cp3z9^dCmO?TYDK(o{PIo+7X{9;=TGKzdTo1Z|J-qG9G6gjEbJo2xu0btIJBnPh8ya-(KT-bJS zWi62LmK$}@sD9#BFKjhsomDEe4{+c>z$+6voPnrMkl~pbCmJMCaWwq^AJ;#_(#2Y1fYAIP1Q&Q z!wYUu;)g_$mYiU6t3)@2zKrImez?P^3KA#AE5(g*Z>O`3 z1Tiv{r^uSeL@STb!soN#SdR*@WYibgOOjV9U30yz!e7+ z%C6Wh$E%7*k!e~@EQgMh_z2_zp>-iuUiC=oOmnea?KKRl)JC-!f6z5h4P;@btt>Aa z0W&#AD8)E#jKTfiRzCW{T(*0RG@)jAPnqAQqHHNO(R5Lu)JX7Qp%iPu$>dy77EGGh z8DdokT&eU%yz~cqZ3PQ`7|c(h6}5xFoxFuqrdq|ngi25GOUI;H`Vzk=#G~NbnY%vU z4Gx>aZkmn&V;p2>@_&LoxJRXhsxf$~!nxDNm{ z7?6(Xa0k3AK2Bj5JZl2 z|59W$@aM#Z(s;Ogh8V%}<3jn_!Y=W|h58>*!vgYP8>7N8EFuH6Lyhh=#Y;ukjSg5^ z#U}g_tn-HS%eVG1N&HcOV^o7w0LD=4Nln~`2azY^2O7`laW3RBga{M@V##$s9DOdU zdrSNth`)R`%MOL4w??QppY67s8jskFrg$KY64xYs4jZ()?l^Nyi+l=R7rFZ=wRLV^ zL&JN|jFt+vy-T{W6dZI3c?Z(P(s|$|79VPrHen=*H_-x2SX!?o9k&wF?l*~(Ku;1Q zHlkX~eUoyzj^#2<{7uS}|2_Zf{)g)}SjG?X--7vn-BK#>2ls!tZh`DqVpGsB74)Rz z)Qq0BD=e}>0+5i;({tcF5R;!$Tb19aHZ!stdTz$ZwQCT8WfCj%V+0C^_3s@J=I^Cd zJ+aId0oa>)coIw8bD2@+LD{|;^O_JFTqp7r`&UQV2<*IYBAw@ajZg)e+%~qF{ddi+ z5&>qI3T-zu0TJsC$oqf1#N7yj{Xg4Tdx$_YHp?uDKg#Ktv0a(in%>WSbsi{(j-N(L z205^^5n1d?S=@=dQGk0PE$xhL%Kn_{w2)qL%ie1{YZ`zJ#_vC;PJ0EPGpCuv>>c~C z@hgn3w#3?}(;V7QQZdX9yUnnW8{zZBWY@D|GHo^UeCYYJO)cB-gLLgFVPacH8&OG{ z5S&2^0MOUb>A>V-a&Z&4603`5BrMe>)mOFcOp}P_Zig-TMf1XJ5T7Gf8mTPvrb{5i;VyL9r3#0o(?NDk;nQDPjCf%H}{#EPZseqSjtURbc;+{CNzYrqrY9 z`F6Ac8t0EB88)^=V5mYkF7f+IozA%=CfG|o0pok$*Z2IhqF;2z^ZK(0m zbFtSp;5uSK?9MKKpa~B)k@;h@FHLx`%eFg=)Iq;UI)=J-q@$bST{Q?Im#-1Z*O-@Y zA0a(U`C20d>4ZG|OXJ4?(GD@q+;wyl>%TEI+KuzYBQx;69u)!OVPlRSq+9YmX@r_i zPPx?SV*Nl`7$E8IGs6bvv-TB>%Hb2UO=l+maW?G%nyvy1;JtJPs{l%nJ;&m1h;`9h zGoAF^wf4OJ`}1b<27v5Mdz z#u(svV>{$P+DOFZ@7O~lL5BR0R2mlCa630G>HE)w zr9J|}j|I?l2e&1 zPj{M40Dv+4+mchR#fh%OU{3E#PH`5eowCys$*H%+=^fc=z(UY3O>A#*`dW5cDusFi zV1$AbE}SVleI+^lYH`YzomNRs)fT7mveP=rX@$ipMt0gLIaOMmyk)0tl2ft8$z68Z zEjf*{IJK3X_DfDfEKZGOr=KM!H;a?}K*ZPubXhGWp$mN{m za@^u_1TOTX$R){Ti^XLnTAH3iGGr5@d0qi3GXWx-#xlSX^kfPcBU*mnIgMmT;l+I7%+RO9BnN-CdT2R*Rt= z^W9gFlC*uiQnF^p&loJM4 zSOhaZCR>tbR+M!jTOVe0A|u-|1c!`B$FY@{)ogR@wanu+iB@?%Px@cfqGF73OxuD-BjGH9^p2HfcF%< zC)65ROBJI?TEOKC6OdKcibYI9hJ0cJmLpy2 zSl5BAPk<=c57mzRlOzY@Ua)jxkoI71I|}&}jX+HDk%IRKj&X__=~Z-O53&PsKW5el zTDOiO#MFmo)oJ39Bh1$SI=&FY7`owi3@x^dpkj?f89spz%47%Z2AYF7SV}R8^dcD$R*`TDl$JdF2r!&GED^2) zwm|K`b9)57PLUn*{w`Qp&R+%0i1?Y!4UGO0z8WNc4i7m0znZl_CDmqEj2KM1-w_6+ zmqPu13vOnkxgd`zjFG_a81uoi@`?hD9;hYCWYv6iwYwTCcyyYV#*>AYV<`$&G$W@p~AFJ#Z%dYZzb7KsH@avwKPWE3u!`Y+5I0 zRrd*a7VwNM#z22Yh>T{4b!g%d1=u&5C`eEkv>qeTTD%QARy9s@a?#R|L9}J0hw~P+ zJwHus4G*xPdICe)Q52{o#27(%?w+v=h-q})$fm+ry)ff`guoMvv=32Y>2bsh0Ccy0 zWibq*Y6B7MkqmL_cuPJmqAO+8`4%N34#AbSBv+izEB)&o;+a5%yKtWNt@vPvfS6RW6(mfy8>`5(enJ9Ln z#@U1}WXHnUG|KB&D4@O`x+z2%D*N!8N zy{7sd;!8I5haQBOcA$W1sW_p6#^t$>3YS9C>=f$BQmDWfdK_+1R$bHBIxd`IpgnmZ!UjdolOH`8QyDWbzstL#$70AW3;` zg-jCl4TupAeq~mtH_#tp|Btg+!s3gj_+HF!f>Tmdb9^?2;&~;BbC|pp@_3pbIg3#& zKsyAW9tNTXsynfgP1&f@*wb#{Yj$e}#(}g`L=##EV=p%1d=^dVqXwXg>rPpOtH4i) z-ch^?=EwfO6^OoU238}{AKRUIzikrs9@^E+)}* z>;8TJGp5t1lF`;@FL`@3J%nJfIqMw!58uCU+TnlLRDb`bX_raF@AILuD+6zpxH@e; zU3UAWVmI6rVjp|!24h5g&q|LcO`m7xD7I$hKwLQ@chJ=Q2P6(8vn!p zM6W-erPm(QNzm;sLfwTZZC|D7X5h(*4g?(}ayxAm%kI8Z>=AfUZx?vK#NKq;^J&MO zrkf^e`hQa)n;5;WnQD(*Kp%i(ETEd*yhBGwCTrhp2hj{}63tGcrkNYsXzh_prh4+% z>?F)rOt(4p4iW8WD}3M~eIH{N(*e)h9Uqx$=0n1Z6l#yuH9L6(*GurMOcVll8O~Vu z54|GX96M9Rp&IIT2-IHe#c1rQn7OO{mjFDpSrIk-zrX)c;C~eO9|itLf&Wq9e-!v1 z1^$0a0rx_|0ne2RGx8rcEcrKT+;i?B{96Hid!8k{0%rFtg}b)cLGbhM-6x=Lzy1RP zRhjB6O?GHlctm7Wkh>5Rl#Rb2AthWHG+d)8Qfc!hY7D}dWI>x}Flq_~qfsjubq1k8 zr5`U8=(03Ikw#x&V83|=L!PeCAdHs-3dXzwjjq^8(PaoxsywYGOJUS03>u?Bryj2> zGAeqw8+r)I3E{&t!jcj~Bf>+IQ>4#`g!q)Cgw&Ks=`$%ZH91n5ki=b;k&#K^Ns$rB zEb91#h{)K`k<1*07!s6`@d%bNJTg)l8ap(N$Ds^OPNqOojPVH;XWt^dPVHN$G5V_X zMS@;apfhTOyrKYAR+e64Fa(o1Q?FBHsZ|Ce`-0yBm0>(HXK4&Z@);~BH5&a;r4RuN zt|@hTqmXSbd5*@Y(CXAGtwK|nRiw)+Gz!rgV={;lp)taj!OE{%S6HY~8;M}q_o^Vb#M13p1)wt457NrJ#!Dbn&rboE}n}@1f8YTD*W4t^H)? z6=qpEGG6ro?eZoOQ)`SM5c{x@X!%C)&i?~-Vbinm*5G@)wVjoDiIv$pFO{&L@egj+ z{{GHf#KVo_y7IYrLae_1U{*jmTiH>ZOP~bU)mzc$0?al1dpqe@5Eg3HRY?h#A2x(Q z75!$hlijxejU98N@UlWY<6ypkIG$In5&mB(+5hu?$X??7pcFm?_^67F=yKFLv>G9q zbtvEs$x{>thJ+%FE>?a@71?@S0k}0Gy~%U98um7>aDrOd8*?Thcs88dc*picFPyd~uONmkmIOxg0iBwmv_P9zI9@6k%P=uWp`r(OQ0T_1N_!|6 zhLH)VFrWe{cn<3t^$KIIs!##KE6hHK^gLIYrACcGh)<1;RY)VGLYJ9OBX*I>V33eb zHn`6SP=tJ;1|opyGGG`Y2>Zfdjz~_94GP!jjd|I5#H48&eO`8{kT6`xR2lNrY_JFl zW5(xvCKt1m1T_K+&$$gX7>dCzYMpL;9^e`BQlismc@yoVktfvvXEp{Yxg%$spiqoX zs27%*EDjYwI%BC2J2VUcEGjiNBO)>^H5za*6VYTBYl9**nZ-HWZ!*#Vq+woysNxuK z!LJXL!#~)|VM`5KU5?A2Y(}W0g-IH> zjF7$}B`r$Qq9tv(q{T{Fyrd;ano`mdB`rzPk|ixg(o!WYP14dOZG@zal(bPoa?H@E zl#D2U+0a`y^pOn#vZ1eR=qDTc%Z356Ay78>` z#&ZMa0z!Ivx)75P2UH&&DMW>)MJ5Z$k)cW9F|2ywF)2MXDME+~9U3cuJCY;gqa%}G ziWnLy#L-+LZe(~uoDwEfP-tv;YHVmqLJ}uTs*)Qb64Eh!VD%6i8HG$SW75#*7}-pD z;MS4xm`^Yd%22crZXOz+97%H(=77mbB+X+aU(x1tl+h7#I_W5;_j4(6LhvbE_!A-~oGf^g(f#o4IHYEdoNMku51Iqvz zr1Z(ek|zVDPP&vhnRwb{VKPvn~{o zBrQVl5km)w-fmL5Fz19OU}h*_CIS}K&}f2zk*46;I(>;spC#n#3N-AeNR@**Y9ab^BWVJlErN(okQ4HkMq%gQEbsZjVWWLjQMt}(M%n<)^s5sGq(i|~^Lld9N& zAw;Vx74%X#JqxFo!WmEwbuLhjsxT|FR4`~U@dwd#_%YItTCYXXpy{+)Z&pkKB?3n# zT4AD2iyQYe(8ccBu1otdVe`y9Bo0<`)LzW^Z(lCRs5g=1s zMtJN{Wmp2We6v+D+FW?b(1dt4@;?7F(EU-vRj)@4^P#ePJ!+WM?NNh2>>OdP=_#4% zyC2MPp3=7fUF#v4m-l$oumanibx^~g4#Mw9C<^nRsQ*{#3%-vU{uA{*{QZ-<;PJ5DX)GVk;P!z5Zx?jMfhVD?VP-NE{`XKH; z1LlcPTBuB@5m50^)@hPC0(L=AA$`CzP{W`c5C^GIP)evMC@po*YoKvhCn z_W`k81R)OU-~F}ae%e8A57iN>6I5p?SEzsb`)}j#fH>teDDHnsC)OYNhx&JaZMmOz z(Az_Gfa(a<35xzYLwDt7$wvB(ZH4%u{@q_&?x!8}_D~(5Izn}VqQB12UAbAZk$yw{ z1tAP70xBGe{xImXzewnzt>6w70Tm8Ke^FeIgdPeyg+WC?g+noSu19iRvi<9CE4a6Y zY6Io+4}Sk${{9-P#io@%;)iMj|h31m}F#*LP@Shqb;D}A0QzMV${x~dk@3Ua43KJiGgB-AcFy_7-~rGzFJA6 z0FWZF-(>a+n(1NiE5OeHeBi%P=secn4~C{>@Mi|~z#;hP+k2o;1k-R$X}C(OC5RV= z*}Y(|5bS#j(*|3pO4vsxJ7ON<@8{=7i4O^6zxWKuHG2rk#Qa)EIVk8nnsPHFkmZ*G zX+fq!jgYA&I0=yiuvw`_tJRgjsuTmI{z?D8rXTWL-2asRl9)#gtDx$mF`hzqhJFEx^boRx zS^`xAwF+uG)HwK?0d*ltQmcmI8_Hy*wp*F4?Q39v;W@YZ=f26mFieWind{bZJa1OO zkKc3tLZ17U!zf`t?m4%j=f27B3~slC@)8d^Bs{17&hB|X_;%)YHSm7{YTR?-DDLOu zH-E=Ho94gti*#o2xaIJ&{+GO4<~4{ z`E1Fb!h}P(o}-DJgnb3HaX^sl5=sie+LAe1uY-WVvNBLyl%>L2PBsE73TSfy^OvG4 zh7^KA#9`SYMTg`CT9*_QQ@jMd4uhzQ`7P8T%d$~3Nu!2~p*SxKT9#%aTlO!8Sb=S5 z2)0TUm;-ASB+53>QYcm#C@rbP5Jw;g+dm-q8USQ`DXMG;JTOXYRg+60(lM%#Js>D> zf(8;QY&eB4Qn=3k=Q!Gte>q>NM7TI z#zzOi84F1$356!fKM@Or%f?~~R#vEqC{&24hfz^V%kjlUv}T9p5}-^eHS7g(Bb$nBA{0-xpa}L^Smr^I%}W%*z$x9wxnY&SpvuPD zQ!bDuV#cBuEeD}CqctF?N=s;t_0pV+lXHQ!k`V+efYk4X>#(Q?u9}R9g`CMks5U1! zXL4SVLde8#Z~Q{8E%^!V!K@VC-dF*|(x1Y+heDV%+2TBD^0RJ8T3-G$M?rqFp7j=? zGOEy;G1M54BU(R&@DcrghJgJfY~3&;S2M`~%V0}dJS)#dCGa}tj3kFgJ0u=gDX;*R z)vH7gP|2E`7i_hq%vOPVk{nQ-=IY~1NZ3k}OyWR@Dy=dLpszHRBEK4pl)@ymbwi1e zTOt%@qU{xCGSOh3He0P1@*p$J7If@4F9-cXj({ew0{T@I8nItUY7MAM3S;@UG!nKt zOO4RC$XGCmHAk3AX;De~z-kuzumnNenTjHVrZ`KdptY{#k;$yxDrM!RQ?RR~g3 z#b-*aE{7U~;7xyuxX`5GsA6w#L5Rg(9t8<;f$Bl$BHEjQ=&)f5{Tx=o-QE3qj}R2i zS~zs==I-G+dh9Dx2Mr$5y^B|`9zg?rL!<@k@Z93U@ft{pX&*|EudlRmh;?1)y@Z0S zzQ`|3LGFG7AW=00VRbi`T)LvsYjbp{@7#jmu5l54y9&knyx^|nKniH32z$FUk_{?N z&5hs_EkdvoQttp`kRl>42aB@`nAqy2Ldaqk0`n|P!2F2C09d5LGOp0mx2F)QR%?Ka z*s?oV9NTB83_-jkl6@*Vyil6+P$78XkauN5a*Cj%l0Yzyxgs+lus^mz6=;mPx-0=} zf*56t-qib;KcvNQmUA|fVkU2kk+vA*vJg`Cy;;nZLtlUFv?d>5e}rI79_FJc?_OojVMGdn7x<5Gm7+1_y&1GDoqS>DNc zs6u2jCNeZa@KRtCAXX``K+LMaI}-g7wl3sI<)Ce7EFZKb&^wg&1R{sXw%I|g)fvc+ zYRH>a5k(D3VF@lGh;g{Lw}ZQZSRDojAt^FhnSezyDjP^fn=O(!i-lt}e%2;QqcWh+ zpsYqFS%olDj@P72NLFW->b`|oY=NWVJ=T;&08`fja)E^ zLnPuTlCaDJR6)H2Mmr*7bYzMU1I9;3OTo}ertsFDV{xcTl=^dEco*wY>9p#fHBcJTHOAo7 zlqhd@fLEzkF5zQCE`qIS$c|hD1HOZV-pI5XdU8r=Qc6l}G9ss?d_`1JLL8#RJXnrHkF6)P z#Re;$G!c#nO$mkPzwtm;*7o24-f78Df(CI!9)+1Xv=klXUD{m(Qws+l#G9BpGzA(J zNzO4F!>M3sfq6xF=m4{}3SjvxLoV%f;*cf^IhC3+ zgD?be8UCdr68wZ5RIgGSGl0kn%w3hLD9@*$)H|=pCr{^#Un5CaY25VnB`4%8yVOUg z&yg()N)ZjUSuH#Ra{5C4YK{z628{;42;ggFOEIY_dW&5)=!j0jr$9s2-3g*hhNvvQcSN&RkB3uMX<=5OfwJz^6LW61y=2QW#Lb^XQz<~^t$Ormx9U0-sj73Io|K42(KbQYO z7Wy(S_0BW+pg#wc#KvH7A9fZ%v?XBsdO!bcb!K+Ifc_elUvIU4zrHF}pUiAkzkUP! z{j&WsH35D5WDQXHt9xtuXZP#dNA1_IU%#vXO@B>qzrNYH^v}!>ob9o3Gb@v&F|jv@ zl)4;bwv~O z24nHWl1ZhLE$1eBF&?CN{^{>+zosQ#s+NCjN^JIS$K3@@U%QiE)OV@6_OrLLKI%R1 zOv}$VoGpE^_Sl7arw+fV}OIxgMvwivatjP~E|NMQwW`4pL8{F34M6C{XdUUsieZ@XS z;lP)j^I|WDjytBGkn`!G%Z&y_AGI6)=bRRY$FFx-`e^z3zS_lW!jA9Xd?w`Kmai{q zPxdYzb3XE5i{ocU1|M4Swcn}kLBcPIGZIhiYp1H&w*Jn#F5PyoO?&sPO$VKpZr$+F z23rsNd5tsHoN}yot8Kn|?i8JGtJvHTD_&6T2=>nYt}^uO#3mEY*lbZ8Ufk39*bUR1 z)e~M?|6P-%m$!Y~=jaCU)BQ~+1w0g-7A|l0c8A3+f8E?7f4X;Yf&Dw$tk-SEsIS~f z96vr&rFA{&rQk#U%G&Q+U)xYsK4spwLn^ zoXv-F(zkqZuF3i#!~3m?Io+$p$=J>g-`*S6sNcBBcA>j&j60utK4sNwW`z^lMo+C#R{tO}fx{ z*061FxlG=0ab>U7uMFt?o#Xop55Li(>ez4J-#9y^%lR|Sj~+hqYS_i2Hy^A$ms?nN z`lX-RRm~jTedE1fOIGPhqQCEOWt9EAqI{=@0|T36k7;hxs^KHeYk4a(9~@~IuZldV zZ8zzn!;(J^w>XhfW*5J6ZKFU{_nc+-+l{M3#hV_1~x3+GbzjM<8zeQ`4zxZsOTjPE;n-(=W@snrzFDct{ zPIdE{oV|9#Fx76`&bedX?4|43zpDAVPZm1v>U_TOsEQl5-ZTEGQ}_?<0StNr#9O)> zsY{Y(u9J+4F2M?q?52`Bumdtd+F z|5dz}aDN|fp8)|p-hU>BTsHC>36Y!icNAvDS_GBtC_QUG^!;~!Qkm@75{~F*9ge=A z4@Y)#IP2Wn@85De=Ss8ufy)lep0hG%bFT+)KGokY9CWka3mHLo6P6yDb>*AsNi7p! z(hlymAh+@R9F2dcm5@@l|vD-7cE%lezYU+{mYl!69&8*U3Fvqu?6MT zAMS9{eDHP2kDoZY72Eb2sq?D!F1!3i;a9Vb!;U@<-Fo)RRb$pCw<zme7GX6z^8woh&R!nO?0?zH^%cOKLf zl@H(PSC!J_vqbIQ4oNqTcNE_^pYb9h6$ z9iMkhUJ;sTukHWhyLAiC$CkwOSRV8Kuj{w03Q&*Qzh|wZYv2#_LoW^c>SVm(lDZ_} zzz3s0+py;NZJkfY*3wF8p+S z>gj8f4i)|}Jz?tIO}h5_uX5^}e6e`nr+cQV9agq@SY@|(NUP4#u5J1@pU`>sRJ(3> zOU`&Ka@!m7%8CQMw^Z$K>rnO4px749AMDO~A^f|r!9P?T-4ok$n&!y|p3_JE{^)qn z3f&JG?MFlpThK8=OT15fPdrcjPP|ThPCQQhO}t5bNjypXNW4gVNIXdVN4!UTM?6RT zM!ZIRMm$FRMZ86PMLb3PM7%_NL_9?NL%c(LLp($LLcBtJLOeqJLA*hHK|DeHK)gVF zKs-S8PjyfAPIXT8O?6H6Om$54OLa^2N_9&0Np(r}NOef{M|DT_Ms-H@MRi5>M0G^< zBli^vHXG)O)!jNIy{;?0d-#ifeP40>Y~lM`#-%?U?z8j6g%?f_tN-}7{v~baj9;?a z!E^tJoW_HHxZ^x_>&dsKE-Mf1arvX@_UE#v{PDO?*{E-tZu34M$J^ng-=ysw#&zh{ zJ?h)W-4=AK-thXvY1Koj#m7JC+K6+-xj(e|BzA81xf@y)WPZ8f^ah(|wvFv=>}(QR zd{h{g&?TYY``SOg>36c<7Y&JaBft3ci^Gl^xBhZicld70`%NC-y?wXz?OQW$ls+ug z`Tg>9hVB#H>jgt@Jb8WE>q!qjZ~9eIYSOsq?SJ+d_u;rLeKiwJTMle_zkjcvzJ5RL z{e|;w7T7JcUHIAI(QPMu_T6WW+75%pIr=%iGW*{AhF5OB(sxGwuj~6B?fb&rpgi#f z;|mwoo{LVtu3J3n~$`pY|gclv~ndAq=8gU@i!w_5&pY8wKM<>!=`EBiQAGhgt zYQe`*AJ=#Lv;C3!tM$VaZ%)r2)_2(Hh%evz=ybyA5udJde>7t1i2Vm&JJ4i*qy3&! zk}6U?KlgMP<`)_@QZ)iWJeRSl)DBEb8=#M&eIXnBK zu#XNLHSKxvfYSl*5u@HM_Fm_`%|~7O`nKwAO^3AXJfNv-({H|x?q>7N!f!^cTIYLh zRPm^?8=co{%leh|`7XO*PM;t9sK->_8lrw(ZQI(;!P(Z{_Nzrh2Lyig##a-5xw!n> z38yCPtFAcMa$nPZ9S`-My02qa$Dsq?DAErN9C|9_+xK2Q6@KcL|HBt{-MVq>((*Gg z!!ND4Goo7Z!Jhj*e=q61?#*MXyt^;%-g{ftql(`9daoKe zby)4HN2_XY9n9}sTUP5-@?xJ!PJ^6|_4)pbE5{7SX54vUlW|7SjH({0DeqS8too^L z?l0YcYV%WoDfjZ$fSQ1q-j&6ZV}fHEQZBizXgJd_x#G@i_b1<-T$vSo?M~(7%8U=I z2Jg&JWhjC}mb{>tp~!WrIhK>VHMi4&0DVoT+)gXM5B2J}a@NXqQ;T2TzwX+)l%JP( zd@m&~WzqD3zx}>w;-ap;5nr|FIyXJa#s-DF5Mm$W>=9zGu;2C8`(oOzUb}ujzvq=czrXYQnYa~|Z=V@{=9BFi zFR4DM`lRCZre&@bEh~ceP2PVu_)hRUqx;bLnX96eu>zdm1iZAptw%CXAG^!c%^Bb!Cu9`Lxs54Y=X`+YO6{zJd*em8dSGWNRh z{*580r|tS}$de(dd%tphBXwx%r)NewmwvkD(`&W+HI1&lc1@Fi;CCmDNwcX@Uhc+C zhd22SdwG$@cZ=`#g&$sx-`->UFXKL$S@lcCFRo7pXfL=Hx&9e-)o1gcNB)d^>AkF^ zIM28@CI()({D%IG;z!rEyjHxwxJf_97yX)aXfl6gv&C-nThCuJyfozDnpmmY4}4Ycs@8_R5_xm&y|rBe z!j`t}GP}zM_U^~u{9xDzFa9woyZ*&VFNUjLP3junDtzziMNcN~9k};N!f(CSJ~{Ek z&duIMVdrd@cmjx{}odR=P1hjZmTHCkm(ZNUO z^FEvX-TBeyr+xY4{S(uEo95OrW?isbrQ5)#6Hn|J`1`;W?+p+3U-9;epX+BH8vOH1 zKeu|fYwEmK5v^V;Yh-eKt;uWgb{~u%7VjSaeYPR-(Dzrque} z^@C>q`O>y2GY8LnGozFF*RSXHLqjxSq>C%5Y{qPbV|4{drJ`QXF&54F8c?ugcYqxJth z^X^;zyZw!~#f@`~KN;_}z1i&2y@q>Hu?xZ-q8dkiy)?3Wv#;lWZCda2&LGo^CYN;{ z5ldW@F28O%A2#~e&wg$9g;)Hlb|cya-8UZoDM$>;YjU_om$xymS!iqTm}YLxicVbk zW?9j>qVIGQQcit$@w=KAw|@U~O-{}A<9nwKyuRrAj~C~h@%gd+k72p9(|d-s4O{Hx zy>s2-QHwvnp4xKg=U;v9QLLOd)?%(f;j+qhXVlf_|E}AFAe}EasV)k1AyZk0CeU6U_A!_-*Nzu&jEmv1As^l z0B&;t;Ku>L4GsW?Z~&0X0l=pm09@k$K*IsRCJq36IRMzs0l+UD0Jw4h@FxcVaU1}= z!2v)q2LMet0GQ7Kz#0w!u5bX*k^_L3H~`4x0N^MG0LwW5c$))&ha3Rx;Q+v$1Avhn z0LE<(1inl4>$mL zkpqBm4gmIY0PutZ06Pu<5;*{Pmji$T4ggwk0Pu(dfb$#xOydB+jRSyz9007~0N`g1 z09tVX@EQjI@f-kr&jCOk2LOXO0GP=Ez?&QZ+~)vbBL@I&H~{eC0N@A*09QExDC7WO zHwOTXH~>iF03d<`fax3ne8~YoPYwV!a{#b|1At@>0M2p%(3}H+4>cpD0~`RPaR6Y;0l;@00QhkLaFYXoqZ|Mj zIRIG30l+I90QhnMuz>>re+~f7a{v&^0YC}|06RDUILiURS`GlBH~_fH0YG0401`L= zn92b_BMtyQ=K#Qi1AwO-0Bqs_U^NE-J{$o2%mF|i2LK@)0Nm#Qpg9Ks4>$mD;Q(MJ z2LRu50Pq0^03A61XvYD-7aRc8asW`s0YEed06%a5@G%Df*Es-~!vR1t2LNL@0I=Zz zAdCY5Ck_DCaR5-w0e~w901G()DCPj59|r(Gasco;2LSdQ0KCBgz$p#@nsNY;#Q{Jd z2LRz50NmgJU1r7id902s<0N@=C0ETk_P{jd2OAY|;Z~&0a0f0RIcRnZqfUh|K*uw!p zZw>&aa{!>_0N@V}0AA$)U_A!_V>tk5#sNSb2LRhS0C=ARfF~RP4CMe|4F>?PaR6ZA z0N^kO09!Z!=)nO%1_uB|8~_~Q0Kk(206hl)`#AvUzyUyO4ghX(0I-b%fB_r;OyL0F zEe-%mH~@H$1At5p0CsTz(1!znH#q<(^H~?_w0AM5s055X@@FfQT z0UQ7vd~a{#cJ1AwI*0QBboz>x!hNDcs6Z~*Wt2LK;&0I-|`fa4qh zbmIUZkpqBq4gkD30Ep)R;2RDAc5?vm69)hd8~`-t0AM}`055U?pyUAHGY$YoZ~!23 z0I-n*05=W*&T#;6kpqAn4geN$0MMQTfVLa}jN$;`D-HmbZ~#!i0l;1k0J?Gj0MS2_ z06_H5BmfZoGYJ4h|4ae^(La*_K=jWf01*8%2>?X@OacJWKa&7J^v@&!5dAX=07U;x z0szrJlK?>U&m;g4{WA#wME^_z0MS2_06_H5BmfZoGYJ4h|4ae^(La*_K=jWf0RJC# z?*d=dRi^)M0&OWtPf<}(qaIr*p-n=dp`{SooZK&m97E?nBEXt70& ziX)>{qoSgsMny%f8Wpu_)u_yf+L_7BFxnYAGjRsTs%QfH_kG{B_Bs0`C)C@_=l`eO zdG=X*t#@7a+G{=gec!bgs(;l0p!!!00IGl00HFF;4FIZt)c~OSR}BEFf7Jk>`d1AA zs(;l0p!!!00IGl00HFF;4FIZt)c~OSR}BEFf7Jk>`d1AAs(;l0p!!!00IGl00HFF; z4FIZt)c~OSR}BEFf7Jk>`d1AAs(;l0p!!!00IGl00HFF;4FIZt)c~OSR}BEFf7Jk> z`d1AAs(;l0?6Cv@)xT;0Q2nb00M);008ss_1_0H+Y5-9Es|EnoziI$b{i_B5)xT;0 zQ2nb00M);008ss_1_0H+Y5-9Es|EnoziI$b{i_B5)xT;0Q2nb00M);008ss_1_0H+ zY5-9Es|EnoziI$b{i_B5)xT;0Q2nb00M);008ss_1_0H+Y5-9Es|EnoziI$b{i_B5 z)xT;0Q2nb00M);008ss_1_0H+Y5-9Es|EnoziI$b{i_B5)xT;0Q2nb00M);008ss_ z1_0H+Y5-9Es|EnoziI$b{i_B5)xT;0Q2nb00M);008ss_1_0H+Y5-9Es|EnoziI$b z{i_B5)xT;0Q2nb00M);008ss_1_0H+Y5-9Es|EnoziI$b{i_B5)xT;0Q2nb00M);0 z08ss_1_0H+Y5-9Es|EnoziI$b{i_B5)xT;0y!jv1zY+jc|Ed8%^{*NLRR5|0K=rR0 z095~~0YLSy8UR%PssTXtuNnYU|Ed8%^{*NLRR5|0K=rR0095~~0YLSy8UR%PssTXt zuNnYU|Ed8%^{*NLRR5|0K=rR0095~~0YLSy8UR%PssTXtuNnYU|Ed8%^{*NLRR5|0 zK=rR0095~~0YLSy8UR%PssTXtuNnYU|Ed8%^{*NLRR5|0K=rR0095~~0YLSy8UR%P zssTXtuNnYU|Ed8%^{*NLRR5|0K=rR0095~~0YLSy8UR%PssTXtuNnYU|Ed8%^{*NL zRR5|0K=rR0095~~0YLSy8UR%PssTXtuNnYU|Ed8%^{*NLRR5|0K=rR0095~~0YLSy z8UR%PssTXtuNnYU|Ed8%^{*NLRR5|0K=rR0095~~0YLSy8UR%PssTXtuNnYU|Ed8% z^{*NLRR5|0K=rR0095~~0YLSy8UR%PssTXtuNnYU|Ed8%^{*NLRR5|0K=rR0095~~ z0YLSy8UR%PssTXtuNnYU|Ed8%^{*NLRR5|0K=rR0095~~0YLSy8UR%PssTXtuNnYU z|Ed8%^{*NLRR5|0K=rR0095~~0YLSy8UR%PssTXtuNnYU|Ed8%^{*NLRR5|0K=rR0 z095~~0YLSy8UR%PssTXtuNnYU|Ed8%^{*NLRR5|0K=rR0095~~0YLSy8UR%PssTXt zuNnYU|Ed8%^{*NLRR5|0K=rR0095~~0TA225CF0L3jq+@zYqYi{R;sQ+rJP1vHc4H z5Zk{H0I~fG0TA225CF0L3jq+@zYqYi{R;sQ+rJP1vHc4H5Zk{H0I~fG0TA225CF0L z3jq+@zYqYi{R;sQ+rJP1vHc4H5Zk{H0I~fG0TA225CF0L3jq+@zYqYi{R;sQ+rJP1 zvHc4H5Zk{H0I~fG0TA225CF0L3jq+@zYqYi{R;sQ+rJP1vHc4H5Zk{H0I~fG0TA22 z5CF0L3jq+@zYqYi{R;sQ+rJP1vHc4H5Zk{H0I~fG0TA225CF0L3jq+@zYqYi{R;sQ z+rJP1vHc4H5Zk{H0I~gx2|#TBLIA|}F9bkr|3U!7_AdlLZ2v+4#P%-)Ky3d)0L1n$ z1VC*6LIA|}F9bkr|3U!7_AdlLZ2v+4#P%-)Ky3d)0L1n$1VC*6LIA|}F9bkr|3U!7 z_AdlLZ2v+4#P%-)Ky3d)0L1n$1VC*6LIA|}F9bkr|3U!7_AdlLZ2v+4#P%-)Ky3d) z0L1n$1VC*6LIA|}F9bkr|3U!7_AdlLZ2v+4#P%-)Ky3d)0L1n$1VC*6LIA|}F9bkr z|3U!7_AdlLZ2v+4#P%-)Ky3d)0L1n$1VC*6LIA|}F9bkr|3U!7_AdlLZ2v+4#P%-) zKy3d)0L1n$1VC*6LIA|}F9bkr|3U!7_AdlLZ2v+4#P%-)Ky3d)0L1n$1VC*6LIA|} zF9bkr|3U!7_AdlLZ2v+4#P%-)Ky3d)0L1n$1VC*6LIAw^Uu^$E0L1n$1VC*6LIA|} zF9bkr|3U!7_AdlLZ2v+4#P%-)Ky3d)0L1n$1VC*6LIA|}F9bkr|3U!7_AdlLZ2v+4 z#P%-)Ky3d)0L1n$1VC*6LIA|}F9bkr|3U!7_AdlLZ2v+4#P%-)Ky3d)0L1n$1VC*6 zLIA|}F9bkr|3U!7_AdlLZ2v+4#P%-)Ky3d)04`YqAhv%Y0Al+W0wA`3Apm0g7Xl!* ze<1*3`xgQrwtpc2V*3{YAhv%Y0Al+W0wA`3Apm0g7Xl!*e<1*3`xgQrwtpc2V*3{Y zAhv%Y0Al+W0wA`3Apm0g7Xl!*e<1*3`xgQrwtpc2V*3{YAhv%Y0Al+W0wA`3Apm0g z7Xl!*e<1*3`xgQrwtpc2V*3{YAhv%Y0Al+W0wA`3Apm0g7Xl!*e<1*3`xgQrwtpc2 zV*3{YAhv%Y0Al+W0wA`3Apm0g7Xl!*e<1*3`xgQrwtpc2V*3{YAhv%Y0Al+W0wA`3 zApm0g7Xl!*e<1*3`xgQrwtpc2V*3{YAhv%Y0Al+W0wA`3Apm0g7Xl!*e<1*3`xgQr zwtpc2V*3{YAhv%Y0Al+W0wA`3Apm0g7Xl!*e<1*3`xgQrwtpc2V*3{YAhv%Y0Al+W z0wA`3Apm0g7Xl!*e<1*3`xgQrwtpc2V*3{YAhv%Y0Al+W0wA`3Apm0g7Xl!*e<1*3 z`xgQrwtpc2V*3{YAhv%Y0Al+W0wA`3Apm0g7XqNpe-Hq5{(}Ih^B)92o&O*J>ih=* zQ0G4gfI9y{0Mz*p0-(-+5CC=lg8-=W9|S<1{~!SB{09M0=RXL5I{!fc)cFqrpw52~ z0CoO@0I2gH1VEktAOPz82LVv$KL~(2|3LuM`40l1&VLX9b^e0@sPi8LK%M^}0P6e) z0Z`{Z2!J~OK>*bG4+5ahe-Hq5{(}Ih^B)92o&O*J>ih=*Q0G4gfI9y{0Mz*p0-(-+ z5CC=lg8-=W9|S<1{~!SB{09M0=RXL5I{!fc)cFqrpw52~0CoO@0I2gH1VEktAOPz8 z2LVv$KL~(2|3LuM`40k6ZwY`p|3LuM`40l1&VLX9b^e0@sPi8LK%M^}0P6e)0Z`{Z z2!J~OK>*bG4+5ahe-Hq5{(}Ih^B)92o&O*J>ih=*Q0G4gfI9y{0Mz*p0-(-+5CC=l zg8-=W9|S<1{~!SB{09M0=RXL5I{!fc)cFqrpw52~0CoO@0I2gH1VEktAOPz82LVv$ zKL~(2|3LuM`40l1&VLX9b^e0@sPi8LK%M^}0P6e)0Z`{Z2!J~OK>$8z34l8PK>*bG z4+5ahe-Hq5{(}Ih^B)92o&O*J>ih=*Q0G4gfI9y{0Mz*p0-(-+5CC=lg8-=W9|S<1 z{~!SB{09M0=RXL5I{!fc)cFqrpw52~0CoO@0I2gH1VEktAOPz82LVv$KL~(2|3LuM z`40l1&VLX9b^e0@sPi8L;Fp#Fc=NwH|3LuM`40l1&VLX9b^e0@sPi8LK%M^}0P6e) z0Z`{Z2!J~OK>*bG4+5ahe-Hq5{(}Ih^B)92o&O*J>ih=*Q0G4gfI9y{0Mz*p0-(-+ z5CC=lg8-=W9|S<1{~!SB{09M0=RXL5I{!fc)cFqrpw52~0CoO@0I2gH1VEktAOPz8 z2LVv$KL~(2|3LuM`40_%I{!fc)cFqrpw52~0CoO@0I2gH1VEktAOPz82LVv$KL~(2 z|3LuM`40l1&VLX9b^e0@sPi8LK%M^}0P6e)0Z`{Z2!J~OK>*bG4+5ahe-Hq5{(}Ih z^B)92o&O*J>ih=*Q0G4gfI9y{0Mz*p0-(-+5CC=lg8-=W9|S<1{~!SB{09M0=RXL5 zI{!fc)cFqrpw52~0CoO@0I2gH1VEktAOPz82LVv$KL~(2|3LuM`40l1&VLX9b^e0@ zsPi8LK%M^}0P6e)0Z`{Z2!J~OK>*bG4+5ahe-Hq5{(}Ih^B)92o&O*J>ih=*Q0G4g zfI9y{0Mz*p0-(-+5CC=lg8-=W9|S<1{~!SB{09M0=RXL5I{!fc)cFqrpw52~0CoO@ z0Q}k#0CoO@0I2gH1VEktAOPz82LVv$KL~(2|3LuM`40l1&VLX9b^e0@sPi8LK%M^} z0P6e)0Z`{Z2!J~OK>*bG4+5ahe-Hq5{(}Ih^B)92o&O*J>ih=*Q0G4gfI9y{0Mz*p z0${xV7e8UV|8KsjO%QRDsp)THtLfB3t``~T5r8Sno&*BkHu+8d1b{~hl%-v1wT zjrafGW*G1PUk8l$|Dm@U@Bf}Wh0e#CZR&K5V@IU;Jz1{eR)p#{2&#FEif%UmG^w|GCA+`@ed*@&3QE z(|G@H`H}Jdf9{uz_y2*XjQ9VYe`UP?|MlI*`~N-9G2Z_dZ#LflRYBwZ|Mw-v`+w{E zjQ9Vye_*`-mk%26{{`EP_x~p&#{2)ow~hDzzD36S|22PSy#K#cV7&i#zR7t1FFajO*AC33_-9I$m|JURg@BcjqjraePZ!_Ni%hHVZf2hxR|G)l2#{2(6zcJqb zFaMPB{{QPrkA|8t?yi zztDL9f9JgM{?FNJy#K$FYrOxjyT^F{e{95f|8GBSy#F8kZ{z)c`)7^!e`}-h{!e?h z@&5nFTa5Sreg9;<{~!OR@&13o-x%-z%5}#3|L>ZN_y7N_G~WL|J7v88cYNM>{~sMS z-v95o+j#%ql5V{JSAE5J|DWDwy#N3Ge~kD4jR%bP|Br4r-v5W6Hs1eVUS_=izxSWU z`#=A+#{0iwmGS;}8;tk={ckYd|Hs;l_kYv7jQ4+Vz489nMJ7vuf^ z>VGrd|3A($-v2N9y7B)1OuzB||HPM#_y67(8}I+fe;Duo(k;gO|5t08Edemz|Ns4% z@&3Q(?~V8Wrf(VV|M&fa@&5mhe>dL$?R$;){}<*O@BbB5#{2*58;$q>KQ$Zg|I8`l z{eQX4c>iyBsqy~*tNq6Nf8h7V`~TWIjQ9WRK5o4KKUHnK|NreZ#`{0;3gi9%(w`ge z|6QAm_y75|#{2)&tBm*mTkDMX|L=Ag@BeSS-+2EoU1+@jw|&%j{~tMLy#IT@VZ8tE znlRq~;pZ9e|9g)c@Bf4EG2Z`c{?&N@4?SYM|NrLs#{2&RPa5z4pT5_4|F_f_@BdF1 z8Snp>_y4orZoL2B^q}$n zubF4O|3A0ec>n+B1>^l+@Kxje|EkNz`~P^M@&5m9rt$v&{9@z%|D4ww@Bi$L#{2(= z*BI~rpAQ-D|L(ht_y1!bG2Z`kUu3-hH;)_d|B`!+_x~$T81MfNA2r_px9&0C|6g2S zy#K%Y@CPjcFy8;;y~g`Lz212LziW>1{*T^fy#H68G~WOHzcSwczj?0l{x1s~@Bfhx z81Mhre#UtJFFIqq|NrF+#{2(yA2iB*yVo@+vR_c+U0+9?DD@_yZrACyZrBicKP4m+U0-0w#)wx+2wydcKP3% z?ef1myZo=&F8>>~%m3bKm;b%dF8_PKUH+G0m;XIrm;bG{%l}?%m;YU`%m032m;Zgu zF8|B5%m1qF^1mx~`QH}1{O`GT`QHJ%{O?Y?{O@1w^1t`k<$o9L^1mv({O|AW^1rQi z`QNwg^1tPF`QHM&{O^-?`QHh<{BNIK{`VTY{O?Ps{?!Cvm;Wua%m1FX%m2P>m;c>u zm;YU3m;ddt%m1FV%m0?y<$oc&{O|R4`QL}^^1qkc<$r%|m;XIsm;X)L<$wQWm;Vjg z<$t^F^1pwy%m1Elm;aU9<$v$C%m2P(m;dG1<$qtX%m1#k%l|%Rm;Y_I%l{s<%l~e- z%l}&K^1n2@{O==n`QLr0{?!Cvm;b%MF8`~v%m4n)F8})DNv<$oP^`QHoe^1qMU<$q`F^1lYV{O>Jx`QJ^b{?!Cvm;e3JF8}MZ z%m1Ejm;V*o<$v?-^1rX!<$n`)`QJa-<$v$B%m3bBm;bG|%m3o*|LpR=AK2x8x7p=? z`|a|-SKH-(Keo&NUSya5ea0^T`-ENox7RNJi`eCVrFQw>uk7-_JiGkwzwPqBd+hSR zO?LU;`|R?+|FFyd+U@ecFWBXOE9~;Wv#9>n1Yno{W!mL`m+kVu4R-n8U)kk<19th} zwRZX6>+JHsPub;v|7Mr}1?=*_m)hljyX^A6^LF{)DZBjdt#ja~lt0lWO~r*`>Yi(UTr zX}kRIWp?@BuwDN561)7b*e?J3mR+DR%r5`?tX=+h&MyD^gz(=OX*Z_NnS1TEfd$uJbKMPd19KPL5XhKw-8FO4 zuDk9U=X$;=n|9+h*E{JBY38P-Eokj+y?qrsd9}#FrW|}rX7wEce2_(eZ>$L9*w7ps zoFn0TJ65gAm%pUg+aXu>c9`%Sb3s$>?a)MkTx0VJb|cfjF+OXi+mNvtHD7=2YH7`J zDq8wFpacfxvxRnF=HzY0`S|tp2wiPj1u2X9h@I@e8q8T0%xT~| zt~oLJb}Cz#ACeF7t#xubgHDco^18d7lVXkK=$j5hkBC4)OtRJ~}GD@OYggp1a8|rxg%jjo)^fhO&X;%P zPfqae_z7pxKKY)slhadru(Q9myUc7TC!ZZ0=xtw5mcg8G(7EdM60V1O+k=OC2Ke%` zJvqRandJ+lv?gDy9pDSw_8W_Q|2qq@E4q7@-y>hk=9_?Ki(5Wp7jECrR(C6NSLL!v z-}G?#Kxs>RpLCR*)?Iux+I-vE!zS)d{9HbE9skj}KYq%0uw<rZ&BN8{41Mek$9a z#3z97Eb`UrmbRj(?9b<0kX+m0_2Z;}u7waa&_FLjTz4}-cYu(IO-Q^?hE&J&k^0jrRyC+D) zt?(LDze{Ob1c}ZqvV9L95AKuilJmP(K2A(NiV@j8y{T`!;uf{?`QK3 zK4jV-<4(zz<7}rB+ec7qR6fkvBwwiY&UwOYXkR<~pZBvnA)njiTi4xdJKOtruRXA5 zt$s;*?W)|owLLw%WQ>pxhBnE5KTW#lqE~P!+lpL`or|cpK1aW%9sejZACuy)^VphV z@!dm&wY4{y3et)67oVe#@+Dh71)TVHvJ*_4uQy-&Ew*2i)(^BMJ{4+9Cm-uItz9nP zNjIl_@pVu8O7k6GXxh z>g_hHKZ5ehURm$xFWJvnuC4dwVs?q|<-@yPIYS3pI{UpZ7*k&PpllucwAQg}qm4yS zlRs#IejIk?sylP@_;01`2RW^St(BoC{?TpO?LayZzs29nx#Iu1{1)w`>vdD;Tl7&QhJDzUOZ}E)(HWQDlboG& zuRkL%4`e}YsLwP9U{a+vFtJceV6sNaE(i1BAnCI9$vCD7y zOXbe@>5Sk%Eq^oaXf2Z(!G4(53=Hzc+C&4bFlqRFJm2I?owvEwUgL9bXNi~8CNtY8 zk>`4E)V{?V1c>dOF2BXQN}zWNg-8sX3DKQxUPtswmvnRch?(4LQkCp)jY-sE@n0Z+!Xf{y;K=-mY}#ot}fvGVR>#0Aav1bimD=uj|}_%J-5 zJ6`EUU7_h5Z?kzF%FAU|lxc;XXZG~T$pYs<@?^2>kNwX4vUqx#zWY0bw3d_>ZDI$U zM4o)4-^>6ePu~;au?RCMB>mFPwwoSg$q_vx^;mKBF@QFF#ySy4b_$RIDYz;xFIZd6 zr}BMNW37HETANfaOyBT>h}&-Q3=*9B^gc+EsV0U3nK@@9Vc?zlw0@z^P`#a$7~%AgU2{d*x$3&?ew(kXYKEEV8eFDIlOwxExh9o zJA%{VIn#cNoQr>;ymL05N-N zJyAR5Mj}@~^0+RC7teq0h5e~0vSO6s8!5^mVRB85KUMzpbe_Dwq|E7gT#FN8|=Rfzt{!|oMMN$r*d{35y$u&8=us;_)d4EZne@vN9Q?NhF^lex;GoF8s9VRHVb9%pxOKRFI_G;{nha`Jrf zFHn}V94CBbTIf5URW5NZS~(ZM*j3U*?6tyaaq{f%W7EQ8wAEJH=AD1wQAoVIo+0ik zuHVSr#iVT~qE`ISzANY~`8YkaIasbF3J=$61r-UP}~ zN;hxn?{RWG?SzxV3%(d{;d&FW?{T06K-6G&zc%m|hEa;34JKT3Ba4dL$ z9pGNRK+bk>hSD>8fphl)r(lJ%mdw{KaF(rK#$L@J@q-U=yxitidQf(CmG}6wFK7OE z1>+gVu~%{&=3V2}^npQ;Ywvz=%Duqhyv7{z+dKbr(J$-lk-wbW>E&vs%%^R+3;!4M znVzrz_eGn(R}TNR|BLerw%(F|c+=YYzK#Ypj7Fp%5D;!*lUr8tehQngp$uV&x4BP&p(b*JJVNb1EZtn=eN!1K0+1pIM`k zzx!^IV>&QK+NHYbDZShnYmw>g#o{PANIR8j2&nf{5ML0IK%J5@;TIHwN)sbMkLtHMAc%Ggij@fdL9azz3 zY9qJhs?O84w+Ph&`Lp)6pi`ro-OCc~%GKk}l!6iqy>grA#eBI*p?kZ6IlJXHu0tl9 zb#p4aHg@&21@rDe?Id?7(LV8}4DRo2kyMmftL}^AYeOQ)`zsbvZ^KlL&E4`!671-S z^#!{I*phaaY-h}VUb6Kwp|W)({V!OYC~~44sRgsau8y3(TAEuTHXd8f)1P6k<2cNb z=Q|>2cwgkGWlL);XY_kEmQ(8*nz7y%wqq1~nz4<`8Ok&^@Dq!gYzv+o5;w+~NXZfO zVsVWV-^D#g64w@0sSpupY^?2=-kJY&Cq9YcyHeBBU(`;+vPbER3!&X&9G@1By>m}{ zZ;ZXN``Mpacj@NFq2>?b#lS9l(*j!)g$Ne2xv2j){t;|_D-H&o-B|4~+7cr;Gt{4k z-Sfm~EqjWaB>syXEq!9-W4}}*YDQ#{?~i2j6_KVDjP=m*g=-^B3l=eKxYuts4N7sb zn|=6_F3RrU?2X>l-qpkH?`s!d5o#}wQKEs88b`Y<&jdT1vt?q^rQY`a*w)+Pr7RB3 zDn;6g-5S|J9gBD(C-$@4tEN!ds9w(O%?sj+qP9}*qUryre%RJK*52MLL&^S5c4DQq zlJb)dqFyX)C*Nkg3((_5`(*cIg;fS_H(g2H4~jbb`+PrrrzP$E45589Raj&rJ4zW9 zdvcE_SS6HHK!4DN<;0(wQY}8?X|b>JV)Yg?xzyHH*Vk*?@EAD6p5wmeT82i;>#N90 zbbBu@9pY+n#HL}Mj$mwH7oH8`XW`7&4P?;rWo`y9vc;bS7o6Rl>}cQH!+rI~A&DCF zb!RXv$n6rJ4b5xWNI6klHOm|d_IG&0qfZ3!V=et1L1X5SF}07KNO{V6qFUSAx$o3F z;gID^Nu7F8-L~tzf?*G;%C4t)4w;@sRfBXJyoT73x;N3ouv-{AvW;&W2p0y~L$!OL zYnMN^NEy&g)8j^cwziJ4rD#$+$Ze8sRQ)dqL9MpkTv#VTq4WIv$=NCQcN|~m_yos0 zIUeTd<7ncj=D3sNW{w*@F_$BuFh&m>T-GJ7O}L*dlRd@7HAh|+ z%-M$at}qwjRlZ3#u`w;vv82`4u*8HZL3BeluI2iQ{VlyKdI!4MUphC&2)>2;-yZ2~ z(b3d7n3S6AxLuyI(o*A;m+Sw)ZB&>qH@_*D#a+=Djp{^OH<6Wi)|~h zlpZQ=>5Z}-uWZ}v-DC~7L5aKA+987o@42{L`EI`cwp2{IhTcaxsaL}SI{pEv2@Pz4 zBDTa@c6CPC`?*iNoDQt_1B043KXN0u7$5i; z@H#s8bTCdNo+qMq<8vwYlz3P5cVoGiN!Nnh8!^xXTcQ|Z+71N~AOqArGX5mw(x35R zHMf(wS#EAiH{HW=8af~`Y@pi@N9$6DrtW3^*jL)S4p#Y2kp2G93oZEC29abIfU*s?4 zHEDB$SYUZ3g7Exy3a>65?QOZi&@SEyNyVE9bC-6vKRk&LpSBjEnmq&hYQTL_ztiks z7L!e1=dLKzN_X%;FYG8$_BY&YHBx_n(%S4+&Es@!!(g1wk$lr}b&=Knb)?-^5HQ)Ss0l(V-cUcyaW4b=+r!77H$m)YTR@)zmiClx}H?)KzY-UzW{N zwW4o;2fVMNXCNwcS6?V?uM;ov0}C8BG;jZ7AA>Jmm~ubJ@n()ejy)W89P2rjaxCPa z3hK$K(}NUR9>R9f|A`s`YRu%q{2iY`WQL%SGAQUA8owZuGd1k)6aE)>@nr;L>v+q5 zWvnw2b7X=dc6;}J=e921>~1@tf1{n<`<&ZQHUcpeq3qVav<=T&o6PC&itSe2i4h}{ z1)ap{Wq{#1>sx>4>eakE=-Hij`o=pE7~HImn*DUH+(g}K;#1=ay42bg1AV=6;)F|@ z;QV!=x@}F7P=jh{OrHMPjmAqFQ@x6sQOqlKuCp|6)j?cHNQh z>|#|!tB`0AhA)TC8+ejC9B5y8&F$b~hmF)F9xeE9ZM7!T6S(1p>Nq#&vK!&J=v;PB zbNJ%~`F+7nPPfp?IYD@{T;n)*B@rj)orC9ydyJ!Smb@je|Ev6+>#589%dX&Ai*oKA z5gT^lxcf%8adF&Lz{w~a*J{*TRj&Ype_(RkF zCE}eXzq1_YI4*EphOk|+Q`Pb`i4!Lw`|?Eebw#xtM9l| z=DX>ehwtgwyRWM|b|1>m{Ra*nx<5HiYKao((5~*b-ralFw3ECwcHhCC{*?m3im|WM~RZN+xHc%YO(z=@*yU35+Bu=QMXjgG-Nn2@q+3xZ^6&;nGReP)V zg`*p~YPxHCBC(D4)%Di*HS}*9*t~zsfvpF(9ol|>q7JvM5E+TzIjIXQP0(aEOW)Jc zxp!Z*i&qk<@<6=KvnQNAoiE=eDM#*#M97~aPh{Md^XJQGe%VboFIjravaIE|-j;hc6X(WqBmsr^5y2Ny>0!yFI#czJ+~Cx zowa<&&IevzxOB0g z95IdvzvYM_?=Z(PjuRZGInHvNpUs? zViXs%$A~eB%Hzq)MG=!oFKY-6kfYv{xP47c4&A$Zl-z0I?6Mvo2TY11uK~P+Xhob0 zd6(Ucm6zQ@4#DY1#241=JC}H|X}=}xFvqbJ;nU?l)9)ZMg8MdMFgVodr5=#!XrRaxfmLyEe~3&X)FF z<|Q+y8YT3W(xUp>;_A|dwbiBDd-a^|8sml4)&|Jxl>cy5G^t-n|`S(GbX8a2a?(dA5`_|gG-w``d&x)>Cz71-@ zYS7lwYkX%`?CIQX&-TXJ_t?`IT6uM?S<$!OJKGyu6_0q(p3!C$bfB%XXT^b*{r0S9 z&mNm6H>an!#Rl(=wzS&QgE`o(dVBizdDprmYwc)g&v1#>)2^1@eQoGMtT11qTxpM7 zX@p#{94w_*1H2M;*T#2u6F zDB;<6PP!9d6m(wXIKyBTI0i<*i8Yh%<6z@mlkTESEPrBJJC13CuIC>A|3nB;112YRJ-9|79j)0@! zB`_m2>6X9&3W_G(i{J>@d=u%wVKBRR(tQGqmQaqHsSkJ>94VzfONa*!g4t!0?ip|l zya3bjse@nx_!Dpl90yN; z1(8X2T&{zcBpfWcm3nNPbhm)U(a54932y6r=z!P9W{iOS(goBsBDKL^v z`UcX2!{8}!92^BRH%+?dz(H_+4)Hcmx&>hNmPz+fa1gu*j)R40X-BrwZeZp%+8-t! z21~$k@Hm*U9r+Rtj)EiL!aT~ggLVc7!871E_%xW&NWP3hQ7{k8-Z|+$0*-^uD#Gub zblbpja8!P`aQ|)xchR2tj`L=)0vrY#!R*#a_arz9UIa7RCS9}}P9xY4PJx%ea69F` z136#^I06oXgS+Y1yfux2ZQvAm0vz8r=`P_7Cmba{I02pqhkCf*>yQ(hbdQ1);21b~ zAMIE`dHU$T>ybY|IqxR^e)0#S2f43>lWXr~J5^IGn6 zCFOoS_n{gbB0ZS>hDrAV*a&8Xkq4dxGmcYFnSa64;KbXgXM}n^LjGXp+qvHxDHpgE z90gB-Bkv&pI^u)J!0dNUx{raw;QV^Rhe;2Pyqop_8{b3!Zs0mt0*-?*Z~{C6W}F~C znEhVbcN67%AMFY@zMp=&nev=O4mbra*+P9kK)ZrNAEKXZMILwp9Q-K#1RMbuZ=*d% zCf&o}5cnuK20ksnKSuuBsn;j?y@PNt(g>cObe|IZB+vCu}z^zvXMcnlnW@swNeAlF|)Ja7V>0;4a*_wfkngRD;jhi^jO zYq$=c0JE1&xs4Ce9?PfP`A3m=>y$eRPGzIte;xJ7opO(WQ{ep9Bj@%h_skIafEU1F zaLF6M{3$o%jmTL&CO}X>lhMWrG zzn%D%*eu>be6R#8sG4$z!9nmG7-qf3;&;(sz^&jo_y}0Q+Ki{biH%ck|GW8JNBe+d z;Ntgy^;7QSU}gjIPmpdi@!kt=A^-Oge=G99A@DdD-8SV`yr1}u+~<>A--(sAb-&X4TA=<4CpS@GG7kCyN2A>AQ9n|w9#0O7-;l0%7qsRd-f#H4J_YvZQ zN5R1;`FsqyU8Dm?!LwjN_mrFUarz;61RU*|a`Qhyd&X$r)5z~7Kd`ZX%ANQmzrn?y zqFe*W1&6>(@_Rq|eVTfM&Kc4lpuc>E`W{4Q4~~Gt;5ax2W*?$oe3twMxgVdSysxDH zK1w;kC^&U^%6$UNeid>)Py6G;d+H0s!zX*u7s(ea0ms08a2z}eW;{fH0yDwK!7w-l zHi8RBi3di&p@(T_a1=ZXPJk0&!BOIUiFN}Ez%j55%zQ2K!6EQGI0`ynCj51*Sp~nE5dHEj^4`Fj4sZ-S31+^L`0^W!ewFKQnsOfnN8Uoe`#R~5b6*~# z+<#5~0ms18VCGv{w*W>Tq20ehIJoAUO-(&w``i(-MA) zcKAN|ew21QM|*yp`}a4L>oocOE!RIqfBzwJz_VcXr^)X;^#$9&>@$=DoB)GAqP(A> zAA$v71kC;{&nY+x=Kq-AkJ3Irq1@nBF!S@=cW@BQc!GL+dNScpRMg2G7Ai5&muN-v#72|1U!@4o}DaNod;xtHC?CMoB<%kHC7;5C=s#>=F?_OiR^3gy6# zbY2j};)nd1zD$H8&%aj*dUz!W$VxanKkUofsGekANAgC@0u>`(-z4K6387>~?@7;1D=keAyiX2g@$I&DSHZ zf_4ELD=)kG3y23E0Sl@wyQjd>e(C{+4^rNA;@wYra0*TPCBsh71Rs-D3~1}9#{xQkD64sZ=;(J+YgR|BVhC$$N@*+P5Nh1pZC%(U=(~B90g0BO?$r&-60qS&w|6? z1ULpReh&41KXSn_@En+V5}oiO!oh5C5ZnrmgJ-~k51?;;E^@#qnE65SmEYi!=OG7- zfZ-2OPH+%>0-OT#pHDlU;=X`GAHM892@Zpoz{ZczPK%NEQFPT{7#s(O!R!~1ZiMUL z6gdBd$o<%5w+$QtkAYL*1+ekslr?=hZBaOk_py@l}ak^eH} zfD_>O_jwMokaLc904Ko3%W01v(tfv6?(^Iaa2U+Gjq?1M_~6h_Xn$}5EX<}}Phc+q zhki{)j-~`wY7F>75Jp+z_^Fqi4 zOTe-DSKJBt4Q3Y6f3Cm6do|(UDKK*Z^1(r{q8Pb1TybM1ga^0|M!_e+F)*u?`rLTM zEdWQKb;Z31Wbbcs36_*Ne51V!AgEF zzT!RtX1tJmz$lnqML2j6oC1%7(HC8D&x08+x#FIzCLAmX(~d7g&IaJ8&OQzD7fM-+ySn?!n$d$gNqxv9^yBcT}u6S^1G69gPB#_&wFVH@CX>LroF+T z4V1SDtOc8CpE~N*LOsB9U_m|o0UT?%;*RYi-Da-0A{TrDoB;FNsOJ{i4IJ5uoOa3s z#=z*dEAC@pcsucSQ;r?n4=@Zq3J!u}65dGv+(Y@AuDHiK2p^!`W5@+hf)o2`hx@44 z0oosIJV^a|2?vjYV~2Pi`pEwQ?qfgo8Kk|zf>%(F0pcH~y$;YHUUkJC0UIAA|AUn8 z2yzb*{ukAHj@a`rCuF=esD^5z75;+5-%~hyD$Yo#Z)uh;n?8c6pe1U>J;^qTWY||6$q_ z%={?ze=YJqcEx?_b;SQTa$iq;@F+L|j)CD%Tyf_Q(eB_@aOgDs2h8{+`M&`l73p~Hz=)Y0!Q`Gn8 z+}{rq{}+@O9J@$6fSJGKzDoH2(4RlT{RWSM6W}OV@GI^gI0iO;SXp zxb6@*k>NM0S;bAexD=$^{(6YDCJ+^y2rrA4A&j~JQyGzSa2ipzCgLb=-IA229AUCzl8kf5Dt!kr@+ib$OXgCb=|x#Bma4> zdk)N8?7D+rLH-M<&sp-%B>q=P2c8F~UPAr9M!qkleqZM|corNA(hiS-H&LE%(B3z@ z?i1kPQkVBs!j};r9LsXu!f#Q(TPgqJlsgxB-zI(@^1nlVD_!@|@6wK|TsL!!`mUy( zzDN1*pnl&c-kq*{8f*k7z#%aB1IiD^z|1wSI}C>JqTc7`IEx(fZ_fR7&YZ#db6%7& zZyv*d6C^m3Bl7RRcTcS3Brv}$kWqDGdjGtG&OI+&ck8MpH!UQ%kYntH=*~g;m(9_@ zk(G&FUjjmb`46Rq0vQj^Ee0 z85t*$@dz^HT>8+%(sv({zWd-j8ml3YS1pZ|71D;Q2n370^9a4`>)gk0QqFG$<`o5k z56*jN?!(kWA{Pbnh-{wM`8-d@$;0bg{ya8ol}q*E+qb|cFPvWH|5=e<=DSGUDQ+`z zN0Iw-&S!bTBdc!E6YY##oyw|Mu8hdkuF zbs>MjrOzc_O{zx>xmnjZ&Ux|(U1j{(6(}eT6jlZD+P$vTpuLd5a3HTQMV&UJr`2oR zGWjb#mZ5{V{3l!vI|e7+9?oZZPJ*e%u~LR~87_H{s{>1Th7yB7 zic*)P6UmWz`I60Vz0EH%M>p86wWu_(xXj+A#H1l<^XKy|Qp)gVBW;+p`B%9o z+r9fx>OB$_`goLk;Wge(qxIYLTpzKLP@tkT5Do<*gm3oZ)bS8Zo6~tjAH3!@X%EeN z7*b;AiQ0f94{36)XHnM7>mBC;WqqdSZIEDDsAdez})wRcX;a$84#feRZ|PSwoHnz7_5%GdC+Np}@x zmHs8;!;C7VWUq$J{ZH|)mJZZgo!k;J8LPUFb<$~l)%NUlV z^TP}8OTOX=2N_4EbJL{z55O$XR9@Pfy=NV+5FdpNZ(u5)(RHfRX&c0?0goX2q1j~@ zM3j9{=owNs?{1;Q{wgO%9$~nk$;lBPLbCeX3r}x4K6Yxnsna-dGM1`Q85q6T zNZjO|lhTpCbds_?ax;D(vzIL|ZL3#^v>LBDw|KYKl&(5O3st03e#&NIY)%oQJl#JV zP|12<0>_z0nM!VOoP$efJ9z0V{j6|%pn}Ji$DdA-wmVQ!WPdPP+4C)dk|OWCN}g~# z7;Op^cBLp6Zwg-Q3Qft#f%s}oX{4KQ&KVKQd=eQ>>OARn!Z&PAS2>S(aVX8UnH`OH zHL4yCIL^7HlkRJ6KTUpyv$orzCb(hRV_ZxV%hbhl4kfJ%EGZ3S73qWBsGQSJVP$+e zLq33i9!f-ffKElD>)y5KE;T)Ks%TXG}c9w8kxQ~$|Ww}!BM!Zu2X z9ZwfBIGXpaP4>M2hR!%EflzN=^&Dq0(fdiem9$bOleSmiXDj%5jBA5jYp~Z+y*EX* zZItuN=$DEX>wEP$vW_9^R*}U&DfdOfMhMe)ZOR>QyTu!{keg-3w*}tdYd;xJvnl^+ z(tb^Zkv2uy3N{7`+XHz`-fM7mAg|Xuua!Yz#u$YtY2%~(S+Z=>eTm5CpM(wb=j?(> zm*G$U74r8qVVT6+AR&qJ^DcC+@7`|^ifLNCIuSdFQ0UAhnTeu)2j3#qN0pCCH4*4JWUe9V^t-JDjA1(C6#yT6k~8H z%_W4}#8B=Oc@E_z?<$+Oe+-Oy?@-bgeD6@whmMl&2TqC5i8sO0u^Up{DWk{Dd>+p`dER03l({T>gFFo~LvyRiBw}Vdr+_$N;-4kH zH!u6^9oH-D@*2SZ1ekGSi1ZgoukTyPTf%XIuqnbCZ5ixyktXU1)gW_kgnK+ry!_kn zNwx7(^!L0DkH2nGhR9nUU5h57r@{Z|X>tAv&D%AzStOsl=QBQ&&*|Co33lj+!1%Gr z+z(aGmFSZ}d)IhR8t3=U%mlg39FLICdGblkrAR1^kA%(MNu7%2;R}=9G=f#0UOMgd zNT0nV3oK%z9u}mi~^P-InBNZpB=5=>Q7bj2U|CC{hGRXYpo3of&BbH|@ zDe?{8h>tf*8Fh*O2$FmpSJ2{8mkhF`(sfS&V#=-(7NU1Id zwL$Y@h{lIYq&4?j)~tmo%j)T6k@p#%hDxQ#%vB_+N;HqY3r&$W@+YJfJ;a(9GtQCr zNAh5$o{t+}Aqu|8jua2KaHYn|KyziFtvb+A9f*bkv6?_6ZG$QXLz=F7_Ve;UV?53u zb$)N4p(wC5o@A3JC+&c$BTEBqrGbu8ElyP+vQY!8MQ727vU1whY7H#YzeG;OkBfM* zmkf(MLE%5<=iI;?Us+L``Xv?8?4!Iao?eyUlG4BPS_1h-ZEObbZMFv&rB~Q9nG8)| z)_L!xJSWI_x9va4V`26I+)F_ zWbaXmae2))ZFneMi>E!jZ{`@w)bHv28C$rkaf?D&86nz=GEcil+(PmTzKs4s-uKzO z{r#iP(=k*97Iyhbk-YZXH?}D0+K{n$b%MJm-tFSnNo>%VTcG?pfhV~Hh#n#_eewE7 zZp`;d(GvsP1o@pOzcu8C`_F7+Q%R%R6HpjpPv}<-At%iIGv=i*&#)*aQ7p*q~A zYDYD)6sCF)th5P?-Vv!A0^y=Sq%_b_rXzulTm*{s!dN>{i88%g?WgE9C4PM5F!5`A z5fEsyr+SO2<6}3W52U{L&;DFhY*nEZss%+6TONpnrDUR%)pI0PVEpl)&(xZBc_mhZ zj1;0g&`=uK8q#sJ%GadrYP~VmBvfMPb}{C}e{S{tMAb{Cs8w5ifh6(Ap%J&Jc9#>= zWTEQ=H2@tHqC>el1rWo!6_1s%&8($twuhDfDw+;u zMx;_au{|7H!uu8F{qgL5ck5wGs+MOM2TOey)43`l%m@5 z$|E)OSD-qn0uiU5HonM9L&lm(_suE#gUp`OX16k0Gr!2w;4-{!(4U^gBp;iSd5gnV zgY`_ONE8oA?+bM2oNWM?ceqS3mX`2@XI*PQu3^%FRb11zou$4BVr8=QZkK4{* z?;E2q`CGmBVcu$u^^KbsH#+O!Vs9tf1m#Q8TuwGe zeiq{`@;uHh^29ffHZpo4M0ytGE?ZB{|Or(!|)TkIRf1*SRR=LkadYWow(Q z&B_>8(<&KM%NbOQ8B}E;uCc$X_`Q+e8yI*?2@AzXb~6}P*f28~pW%9PoKypA6^(a> zx#3X`Zx}y4C)F#xs4qt;*IDv@41Anpj0xc!DNl3EtTB2%>O6#@Dz*-L)ogX9+u~8h zfMdp)YHe;$iB#J3R^w$1^T0`gA1E z2{Mih@@L`tWc_kt9N}3mPmCiK#2+DkkoXU9?&&J>wtCey_Z!uo4pvoCMH9p;j0S~0 zT~Czy^QjOWXUFkrXB|$UVrXtYnQQl(ZYltwBOEpX6S0HF}pn0cv znIz@D^RyC6IGWMMP&6f5@Gv2NoKK656lzo^;X)80D-{~Y3DYK#6^vu|@a>b?+a$tt zDHPMFa8UUeZVFX3tRT)B4V~j}3Nrz-d!o{ou!aI{)C%HLBxErmwoEBUoYcluJkTP# zK|-y9ng{9{*AC&O#<{X)+)7fP8?8)T`X-Onz{=tjl%#c{JhC}ZUvjL~pCy*H!OkTI z|J|n@sx^*tjOXeEO3LxVN%!~mIZYmG#P^xb*s6WgsF`6Aey+w<6hBF0PgQ!or-a|2 zdO`oRO?)%(pdj!)UD<|57+ZQi#_o#Hq`P*;*dZ@u`WlbB2X9VEPP2&-L-@x*WRxI7 zeKV}ybs_E%yw)fA_6mPGY4aPl`OV;$!UdY9P4z+tA}JnndA~MqVumy%Uj2&fgdJkS zE@i?FU2Vd?AkY6Q`a5;F4nNyj_*1Ms&|efdSi~dFBUlNo#Q|9Td)_Kf$5f}q1&tzD2tV~J7=O?T#>5&%Wod`D(c%JjxS&Dq) zKFOG?BYr(BW){D3T6o_@x{*Vw#5HFZoiA04b9||im8k8H(?B*n;{75mpnPe&1gZ?sEHV|8ZAX+ z^A3NBa+lB!3A}?}Xq58@Yl(j0;9EOHScLEth$S9{D%+i+&;Zvd!iRkMF=f#1@X1r`4 zN-_I+%4rh|{Y$F%!xA)1GYUiY3~^2#4JO}`WC^I2C%OLz)B30NWl@^QJCl5q@O;&z z`(Dna9{zN3J3>cb;r;&pTbzEczyAtvIE|cw>IC-?-OG|@?IR40@uiWverTMy5#rK> znrCv{#Qj~!<@u1AHsWSTT>eQ|CSlEl1toxg$2jr`ixPH~b(F!hSc;Yx6SDM8Gw#u= zGxZfRY|HUQVFY)RHdYn zynC!vQNc(q)I<8ov32Md!jo=2=h9E)o-J(lXr*!fE4DARGV58sX)l;ZR-T(Dkh5sR zRdp$O_p7QS?wQ}6{BwJXYO&B!BgNGRsUDxo^p506GS+sWXgx!DT5P@i{U2>B9`4ho z0He^0zbuz0U)MFmqsTmm%x|TT2}Pkzwt8z}%^SU;=lBKdPieaNxmhy%OwlmR`5s7F z3o=69B`kzmTr=si%v|qTiaB5nen==&Fe+|TwFIh`PEV^+t1e3Qo?ehk@ug*Ho<1h8 zA?4jLj%=PL(du!HVkearp~S37eVX!S)lRyVv$oqd@i4XRW4e~#2R}@@HFq-}BI8|_ z@4Y51vDRnqr8&O!J>m2Re7}m)=jQvbhG;|KnMaX#q%L{=;^K(9>(qG@Q5*426HmUW z>)9{j^N{slr`RQ)!|Xnx1BnT{8uiAa_|j-y+O|0EWa;y8}LdJ{wN%!w&>%(Qxf(B?o5w^W@Y#Kq` zltLRqTrc9fu%sr=L-xGfUMuH!sZCpM(@NZ88@GDqlq&?xbRIk$a1S5GUf=nJo& zT-U1&h0uR<51Q=#kN53Go4h+d&1G3A-r|x#X1OXom|%@DgjhazaOXJkoL5P1v+)mG!KngSV8AAOjh5l7H;&MA>!f6Y8T?~i!y{j^Nyr$STZ!j z)jKH5;Ue@qltTT-xDJ5Bk`Fc+5OeKWGaNyyK&1fLXsS18R&$E#fn+iLK*g_D1$mR#~16D zq__IYAY<+bX)lnr)22;~Nhk>86IcT`-#0|bI3Vp!pQ!SURl?<_kmqc=s?YSXIcZ_r zv1@p;LUiL2`@~4EPvuBkDxW}@L7&AYlz2ddw@f4Z6s4cz7$hj0GL3US3*Qe8dX&(- z(?f@5NUMNtTAdxL1M{NG!kiiLWXXuyfajOuUr)Yk=Xv@1=ChCZXRNAet5@-PCrO2* z-^MqjXB$7Eub3)~c~I>ViE}f5V;J12+<V8A#t3GI+T@x1H}rQy*#j`1m76nMk7Z zoagcy;+`iipIDmhKH0+KR0T~j#WqVbsZP{$%dWI6h_Z?W%tS-+>N}S}%)=P0jgE-s zA~IGr!l#{^n5jC1ewqbG|9Bd6PSqh~1WFrJP?d${JZC#5-CE9lZNSFR8{#2AJGz$m}XVC5gfWd4*{ggN6$>?&uF z@dz?DTx0T{F=rGrG^M@Hj#DzTS0)jbV{`T}j#c=^qh0n~NREtg<-The*=I5wZ!oJw zxZl%B2E|evUxWxF3fqBGsD{vv4K@>DOeOr@LYfxh2yO8SB?T$vT14cfc)Y7nQ6z|t zM`lumN$G`yiCV{t#}qlUN=-zPB6$o)NS;U3>eCzSRS{7|p>|#+wx8C?`6l8@#iTJL zEs8Ef(7f_^q|D12g8Ix+LcTh9rP^q7nMqPj-MkE?QRF_)R$nP~?K51D*!+cgdUB@| zKYtr~w^nZH^a>}(JH|79oPI9*JUGphZr63Q_VcZ*V{F9cwhK?FH+zoOI8HTq_Bg+B z4T~!VxGtYP4qIEj&*B&Jop<{Th`fe2ma9{Gl`pZe^BLbqvW)wmk>yMiraz=A#XOv3 z&WxKN@oI{n8-I9&Q)sN4@$je?6dNt!8-3v>z6r1KgWq;}=KU(7;rY2*w}9d_BcD&=PpBmNPB{C9?Sn1I6ZQeezYq74snn^LHog zD~UO*(Z>Y+aWPsN3bDsK>C_TaN?sWVPu06B zXL)Zk_M$8ZTYpDFucaK)e}C|n^6rn^&#lBiLi{4mrQghm?>TC52hI@XDDh7cfA3Z5 zM{RJ*Lx`HAu|N33pRK3?`GfOOJt&mw06Ilq{_-B?*rVFo=0#(^Y{)xurgXq?(rWQVuvAgw1*!4R%) z!6os98;t9G(+bCAGj>Cxq&frU$Xzeq7BoWT&Rb%>-(g<_Mwc6fGxB)!>T#059;zJly`TG=Va8QhP= zn8h%~SjJ}qX7o7kGZDtji+2*^tVzJwh?fB8Xa`7~;!Bjx+}D$o;StJkZ(P?tZN5+) zSqBC#Fz8HRosBbN9> zm)Nid!tjmf-p=2`_}?|@e&;IpnNd^jm8?vq-9)RzVqeA|hE*ND#Wj=bW>WJsu_?cm zApTY>J^_L9*L30r{op|S*{Y>n@gICont2*|707$g%JYwPE&j1i zwW)EHbNmD|5M!rtGN@(on|~BMg3QN|e-QbHt^5?vs4QvL`^8^-56ve>&HbW@EA5S& z(WF=>6GjN3TyZ((oV4UC-{uW(L%%^eem~oDihF9E=TXXhIWsFLTeMRBV(~qzHXdbF zf#x*hK^vAAD{(o6kn=95KC~UiMHPQnUwCs^b209()-eq+IENz0IJDyE8b9}k@6!mz zeKvx}Y|2u`-E4Wgiu$}{5gPZHr6%eYD=w*~_(ZN(57l^)(1knTL^GT-?7bCbV6dwMI>VRUAUG@M{;F(>}+Z9qmH&_h?0U^h@&b-b9rIyVm7k}dJJ9w?{@!__0@9XCIO@Or zdsozp@=wCDb}|q5C5(QMV%!P#qX>;dSc?+ls+#8U$HD8=8##cH9%V~&azFQK#7yr9~WS?jGZV69Tc?%oGZ>+7!boq3>bnkPFuuBf0f-)};#b??2rUe9oTzu!6E^F9B*=X<{YPCQWfDlCL24t!ivl&yZsh$5G8eyDDM zi3W`3;J!H3+7iG4cNO#F)GX)AgReZ7Z0%km?@{vB193dLl=Wlf-%D)RTgXtpcBg6| zbZKXjaLU;sNy+|S^2phXz!(Xu+Iy?zl9>##ke{~6F8{^y(0#e!vhA^4ScBtC!Y`NU z-bfpEWM$J5K-Qb5zdp-Tl|O%fBlUhNdGfk)Jgd?i(~AzOs<^7~Y*se!h))(y75rNM zp$cf#`#Un^ayV5z^hibiylkGX{n`x_xHHRBh3JjE&nwQ;dD;9uB+6u-&)x&S@h#jd zP1 zlT)m9tvee^e+mxZ=U=iJ8ZZZ6U$QMtRa}|E#%`tV>gj*8Clm)=Tqj<#QuUJoK5ofC zcdTK_&(&fwi9Ka30n_2!qv6r^CVeVR?1=y|PEa%Go-_Pb-pBs&BzMsSeyfDfTQ}?N zhLNSD>^bxo?xEe%g@$D8vTE`G_l7YN1#Co+KGNBvk^lBx)QtWSHb}q>n@%qGrU{HyR*DI z7|Itiw!58m;($)j%v}F5QAcE-W}j(8j1yBnv_s*6`jH0e1L;j!k<7M=FPOmHKrUY= zFM#WlA1v%H^7EP58b_WOY+Kk|Gf{7OLA&Sqt;FE!6!1*mTEQ!X_yu_Jh=bl2*==}y zBJ-BX^+!qr{MkBxg8D8~-(%JF^}jXF(R9TK<6aV0&ScG(fVcd+%I)6pJrLuJZN=XF z?3&q+GO%6efV27m?Dc^2_Q1CmbKqfz!kH8)H9kb*tQqQ0@$nFg#~}+8@~#~6*S9|A z1|t~P8U^ZEzP*085}UDLu$BsvY-$>`r~kX#8OtEo8z(n72KjSn@f+V~r~?2P7hYUlLlENf${<8%YMZ zY|a8jvThBB?;MOmGBIQskueJi$FTD+zIsBn-)6GM8*1=-}X>{Lq6}PI#7R z2M0=4LXYf?9IlIJB;E*6w$u|?G(9H5_Zz<~v9tIj;Xd*kR0W`@otw zVZ{P-@cS3F55`p`Xh5VD-5oWmqwISn6T}2tYZ39~T#pF}OR^5vjaHoihnK+Na~7jj z<8I`!!Od)t5lt&lB(^LvQR1(@xxo$M)Xl8=r?-);(;s1XsJXwS~QdUr{VOksQ{2T(2dWCt_wPZ^?<&Gb#L7<m)Bf9PD7NN1I9sM7;kH1o#PL?g-{p9 zERD8YvSwQQ(QT2Q18 z7sDx$E}sxT%_r$Y#&K%t`=M*iCraA4?Peck7mnLT2X-FaX~h^;hyiZPm4jxYVe^72 z<#nWafi+!={+B7yb(VTZ{uk7{jsw~P_5M_AKbo&VM4i4N2u$jysx(_=nlacGWKWy9 zVzc-*Qol-F&r$Cw>a{yoEBJS_%aMRx!BSz|9?UcfiREM0CKANZkTZC0-7|2zbB!r7 zt1LJvuWO5?Q0b>4pynfdpSfoUlO-jPbj%4p? zGtE5-L0s|SMePwy8ivYIt|3TLXd@yLsUP*oQJFsOSpH_!VP`enHVBuJ&TUFdH=00j zX+eB%mx85q$thg8&%YIYEVzFl@N})~f8|WEz{3jBV&|?0*;C#dmrWixf*s~Ir+Hk4 zlkYr89b%wXqfNfpaG)sC#0`MiO-w3LNm4fAEJ8r|qNlPQzj8 zke$)ZQW$I85k}@xsr&$I-Cqc=TCj!}j9apuoy!iz{avPSJq11oz~^-(eJPoSXqEJQ zQE~(|DHfx|3Gq|!X5Tkmug->ODn!zW^pM^X1H)~EzfNv?|u1s&Zt<!o8pb#kkA4~JYtrj zQUg5M_luj(5A>8k_K-vx$P7qRgmXr&uxOJdkO$io%H}eIwmh=?Pc90oI?n?dIv@aw zY=oC<6MG1aHt&U0bq?y2O;2adY->V-ub^_BXj50plb3Dl)f{bkDY#V;J!Y*&Q_CZR zJ`$lZ;+@%4kxq80uXq&x0+=8$98ANmRqsUJ_oKy{$Z7W$7fr*!zSYJFuCa0hJpP~LE)c>WVjRv?K5QcHonjEfOU=oZdjL*ABnZuMpl+a2y+U=Wi zTc?yxEonJ;87^xMBcA{+;bjV36cbFM4oOgA2;i+ z1Bx1Fk;%r)4$i(vZYhoX_(!dwc#hV1f?g+f~&!p+5yZiJhg@Ca=7kq1SW zvj+f8XTi@7P#-WFhqq!#P`b@@pX%sGJz8BDBEsC= z?$4o))G^lgAQC!;@nPDm<9G5K(L?-rG53nI*{yz7K#hSrblTq5BQ{JAR{lyTkNa}I zCg9m0$cmY#4NKYd7ntU-dHYpkc7E;0h;<$H@9ZdlcUB&Qsq879p<1D_#{uIo@Wz3+ zh#z%d?O{Ln+0GpgfMqPT1?LIpL!xSlcPw+zH)n+Kx%M_sSzIM>xrNPt;U`LBqnV-* zy1<<#BbjhPbPigT9d|vB#WZjZ0*C*+k8@f{)##1W`5dMZ!HVu;yt9>oMWhlLSi_dq zKMS~%0DTtN{}5o8(2?;Se#thJU02k=j3_jiZlu7FNunz@A(v;5h+#!;s4c`dNRx^W z#RCj!iM=bYUBF^1t{HOb*yDa4v+qKF55B_z-!NZcFhwvWImyqt+5*OkY1cIikNXU8 zmOgi_c?McqapqgM-HtBCHggnl!N)p3%oK0($O2q^uWa(7(|Hd@P1<-8M0%2n86fE7 zIU>>@Zh(cJah(LXkHtg^5skec$}9m9pHF5+8Gvwy`UGx#BFK?|ps@mHj#WI8jY!x2 z-ZF!sr}FmiHjP{K-Y< zR=C6%(chhM4V9gRC+aitbJw>-`X=h z)H9>##}C*Q|-p1Rh2Pc`139Q~h+9&nqY+zBGj!HK5c z?UY<*wAwpLR7W%@Qkk6&0TM|OOm%_4?H)?tNasd8>_oPeFjEkaouNI4-_LraJwH?3 zo*~L;i$Yl|V_ZN#79q~Z1dE8ZCh;3rzthKL)>ec}Pa;1z1-3bYI?8?Zl0LU%DWNfr z4dZH}q)2XqY<6Tr5YG!gy{Ml-$vM3?;A=<=K`Wx;SRT;iJ;B%&n4OznSPOAQbYP7` zLBu*YFlakQ=7s@Pr`+5CFF&1*Wda2bhhr5-&HUKOI6uR0{+podKYOkD8>B1t@SwkN zM$Tm92t}OdGm4zj`TIN_)dMEH<30NdeA~1a9P5;Jn!5c}@2b6f>3fzSNs49rK+X8% z<^P%UCb*80HeAy_QGRypI3vzb{t3!|O(<{Y)!;rR>7^=+*9UhUVICc$%n8bTxY~cp z{8!;bWFO8d*b$A|MRl1>WY8+m!kcyp6#`|S`Ni^)m7(k&SXOs-lp6KLTvdu?HIZ3V z$OvB0;3=mIUdh(~TxaJa+m4+Nm7x~d<;R`C;tr@4&Tv^c11BH0s3jbSd|=R@zf?|4 z^F;w%;vayB+#pQnlZpUb6bt2*oe-xL5c- zK;Dbw{YW+a8o%9yFh+n<^`xOq7?eOw^j>M2N1o32c^_*-rZjy-!&v>S;3zsn zlQE=wNdUs_U=jf_b^J77`Nig!tQq`_Y4e(IVLks`VV{@tWvnW${*_dnQ;s58IWxXe z5?PM})*|!fWTS%)TXWZOV4urir*+r2Ckk|B3bEOhUCF zLJ&(9?_HVRLD}KWLE$9$>;a#r7s2O1<}bx<+YE+SY_7;o=`yz5jBf^jyX@N-U+Q>w zs3VL4{gw2;wY;B)Q30gBqs$z?8DP8&3{-VF{dC>n3aKVABuS;r<5sMXR(ON-Lfw18T86ox~$#W7Ea%8ua5)5#75@U(KjEcS{|#&3;+=!qlb=D^!ML zfatiwCjc$$0SliPK656dt*5@7cp$XZVntP~%Y}P;4ve}Rv4zn`61QK%zir6qEF`~) zMT3kEPvJt|im+{K&%qH1^i05La=!H*82`A*G=WY&Sty&6R(gU}AR9qy=KNFlF{`jCb!OZ2?@j zg_r{|9Ku-08{^hmi2Jz^7ES?Q727rjc8%|5LY|GG&J6*+U7l(0N^WVlFlI$F6)HCt z-_izd741Iq0p#QV?OO8G6&bGePl|s$&*zimohL7X&8{ z-Gh7)lTi>#Oa%0@zF=aTnju$ZVr!5oHmQdy`kuu8=LYISTLAg`)avv7kNS>LU$jlJ zzF0kBo*Ybn<5Fc6iYc2bI&AanTu8Jss6pI@_7X5p0rOnwvl2RXw0ky8a9b-|!|JeW zTkLrQ&vt=@J=^NBX>Y4X7t#0y79AwiR)2BRjX^0}*ORy$bQE36{D1O0S>NDXc|NxY zf!mpAF=U~Ip|b#cG2rnC^V5P8Td27h`!D9Tuy-+JT@3G9a`neB&5iTeqV2Uu%(EEG zF+!llU2Y8nt?-1gstI6Cl)$j%RxC+V7!;`4K6>JV*niRw4_1#|xI+R14|&eGv@w|G z!ELo#Z7?-D`rFpvP2U9#qMok}_1L^CY!_K6+cl+D^L-6@Z~Dd7^|}HvcA4_ax zzooOYRL)PxAP>>6ub{*hP_J8$A$wy^JPVv&>V0qZ`Dpgx5{Z+A5SknHd*)G*6Gfu- zKz7@jJzwgX)3vKZ{(Zk+A-3LcXG;pMeUcz;HLLu2Vk!)}ZYX?4X__KGlm#m>_laQT zI&3#LnMx>VrQ)%EwrqXazGs!GM5t`D3F7Q+Ifg{K(0+39DfAg1z1IAOD%syA0>#w6 zx1`4g>pO{oV>ec=?|Feaet|i9k@Snq&ok_S#U&8BBCx!J%%qqSgz3NFVi(w>5>NN!^FkB3_*H{fxE)> zSuZn)`i5eWZ!a>4m&kXSUwNK!@(i}+u`b74?j28wB@_0e7^;wHfm6;rj^rhWWlRv~4)F+hENG zykqw`YdW=FY$g|Ilq)))B<&r4J#$W1y&_Aub-u^{$K9AcNi@Q?1$K$$Sm1hyGZ^4^5=4l6;zb- zKx2VZ=q3Lx--~>X{6=2wpY02Myc_4;zq1#CH?#OehJPlHdxm#Iyu;MBY7gNKm9%k8=10;Qid?4r5z0Ru%9rp! z{k7du<)CN@tL!Fz^0D}Uu$a|h2F2fFQ0-~tC}Z5W7^e13tvGvs|;%FE$;doVE% z`TF?QAm1$cCPKb2Hnq{9?;qiP-}l3hlIO0F$M^y>?=1{<0uCPTQ`R^T*?2I-l28>| zpUea6B(T0DgOyb4oD1VzGCuf8@;*mi8#`-n&gWxq6gh?7v0~!4GV{dU&YAfmfO!d+ zXMp)rB`}G;oo=f{Zz!;mQ{byBW5~2_d>OY^XGR5<%?}{Uau3Sfk_p;R-3Oj#yuri9 zstY!Yiq)RUo~7fwdV=paog?0zeJ^Cs@JqLQ1=t~Ao`Iw-*(zaUrF8ppa$C_$z*`Qy zZ|)YnlDR)V=Rpjm3y=Z8oQn?8(8($w$_GcJib3{_>_TZ|v3otUhcuaFL96u^v`Z8TsZ(|0(mL?I@E6Nn}< z{ib!+`-6of?Z9=)@lK7EC;&>?(@iMkV2tUHZfvJZWqgt6<}0v zYkcVsK`+4PS4i7@E5WC~Ruvy{>3guFnG|p_NJ~;%cD=m<`u{;@)E{MFpr|+Q8i#&D$FEQRo&5>XaA-r6N@|?U( zB0x+UZ0`1d7(U_rwdPM&&y{c~F+Lq8@<%>FRY_~kykz2ObnQZ_l|z2l9RmtuqSqxS zaf(FBA$UG{SA)YD@L2~wf06JhVm)$~AU8IA-0y5KUBEPXu8_Y${<)Ap-&Z6*5;p~Z z!)7Lmucf6e0ZNN&R;!%I_>++zMsEJ!i+H~U-O#~9YnX{8Z=cD6lCb_*H%BSIlJZkE zfR(Soky+Q2ZS_c1kVq6YP+=5UBrw>JQ5UouHO^g8O-6>DuJaO6M(tKMWhd(pUG!l9 zLN_E;H|e|Fa4gYjV7)CP)q==N>FO|!LX6F2*We+GYw%bkI&O*F$NKU3kH9DVdT|Go z(bRCY8I+tkqcSgv?5B&*)cXzv8&ZhDq|mvY}s zy0rgI-nkullF3c&x&piW%4DSW-Y(8+e_r4AJwA^hhqe6idAjXcSC4kk_@kipEI1wp zN5mlIIAZ4IPD7`+vW|^HdI)q9TA%JRG_WTc!NK#E>PC#0Tl-(sU$LKU zoL25_KV2g$BJUh|p8;>waE`aHxyRAEPu=bYKg?O~2dKrnWj}6A?;f%~MY-PJxYoQU zlq=bnX74JZfzD3H`{+57mmrQ@BoYz9Zvej!`1@}VK0e4q)a1VVa`*)0EZ|=N=AQop zdI|hbEa9PiO`DiI$bq)S3%AYm7ahc&WRU&#o`ofQyZzDZrDY?`z2G4unuK7ijd6Hk zxvgx$fHR+%I(7tRRf6T5I z)IL6fVq25X=>0LuoT1E{LYbVV%*SI@5_U<|x5>j5$#P)0Ma9b2|VkZR3!e^3(TR|wt_6h4zcjY_8c z``y5>XRB#5dE(7m@rEqBwf(*lxFcEJx!x;YLS=VlnL;bSzA0V{W$#RhYf7zn9oPn* zBb=)5!|*buqmBx#@eE(XeINBjg_thMDxU3PtfA13sIT+OvO@n@{_UZB>~(8n>?^B_ zdGjQHUf^(Y^%KPVsvhTlf-#zp0QOw_Jt12Rgb;2<)_*9jf6nLH?t%n}d_iL;q1$5uI7%tpve56TpcEsESW9TYd@1 zt_ayV#Qu9@FAy&8w}l z5)5o=tmjL1U=Ed$Z`qMyP1tJ!G%Ds8fwSo$_kFj7E|>%?Z@R8BR~q1Q0$i3??{$6e z%tR4vcht(>!(p5q#gDb@D`pOZRDt~v$Gbvs!A`<56H`DxCzzu(~}#$k?(ax&LR79PljJ$2gFOrpY~QyAKEK0!)Jo6*?$0u-5Wx0DAz~j|SL9AJjHy zO(ld;Yf}$d`JZ8bqimTh`5sqe!}&_v=zHh#B!slERLOgO(t}l{N9*J4Yjm75N0w+F zN186~Iz|0wssD9`JO7sRJIA{hdH1>Y!uQ;U(^mj{jyeug$6PgS2^Dcg7mRN*#7=2eD`{Kd zTy?@j&US*6jmN4XpKWd2DA6Ox4l=xVmf8eoKJXT+#usNthp`GG1xszAR6>Roo6-rf z`y8x`zq(xhb((oho4+#jtMOSOt|@0N=dJ7(22a>}xAmwGfXjY6#_Ebzy`n-HB0vYysdi4XmeuyAQax zRFA9OO{R@C?S^wsXSMx+GuI6Gu369RWblZ~Xt8200Z5|A#=wxO)m^o;8(Z~A%Y*&nvW;~PzX-xRi>)ex!cC3wlzXE@sc^K)Je z&~kas;clGUj=)qOg@HZ>vwIw-{RxDFPlju6jj8VR%pVCxb>>ZOwxna^sl6#PFf~BK zZQOAgpqQuNvIVgHPF|~Eb3jlQe#bz%IDyz*y>|bu+wFmenZU*df#WAF2_qoM3x zzQxWk&wXo{;bA9=g2Pw&XlWQ><@tn%I@Qc@%`DHp$1|9Hx06S-gf&ys;c(H_Fc)2I z#DK`~G#sp+O#zqo|F=}UkNIqnY+&1Qu(lWuR!3PN$3c$KttIW8m)}Y3y;!oPnsuc5 zc6~PXu|J~mv9)Q++jcayZ9I%wZ1auaz9E#c_Ssn3*pG$uw(x(^7mQm8#v^qLj9?KE zBIXejo7#q{&7RRvlf4@X?{&{cjayITvr)6PbvDM)G5b|( zRo?ejeq-Crv9VxzpXJYrv+QSoa;*X!VwgdQ(+MFk0V}dff_!=_M z80R%`|3}gld(NtRoKa00ZkX0dvnC5h1Nr+r&Cv)?tz0{%IJ!5|cGk89qjX;jUHi?WPYU0vf$xi!Cny#KE{ z>;^gLZnd+a9kX-{L7pjN0*`EI;t)s-3nTNEeinE~0=x$4inVBQHIhV>Gm8#!5`pr_ zg~$lhSf*N-|1{cHc4+uKy{J;lOtFey_+cWOuJ*$5)N$eR!a!0uO;4k zfQYM+nZqccB;b-bW*74r!^jk_gsQndTl<3s3%5|A?Uja6pnLabZImOo^bJCc?p2sp zjoKo^LDN8EQ03Lz`g@rz0b7 z54-$<&B<6<*x%j0StaKA0Ir|#;+7LO8vdP&XN|R$HAQ%kHAULs7Vb|>`Q9Ab)}95N zKqJd+=a%9eWT2@haLszKoaSO`IqlqKS~A#f3@;LTkoX&V*y-7X_=4Pv!ULiGfEFGw zBfA^!h{kVNDOv}#)6#@+#Ir7 zsF$`Z$n&nOEU~QCLO&@yk(q`-01^DzheQn%VFkd>SVorutGv=|$-vryJa>vdxbOn< z&uiG8RrkTj!;UW2`!f1W*ef82V{iPM3`4QzBvK2z6&s&SJc*w~S%t=vIjYBJ3SsgT zLJYGd;6U?<5TlqQezqH!j7KOv63>RSRPH`d=|sQ=6Gwu}TiJ^#NWEJl!vIR`(PAD@ zsXq`SH2Y1o_w;VfHF@U8xm+p^G#)KVK4aIH%YX&l9>KIzx{q-@L7gvAXR~@7QPbPp zMKwSuF&G|Z0i4U6&lK&jyw^_Mw)5ui#Vaa*()FX3do140#V01<{u0r^dZPUq20&MA zi&(2ERH#@MOSP>rQ<>?Psn!ezRS+aEA;TkVLn*5R55q7F@H_k4@Z=J45n*F zj=#M{6T8BlLXsZ{l{E7;hkLXAsw;Awj^VNcM{^co1`M=lQiEzv;a!f1x{0 zF;e7zf(ez>zz!f)8}G$9M)4!Sx=h`pNjA_yuk0?X#4m2Kb!f{{i)X^q5FX|&6Iuq2 zr*lHc;i#KLk~%>#}y^n$gy{HaoB9)m#-Qrmj>(fSuelSlsiwk&mwLA?A>|ZUF2P~ zMYB0_iFcQIH*A^0*b>TSc~Z%53!2gmg`bYup04y z{KPQn_GqXfv<6B_*e6Ca+5L!Gb&|hIBFKu0LzZr^b~rR)}<2 zlu}CmSHgi1STn7pnY}?C0JK7ZqY~OF7GFAqXhNDyZRUU29Yu{~A6%kmUbQpm$`J{e zV8FHHg!r`uCpiI%_|YsKHO76?t&f$-BW*ptK;2iV`+yB!%i6rtCti}e%5p^ucC7Ho zV6Iuzft+G@9R}3ui`a{IH=2JM;Fh$B{ntj8o>2(Jw`Z4*ur0~HjBN>ifnJT~X4rvM ztj#P4A-a3&JqZrSz~Oz>v|{`YcMKsKqo!r++za!8sg;J62}y`WWlp=h`}>t-26=^y ztel(~Jz;Wcws;lRM!(a1h~RRXJiOoLZ5K4nOi?gC(cU$*^XcEk{AQ=+$9!4ZXf7gGv-!$kX#O#@Z;SIl>{}d(V&byY6XjxrL^U*cB}RHM zX0gY>=Q3lt@cYo!S2dbTInUeLELlV2Z}a*4h|eA98Py% zNlxm@=e{~I|6Ad$1uuDX1nE_FLN8Oz!e?g1((OZPjQWf;mf2ZrtgC>|d-dPq_*(H; z+Gy3DKY%}bO=B^>W+jGGvP{JMOIPqDn*=8i8 zjth8|UMBA-UvI@r%_REZ22ZXdeAy2MKqb!V9t@XlZY9nhoR!k5Rz$DViY2DRtz0ZNx%iwqw9Cudl zA!ZARL>Ed5c|zDI(!)Xdj(CD4E$3f)hP1i}FJR=!bWWskcKRhPI2?F^qx{%EdzTsz z%97#U&g~rTKaS&R@P77>I1k;_Xx?3o_re3YC<^cp*wu zHhWCBAPBiH=G;({bHd~mheFOEQ!8OZP}4-bkx&>4T`R$P{u1-!wTHSDupoP~mY7~X3K_Sk4B3#PQN{r9aPQ60G0em<#+n<9B-vV!_O7_` zL#jOMDnvI@1E!BAS_~zXDh(E-pdfv#$c4Vq~&&5pwVizbBcbv@PEO7(}#DF&Uj#W+KE6e zR&aL1x-VVNqx7U}++}W>xyZUt&+0z`R=tsIP18BMh>4tO_T&dNOPO0Jvpe8nXS-gp z;jr15OZky{k|3NqTibc~3CgUc%$uvnzkePL14ILs>>f|7ufyYsv=E`lK8Xc{__%nk z|BljbyWg`KjVt+V2hBa;v+^?b)weX7_lGtVXMJ6kUYv0=tMQHSk;@_I(07P+eu?35 zekY5aPmch974W}0z|Z%L*?3eQYcY%U7^|l#*H1aznyPpy{LRpDCuJLG=7gCFBK`Elm-M|+m8H+hB0nC2Uh0|aI@n$Gh}$J;E>FkWN%`DbvC@@@_9 zJWdqP>-aszyD8rNW3|2Q)RMn>b!W>c`wYK}l<)nVMsrowSYd@!W9o1SWJ)pLMKUyv z?&#^iKU**PC)g6ypBa}^YCvFSpOz`k%8E?jxsTt`m!Ny#dRH~BeYF%6<^jJgH*uaT z@jHSGW%}IL*%=U^xY<&V_4Uit_2lwK)B4!{*}I$m0y!%0T>i=P0KXNydy#h^GGSWT zS-tONh+o!7am51dtv&oP7B7(qtdCZbXZaf%&3}Ch z4`uy;z0Hy(w{&(r*^l#^qx|KsL4HxSj%^;|aj2QH6CS#xM@Q?X7h-Gke(A5l({*-E zz4n%p*PH6KhvJb1$zj(lI9&y&Wp8XWdl$p$k+?A4X4fHwMFP2fdr2iD_1cB3l6mUb z^H=!ueqE#aOQb9MZD4QYTi|RgsCY-42J3UBZ`0MAoKFEi&hH%c_5G(tx@SA_C&#dl zHhX5peU6cA&6e4Y0r7crApz9fSaC)0-V^YTbK~(aHwJh=K%QgN`S#cIP&PMMBd=ca z<6lzJhAF0C*CBpKfbsnO?5}AKcgX+yYscdJAUwx`5@^Hq+BfC%4DO>7)4?)iQyqe z41l-!wBm2rf8Gr33iXBgWDzQ-JPPC`=8hs!=20UpGNnCt%%}MPuWCNoUVNN9r>WD@ z)<)Zl^EkZ0yv%(pPm}iyc|X;DUHZ4sw}nRY*Fv2oGP$X}F;WY1?TU3;)vwd&lR0h; z_sjy{`t<kuNtN9I4ZWZOeA(Si5hqVPS zmg$zJ$a8@FN69~C6Si#6ATrXD*K~XAncXb6r#!Wp)DM(QiY@gg0P{RBk9+2HxOsys2f7ZH!l4rGLR~OMsPli{)D#tw%EE!P-4T{-??RB_Y4laWx`0 z6ZSqjLf&U?ppRyNb&|Z#lJ}7Sw}e)&#n6IHSW#$T81ci_Iar#mHgMAB&|NP>x z!~I;9}oW3fuZ`AFy8r_Ko)6ljL7^{Koq4EP0oc_e(>ccwb{k)9$-! zZM;I>7394&*%^=_?b%XJHk;eZ4ei7I^{|T_AgQ$l646s*zn($tV zvSJmm7nxHneZok};_5!e5#(m1iy@j?I9+$~`;M0W1 zP=oXI4dSst-lslIc$@?FnH#|4F#U0ryl2U~HSi$Cp7n@#Ae450tJu=7XktlqelfXw zpw4Y&ETESy!%!xpk;bx4B{6p0LM$$L5F0y{Kwq6e9Ux`+Zkat;kch?AYZ4Y(j^NC0$ zJAA7jbGt^i0>wz-@AmfC9X5|QOkXot%76|dD=;Mw zw|kcaCZS%#<1%*Gv-*Ln8X zlbL41x2O4F)Y=F#XBi6<;?v!!XD{3~XQG?XT`cuD^(&TicU__WugL1}otL7{=E*v~ z_dd}`cM_yIT<8NiY{5})&SJ33DmGUwx@_ktuvP-=1EH>xc|x40RhR%G<+jM%L8H`% z5g|;O%&jCHP1lGMEx1JdgPf2$u2SDL^=%IOUrBwYRg#^DD;iC!Br6A)9}JY4sR&b< zwF>c;IBrx4aNKCB$RmWnSSAi*o%m!yWUy9~s&cQ3S^=)0bm)<>f}&D)u`BeN%0OGD z`8~h1yXyto6M4^KEZk70SK>4XH}oE3lkC>Z-ob2gm`g>P1V*R&Ue(=o5x8HQ&XvVJ zxa2@CU!SU5{weam^c}5p#^!8_hL!2KjIJFfe}nuVNV3li{^MwJ+e6#v@z;3}s2tuIQ3!aLa~a6u@a1T;}r(@SXr(kHO>L9)72J zcbs>BVK2(tzH)08NUruw$$}U!zyH$4a>Z-9yZXMX(Y%`A7h_ZVP&O7D>n;ZwC;t`l z&y~%Uxz@Qd3(Q00@Bf}g^H74{A@^>f$;tj#D_mg^S%$2dJIltw+VCQEj8n&VraFo? zyd!JErXa8Ay$SkE{z&uExEW2`RSe28;H@L?dGh{bg581tx;;(`GF_pO6lohpMq=8m zJ~2B%n}PF&d?8B6MP?C&;grfkg5Uwc;T-sMeW=m=^=g_nb)Uyd)>Xjc7CU%`o6s?C zM6A2r#Z25&hSNQ6;utZF+1<@EG6E%oA}M3vLVV%;a&f&!_)h)}4rH+9cC0C?qm=F} zFEIzo?ks0NLk>xx-Q_15&HGG2Tt2U7YX?0NHM-_YnEYPTeZ$QH^ zO=eW#o63ziDpXHC0ufLqzMq|RoD`jaEA7CqGg3jx6wJb$>u$OfO(s;oqpfGQ$B`P2 zBNZ|dc7R~&bO#^g92!0lv!MI~gQgaM>=y4#@8MbITk2#Vu`q!8I@Pm}OZKQ|%sW7! zv3YB$GmRObH9cD90C5#~RyYl{!}zGwnE@@;XKQhWV0CAoZZv?`fVQv#_tnkk=>g5WwiELN`U-zGkU`-B75rk?Ju`5)wbvRK_^ zx^|1vYFIEJ#GI{7#|rP|L5v#o{mmuF4c6CC?Lq2&?uQyp+=J4do$Lf7?>IAe}5Ru5*~DXNA$}|HOm6Ovu3trjf9(`f>)`KoGntzfP*smpXn zqjem#JIKUMah>*Y@HqxPcLaRe)&;5>j+AYG zQR+?P3LE2%F97Fh;6&as(Ji|Gu@i*eJ)%eP_{|5RF{QvD{9-K!h z`hCgcOS7IHtgj@?KJq{Jla1yeY0Gct{$Pq5PSohD_;j3n7s+>^njVeZx0v-eNB0)yKbK|5>zTQ|iJPn}4+~okD?Z=N*8_mLCrSy^ zM)h&sGLlp$`)T=);rrq=0{5a3K?990i_5$4ncZE7KGJADljds&{o>qhlZ`3DKA2pT zNvAl(ce)c7him2*%1Smbe7azUIT15IQxVdNIih)+(#e*O;>nMmJo$UK@e32a%;I_~ zSod+TSI84$&&ZAtBfnQ9iM6VdPx1XJ|aPPlT@CJ)HcIQmTK zKIYK{3{=nlR6}JZYTO(%R>-Z0c?x9(qA{RGAu23uWu$i+@PI7mnya*`{H_rUDBhM2Lzw zB1JknK7=X(2Q8s--eD{?>-FTdnuwn^^3Jlf>9$A>IcslxXkH4G_yi-AO5yA3b9-(%^XX?A>He#<7je6R?W__GLam7IAsxLc69I=f z0}+5NUWGw4M~Y>G;qyy5(OP~-b#=n{T>ti9Qp~z6l_! zS}Cx&I6&c291HMA5bC^R0~`lVH&R@LG%uG;M?#H#r>rm`+Bpm4aX;66UU%0N<>}U{ z{$#*IEVo2eppYCkB!Oa}h&}+}5`mg%;k#`cg(8R^ip;PwS^uIGo$sM_sg@GM)UIW$ zk1ODO8k|2|P1~m)?3o$y^93&0Q&}3B7lhsAJJ4_=4JplgmZ#29I=~?9QXY2#o_b59 z{GNwTvlyJ}nB+o(u)v|%A|F7TyTDH?aYI#me?%mBpxQM+?%x5lx}W zkthWOC!`#lx*R7uI<#uuk9Xu}=RiO>R0s&I7ii2j+i5HTw6q0m@#4JMTGWel(>fP8 zp1&kbeuRkhn&gG~-x4;I0go%;RxgEY5*iE+41<$rYaK`ekl_TAEFBPjndy5I7t&1s zJU05(b9t(U19itzw0nkaL}+{G@avemxo1uhHW5K_aoj`RnV>-@(Acr;R4uuwgoR)` z8Bf)|tx-kjZGg~4>g}>~mj%;l!HLS~3r0@zMDU>Et~0c|>kGQOR-9=x=d0UINJ-mu zO5!(XcM9a!#>(<6QqRDH1A%or;=8N%8WDNz7X%K)4-0C`h9d4)TNRHu6puK;m!yjA zhEG7_6X?(JJ4+j$rwxxlCzO zbzgVai`4U()&58`5Bp4$1etX-+7p~>ahWxL+VMCp^nZ5Qc1Sa#jJjA0jjr-2t%<@S z)KE&`$wJjK%h!q0R52Cj{k^^(d>U~Aw6y`uG5c#&fVDx)kOOf_Nw%-dlIJJj$fn}v2ebf7o1ikJ#BWMCxEKu+ykw#)`T*?&DK&m*DSTZ$X#h?PpMbLqu0zp+%P-w)01@k)UgoHaV)8uGb z=L0N@%l{7hk+X$ubK2|8bCYS#fl5AYT8~;E8KY@(l+~~6?wSS0FOs%(mdj?a&cfMM zherIY;825;jM1Xy7;7ONMwpVKKqd7nj1}<@FuB1bVZGZ?$fkq<2^{-U$g}~fe3tr8 zQvcpie`o{t!3b!ROnD=B3NGhZCtPwTj9$uJ0memOm|KATTi~}8=lsjO`w@FVyHek* zfKqJ9u9)X&%aK#|#xPX6m@6GcW1WFxqQPTq7ZI22h`Nqy4pQgJk2adOg*r_h6z=U& z1i4@uP2W6TYk7lClQO3$KScRI3v@dli#e}T9ge{lc>UAT_^TW4%QFqq@c{a4=VctT$+~#Ius4PwBaJ5p`IAz8uf0*+3 zhw{ZdLgomN)S1loFgvq$Oyq9ij?YuTI|00CCs?!}l}4KH7C+Fyc@&ZK_GxgqNcoeL zKNs*Rkz@4j$xI)TfdnTJ_Q5ijcvE_XU6eybnRH-N$icE8lCMs;9Q=S?5@A`kmPfw0 zyXyjYz9Hc0W5d!bvl&@Up65b-OQ*3UKjfpskJ@acE`|Kx74nz#!y5EANt=F$^B1rr zRXwndBNhRdOph~wbMcCgV@DKV8}7NkRxdY$`plW+;whPJInQ#Ca%(6T<06#cv~ovb zp8~hCN+#k8J_D6@cF33-*|3!KE+nGsMe12iJ!_JEO$To@g=6WA_AU0j1>cZ()Q-z7 z$!Q0@D>4YVke4k}+vJ{3-k5KZnS$pBAey3h@Cz~7Vt7_tA0=~ZWT&5% zkzBqb3V@KOq2+q3zeoCr*i!N*q*zEdCBmF7mk4gchA8Ba#EqyWDL5bsT06!=IhB~G zKbTdyt7o9=Nzgp{rN~Qu1;30%&LMAeF_3KPSe+Kh7+i=df!6&q!~2af1yzVqq)no3(s;XDD-) zGK-w62C!inr`JnPwG2c=PHM6=6x(7)Gjvl?2%5)eM5Hngnir`5xnFHGZ6BzZ1O2G# z*CZ*O3>Kk*eo#XcX?=@c!cSTqy~l!x2(kvKV&va0z%%|8e*^7X)KJalubfwAAl2vNj*j=|_d!rXFq;22`+mAa4> z9+Tw@LM<+TZWrA3W#}8J^K_`QWUZ{*nJH+PA{=k&6kXuUgp**C)2P%jh$S@~8Zti% zBjoDnLA<46586I<6g;vOggoZ`qtZ@B~HITiB%ay8zwhuoQ2RzHwV8NhJ1 z*yWNZ5z_@|Yl&22sLZm_Y!&+7z<&2@jpnB6b=smEAp&6S?>k%Xy52*;>N{W959i~( z#ix!K?#NoMV5QBry7@VucosNoffH>h65kazV&}DtE7xfv0riDjkYxA!?d|XGS_iCX zXa9KZ?XEC0o_#gnX8E=+^!ei$eVypOmkY$!bLsWQo@e?0Bmujg#Yo{K?%zJOr^xbn z&25h7DSw>uC#vake{DW8BA5X_oUKpzjfWy#V_7oIAc3B)6afm`eLL zVf$fA0#0Xhe956kUq@ns{GQ$B9&7K^S72ZKLZi8)x{Xr^eW+Ce7Rhm7g)r6>ONCT& zG#aoW33ACs=m`~hi+4ogs-%R%%5%bGy`en-M2<`TBwLi^SSF#sOg4-zb1b?~omjH< zA@y$U#MFd|DBpmC>oOX6`ai%w{br;2gVrbId=9=%Cg_9umo1giI&rx=hH+C}K^@sO zqzBR}00z|^Wb*qw;Ih4f~WOKqJ<{QnC!9RNTPTf>KF^I(1CkQJ|W>ODM5_HLT&<+${e@$ zefoFU4|G>_GNb6$EDaZs;Ed79%jJqjE_S)h0j3u-vHUSF7vqX^mX>4z z6pRml9-LPGcEN}H{wddocmlHvs*RCWg9GO=PT8gZk^O_R(Z|fnww&Rhl}^h|&=LEK zo&y21qO@&AFoAW3-!$;{0q+Z{*XB49LO8hE-i#IId3)f#jeB-Ac#$A@q23VJ8D^X` z^qrnD^|!?=wl~{iG-VP}g{CzED?fhIp zSIoy=TbRPfp|F=0(?cYE ze@ZzDlSz$y*FKnP>AC>w7iq@{+VS@4cEA!C;^h_N^*X@ zKY|BjnYq*iAx=9;!;|#IS?XH#d*}i}f0oo0=#{He3tB{cc{PX{?=ERF)`BqyC6PRi zI`0mTzTJ2uld?F!UTWbuSf2%-**C(EfZOxcxDC`~k(K6E8LPG#Q`L^f1JmRiXQ|^d zb)dqpS_^$O0^1_GmaG)vHcl!X;0EjWMQ*Wt)64-dD-i~=Wx3f7cgz&9M>|0~zdHYQ zoR@yT;LS?Lsh`skdxJZW8cnB@wULbaN{n4p8cUM!Je?I|8rF4*dXG}?)$0D~ui;<8 zaI$h4>HB-PW3^=X)17c!V z<2152Fax%iYmbZDAI2L-={Z5N@o7(CZ^oXHZYDDue@e53iwo7BT|(V`F0UPA{{f%x zsm6yk6!VvvFqugrXkoGyXbxYJJAQJAKa)lZ+%g+w=zZmMnXi z;cqW}z2sNBOWqIG57Xwg>!I(L8qJ?u1dm#o`_HEO!zDnu_4$uVUXRwdmAo~jrpaGU zgG1M4WK~OfD4(ZOwLdKZFkUZfufwlIHQ7i&ef}*ANu4n?`JctP{G>=S# z@<=QtzvSr+-CfW8`J%BF>{_uTdS;M0qjiwuk@}&|mnMUM4)|Ar|C^*M+TC9h@nk(g zeOQj%UCLI+ZUsXEd69WAGmjH+N5$q_vkK5FhR_GUgsju*L3&I$7x~R|+9OC9 zXzo&@86)I^qcEb6JA>P!-HFq*7Pl#L+1sw$pwt!kZ1bBFsEeFb10&W5jL) zfg9Vjzlrtcz0TpBz9Lx5->az3kVeI3s2UW5> zWZ$X14Y?zSDBWsK&mxhx<(&?#=}@V4l6JX#$0MDr;K_!Apf*Xy4c(`z)Mi*>RLne% zz0SxmS@L10_$AsmHv+w)eeVeEYn6+veM{tUv;wqx7^D_$)fCz+o9`lGNh#>PfwC^h z5yXw>!g_^Cj(Z^s&Q>S9M%!Ps3mm&zYBUE|BbccRolyue^u-&}H?){_+||`bJIA@e z@c7>}nx9A7=(5Y;5IaV_)eNr}$a9Q54~IN?U*sBdSu7!LBY{X!F0pPyvpm_}(;5iGPxm}IPHR-@8^p%Q=yf+aD zXO6t@CT(MvkISRcx{Ej|vP1EcIDum_JHL_o-Pu#uJYeRUGse?Wb&v-a`N-c9lD81KHw-w@x1|L1u34DY_f-qE*7CXYW!=uqh>SoBE} zY4?Yi^aCL$UMD8?jO*WzLnaGNc{iXN3V?JP-B5g^O2h+Qm%-sIIQ;kOy>PaMFigbM zt%}iG%)2&cPNv4bAZBHrs-=TTYS~F_w0=hhh4Q=^k ztG%VQ^4e_nd`}i6#6q-a4p1r&esTkdqEx@l!OGB^608Z<2c4zxC+U8yz>84Dc!md^ za=+J3TXy%%ZuJ2Y6#v@+C0c=_lD0t>iWTc^imTp2Ca`)1cz0)5F;_I;0R%vi{h3QZbh1=YrVS(dcI@63QvJ7cQ+tT~8;vXyiw5LI;oRGWx6 z($fdLDiBYEiv9*iZv~wb#zd1=J)0)5sM;Md5702K?QF3oqpH`qFVbhV2Qvtua!-U# z4}+rS5Q7Q903sN)y;tZCZ#0CYd_-q!X+eN9t1``!Mdylfb(U2zgTfVd#M@D?fa^?0 zUxFy^9ogUnDj}pRryG^Db+T5F`jF^7KBA0kF={k~8^H`cn@aw_e^n8Pse&fi=205` z$E%!$jSSPbeI{)WP}}SDs?=@pftt8l1{xlE;C>%bja+Hnnn!oW5zXfs#qZ79K_^dV zkD5)YF0DE$8gf#qok+lM&1TiO;atq5wi%OVSc)G74y4tQq<2L;>GB7%^zK%e!iPLs zLq2byYXJ`ZK$?DI!*1*9FpX#`dx1U^ZK>G!+23i?RO|-QK99mQO!KC54zXV(Y6JnH z{={j;_8J!a)PMk(8t*2fZCQNx3Acotkvg3E6&GA8&6S?!z} zl82RQ!Qes0u=-j)9J@0wgCw4%0c98I*iK??W#rKe5`aZgJ!&4xB7pG;>xU@t>qE|a zqh&@5`(025PL2=(&8#` zai;bTx%E*DmCE7>+33(bTg&NpvOXEJ$=-*AUg39OH|Ifc{DJCm9GLUt zsU(Ih?r5&xv4r>*kHAU(gtb`o8@JF)*ybl9fyh}fQS)$(yW~~mk5+yr?a_VUNDqO1 zYlg;_Oe4T2a^{jYOg5xwK}?CBDTit2&waOXe!A&;^Yg3a<9%=U$%LE>L0GiyZ<$Pl zM@Vy+S-IU^@QBpxr{g{x8Pjx3W;IO5@zzpWASI{!O@-?(L!A~f0xV3DsN%*EBT#X| zq-tTbwS{n!McXuOOpj^r+~)9^J=nXv_ImSVnAb^$5S#{aQ?7 zD>bw%?$`j6i(LYz<@M`LvlX#@vSbhI_kb<%6aBlQZU*C!sJ1Z@E*YiAa#`mRsQxlD zhpx4>d-_h~`PBE8>iIDAP;BL97q>%y+)&n94}qd_u7@@qj5-5R`n}#yk~z!hOk#fL zhDMUeUyes96cK|-ALqo1$2+2m0Q*P)(!1)*&c9?XV@D?ITjQuf?~wV+LKodA1!PkP z-kqNm)~WOp@>+)H_$>0nTdp_%xVrB~wmRX)vtlw+bPIKD&{LfDTm639_&DB`t6&=HL1CEB!b7we&VDJdh-~udbj-_!Ji@)0C3E6#%W0x7D}OH>JGsIE2+T~v>dWe>8Y~$LrB($nP&?7C21n5 zC{lsy1}6nQKpWLo@wTXSZ)+s34P?fSo`BBY7sNCOi3f2iz$_hWgF7ORz_ns>EKna1 zVn9(0@^)lBWc`?vzM7BM7tYF=u3Q&t^; zE9mUbj;QSlrGvs%-Tq*7bjTqxOf-fD&@pr^0f%@*N2^dQg#1d=LlGvt|61}WU;}ti z1Zeu3bd^wh&CLtZnJ1$=sIyF&WQq$F@x|Rz3Uw3I z*;VV7aFu%p)5y}Z^F#w2kAvgSRMVRNx4Nou*1dt)4itb3eWMK1&^glrh;*dN9OYDh zN1d6j=D~O%z#1U!EKn}sK>JxzV7)h*5h(VTngxt~QFWO(ytYVRoF)0hZiR-EZaCPY z8nsX2#&x2mIuF2V=2oaWfgfFv`st$u`l#<-{HH(rdh^E?(VM)JU^(WRRz7X^-_$hQ`^7o@t8vb38RM0 zQsf-0IaCJtsoZqEmwtcZKH}LezutT`Y5Qk9%rm?@z`OhGML7?%YSNFse%Jge8G6F~ z>sVK^1;X>jc8kwWMTV$i`99V6HKD%z90{+jupX|PUP%}bigG|eypXG;J+{a!aOS}~ z`f28HZuisY1AhD$nyt@RtTQAyKR5*UVnuxA2uC z-i`un$2D(p2-tO!F^bDAr}p`N#e4P=U9KQ5p=1$u9irZ2;4t-XuQwmF3(?Bw_{bej z^y$utK>g`g+XhBAL zvI7_ocD@++je!m99w!uFim^^{?Hz#u&Vhm3EK_Z+uejg|_Fb)zzyh{U+zPd*IjT-y z(*{p3?FyY^Jb7vk?}<|%_buUdnl8U(p8o&*>&@fUb6~B`No-IGModE1aav5#j-V0UH z5?wv74Lr|(M>ZljLS>AA8GNMnsv!L!>+pn$P}R#+U3htOnW%Y3=S#Y2HNU0%vCpD^ zPFcVCx+`LN*WQ!s5*) zXIMn!(IFNt+1XQ!xGh^e=uW4D4f9#YH4@`71NMxN2o@|{rmtU)6}EEYR18H*Hpa}5 za3cE<>G1&CZ>+ofWed z6xrSAI+l%MakEt99-#cJba}fAEF5(gM}@A#FqyZ!?s|#=ljM5Kw?!*0zpAm%G&Pw} z&vX?lB(}>#oOwKi7l64Om<*H8=K|)=SZ1^w6tRI|CUgUw;(GKwB>X0C6c)j_WF#%* z)>3W`7=}-b)5#Ke4Mf;D7%ib$J^^)#l>$jc9N*w!}6FAzwPB% z(WHaGxB|RGz%%__#U8tMI*`~fx|r`V>gjI6lE}rGbsjtnWRJ1OfLMYN1nCrCM|JZL zqraiwQkY-E6O>>3h1Z+E63UnGc@{g_^|33HoSt4BjT)hyC^So!zAYN# z)jL&=6(0Yqr7Qyv+ecR)fZiEi)&19ZYvkrR51^vR6$z$Ci^0><<;hgQdnxCn&7vLB z281k=b;*yd6YOnS3FxF)fp}3~ zpM1v0ABF$;qU+7C4&xT+4)GahgU@yEXt5eKrw>zRHD#9fTL!J4q60}!lfq9*HKMcJSgtNK zZD*%4B)rj}s1)}rq}Z3#J;QJAE$I8e<=%ixw2OX43=}7@L;n)j^ephs0Q)qszd69} zY$s8cc6o!@LDE(-mAB0u0IW+0KN8hQqTa})U(3DYkKqqT9Y1bCGt15;n+SJ9G_KR# zqdjN%ohA0o^Zd?r5B8kz95+R9l+Z*7D9COUdJ&+e0H?P06t;ZRF#l+`vjQqV z9cr7}WTSz`McuzX&|90%k=R>D#YR}CzY=+j%O@{W_HH9c*%Zt3mAx}E)SfRVO+(pq zwLK|LqfL~HWN)!N?XY*=V7WNB?e$rEs^1Bxc0Aj0C~I?B-`rW!H)Z+C`v3ng@5`R;*|aobw*ZZCL6(j41VwJq5~cAurC-+;d0%L*QR1ZI3W@6PhB z(xzuq&kNlJjL_fq=)&ozULBoF7xdr z(pMm@7fHX^J=rO(v10Lfxgk^+K@0<8a{_T5oc>6XOzHI@Y}59O;6f?YnuZ|)oE-#1)uK2^e_TeQe+48%f+A~~2vksJ(B zC5QPw&R`qUTQJclNGtN>`cP(sP?Mvr>Y%RU_%2#+=<)&OK=ieLMb3KPSR2{(w z>}YMc=U8o|=XhVvTGa49#R4Y^!uQO#Surhz(Gz z)CO^y=WQ7h)?-stWCNHZ5og+)m>{v|Esrgw4WYcjGx%FWgEcV5 zqLt6{#0j^FJR7q*tla*8V!829kM)b@^~7xU$PSOz;zus8{f z6vgq_oWZj`uzGj$&K7ONFTxygyw%U^$zyGZRLjb3&7MaxxHeY1_zz!MHcTurwjh1l+E05PAmIriv}xs;Onu#=f;zYak&$WklyH1q#ArRIqB! zk9Qza%*(PhavS|L+|rj(+HdzDrcHpP>+P8K}xSPDzZmZY6 zPxBn-mv`2EZ7=R=dmhaiXCt$Xg*n)^rHoJ}B4`bLrDwL_S$+rKhkSA^J^-Xk_hh`{ z4@F%b*7kc`w=U(K4Dl5lmQQ8o1RmS`B6Yk-9XD0Ws|O%#K~I6IFc}djt(!}+-Ne*X z<^bp(^;i}lZ!<1B9a85#G;i+x#6$h+>&*{Wx3!;1QYht8EHWwLq(DQ7QlhLJ0p?lY zp922-7J-lY5wSIDKU8!Cubc106j?2L%-&<&T@7G;l_^;Y*)uY1oYR*l+Z)=S#LgB` zu=tW+xRYO?qf3b-R?Xkvnw8Dp=jpu_c|Mi0Rq$s&$-1g=$lvFEQkBl}nYjTRayWU} zJF>EQo;;oBzdOsHzt7WqZ|1J~ zSMtj+2i1LTzEs@jb_=J0cmC_HH~W*lP-eIASZ22nbg3^{{tcW%k}YGF|A{RBRDH>R z>dv0G)N7Zr$5G;Ancw8PZ${rUe7)sP^TKZuEsJi9LJv7E?WUFCcYtzhDfimc4;dZ{ zSw%y2bTES-8~pg-M{ilWbOY6TY|ZB=f78hI<^i57Xy+=$%s`>F#T8d5g$eptW{Ev$ zUN$HZll7m}Zm8Eh4ssvHKr5)rZE9NR0lIX*$-1{iX>R)NY09jk%y7Uj*U1>+@j2ob zsWMn3 zP8?ID>=qU6czt_|f@=X-L*Ifu46sahTQMH1_qdvSw_}dSmg{aUhDpbUvA$jwnsb=d z7Ya#lc#1loqt5?eb@I>p{T%OJ6N|u`q3m=Uym{Uo?u7S>_*vVYq3qL?jW!g8Zj~9u{=;YyM7PaI zWK-R3OfFIOdCEq+gOWLA))b7%_MX0b+I7qwBjhmGejE3_0CRun>uQ)>n>?Gr9JT4# z3G*y)jsdfG?0WMbt6}!l%1nBOf~Op7m_}4AbPtk)e)knJ$wEM2h*F*xXnQP)w#wQE z_vt6Fx1$~Rhj!#^>o#Bi3SmWDtI1ps>oz?&+_gsEH^nS|Wx#qCxU<0BSORw@Q{1Kt zPT)53^i-Q{$Y^obx8vUoO#TaNH>1U8GU_{2ui-46i18G}_%KBVD0q7F_2%12+nUSU zx}oRbR)zW@lFqOjzhmhRHx840V13WQ5Hp42Gc5X1j%UaC|2Su#L!1`LvjDwrp^$bP zR?7?Z%UN(Z1rFOvaNu4_Ir-Arn4ZX)7uuVymn6-n7OlO}$K~IF{1cda1I%K*-4ku7 zk^xrkH)+-swiu)S+-%q9fOQ#IzZYPYtd;(I-A@5CIIN9!xm}skT-ow)_E^GUo7Kas z-c@_|()ZZ5zLMVy)HgGJz5PzIyCdDQ_@Rf$*C5|v^1VOcbz@_`@CRlO(mNC9 z4ATmZX(n(?W&Si%u~3?B%lFTLwSQkbe}D@vc>%wfwt?*ExB;X?(un*g8ii!t9XU z*ARJEk#{i9OB5xyQ}XLcMGZHEQpRr`q|6XytSp;kfHJYGJdLpqZyd1a8wsTWtOHVJ4ysXNQ zXQm>gB^2yLpd~(~&ASF|pWS*r-B)9Cd=HLpcp&Z%vlok0)&uKw)%Os8eOt~awb8&$ zJ?EF)-*a&Zy3i#k7nf`zjZSk(ZEMdZ5|{bC#P15fmzN-oUV){w76L5tPLl1Nc+;@uf06vFZ!rI}m$rQA64eF)T+voMysd&q-0qS~GU14#%O&Q%kMqet0mm8eIzicUlznF_j`aO)k>g`BrFu7;16_I= zh3yW8-U?n5&9?j8&bk5YE5N=hz_vMx0eD~};~d>s<&xk&X9M5QeB60mcW=VRVg|f) z9(XgnpXUAR0}Uu_xQT5czvuEFsJ1-NPfE@sb=n~R_Z($@I#7p36MMZX}$ZQ0w z$l-!XK*OrJ{P#uKO`HViz^^IJw>swcsfFfLVnIe_-js+IqmBCteXHpp*y54q(f zJ(uIIbcq}8rUDWCJ>}^J;wYt5k*5dbD;EQf*e7iPt=U?NOw*3bv}xt7*PEYbhh+HK zlC$B=jL!yQ{ABlHT0d(z6i^sXc6aVA-YXi4@+iE7B7)%byFZNMl!Dyoy`~`1FYbv~ zXfPeKL9a|RHx#Tw@hudpq|>{&q-Uuh4l$*e7JYZx428?kOzy=K1vH=5T5@WywBOoDQ0}+!0hJb*CFa!{R z5HOGk5(p3iVhor`VU7tPh5&xQ|E@lA3&Zz)cdfVXyZ0@6t^es=yQ+5Wn)j(wr;cU5 z_sm_+Cg9u*_bM%E@F_74EXhosV$|F<<9gmd+AnR#Z(Va`9OvVU^S2H~N$OxFVK)CASbB9@t2&KpoJ|0aSk+T_r{?d*MjqIppX`GpAG#TZFJ(o;N2T;?|R=Sv^!%p zdG~IpdkK>JMOG(R7yPCXlyMRV=MA{`Zjs>LRCb*h;i#Z{zq%W-AJAzAbYO36ea6%K zYKpDr2Xm`zx_yW@k$7v;@xG<5$1d!1Hb?rsO73XU%DrNQ{=FZeqW8PEtH0%Ocg9=P zI)CbE(wa) zDe4@e?wpb2!f)aIfG|N8rQ#vDXAws#&tdPN_7~1!@8C@K7s`Jzb(Q!v_k;U?wdJ(` zqTbvqxV+=YEiY}*t$9#a-!i#mth~5y1Fb@SJ@OCv?lD079(YHZX#=x9#HnAH{4{J1 z75J8;F?ks|=!o`=^-1LKaNt*4@_XfH++Pi?wSD!K;HSV4tIx)l7?)&bb4C-!T zKfsc&w(LN=`i?$1_VD;bR;Zk9MN@PK0$|tlzDAt+Iw;w4t5t5Li}p?Sn8GZ(lilJG z-H&qytXJ#0-?n|2{uX2#%Puo@)YQ7tbLhS1AkKXIZoRktJ|r`DS{r*o{aa5y(}Kd* z>3x^rwv4kMTs~aPZ#&#UUl&(Qa_Ww6b7Kv*j5{pS&XJPAfC#D;(S*d-V%Fgmc$@U} z_BzbW!`)~jt_SN);OTZj2g_{lv|!f+ovn}g^o>^Q+P7=9 z*n8G$)fP8_mACRdc^Px!cjs>|AL?VKb2%WsN#EMteh^IYwECqPG{!jgGKE3c!M=91 zvzIe_r8_f*&f$u!_ZxwB7+TtR=#9>M>+C!J9^YD@UgDPS_`&>TjI4hr?rZ}E%?%JJespJx$Yp1oM!fqe77w>|5P*E$(Wtv zCOg-PlJDs1{?47l^NlOxjI+?~%smC``?Ui3T75ErZ@vA>ye+^=&OGy{_ZH0z{BKX! z+5YY{8+Z2rjdjU=C8y}Q?NI$ozPgGnL_E zzI-d+I*Uwe*JZwC0o3h1nR^H89q7@R)8d-Q(EUW#97XX@35}-@@HB|IlyY zYO~jB(%L{;I~@AemL30>)8eelZEk&La^U;6+&yLcZOfjmwg2ybt^~#oVsF(z-%~aG zWCzdwFHZkoo&LX#|2Y1i@gGyP&7N1l-=n%rpIl%L@rLp)&o~LcNYdC~2kN;Drd7kQoChKYF_nyr5Wad9oPFVhRJV6<_<6%c% z`;h1L$DKfU5&t>h>n&T3dgDRQ+rq!{vYG$2+;D%v{|wyU|NhrXU^8_X{2Hn6CeRF8 zKr3hi?Vtm6f-cYvdO-9;&npEf&;S}i6KDo4pcS-%cF+MjK^N!-Js|pT;)4`u0F9st zG=mn<3fe$B=m4Fd3v`1X5dDbwAO#vgBWME6paryoHqZ__Kqu$|-Jl0VKPEm%fdEXa^mj6Lf)Y&;z1dh!0Yr0W^Xp&EXa^mj6Lf)Y z&;z0&;)4`u0F9stG=mn<3fe$B=m4Fd3v`1X5DgO_q(B2`1WlkBw18I72HHUf=mcG$ z8}xuE3oWG}1sXsjXadck1+;=T&<;94C+Gs*pa(>=h!0Yr0W^Xp&$5j25j&;nXP8)yd|pc8a~ZqNgw*~AAa&;S}i6KDo4pcS-%cF+Mj zK^N!-Js`@9MWrAG8bBjx0?nWWw1PI!4mv<5=mOoK2Sj-RpcJG)184+Ipc%A)R?r68 zK?mprU7#EEfM_1^K?*d0M$iPBK?`UFZJ-@=fKJc_xC>4SGN{PJEC84WJP;fo9MGT0t9V2OXdjbb)Tr1EPh*2Px118bK3i1}&f! zw1IZe0Xjh!=mtF?njk(%fdC>4SGPdl=vV88bBjx0?nWWw1PI!4mv<5=mOoK2Sm$=4^p53G=e73 z3|c@dXant_19XBe&<%P(w4C@L1sXsjXadck1+;=T&<;94C+Gs*pa(=Nh!0Yr0W^Xp z&2i4Rhs z0W^Xp&S^5WpMC$hX^{wu)%kOHH@1fbs~ z`?>!hUhqHQfGlqsSO5kenB^VG{~B;9Sc&@v5L=SvJqEt*_YmQp055_~;9c-B_!{W9 z_ib6;{@~eLv%ELJFQ7l=KlmN+aF%z;yII~L{4W=NljXg+U6ywp;a1}Q?|#bvsPS3e z-4n9B4~TdBqgmb`KqvSs_}hJ1-dCO9EoarUS)RXrmiOZyW_c$FWl&BEr6YFLwxU) zQX}o+{7)Sn_>bLzH;}e^+nWy|Z~Mu;{?mN#&VHU(H_*3LgCMArGi+fHZu1_#_XC$? zMmjSN3H;~p&D$G;gV>w|3K{YqxG3}@8k^qq)N!kVg7Q=)lah;4mpy1X4a$Aqk?h5g?YFDmX7q##Xo0O;D2jQ$lGT~;2V^~^uq%G#ORQBx|UedKNo+8Qv(0B4I%F* zoF*Ckod3KF1OK`iA@2^Sss(ZWzqlsw-!wbq{dt>muK!)&f9w2^H*}l$mpvT#Z(11g zHruk1)4<8Uyesg3lGnd4stB|T@|XB3@LzRI$h&JB`H%3R*)hkS5b{Q7`78Z%^1mDu z_%Astbj7Zw~hXbd64eXUwuQ!yL=n}p~nXP zbvL2^#6WtGzkedt#ox3ky@b_L1dB5I9|D}Hn{BQj*L)U4>Ma{;mI^eQcBd$bSX?GrkUak8KnG&Yr+O5ej?DgT(oF=|Avk;J+IG z2exT{Z+#K?&yR(@`m(J8T>ScQI4IviVej-g-}HZ_H1JOx9`@cW`KJHe+Q8pCBkZlU zWl56$2d)VGH`BOm=T^-Mt+CKglT@d(tH-x>j zw$X3Gm4W}-o5SA0+w|`>zX|-kd&1tk+r-~~W8l9TYTP#MbN5#R|FKVmz1M34?Sl4k zPhKQlzjgl#d!sT2P?x`3$^-xTABVkbwVa*)Isey31^!+r;{9%$_RT*$S00pBE!4 zt-%`ooBaDbxFN`rp(Q_}}{Pi1$M`#90{Ue^__m zpZGN5y|9h{eV+vWoBtE>25jR$EgTKnEwg^*HsfMRJn)|p&SDj#SG{z*_}75Ie^Wfm zdu|)M;JAjse`9HuXS-+8BAossW(59TRhD<|HsyEyUV;DG0a+eXbMMc^&pIIR-!v%8 z+q>5{sK4V54g6OP&hmzCQ@&4}82E1(lI87~;osS7K}P&j>5s81DZBwFkZEv+{G7We zvrs5|1wNrjw%*m|Z>j$L=-v2*u_V3FkTRJ(p-|RSV(p2j(9mQ(tVks5&?ArY!Vi#i zXn5%ah04kLsr_Xi$X|Fb`D{1jWYNG2oma6zf03-U{DoIa*3YWWfzFCVBfpoIA7v2p zvPFmW)_3^1G6~LE2{$q@RJaL8G=k~qMbD<Ii!Y zU386O(0GOGmF#G!XhhfeWFuA6@tuskO5`3!-XU^dBmXRNsgW;>JjzH_LL7?#VJf}& zSw>zj66*x+y&|tL@^2#BjqDbwFYHAlQa^sLkrPBd%*C42YY^6?4)^j7fxbBZlbqGm zRQ|n7x%6bKy?gnZzw-Z+tBw%K{}QqJUz#H)zlG|`|H>S({38_cYjY&>xi9eYx0s_i zF$U53o^P)5!~%))ohzAO$=%BjIagg`jiN=IYj9$gBxX6+u*4cA7Im)r#0JUC@k{?e zn6U|&i1~Sb@k6*KChn0d=9~JH6Dq0vgmdkXP_N4G?-yK5m>CHcJiYuc|Q}KrQh1U~iUgAZ$M)|q7<64-wTY8Rm zu6+_4%jI)GO2pwK=az;&i`S9y$L|Y0OAFX2~(rIdTgK7CXB_MW1`W=yM$XFLDq&*U|5h zbU~$!ld<9Cx{3bX-^<>OzuZN*3#ux`%6(ViYTVempZK-Lw>TFNz_gy>WuFe6vyKGf zHGZW$axRpk);Yr4qhDcp(Omw*d*M-7QM^d>Lx?P_EIv|n3zyuQ{u*iWPDSlVZf%Z+ zwfrI+xdRHHf+pB4%GL?}@4;1+$bBYj0%K9}e#p#yHqYqyCFi;Poy7lK^z-?9Lwm8C zi6XA)T%HrFizcDt^CYwIH|O23O{* z3D@uHejE79ZC03e7v@BTx!HyJvBKP9VR91Um%Bvr7M{Tp(Z!}IdD zLsb9m%n_l<4JJTbp>ny=@`{$5+>#tWoO?FR(!Gy6#`ClKX(shbS1vo!^P{ncp)uue z;LpzvA40IQPEzo5EpAqL*vr{o*@N=UOLNw+h*=h)qWt`-KNCJHJeV-ih>|Gp5r6+I zX*YuL_AdgF#ev8N>kHoh4r)AO7TM z-C*D283MA->ynLJ8a39XA%AIch_6^ZVjG=No(l~&uE{%WF2Kvj%1mMXDP z5Vu%j+_QN8nCND7)VSrZf4MiYF@w{J*Zc&H{V}7ILlSfO7-#wTGc4&)m5a7c{l}#9 z(C9`Yk2Hy5yP_BxsP9A!HxVxr=p~7Go){*g{NEB$Qmlen4RgAQk>a&hq9xkvv+#IsLm{#%;`s$pnUpdU{q-v3n$K#)t#ldjYP6*67Yt74t7ItdAud>to5r`dG5DK9+2(k0l$!l9es#EZG>Atjs!R$uh?jUe6fn zEZJBeOE%WWl8yDTWMh3S*;pS-HrB_IjbX{M_<|)H{w0mRU|7|8xcWtYghThX{bk?A z0{b?$AxDK__HFEHD;Q_r#;&n)arSL&t9^SVp)>5;UQ1ToHvG)K%~Ha;f6laTW7xOy zF#9%!eQS#?P)$<(RD-KgZFsb>rtcTDERshONt@3Oi-9 zkKoU2-NLF$vCP&j%&>I}YmINV?rj7xU9okqhBjL_fvqbKvvm{Lx^kGU+b_e`?U!Ne z_RFw!^J@BQym7W}UTuyBKC^Z61{8jbN7~lSJE8wexQY{b&t(08ASJSO^PbH!TDET9 zbNS1}m#v%keE#v!UhGMth-*4y>q>-t(l%*KDQoOAcVO%0{XJ&`JhOH4UdSB^jjgL- zX6xp?UL$X_b@SdZ+H75Ij!nxg&5o!-OUL;2%;IIoN`hb30_}y$w#XGJ8-{V@<&;T( zFHyFW{OZbfMjvlR+1=Emx4OI*reD5}5TSBC&5M+efs^B9n$rCV{)$vHrHeC7>Ef-X^mPP?E0mei zCC-$tm_sJ~^03*rPqOTzn;(DuXiB2etg-TNnanW^+^SVFwkyMCZEp{+0VF>n&Upig zRKbcU=9ZJRs#ns9y^;#T<$WX-I!TL>vX3NP)GMh@l0FNWPMb*ST+=Cq?N(_zd={#d zLq@k5%AbV>EhmU9<+sQmQR|&Mr@C!lb5E(a@Ufa@M=tgJFG7}w(7KhicPspVLixJu zS&bH2cuD4=$))5eSr4&_rKMy8#Eux>$wr84<+TvvR^>YyQLdtq4bT;jN?dy=+r&-g zXvYxl^))PC*A3yO4X<)}-As&Mfx29lB4O4`#8W`)Y*j}cf1Kyv;B+cRfb8X(L%FxP zA=FQ?L+j?({#HeFW5{lH{y~^$LCuO~Cwl&`LU~Frw61BuUyD5N@F~PzK`j68p_2Zr zLl68Mt{!COfI;u!82Ad8I$T=(8LY5FqQ#y!376J@lE)z;q+3oeC5d&^h_4G_JpYkU z$;v?Lu7sWown|-s>i{q`2yc>)hjT1QjzCI=^g6bVoKc2=B@n&IFMBNv~w9xob_b%J|(-zsCZp^9VT? zY?aD$AMbE5cr{^7BF~(>)gXCuuf*hUX^n?e!5c$uTH~G*5X&K~O+OKEUWd4MAc1=V zP8dlRCI;~cUT&fsO-r-UE!V3Usgb0`^;&N`-@22(em#!_t1mgwyn;K<>S~w--Olym zNcHa;%sn&RYiqA-#eHJPZh5aJBR>bV&+iKJB-iA5rsKUQ<|_4rlS2I;R^Az+tHH1? z^}>@wc`_G{*&PT?r!*52xEIOUlVf=S8!jzcu!0l zg!Xhbaxg`(5ZDm$F$(#*=y|@sEL4684?eBC-Aj;rz(5T=PeJewksE;i3GpTv8pN}v z{3V<(K=Ny(WegS5nS6X*SPAv~eL}^b2PyQU@(Y2bFbpCkhlaRm5L3a>AfBbL0FEZ< zEGP6bU@4piajG0j;Ub82U}zA}Qn&$5J4hbgH-$Tt zf-bf+b6BY44?zllAoTBnrSNx%zsaE#G{1F&p+P)L;VU@*0m=LNrm#s)T`Uj#hstYd zAC`yyOv?#iDGY}gDu+_o5n=~1f_Rp~-f;E;$#;5FNIpcB*pM;~-f%U~Hi${qJeSfw z{L!v?CJ6U4Rnz)cNZy$hqeB&LD)Xvr3Lon_`%02%2F}(P=NjQJU|b@mP2S_&B=|Ut zM?met_B)!6^J!5| z$Ffja9~~=POW%_Ob^&R7$mw_rjFXh|dIVX5e}LFm34Q{h((x*Cl%SXHvlD#pMN9DU z-UPkS;B09>66`m`(|D2hFl%T;k5Y3H&f{Z7{@EYsR**{?hj$vJvyy| zS22$2@i+PQJahGU-&=19nhEhNT^cV-a4m9v0_t{m%<&Hs?m-y$iaBn9g`6qXK8Epu zm>*~~;(K)pnPO(tY+k#gqQB(uq1D*I16ZNkNLh*74*)4rAYC`V zD*gb0-731Oap~^89mF!VxRUHo@&6DQ^Ue`m|RCQMn=D{G$`w(U+S4>eA+~~5k zk!%gOvfD_us6=Be)Y&I1{r<~I@$04Zu~*5&keWsS9D84{G%^$UoBMx&y|oAbCCcv%0wp!bassAdXhG zZ3>9~l#Dt`!w2Ag5ZBGVUE!CZTn);c1y0dSwpx zi?+%f?$>OUIouzrn8Qw$G9z6J8OhV1dMAF^FjalMdx+*$+@VlazTGElBk^3K`s;Hl zJa4?+yH~l2nN11J0@c5!rU^gDl}g05u4>oq7ZYF~kQ|GkpQ=gBgE$;nUPYm5qrj!J zu|7yges1O{*xHXQi2{FMpCk%h5~m^lWF@f)8D=kh3E`4>YZOWNuB2AMonu+KyEh5n zFIAE0mVcfe^Z9_<=+fpQ{9A@R4^aeOg97OSQ9q5l4VkBupiZ=Wlbzq zd46OMoDel;k}WTMVpH6;Xu2LW*ig`8W6W!~UjWI&k$M60ya}?9{ccMt0n-g>@^VRa zn-z}QE~)M@!GPwHddrfkky!*>Qg2&QJK>%Nk`sHA+N6GSza_PC1kKh)Gj;XtELZni zLp_!_M}h4uYxfUTdY9n7NIc8R{S6w_?#F!>m}Hj5gErM?V~KnMufguB9xQs846cUP z0-U}NnZ8fseh@U+UBMr1+E{=c(Fl?sNj0^fK_k=kvNMDYJ8wgn*GFlNH{pu&$Uy%J2e8TBs9(=)iAPv3NP8s1SOxyB}sjkxat$p~6nVU$3ai85jE1q5q#g@L*!Sz*Y_ zsoQFk{`*9J8#r}aN2D8+Q@6FDkGkiWx}_zU7{IA}j;VVP?jMS0>Yi)rK7sr9Ai0Lb zokkC8);-ZQ@?b78jgCd5DK@~I7|ho$^%DoV)FZC3oNQ9}V$bPrAX$q5vk)ghT%r~- z8^UIvMG)7*@h1FIHMYV=v{l1=?`%u(c1v&^9s^x&Nq#)8@#(xLZz8DO7EgFg@%OX% zo7lDJ;(rvx-!GXNf4{(9N+yXf>&2Upt)Xs?Wq1bh+bsQqnAxWstJTjr)*jWJpHP*~ zsk@T^j2siMSKpj7#tnNpF8{k&{!b_GdXFag6Xe;b_h$$dgf~HtF8l^d?a7qy9cigO zN@|lWwT5DezlzAe02B998VxpE^d{L*-zUk*mgHT8zFkR<=}n34vYtQ6Qd&()b1WsT zXu5ojvXsb|(|nAHc^(nZfWev{8*E`@oGq+=4)aqmVgdrTw{;Qcff<5uTNd%A9;m7q zWJ&sK2)KjgX^^F~y$!TOESYILn&@FBdYTjG93(s87G*lmDpZf%U7z@8ui|-C=^C9b z-iL(nb>Sv~nJ)1UcmqG@Qi0`A29jUmsdX%FWTC9h)K^iJp+kLtIqYzD9rOE`G)J<% z87ii+y@hr>0cP$Ai_)64i2t4BKNtU@1SZ3Suj#GF67dvsI5eG z6CQTQK!uc{b|e_6=#N4?EQe%%3h^!&JXR`6+CtC>hDhk`;Mc%}+q%wLg!{TMFMIxY zf9O%DXX^>?5biBt>k0DyS`Muzl;9`=LxXs>o=^{G7)V}@G#hKY$u3-r`zUF(epjk@<`!5gvKVU6S!Pz)f6lBF|Fb4=X;h?# zh-9C3lHoT{VHTj%u3(@do)2-39Fle)#P7i1`6?{Q`8Te&z!1rs%alJGBp*Yjjq9(8 zz=z)q-Sp1jc5f06cKk>~m5nsiLYOqvvOM#QmCgzTHA~pi;P!RSne-;1bk9L^TImx) z*~qLpdgV(9-P&(X1M`PaRvMji7fo0wKQ%rlMm(V+l|APIctYvkm2>uFuoFu6s+=3_ zi797K%$!dNER_E=Hs^H$3+3m;<|GL$RGt`{qg6$r^0?TX9q|{+UyaXsDa?i+P&G0- zM|-D)s$p4k8t@m&N5|(pMzIT3!=rPKKzSj#x?t|!{0rr~`0=?9qJR+J$B)f996~7n zGCucsqzIuQq4?Zj$4*E)cJ4v9h}R##^p2fVU}(oq@Ur54OmF|w9XsFeJ*TmLzxVw6 zz2|i1XygvM>-T%lZD0ELd(Xe$d(K*I#(tdd_nynj`M+cDc{DNt3!`Kbm(ts%cJF5N z{bBu=o6!{~u27kq(Zg3^V-y!Bv{Sw8NN7J5eUh^g79!eT{}kNvfh)zW6ph7KewPKB za-2CM6?Q8$EGFO6vH4B`mC0$`dlHO+S2|W*s3;ZLqSqpOqRAcwGkK=@nCxE?^B16c z)ltV1+Ex;u!u>d?U=gv(79c*s^&#-8&Q;V%juMuAw3i80s!3BgQZAnw)?$i5xjj0M z43P?$t2L%|G+$1)9G-2`y~+iM`XxdtPldP@!mHc!cj=WFK}vT1f9c>>e5W_C_K5 zuy4nQeb`ZAMkBh$cjw~XC}bb@uOu-kAz!B@&QXF}oW$OJ*!Gg5y-}!r*r!Nl?>=n# zu@9TGDo8=sxL!qYZxr5ROkLxg%8-7e@Cjq;8h>6)d!z6TW9l0JKumk1P=}O6Bf7@J z($U^1WFK||4tt}Jeb}xXo>oQG<-LOkbrk0>8qqaAm5Y0$u+f;h#^)QUnvQeW0735( z*=(e4!s168`KriMjqDMr&)G&Js)YE3MymAU95Mh`?{39!F!E`U+Hw_*ye;xRBRMO= zi~re3sn4hN6ks=zuW+#@^#z1Aso;%5_F-Sj4W+$N_|1LT50GW|Mj`vK<#2BlvJYDh z_eLT6u;p-X6tWLn4);c(_F>EA-YC>QY`NSUh1!QLm$T}$4_hwxMxpj$%jMoE)IMyv z>g|m}?ZbWsb+_)rei7II+xxIzMdsFh*dOBhu6@||qnUf7Q2Vgua&HuBAGTcXjY93i zmdm|SsD0Rf$K~EA+;$)Kr=*vDqcC&FwXz-TxE9^J<60%K&5r90FryLGwpF|GVAU?J z>f5;4^ef|jbH}wjdUsr#V-^W&$F&@`%evs~3MFj2tP9R@w02n+oa<=qvW};BS+n`W zJCcaJQFw^rFTx$Ksuat1S;sT1x_GVe*^use*Au|>o8e_&0&Tmj3)y8Y58Gv3$S!L+ zY?pN+W0!RzW0!TJ?=EYNCcV3?HLL}@to6VEQF^10UDkTPut>YCcO!_sQOGW9qu(bK zyQ~+9|GDVr^R-Ii*&Bo6n$GO9mI(Qnn>PxTvPL#@XY8_WgBR?wu7+mNRN$#McYI3O5j_}hDA-`9SD}U zUi(Oj7A5|rII}LqWB(%2UjBWGbAUM_r3(*Q?iC%FuPo%`KS!LRgX1d8Sibfw79C=a zc>c{iH7iko*c^)pO8+H*1wYfXhd3v_fn!O!s3L# z5`AH!2-_(dso+{Rm`l0jdEv9A!$tkZnr8#o3h{UD4dAR<_Jbb*>%ZI&t~hapibk|| zEOS?Qd^(#b- z7eV|R;xut0yYXyUL<~Y4uW~b)^*;&aOWat(oogvAfm@?O#cQCvu$ybl0{tX3T1sJp zCO={)P?Z8rQ+dVdqUBTbA9g)Q{`uHoGSN(DuOJp=PrU^L(*BUS>&RPYv-TEVyEi8PSuSh z-XX0_)q9<)IXwFEfK&AkPSv?Eb_CU*le(!|5vaN=gcVkW@}y*}-EF(yDO1#QxILI`+DpYDd>U929p=vq2%K3`)({wvPt>IQE z2g9w|O-29HkO@~inCjdnzqcLy%q4Lt**Z`8ov1)Rb4mRZ#_NFlDy7omQh5^NZ;_?) zoKi7GTSC^ZNo6pb3|c}XR0_RmoaoZX;{jb1ByF4WNv=%mVGIM+A0gJtv?g7+Ugc1w zdZaI<)uDHd%wW>dprA{O3hzCnQcw3MHhrdD`0OYE(mSkr$rZp8vC^9LZ`*A zQTsaJ@>A$4^92}BgX#lG=!a~^@GAc8WZ}gzmpT1le8i7 zdEW-6!deDx;41Zb-`f8EF!mMG_KdyYHuszk;}lT+9;qwc>d`1?w~VVp6(Bp zfI+6&YNy#CYv`-}B4v2cJ!&UsIG>@m`RT`g`5E|lmD+#HZZ|8#4K&dMVfyP;NmYAE z-<5t!!mlTnzW_B>kSqP|HKS4+Ri^byf1b2{j{t8ekPZ7Q{eA97n6`^q299*ODX3$T z1J!>fHFe|a*CCW(^%oE~789p(nH1i~X*G5>-}8m(um6NVH4mW;Uc-atVG8Zz@0eD| z)$Bh0{B+GaUH0)82f92e(fc`F>d~W4x*R|nw`jOO6yhXJfHwu4-$UFhuU8=+QAJjU zC1Re_ZY^U6W(C^q!`xS6Wj4>R4YYex#XHZRE^|PG(k4aS!=-*QDYq!~c4WNI!};nz zKuC;NceLV7@uMD`b4>i35^uYPrue-hp6!2`;*WL7MQSX$DgLf5x%6Z+)g^ZoNnHk# zRy#ZRHuL`l#v`D5ClXSdtlksC8t%$8$E&?Y4Pmq&eR3z?+uws;Ka;IQF0Z5gWRTbW zr1NNhM{USZNBx-K3Rs;@$(b=x84#&7;nhx1ffW1E4YN4u)?`1|E4$dQ>?6C_-ytpA zwWv~;vDeZ6A0TO6qtq`^r1$_VJ}~TK1cy%Ws>5hwhD<4hX)`b&_JUYMyQ@ADLdkmr zik0PDKkCaG8ov8MtK_mdexPMD*PkR+2HCig@AU9StW^p8Gx{X^ydJf@s40!KF#ojq zg5k8@#<#a^q#1&O13~1RWJ^; zq{JR+a-IlUpG*0PVAgdh|IJc97HLQHrt&vSc?0hCO66vRR;wS5>Qph@TPS0EEX;A1 zlDtNm1$OVqbp1Hd_nGJi5pf@2HzpXCP~y$vOd9uEGury7$N_D*nSp>BdMM z>Qn-2l=4PBByA3Hd!}{_7OwB^m2gPV0$kA?GCV!)RVM=pBi>fsERL=v_U@Mcr@gTk z2kE=mivx?Q`Y{4q`jd{9Vhf^|TFjXYU8Ai%EU?!47c%%qFw));TVRXYz4fxt%HcD- zKUO)6s+OejR<0XZL4VLBYA_sqlkzy;jM^#;r!p|wB#yW2OvgPHxZ<5?Vh_iyZSVEB zD(*yU)tBJ@xp-zQO|+8HF(JPK4OI3dyA^l}*W;l24=7<{aaKCB)r~=}M|~k(t4-G> z1enokPa=j*F&C!^Z^Yl#1`4B_sFal^>sraO@uAR4 zlHo!s_A?bzgFUYf)c-`8>u=H*;GPevE9oU_*3|4#M9PT^xlo1* zUd=eYD-M7Cds3wvmQ?x3{v%WLYT%9vx1Mlzu{<-JPgRfv#%3H$RlF3$V6cP2D%do| z-T}_`p!y!Tn#1^QC;NL97A&<%%H!BZH1*f8_9on(U`P44;%}Ec1;YNeAT4+w0}!IA zbpwIUG9kY~$mFA8q5ibf`2Pi=E(243ietJ0KPic~Dm3>2zf__M{}5q*4`#?`iegSv z3_s<0pTn+>U`nYyK;Dl4spf5`yTm2j;w;ADuh-V6srSH|LZnGx>ccn|L+k^lJS`vH zMNHBAJ2Msc7~*=5C^C1E7WxcAo}#Fda|^_;!3+hNrua|cdK^rXoR1+k%OQECLs=jK z{I-+fJeJjk3qn#$Q}fgvVeNqTL@;?b9E=}R_ThiZGF^_*<#aBy&g0_Ey3DTax=y*B z>r9DUj!174EZN*sC1f?yjsqtC9}s^9GZbW+WbZKyQDBPd2oucrPy5^xw*P%k`|`4w zvWxp2oYOytWw=Tl{g&oFz%=FMFP39j-h0rI{3&uYXD`Q*lYhP(%gqtXzeJ7|7A)bF zxFed9WBj9$S9)wV;r&u~L{q6dqN&s!(NyY=XexC_G?ls|no8XfO=WgOQ<)vnRCYNs zB4uL`_Z>$xN!y>}o%w8%Bbv^F_1_)QWMTAd^1nNxsXV86uiQA6m_3^;&U`jm+~?V3 zaZ~sm5_Zofix(wy@PR#>EZ)CJw0kyLe1JJ36?!&VocV0BIP=+Laptqh;-wbHJ)11f zd^TC!Y(DPUWbyKZwr=U!WF`OXD&cC+CW}{u#c@v;OD5+01BX3bEXh1=s$}bFQ+E;| zu29j)ja=>NVyQcGs&ZhQioGXWWuMqPcqzh;RIs<(?%%?oMUdQOK7q%`Tgw*p zL^y=_)zcu3f*=7sp{{&{rsUsdLZ4)fV-i08`d<>O%7or#LhHCGD+e_adRx5~d47oV z2cY^rVwvQxAWU-YSjoIJ>cNop#eEug8%cZh?b0eO@NlP9cd7*%msW6qy<2~IzOujp zQv+?E+!g&4_-Il&Tq%u3-YLq%E)e>rMfGwBy&7J9Lf~~7#6{x#3F0aUuQHdbe}Ub4 zZ`{lGrkF;@^lEg0UTT&`gN{AO^VgMY|5Iq)lIoWUYafoO941ZAE>N%yFnNeVmTpHt zU90&Fa*JM0z`4Bw?k4PArok^2>=Y9)ALcw0&<_*7Zh-j=&(z>Yfq=oc%k#7n1-zR4 zU!gKMDy>!ZsSpoIdNiVq1eN`i%Y*aZqS4$sKR7f(``GG=SIK8sIt?dvsY(4C5+4PF zZQ*EHp(5*e+ArX_8fcEaClJo^5ic<^m5rkLyw)CHG z*H34|-gdnIodTX0Lj+|}eYz;sP(m+G{< z>Jj)_``86S0ldlr#T{;OSMSMfuEkXt7k79~IjE8v)bF;>CvM7`U= zSVj8_#3OPj_L~s@0M%0vkk7p(zj1nfRVZ7KJ+6m9Livp1alzefMQL>0zbO-;eEZlq zy*DnDZOk4Qyq8qDx?tQf#1qPQiH&=Of1!L*eB5mQg??w3kNX?{LcjCN$7yX(D83?p zTyQg7c0l$xJs%T_AIu-OW0VF0s$Pwc(~Dg~a?e5DkH#`(@qJLP?)w>gUheLTgAbvt z9Zm8555J!g+4j`o$hM~rN51pa;Yj+_;pw_rpFH{u3N`Grq!l@<;$qP$o+CwmQmGYg zCPL`*D*nh{<~KGX?qp)yDI2-CQr_VutQSVwYDH&7!XHTZ{e@rQibld3!~Ez*#AS;P z7bxtX>^mH`n>H(bl5rvYXo+7^NTA%61dnp8F^?6HAxXJMip8wyJL;>^ns4-;8^24Vr8#U)a6`qM!BffqDLETTWfQ(`#+1w{Ld5c^Kx=t z#6Q-<+IL=FOdeire+noszu)W75wGAYYSkGzW6Pt%7@y;(vM%GtUtm!%6kowYbvVA9 zMaW28FRW(8e+EAqzmscT;n&utbG*chcwx@ie%^d{u5x}6jXV*%B}eBC#@fhW?6xe) z_hR}&NbI+H2Wc|!vM2J_PsMsPgguxj;P8L6Umd$QryXAGN)n6RmyY}}8pZCu(>4XGIYrsB1v8IJzI|q-;Qbt(Y#;lOU!?k^1)B>W!*B}4^qG-@4~w&K zL}ITYz2M^_?a60Ta0%g}5nYQGbIG^Qj1+vCqi@Z`v?;jY>$F53ReA+moWzouw2A_% zNJj}oN|I#0fK9>Lc$HJ4&x{msIJ5lN6ucZ~G@@&fcEJ{3M&N9>30Bvlzl(XJvaI6; zqY+(;-V)O`1?zOdXhheduf()X!TPdbG@@%!e=hkdyCdV(IXmNsbs#HVo7VbiQj6E+ zeU1keUCm!KqHEEvT#DB#S$$?P8qu}rKqJ*$iVicfQ{?eRz9@3Fk()*S)W|F;)@GzC zp-AWQMI$P`BGp(l^0-KSp)VSFUF3sCekSs-Miy`_dd^6xU-Y_>IyAQE11{Dsb7`*D zE)Vze?K2~VpX6v)WlWzLDNG;E9HV-@!vEx|J4a$)qGREg=E#Y)AgJ&wbHrjtAgu6f zb0lI56>N(+ic9pFkwTurN2mFP1gg=`9zYjDXdNn}&7 zT*FHAnUO*^1d> zCHl-rA%`oLr? z5IP!BZCkY~4_58ss=kd|8gPet#f=EdeN7TMhFKoD|3Kry8EMBXIoK2|pS%KsCC;u; z(dTKadg2^MYndQ%uA{XnxS!h;-0vsk_D4i4^Rkao{6)C?RaJ_Wr_YS^bDM(m_7lI> z_!g&w0H*Z}FS{K&cO41zXH&2|a`l;!{%i`C!!`vMWo!yA%GeZKl(8wepr*e@ll)Ur zJ5o@aQ%6&e=`$k*0}4OKgXZcckb>c14S8{&3C4@-18jbLNFjYcUPP@$;ukVYMB@`R zF~y(d8jGJv$bRwrp-ba`rFmAz^O$M|#7}}VJiZeX(dhUpu4Cd~5psOI5}6a?w-R!3 z{3IkF5PzEK;NW->oaOO*pjXC!3B4x15A-?lKat|O@kPkol9B-|QA!mU9h+!{pO)*#}x1`)S4h3T{n2@=@h-i(-yiwQ(-&7t+g%u~L6o}v(RP1c zdW(h0O^Bb~A6=DGwpZ@SBofp9=(4?I*HZ>wO#7qD`m8~eHHDjC=G*@0vPFqp%-EQA zkCg3SBpTyDaSkv?B&jusvIFy#g`Al7N0%KOS5?Jgdb(bAh&kdhJqIpZYH<=VZ5b+C zmah?~IHvv4WzFVO9@GBlvgL_FDr|Wh=tsq&qA@lNWD?lONv>IkEU6 z8gxPY9Ky%rddgfFZ$M@uK8BF};=4fikAFejqWBraDvs-* zuXCmcffAK+`2gRVPORk2U2zR`u0+Y(lru+en_qFsh`n(QcCPZ0H_^C! zh;t=NUZA^{r<|*_l`bQ$ja>Pwzfyb*q}lpb4h9{DdH z>0A>_^f8w5QNHcHpImZ|WR7;O9ZL399>zG=jFKaoagFt@5zQ_+cMz^|excT0=9UbZ zhHJcY%`5R&;+o)G^JyAG&f=Yl1q;`$V(n?j{F!8cfDkbIbw{Y$scEFb8Te}xk#?b7VT!txlmT$g$i|c z)@uqCRvPE_mw{e+EbTk_6GuO<*gtjj4YY^kd5*4Cn4dZN5=tX^erzELR8D4SPhJpJ z_9}mh;N)6IH!DNy3OmVs<)6gA&@`&li6+U59Gxrq7soy%u9trmji@epT23DSv5|^# zR<6p)i_MVZ=ef#8!mEl@56ButnB<{LIjSe2am9;mkJi!L%+FDxdbkUd zJmR?Hz3LI^Fcp#N+OVFrS6+LJ-mw(@8$)hRRGD?bx|WVVv>@*hCcoa)M)jksce zxdNYLz9u6tcJ;wHs?FiY9#?ubG3gXa9)F})U2l3syxh-@ViaE+w!6fdA0gU*#T|;j z;doBorV?0|WHhPWTOL&+Sq!QD!Gd{mkI+3Q>zsARjj)JQojYfMt<$_3wgxwr=28g; zt~#7RuZ6AWgx1X+Xe(r|h08S@ht|y-Xls$Lg$FzL{DJCegdgYJ3kTVL+t*!uZ@?jR zasTyjnS38ad*3rno`9yh&_Z|(BV6zSB{F0LYOf;5N-(4v z$Au7UqCL z>ud;$c9S>ALW!pl+?2t_$nS^i)$$ot5!*;a%0U z*x~Hz{<`pD=bvzOf4!@N$I#?HFmN>O)W0EIq_HiuZnoR;eWR<(@VYxrA86HiqpQyF zy5F7d*6V&1?kBM$M^hzWnACmXIF5BX2d@8AxZqyo4w(&iKfIg3aQTeb6Ha*Dy{D)C zLEx)#q?)O@r_dyI62!|8kjp5BLxze6@vb~?g!oj%A0Q%#OT7VM_4}`YC`P2dp_m#E z@d^Dqbu@%k(0Kvz6~tmCTSaQ-)sQB`FKIHmF*bzF<*w}p#u zCllW23mDq`W>;mta-opT;Qr=cLXcx*~ct zGnC#aCv@{s!R!Ajeb-(`1!Iv{SE`0SDm={ziMT{Zg%_rUx+*neKg4haekmY64~Q}vNI?K{) zp%PbB>GtzlXs9c^h^xxiLg`mqa_X#4ycU|8uG#_CO5X@sEB!S&zq+?b-gNIlZHDm< z7CS=8=Vm^i6oh~-j$48*Y_7DKESaS_CMA|6Q-UQMf- z>y<7~^AG1khnA<;dh>K;DA+JtcbT$(WoU?2el?XI<)TjBNZDw(-IIQb|E|tIR(EII z+y^-S#6ZjA2A9Y1x|dF~tXv(c)|zQ}-KNu0za@RE?H2?VS@Y#q@Kq2R^=geA=JIf-&FzeAjBi$L?{)T(gy~`GZDgC^Yk=9 zOI2ys?4&#%6w0-s^H9FAW3{@Gjj67s9u!IjE!AGlIVcp2Y!h~LQEg;<8Qoq06B;y9 z9u(SD%{elTeU>omo}xZrHaSU&p$z$lgbI}8WP*$ZuJo3=(mN5xN|2g|LeD5eKZ7v! zpMbE*>;s6`(g>ihJ)MWF_# zXHK2H{JAJJ%UNr&T04+-QD|N|AE`Q&kXWzg12v7^T#~Cu@&r}j`j7B)#kgCjUr>ye z=x(7weG=U*lzzV;o#<|%DSZ;%EwocQQR@r42iCk45UmxML??j~srPhxT zX|u@{5E_oXnt#wN`JjY7>|L_V_dd41sP|eYxQQ^-Uya~hqQ40ySW60r21||V2`qhp z3D!%)q0tJtCyZUhym+KZo-F1WFirszb!$y>v&6g|#%~nTntV94yK47M7_TU#wfk`B zhYDFXkvm;5;8)T%D^w!=c7d^zm^KLVBB-LD4C5FvV+xt=@_!eMTfn$ummTf-Iqo|> zS>gJZvt1*|-P#Du0L*jIXavK?lTf0W`sNcnY)cB2e^O0d>z&QRCIMZ=W0h12JaU8@7Ia+W$4DlyGeOy3+n@#WlM3nh6^(aJaXSp2W81f2~Z=*HT|1w_drcBEOSGjDVOeVj_ghn$#SK`Eb0N zi;7A1Ha}Yxyy;+G^0PL2U>!}z?eg&l$ZIw!4F*ol+x$tct3*uA+nt)(+aU@#HE(xn zPJ}TQI5qDG)STg3)}3yRYCi%j0IBRl(sn>Sgk@qk2+PEN5SEEk1LAB5Wg@i!VzG$Z z0-@qLO4(>yIGI&hkoqIOZZzEv zYK2O17YNJi2@p1#{xl#Y%Z;YzsNEdkGQIjh-#Z!O!(XofuvR<44)A+#psp#kkVDgX zuHAj+PV!IBCpj)lOI(&FqtZaZ)>)SLW@lmSx-1^#viL^=+yk85b+B)CS2>%va)8+) zzS$yY;5-SW+R@MQ@dt?Gl*Kn7%-;MwAaa)Y-Wl@h7Z7^{#8Qa!<#h~%-GaA5TrSRq z5bYxF3B2A8h>C;Kfk#06R$&eeIF|*)A0Y0N*P{?tSPtM_f*ka=#cs^0H=%TezKw;VP(kM`3y68kudV~lTiAf1#~hl){C z91k%y(oAKQbvPJk1Nb<{)E!9ZfV2TJ9m4K6&VsOR`)i0tEoTtVir5Tc<8h24e_fmz z5XLzcLcPqZdAW#8m%B{QAk*hqSDHMSOzU$9c%|g%we`yV?blE)y_qieXG>%5Nd{b| zURmiH$M4YoW{^4znRf5@V~8D*l)4P!U()7Ai2sOq0OD)B7_)V&Rr8_}&UQL&TueQg zP72|4%Jzo`I+-1j?f2f+TSa91bJ98uJ@%l9o?cY8?GjTF3taK%x#Hgg#yrsQ5eey8 z+q)z)^uPmIaY^_^nnG6KdoX~>rzz9S%V1mrywuCYv&n8axzHTvZMUpH3B6@T$R?h{ zz68%-F9T(=73o`n_LEKfw*uuSoAPf3x=%Uwpa#!>r&9Yc?j)(-fbFf9zMEbwT|C7W zb>6e?_%7aWgQ<2;^}e+&ZwGE4;5AH6XRZ?^rda0wW3yyA0g3@U^5%F`aBl~^RCbWH zi4fV`hNSj^uwJtU!aC+<5JmF36+$;{-VPho4z7yM*q8GkZH#(^XPJ}D{<_NEUZpWj zeu=5gziN=Hr^w_dRpnO&{U>!7aTO~yj_1`z>=h742gJI7xGf<577!l>L_dn($q9(P z0^;a^SQikt1;pbJ>OtPLT?9DI+1^%Ncegck2Ax?FdfX4lS)B&N19B^dF{S+p=8MFA77V!?$A2I`2g4O= z(%<0ppT-kNkUEpd8ndx*b&tNPi8)di%ER-QPTxiHbc;Tbz+)BRbUbZ}wD4;cUKb0$ zY=@JA@J)nWsPI?y34g1?>tf-XchH-QCjSV+9m4Yc<~JJ|COVbCfY-qD%pNenRoQ(N}V}5`HE9 zF^b7NGZ}L~wu?COA9D!}QjVJlJLVP!3pqC6@OD-o8;fS@BmVk_h}t*-76ZnJ>Gr>5 z#IE+gcv2JpcTm{3f}Ip^1@Y{Hcy+D2i9JNIpC-gpV2(n_bFO5~m7uwjk~#vu*6bh; zg1lDb&Kfp0;JOlrzy2(4{~Di%g({72+J9uohy1^T;I}~ISH_Hu$VDQX<|mc#@9oI= zi|0-fmS9Y?i#!-qPC?`li7X*h5f~!5BO!*%A$c<)rpuv}ehBdcFh_zUW3G~#t8`N1 zVcEJI52MgobG)~+mi5=JVw=9wTi>6#tWmSQ3iDn2UozrT`(Hds-w!$h*@uH+iuWM# zy!k*Y|68P~qOQSvH5e|Rxe_v066Pv;>S3a!OYvSvm163B2)paqSq~}_NBds0DRYXH zxg8eDOuCQ%n~-`f7_4y931^p_|A)Kp0I#ap{@pvL?S0NZEhi_OB!`rf9+D6sv;Y#3 z9*~Y8hayr`iXhlgKrGmB7U3SY{v0FEIDEm0D{K9DV? z>^J}!HNM&g+VFLFn@Fw)bgRW#ab374)Y1VjE~)4QPm8k}yg1j};;aBKdBWGS2=1g* z(mT9g9N!&K;yB&g;%tI0U23&Fi5ha-ImrA6t(F7uK+4*Z-|`F^I8u3~r)4%$K&t5N z9bScR7b$Uw?rCw>m{+a{4qq7J%1$_Zj~IC90;zIUaQF&nBqjFhz7}USdC4?iOD70P zRc~7@!5}OoP<6IvxO0_9;R-$6Qg#W_1}d528y;VV7Y5{=h1~e#DVU1|Rh?-KceZ|K zVe5Cx2S_!^C=a&0fK-!e7UQW=QAt&J>c1dbQq@^j3vVAG;RccxXTg2RSl{rOcokJX2UgO zP-3KR4tFCtq{KF4_$5duspKYKi?b2FaJAL4%BPm>=Zq?CnGQ@US>+pk31THB&OkBp zGB#4xhgQo%6ep?dcB|zHB%f5Z$ZFwc5K?vA)547=r0PVlg$p7`)t!7T9iW4h+#YXf zfIF$W(%W(ul1$295^QnqW+^?zYT1MYlS(f2v@FIWlIkaUhI{azl$eCXO-4Xc=Oa8V zkK%Dj`6qj{a(HlSSK$S;Hz2IP8k*1pvXB%}oTZj7|Z7u^9l*Ux5mBfyf~2wETiqs9QpBHSF{ zf6NZd%>n+${dCBRaC3maZF2yXjCGW7a{yJxC{ddOrUH50{Ef|}P&NmgAVU7excXIX z4meMQ{Ee-lP&Nm&ijcoCZcPZw=77LA#$UlixH%y3ot;K*4hVc7J_heXR)m`a0()~d z;7xT$K0=BDe~bA|G<2Hp9yod3{EhvLpRjBW2<$f|Abfe;jkMr1kwK*Vw%>i`7<^Ue)jomHyjU9;}wK-t62>Ba3p2FLp+;^G?`5QZ% zLfIT}i3s@{yM{v99B`8e`5U_%KjF8K^o3SOV-J|f1JGp^*{OaL1!5KZuYjS0g65)q zd+GjXfNFEVUJ>#)wof3dOALE3;B_W5CMxh`!lb~92rC70Eqbi0Ko&x*pFrkbY^cEF z2*(LrPB=~ATEb%maxX<}sX!(_wp`%f2`>PYdU-Q|)XRBVST+X)e>4t5YaV%Y7V4_K zIUs`E*Mj@Z?fB=8>_=*X_KD#UZVm|ACx%D3IUs1CArKi)Z}y4dvN-@-K174s9Dpq! z!l}&x*zzHq+8hvcP7IgL0YT@)aM>IXbWRMH%>hAd4p@QYs?7mGYz{aVoZ1`^Y_~Ze z*lu$`5Ss(m;%U_8fMC1L0l{{g1A^Eba1nH>%>hAd4rm3ZHU|W;Ip9`kQJVvT*c|XU zIJG$-=$sfXn**@XQJokrn*)N*iQ%$2Ac)NYyAV!o4hXi}91z6jfEy8?y*VIwZ77_D ze6@n>4L){+n*)LyBnz|%t5ont$pLqSn*)LeHwU!9x7W?mmSX2KNU>AO@)qg6jx=*~ zKoFY)=pdT|g4i4&%m5@fh|K|HWOG31ygX*TYz_#mR+yUuLgy>Y%>iM1bHL$v4f5~~ zV{@rL0G7=G5o`{igKQ3nU~>Q&*&Gnf z*c=ee*c=ee*c=cj%w}s6X7lI{6d8|#iEwj3pd@?+Fd7>50SQ#Q*yLHVIlz+50aiJB zUs;xH4zOf%fF+v)thdp?Th=P{E~1uf4zOf%fF+v)EZH1j$>sn{HV0U;Ilz+50hVkI zuw-+9C7S~**&JZW<^W4J2UxN>z>>`YmTV3PHR403*_#6bCueh;MP4NEC(n&YvTP0r zyzLkK4gBHI?RzQzh4|gTlYG0QixGrU$zN;^pbEMOkIezhCAPxCyR>je1d0USFus8- zQbA4cnY?}ltu4LD=77M*g>;t90fA2h%jN)Xd$;x4r<=>_{cLCTKHHf?96$EzeViar z50R|ik7cahkEzqmW%YjS7Ud`71OZvSA5*8B%j*4D+vS-o$`>V4}oMCrD^K=;&R$?APeR_|Mr(JeJBS-o$`>U~RA?_08Z-;&k) zmaN{lWc9u!tM@Hgy>H3teM?sFTPvX_$CB0imaN{lWc9wKR_}+;LRJ~MjYcP=F>)E+ zuv~lfeuS&{a}TcG=R?HktK;}MR`1V67Rc)Tc)Qj6@nSU%p;qsM%UHc1Z?}3s-fs1N zyxr>kc)Qj6@ph~CivYhdOsrD9PHKm5w6}(WUk&%WUk&%*sJ#=T)m%Yw|YM@ z%5@RqDLf|+ZPPyUGPF^buE61F_!8)?T>;esSAHN6kRuvTCDWDy_Ri$ z>0YE^EPCCg)=He+hQ}_g0N6xu7{DV0vjBDwoB{9#!D$T*03^~Y9j8qI5_~7XPYkseK&5b%?YRL!{EP%}!7wO23Ls3d4j@Tz zhXY=8z?T43bTTo}DWKX0XhoK=Xx?N2{3t~;1KCoJtkzp!L>`yP;`tvdXlkKoN>{*@ za;=aT&+02B$mr8B4}*`s-pXswRgjhCc90?&yIt8sv2L~Ibd?mYYt826YN^($1WT7| ztBYkSX;qoxw=S2$JzENQ?EtKr2Bl;|>TD_84rnrcpp;C7o-KuYGx$>}lNFX{m&}Fg z_XlBE08}ia$LGXY@v*d_U(fPMfY2&OucWdM^YxzusmcBWl1pR)lRuSeo$)7LWqiwRCV z9cvT_&I6Eoe3=8Tvq2{p9%3M#@i9C=tv)vEMEs7yiOhA4cu9~~TBnJ&kKO;yN9kGc zA@zJc!1;{OM6znoB$S>Ha0Mite9KilRe0vMc-(8QUhZv+skAHnFjS|xw&w}|-gBp` zY(J;|2S3l-emG*;7HQ_gm1d!4Gkv8s02>H~+d!*-l&{Cap#D2TcSe<2SjYCKL2CBG zzO30@WUgwFRO>D>QMIVUc2tk9GDERANA3V5r5OmAfg7A;^h2Fdgy8jvDcqA;l1ZVig$p$9qZGD~k}ScK9F zzo$Y|6moFvS5e4!v%4rX)iUd$n8-lVlvcBwm zYLp4lfUG>{(L&Oi1acT+CY)!`+vQA=CBasLKanz7TM(4e%^HR=T*ykNBe`!dch&%K ze?jRV0lp%57l7wCm+l8};d@$Ih6k1xvko8(iPodtG!|dTp3XFuRH9z2gw61cWemt; zenToED6Jug|1eNR63l#nW5`s2Sp#q}s5f8anr8fL1$Qr~bdsIlrHcWQjK1kyyxgS3 zt)3>XAtoiJn@tzs@kx1oy-i(FrlkBFPm?pmUy$oZh(`U{FxE>r-4)dUC^iuSu zKowtDP0sLp*;rp64!x5qG5p@-3^G^6JxyGyLrNU&Y2tDNQeuj?iL3oci8;Y0XKJD1 zZL5znYv94GL6bA0UGbr%y^qeCn})G7P<%DgCj-U!aPuC!p`%f?-M(W{V*fN=JWGUL z4n?_o5tqyI#jGsP>lBTG;;hPKH@LXno?{m-)m+=zC{*Y2v!7*nE|h=1>GzNLWLMJ2Oq!9#G-2FfZUQ&#gXm0}k;cqW4U=!OQ8SJfCS=l# zG-gSdh)FZjun(d$X+|1z#3fJWo-@j3 z&~(hLC^t)+j=2@(W@&KB+=?NI>6lwlZk9G3b1TZt(xzi>MY)C3bj+>te!_b+9O5#M5tn(4xXfe3Wga6g^B8fN$B4^3 zMy@lD(IIml!%9j!V8lEqsNg2!D(Eyhj}g4bL;ae`d5j<~Ed`UM1$IDmE1+CX7t{_;>;X6*x`0L;pU;k;(>{NOjAh#A&yb0j9Ad`#Gh}k2&iOOs649~v<@qz@l2LYkc>WBz;;3`} z47swXbN&pus;G1R47u86G(l*1}J7 zG)fLb%xrlFM%$e~6RoEf3^6|ookOA=^XK_9Z-E;ch4m)q&)f<>BcgvM=L|7No%3fN zhufs+6UbtoKSM4Z-9gS7Vvc^ra2R49fd8|i?arTxI_J;4kND5E|jvoMf$ZPt<>^({!Hv6YQzvT z9bz9KjxdIpg&9BwL(F7?_W3i6IB1_gBbYc08eZg!Y{spIi z$N4i9iQ7^DNnNw%n*|(O14TS%h7K|3oEb6&k=UO++X0ettkTc(Qc)h(0&KMDBD_xv^Z>ut;a%7kk3f;w8wL+xGApR*J@ayE(tPw5l!Ku@ zE~IntLWGTdBG?``jq%iz9DCd}$TJ$^YLurVyJPwp(vQ~8b56G81a_g=2WRBZMHK9q z(;!%$;LGh=bJlWY5UdD43stT)`_EJxHdjjT_ha-N_kdDepl}ktNw}8@-4lJX#1c6d zhde@th3_VMn9`G;ELO;`2=jMPq3o5PT*L1%OcAAeil{Ebha(@PmU*W|HXHoWpj0C? z&q8#m5dez_CIB#&)ad}rD7gt>HNj?pwFG~$C0fUunMh?SJ#h{e07)XBM({$hc3Pap z`6_)aydsS0lbjjZmNR9xsl=RFnEC*UHb^u8_xcgv0f4(9!SSN_M(O<}Qx-uuSmKMp zPdQA;{^dl-cokd!Mmx5`=b6g>hp1vPQfm=14?gkoutV4JLps-p(%t9_t`en;Sm~)L zR(kA=uc@J)Wy7%+2&8hlR&sR%_;nz8y1KTfs}Mt|Uc9^l=NCXJ3u%yy?*t$Z*%N?Q zNu(wNFq^f?*O)NV%boWadqeS$g}92f%B&>(0h+!Cl}hQGJ(*6U1fl^l>6+HbVbtk|Z0LVU8?P{k> zpZkSX-3^~=Qtlk9dLh2lqz<=R)lNq|_d~1Nu^AGJy){m6-H+aS&69|gIHSrI+# z@_VXtM-uNs7s*p!dksUY?!V_tiaOV`W8;OSXTXHS3BX-_XD*JHrvFA)C~=&*V&$QS<;8P|mcg5gi|T$ERaDDA~4p7~7m z#RYfLg?GYx*5=dMGXurtxw44Z>-Lz%;BM?FF6E5qkA)JVQxWj}GDz=Z3g~!!NKHdl!o8x35@g85T_A{ zp9sdS8P9arv>9f-u?>pM?^5__2tEyOn#s?%*)_p3Fw7(ZnLUGFfU(SZ?5H+{GaxvM*o`5!F@Zu6!^f!hC{S za|pv69%Vr`nm$H4HhU_VUgm1XGbR2Ym}avMJxen!%uus0U8V{%+AL(4Md808(n*@9 z4(ajliqVYnJH1-=1byz66!CaaKUVfo6tKIvbO_j8T=stgb{AK$-NhyLx&Hv4?mVan z%muRQLK3tialK#5jWhg!~QHQ`m<}dW(?1;ln88(jE8VBIIv)5`GL>x)b}xxEYMer8}|j?6h&|PVD>e z3ViyqOfKDt?ai4D#%+EC?XkbbQhtQj-0aEw?Ox5we+sAUsyLSJ&`sG@aV*{GivFmwtKwL?(+ixktKzV$nEYO1 zSH-b(hg@H=tKwL?lYkawSH)ph4ThVttKwL?GX>mWv8&>+s}6xqWmm;vR~-&c*;Sb8 zl{Qk@RhX7FM?vR!v8ymGE1a^cFfA*bva2vHE8GmRt1uDkzZ~I|U4@BQN#`+QSH-b( zXFTGYuVvG&iaT~ye7(WP7P~6GL9#&ERq-1o2b5hEzeQAG9i96C%GBp(X-l#58Kl@L zWqFHqmLsi1dxbaKPrE7(yNV8e+EsDbRl*D)1G|ch&&>}-fYw#+d3h{=0IjRs)e6(P z$~|9UT2~$NEfz$u2>3O4j%n^^8HUzXhk|^H0zBQbL!tN!97%bR$R!My21?qSHTSRZ z?5EY0fYn6@Kdmkt(IR6!TveOL?y{1=DMFzh^NQys(ZBDmu{q_===*wHy)8+OD&K6qCE zTW_w<&2JITuU`XUhb1U*P4A#i&+PC!Id=zjdS-_S6snW>6snW>6r;RJu|Te zKC%+m;@6$%jQnrA!NboMDIa#E6fa-W`<*1<>=KTZ7TgfJ8KMBkN(IFHP0o!xg?N&9S(@<2U~Y{1i~1W|v>#me5srn1n3ONyy@yge=ZU$l{#DXXvT86S6obA&YYovN$Ip zi*pjPI42>Ca}u}2klP7aoRg5nISE;ulaR$Z30a(zki|I(S)7xQ#W@LCoRg5nISE;u zlaR$Z3AH#!jl~x=8oY&7#^Q^5m@FmqQc#f2CxX2t6z zqs4_7Ehg7jMvDtET1>84MvDtETFe?YP)3UjFzK39kjNN?};xv>c|yT9!J~JPL2D>ADue6?Um`Qa`oQE)`C2r_QoV<+K4{ zR;g0S8+iQDTIy_JBIeihc8)MP=C4RY>Re$GQmm=->{5B2E~|wpHaW|ZI^Ql8PO_vf z5T?q^DFJh#D5y2RM|P(!5~jgSpog8hSeQn0KPp!055n{^A7hwHL_uG3D5i5#mkQHt zHZ#&S;%%T=LT{G|Gt_*T%;n;3gt_N0dis(u69v0TtG5B;AN~$$;HNGHvkuYv^EvlbhES1qP zFDFwXjHP)_MX~EC7srN-BcRnNEi?9l$(u6^3&(6_%aGNjmEnb`NN)3VGF8HOwW5C1 z*30iI}QrEoI@w^KOsC~W@UY7XK< z?1tcdP`Rw-*lHfme3Tv$+Vqku`3w)6lDv8d$|#g=>5rIFG|M13fx=WVd_Jm#FF^1p zNR2c;Y5LiL>2x^q2&9H2pESc1o&v#4P)T2uy#Az_Lt$tXQUI#F1C6M=JTe3SINtMP z4DAY&r+zL)|Ehq-fmTHy?z#v)iYQ>eN?si~#{$>45tj@UjiG)K0|pX$d^_cv;ut^qmG^t?INI zU{o)hv4R+C_0g^qEic}E2utYgYk;OofEaX1E&SRBTHQ-fsBbjoTc#(Frh1n8Mpf$d zQra6;X{)0_H=2EzV_MPpVg$Uvl-Fd&i@Np#gnH{XXeh;Na)Fs}s;#^s7nqfHwJrOC z748DFx8jYm&(U82-@;ZN2fwPrWiB$MrSN0)^;c%lHHe{}&vH8ekCje60&p(du2%q> z=(HDr@uy5=6eU{G-&4>%P$g1(PS>WfpjsK8@A5#ijEOuEkt_g}NlFKr&I_heI?x={ zE~Nv_Bif~OuuAERP;eKhp_x$*F{2!KbgfyjyoA%*`cPA*la`Oc!C#<~@q7=4nldYX z2L#uFDi$5Tgu*<07`6Jb_|SvY%P~y72bhk)vGov6g%^F88D&wN4Z$){7vnIj96}yo z?g+n8md7a5{1S8QHJ#w}B>Zdz)f9r^Vb*?7YB;B7bg#-qalcPZk3_?|@$c zB(L4i+r>}-AjR-3fQ0%CK>U2~`0>49`)L9Yr-1-cigO&N(*UIKUILIvKLilZUjT^b z-vK19LZnsV>H;7I+;w&-p0b-NVEuQLYiILPk(9E~I!lRmGrJ2T6|b8)L>Q@c-OR}> z%Wkstue&P9MrnP4Dh!F>l2zZDqsGDqd+OohmL%3Me=?01vkLWeoyWoAN0wL#`Jy=L0)*Z5-=u4Zw7Q2>|n?-k!}^lctXfE=9~kB<7dx zn3HD5b}=W-T03SHQ=y7!AYvK7m>z`&#-w%UN-RBYdN<#R^~$2NJWoAM{2z42+jOd@ ziJOP0IE>VX2z)Zr`zrtwt`%`>w(d85?6}T=RHgR}TesgVY?ofYS=TPTmP+qrr1c1< z_abPJ^cJ1Xm+2Kl^nSlx*N%gJy>%JB(B)EquNcLQ@-&2+4`Q*rVl=48+&yG<`c6Yy z61$LJGop-Iy;ZLp^2zxKAzufTNO$9PL%PzVCZIP9D(PQ>C|@`7y5Tu5hF}$_VgWyR zuN##Vz6-&tpj6G1=qxZ_W&m75uneH60$?q`I!ZPGNPU09k^Ba5E1gmpD7lZ|Z~%JN zie6$77QgldX~&cN#USWpbCwEZv<(Pxif00n6^-YjUSC zRAswW^5e1K?^cgrG7%p*P{}jQ?7I!I7sf&`f_cTXM$2^AT5tGscQh9 zEC$%&06$9UB__W6AhuEK4e#zda5Mn~dMjURCVagieG2qxRFik3A&ukPQ2i&W-;WS~ zV@os~6@f3jR>ZC7`n9Se%s_RfP;Y%63d`g$%xjG#D*{w9f@_UhyAGsQz%!>#w4&qL z85lVxH04R#8^Ke3@qqP_Bl`k_9UB^dmIwJEU24LKYa(BA)`` zLQu(##R$1jRlt`acm$L>4{^UEnFk=5w*`QCmU<506M}afr)uQu_sq_sA6OTXD*20^ z*0pb>F5HEOQprymWf{p&8jVi!rR&F4 zIaX*SSoZrN_?kj_9}0~U3XhqL*(iI!|Ok=~5npO-dd6WIJ z5*7RP5Ud5IZpHIRmi!gq05hQQ8N4U#vdku+WQR=)lQgysWt;#re8P~YMy%(RY?X~e5qnd=bRLL7E z@n0a}AAwXAHdNNdr@#ULr3|M453vEZ&aeRY`{ZTbj2d1CrFv_tovQu5wl-Z}x&6L6 z6|1}9^I~}X&F4Q)D){lKcM$l~5`^yFDIYF-eBS2Ub#0;4hXf*F*Jh7T+J+{ir4dx# z1+6`Vo!J1)hhPqC>5FtouE`6Dhum~R&)n)Lw`i2Wd_nRNYe5((!v6N#OHjdm7Z-% zc^~NLO+D8jgwk^?^K+BZvwk~HAs0R4iDzP8WUD%RpnzDhd56l=H=^&R)_%1~w2 znuRK!dsRGR5y#<-=Lu-!*8rwp8M2}1bH=vOPBq;6OKfZrnCgxH5ZlIoi0x*dOwC~p zyo&7>728t8w1}~-aAGT(pF})Y+fRkpp^wCqk33^MSGVO(gH*h0eR5k()|%s$-gQdv zmC$*aJOwn!Qxv(V_adct=WXb^h~BfISG7nN`AXFHM&h~1*Trs;l-@rmy<4Gk3-y|) zV)9K%0I+(edH~Q`(TeKXlB`lOtw2n$2vFDPNyW6vC*3`}^|S zqM|1&^8^S+fl7EXu0Gi(eU6JESP5$Aj(Vvd>630r)|yEwJEo{aehUxpgL=uknf8gH zj5E}#zd%~PL&{*{W+C_jpLqf@rG|rlv!L)GPE-$&cJ?b zP>l!7X#gjIdQ)3dZ%EdIyB5?m7|go>&yyJkX7Ewi+zV=&0p=2bGsr9eqtC=WXJk$T z(+Nx*)N~%0hXFQ|SqsK}G?D@)<+>4uE1Qw|0MeM>;Yi*EkTzVaX0~tKsB1`57UEdy z%gcqN<|6zwL(?Ikn&n_70B{X=%~CM)0FDLqW|*dHAXx)$IjHFtFs@n91ZuhuOesJI zGEaax3E%`WFN3)r;7T&@f%y>NO;DeCH!15{ENjDygry!tQHa653qYR4M2h(UojL)~ z79R{1PKZ>K?V7S~R^C#F+CZx-D?r*xeaZx9IoG4kmHO&fi91WfUFz%0H>rNaY}n?d zz9Fn*jnj(}tXx%_#x5noNCVj@-|cdr+(_F^7H5_FYq~e5>I4aX=v+_9=U1qKG`S1yE^Vsw3{34U|i+2^rYP*d*9$TRH zc@rGWZ4?V=zgH}vM$QH4`@OjwX745y{eV~6`^Ibe9v<+9?e_7jU^(zJT~-l*z|$xmP}Z?3TTTDxz&_2J~ACfu%=|WAmfmSq##kf!Gv&3dh?*z}7K33E~R zma|5wYU#3z{e0%W%d2W{e^zC;SH}1nkK#Adqw0XxH9~*;Jd)Y^)3(Na9#ztk!TUUt z!Rk%f=aJmi>b5Z4Hy%~DO$>W7CEs|Yi`-eledFoJ$5i3I@eGp+C@J~QBUMwYJCRTR zzO7`6t>k@=Ser`8`<~thmAvm6bWq8MN=f4(G3eOkQ5I>}5*Eju_Tz9gmdU!)BR#jq zN;=+chm#E2q!^WTn>@Lq{*SEun>`lSKy~9aKlgZY#sl|loW#n$%~tRMYqZUv3;jufY!1gOLCvDWWZ7U^t{S3eYTrgpZ5&fA$EYnIuo{WI-dp7km-uo;Y4!Vf z%tc(`qkVxNeV`|LGlJKA3-Kv%UkcJv!{9-zgc$%O{K8xTP)Be(od{lWfO#DTC@9GR z7zdzr=a8FT@9{pd4kH?pMm{g!;Cl6de1m0ppx#qnhIHT!PJIH;GpHv4%``-`e&HhM z`PJ>!Ioe*oXgU=9>dxmVPB*~)ZW*g@T*Z>v?~d|CP&s$NozXHLa7)Xm6;e>Py_}0(rk$bY)d$GHipM|TD1y_Q~WS8q=cNf*`a#tYAB`V6#;Cv^jL2lt% z>bCnH1J$K4b-0>Xw%!Yt8ruSt7jD zJxsYzYS=VG+$ShLT_GcDC%UECZax+tR*O07!^xu&)-1 zroyQa-n&u}{m`}laga8hjGqw@4+Zt<45tMH)#rPS+Y3+C)H(xVU28y=>o2(@6C90; z5o8{yH(d^DyAh&RYCH3vwXqDZ5pDeX=&!j$JE+ZtNZvq@mq9f@!;cSr>fgcirnjaD zoCibF7nB;eRo6~s?K>KPjYsNyN3z)g2W)^``C`p^Axr z7fNak)BP2|bp#P4=r)4U4!8*596W65JAnJ?6oy7$e}EzYdDCkg(A@#e4rp<}L~thSY>$%I8vsS+K`_%6U+`uW@e-vg|p=UNmn&GA&%hj0Qq{R{^X z&tm~Z;V}S1yTj>p05$Lg;6EIarvP#Rw7Ob;MkeDBDt;LFDzb5(>{h)$X;&t@rT5o( zDI2e}dU>_F=_TNr-7?9p^Bt*|mZ{m@lZ}w-wGB|OKRzM+4DWKO&oFbivuMVJj|V;P zaj7nz%pQK^Qs3U9B@CH%NlO^HOV>tvz_%XN6&(_3fzqxrs`v_(?^95jgigEa`H4hR zU4f}zeVS5MG9S$YsANVdbWC#v>E{FpW>9z<`y10;(oTN?!ER7Pl$kTbb#O{YK2%4! zq!n#gfE6yFk`cx5b(AZgP2W=x+y|;=5>G*bF^ZQ3=LN2yzYAWXB@p*qh#5&x&Bb6g z09-?61(-bm?}Bj?06MFGXd%uY7KyV+q5o=4#Qj-f?#eN zzo;k}T5*}f_&k@x>2XB&5UA!{Fy8}w3rekG98jcn=@0P}n;4wGAqKzA6{7>fI8&Rxs*I(XI1J` zfc+?hR2+?-1TO^OtbeKkK=e$oowU08V&p_$m#moASuUNWCiQjIuqJhu`rX&npY>Z! z!S;2j?&+I+DGpJ!P+4~U?f0eo0ltCOmu}@Rn#RtnjYfKwn5w_ zqA{X0PDS>Q1U2+e!BaG&_R9crwuziZ@hy^lg?suxzPr(f3)hlx+!eVjieuINP4RS<>X) z1Hm24qQQuk69B0b0IuglKMZg?fL64o7y))=NvpW~YG(kE??yRyfWt|aRQ(-#z6X_a zBRGWBOjYFxh>;{M-kvOJ@y0_i7L>#v#R;A&0B&Q1CSb_PiJ-IOFtQcF%-&BOFFAxH|VlbvmB6jrTw0lIw0+UISzQq0dF~A8M0dn_F4dGCT_8T*8M}a zf`?~$cVjMN7?OkA0Fn7D)WfsdtlWKYlr=FaB<(4AuNJadI8+tf?n`y;C<)6kJ%&9r zD~|<-DzD~B4pX^w?8%xo8`LRljT-+O1pgTS%i{BQgG_WE`WX8Xo-FADZN3C&=&rcrr+p4K8@=hP3X2;AIML zJ{LZHSuqMHpNcVQQ0f=N`YPXvu6Q&?oH`xAWSje>4YZ>7OA+#bE-l|^1Q;h-Ft)eK zf&+TnWK}CG$^qS3fKVohJD~Sqlo-}ZEkj@iORWR=vt;j)%z{^x?iCl~*fz<60ZmHx zD|*|4H_`oy?%1oO?fTJz4C z17`d|eV=|os?;FK+e$^F43gN4mUJ1P#$~21$pN#kx`!qRO0%ahN=a! z8y#IHWj8^vk-`U9To3Bh)YHSJs2C5S=HVEG9;LGBx`M;72U;3e}XO_ zlj6&8c%7v3hrZ}GjLsLQVvg6M+Ltm%PtbeQjh*Xpv#}&_sUH0qeAm;ldJe=k{X|_p zDl5S*0jVbHB(=KwD+vBf;W0y?`y^dPJVq_kv=)$h#*@{99}mF-P_+&-wF6#OG)9s% zJ@>~xX!)}tz5woLf!Z^LaCsim?V#Qa(^L(Kc?MRSf||O4sRyVc(;v(XfFnW3x<1GN z`EE=FkcMjw0Go+U4+3mB3>y2|;{%htJf`eqyz681E{AP}BG;NpSbq1E9kkQ?0DnP< zMeRa(;HlI=AQwg$4m-Ln*f(~t)KEMtqwX{b;E_W$?W%*}(P@P+!3uXJKpDZU01W`0 z?z8>x$nf81CxlD{XCx3alKgKHfZ0ioANt%}fm^h>0L3#!)m;tsX&rJ$Z=Kaoy{l7n z8O-I^U+U^qRb@Ok^oYt+*Skx0z?M5UyxF`w9FFQ`uNO_(MNb5H5tf7lAf| zWFg!RfM-CddU#a};qriF`N^>We1Wv?iH^`=>E0O^p-iOq(ePm6EWNF{lJP-Hm+lqb z3)Shf^lo-@)#C>$390=HT912@!WDBxJTCP)Lc@z8t@l?*&7YZ~y@;$YOV*7BNI(O? zFiH+{z(mJsfi2Ox_lrX@#@U+@yqM44%5DzRs<&linH=_@>oO6RfC}P*CM-c21)nm*9sNHtqtTQ3;L_x(fIc5kRZ%U z26@%_dJK}L;h)fC{0N9<6Mgo z{(cF+8R45C(_85z;qRA0c_;jXZQ*yrs|wF+PxOrvUW0Ihgy-8W;WtX(3gHLK2*yUc zbL}3)F%u3-O@SBbJkEB&0vl+DznntQ znQG8#1Qd)C1vAU2U=%COOsTM=kHrMDWd9h+_E{2QjBHexox^}=Q@5c_J$xfSr+t*d zJK7ZXDHVk*=svwz&|}^|3;z0ruR+K$u}gsukvYdPKk+R&B+mKAF;ePkE0H$#yJ9$0 z2X&71s#I2&Q|UN4W4BsH!z9JkVu-4=by8{T>KtasoN{p~aoe3-?0jnD$Kp%idR5nB zDU9pUPjC9E!s|pSC7t`(Ug&~{-K8T~3BH-G=XBjyWC!CYlDf_dQW?~cU|=NJcpk`r zWA5}ECmvQD6#&wM0l-Lr3CzM3D6OLqsou)kQ}Z-L_o7_y1Wnut25;06tYq@j^k<-t z;PfFVbsK`Ran&Y_h4_1LLv$+Q_;txSbj~ zRpB}t{W~(8vKR?w5GXYVp-vse$Kcdt@pb6&Nq(#yge+J95wc*?Dfq89orB-=5oQ&r z|7BqM-@uo3qUlSBJ_R*VQ{)`1%>qrP zM)tlZQ!BgOM{Wh6W{g2-v!Jv8LlE?T7C#uHWQ<6BYBPXzqn`qhZgl*51>pE4War2u zax%FX4x12IZ(ThYDZCz{;fQ%4sOB~>rvsb_n)m=1SR&O7)E9xUuAYyEY2-5*kj}Tm z-z`qSod7S8p-K-dsC{6jaJHGDv$SG{{>@|6yamx{xDN)kXTF8Y6_Bo>%N{U~0NfAi z&A?6jAo&5@XQ0$rC|$#6KNCQ#i*+_&&TIp|UY?mflF{h*94pWK-C#VKw?c}we-!_x z(ES+pi?pFkAXYEb(7pLQq#M+m(kA+x32quFbtZh@&X{il;5QY26S(qY1^PYjgTd;= zA&6!RM5sLzAD92`nwRkZQYg3p)buWx=Kvlh^BI`t)rb&OO-+#vOwbG_2n#e;3_*4< z^jx@42OU9`HPpWm+&WNi`t47p{izIzdj*M+RDJ^>U;Zp8<u7#PEPCsP zp-5~2L`ZD^3jFWi4L?)p=`nc1=rhxS+3Om5`T()L%@`?dqW8%8sJx&i1{(@65F~?6 zr{2QOB!AIO()0^F(XNO~2A$@?&#|D?d2m&OPA_w1PY;Mb1o*TB;7b5WdLBGI$SiLJ z5W8Zs16l!|qSG$`GFII2R$b#fd#WG6t8|(SAWoM8{23DbP2f!RPVhHLCcH8Xna~F! zX2MYX?>~+|Gx)OrKU3)aTX@IHPG$!tt83_e6`o-^s5hle40toR4WK3}*a7eq87le# z;4?B*IN$=5Hz@TJl*&UE{L%iHb_I}!oDU#VluH3V=aZc4I9&}O!}^;Y@D#vb>E}fN z@%$~o@04g*uqPnf0Z9P)aF+qdIB7FLU^G0Ba=?7s4>ODQ#?FUeDDl}_^D!hpaRfwc z9FM?%ZPG0HT`a$6@^=b@{EQ&z9Jvq(3tDOzeJS3=x}(ZSvne@df#BOnh7ZTTP$f zzx!g0VSdg%vSRx53yUCY!&RZ_e^-g`b40Q|rKG&7d z^oAeP{GjCSK>F7JcDR9(>jLR)$Vka21L^q)K&q$!$bW+Ui!1}x>Sx zXLjzCEPKK?HS%>JG$)B5LrEi93QbUfJJ_C(Esmsfr^a%99NnPvAv>S;eb?X*PkHPbjaxb%{PQddI zEJm4MqgzvlAf`8vGp<%-MsJh>sceaF>N*IYfiM4fJ$vefP`M9G)@O+OUNEG_u2$N) zVbk}Zl^zbgr0zw&^nT>t8F;uJ{le+7h=SB(t~IsH1MMK*9GTt-&!qBlZ~As35J&QqLKlsSlrr9v;ZQSdXN6^CihD52l@aJG=Mxrq4naks`CL^ra|%Qt~lxy3#@= z1SMY%q=WcRN$9*G3sl;} zN;{WJb{tijz8&F6J*Ro5PFak$5#*nTlnz7gk$O(|NKP_0{b@ZrJrK`D>Up#`eF`*^ z5{s<#vyhRx)_c=yka48Wm7er9NC7GNlP`Ti89Fzh)HZMWM!cJ(gYMhsQxm|7arM9U;oX+!3Q8{U^|pd1+Y+j_<%ZxgO7yh ze|9*y`1wzVgFg=?&f(y1K>fct92|YRgNK7pLP0u*gA=zM4o>D@9}Zr~I~;r(7#Xj|=$(YA2h zTMxVp>bN({xv5c(d$Vxd8xQxJujTN#H_JKh&025pvE{foYlCEgI_}N7QF1^X_hucu zsc|EGd))`1Bd`Oxz-N$ViBgugNd5Q>inLOT^SC!TM%%)1Z*-7jv@IO>Cd>dRv2ffQ z897EfcwQc}UXIZYu2z@_y#>!#mCJn&Q`~0=kdl8eV!bngHLPl*uL%H`5zGO&f#7ri(R4Pz9hBS!AfBHCc#x7$9q^kCN)xYR zFE^6d5m{KqNl49GrjPNsvYSw~Q$64+={?i|!yIrn0CkpL4?qpm|3O2&Xn5N8mipKM zUgQDKflCztyh<<(;Lil(o$Q(JfVmF106?DZI!E$H2W)Y`n*dA_G;KtEp?AFNyv3q? zXa&ksT>_!AkU0_Fr-HSva=>&tb!U~UYMFhiruUO>O!d(iJlFf>ZikZUhfojnex<}! zQbiAuDq8(ZIpqE2uy3t=Cz%RsESDmvihZsK1q^(g{isrtAd>!+qeU4RgZJ4WfU0Q_!7s zc6-p4Xs-E48g2?&OUzTeaZ?bTJ#Mf24SLhPPoSdvh@}Vb%DCRgm2tg~%f8-+XMVa0 za#qrRs2GV=*Urn$LLOiC1iHc*q48$5FQ)yVIKFb658$w+nlB;CB8CS`A zH$<53Os{mNDcDyfWA#H8`{syC!up!b+{j^whdp}?$l;f%mY%)u7#Aghq%qOF zi^;kTwaJ(iazUtB^T|xMQ*y=0V2%{V3N2WItBIxv6S2DYfs4AYA;skWTS~YaGnL@b@TE3CPejtLwP#$k68{R~uPRo#^v^ z18GA9?T8jYpZBle8Y2&rbNajyUL6x~`n-|lj1PU@_3+aiiIQ_}Cy(&zn1Ivgjnq>M z`n!-#Lb=Gy2*sZ z9BHK%V^28z5jCPGOo#9X2p2$4SeOB1&=V%(x*Z7)*5|M`$^GT%6|->U{&Mt+1>3!1 z!5O_`qYn9T8I(dc_gS?Ot&)ux4`b=uIx^Mz5I8ek^y;&?_dkd&S`-yteg<&q638yV1A_9xRT?WZT!ZSv(>( z``~qL%iy5{eRV1PeI6nJwJQJv+bdLH(8SYr{lR?QN8Sx>~n(YDqE@iUuynmSKFT^J; z7nEdcuJ_NSY!djfppJ(hf3l`GOH;ZA{7T9Oop1t{`v&=p`W2XThpaIBEgU|C4?tlB z0Q>hv69C?Vm!FZ!V%4$LijK8~VK_kOL2tKLiB@sB)(mb|w zsAj5kOevk-D4p)0!s`%1vh`L6+~a_U0KTO5N*2}=;NBF~EX=CUA({yVlR(vf1#>^Z zt)LouZs2%Y73+Ipkn=O*J$xmaBTy$gNSIFG%0Y$w;s5XOS2)T63jtVsko}67T>*fI zBdc|W+jGi;wLH1n)*6HYW$o1Af8rL*Z>|{^f32-MRF49AF8vsbb zUb_Fx%)^<_wq zH4_zp9pXz-*Lci%N0`e0J3GYxp%c6w#q$rH;MEX0onSh%6TE}obgy)RiKSEPQk`0Z z-6l7>O<%)74HX)^WW|k3Rwy#rhw`X<1Wop#JgN_6vJd4^eJGQCD39tx+4o^~M*TDA z;>TMT+DOL4H-nzDGgB)=8Y%5dx5-e{)Vt>7x!OKxI={e4Z+IS!hP`LdtZe7 z4Sh!8o%Fd^g!~Qd!;ilc)8_xi;G&cOZ#?mTXQz!fp7_5HM^P2B0=)6Wzc=UaUgTil zBL@6i>^`{Qk_9iEyl(!6M$(rT8k7G0#_eDNNh?=Hpnq*UjJ1Cj7`cJm142)*2>nsu zn}obU)9e0{@G*hE5k4=F$q&6Lu!V3Jexyoq^i8VNJk2lW0EWP?Mo9%Shrk19?lflz zJiy+gGXx%>Ip7R|2WSpBL*N0L1I`e*m;-G?;9?H64S|a}&^81v=0MvJxR?WNL*QZ# zv<-oaIlv)s^!99XfJ5Ma2B*w{wjppa2ik_f#T;lG0vB_DL*RTP2Z}k+HUuu_0EfW$ zK&LVXI0U{IoH7U6hQP%fXd40-bD(VqT+D&CA#gDV+J?Zz9N-Z68;D(*18qa#Vh(T! z{3paWAIDa+$gU0frQ?qwa6Wc`9e)gg6Ker>{4oU19B>EN@y{3nUk{Fokm37XEhwTq2=ayn&QbNpo1UsDduS`!tI&vt<+BrTN9S z@V{YP30a_mn%*-z0;4IRH&mBML z6LQoh`-afl)O8Z{W~)&fa|QfmZ-}nPKXVTK+@kz&)FxYv+L&k2kGibch)|9TNajKo zH)3PV8E7m59Kwl>v&JHkT7W}1v35f^v5Bs}@aC5xoY<7ecMQW$e{5=uSPO6nCpJwO zcP@u;V)o6=0S@8BW`>xTR)9k|v7?0v1vrEgnq$z z%tOK>+`JKYE_;q}t8ctmH1Aci;y!Se1JHv@8|~3imVzA4%c^(i$r)2K^)h2 zkjshGj01=3JIEy>JO~pPE(w>6aC1l;*LTpZIKs=G#dJ%cMCR~6~SwBY&< za#7wy~ml(@4QfydPdNxqwsmwl|`+HP#w#6N7=gnPl~C@lTuV!Cir zNzQ?Oxsly9SiZ?}c&0Zke<(FvCmJ??022iTuD8xdO;H-It8_G+Egrkg6@_l4@Vb#o zq0te;@HYe*Y{r#XYzHb7b9uew%{K5ifb!%FpY{1lWm;Lv8=};4(p6~dL4{{Shkm1E z)I;F!r)(DNO zs;O)Nz-&+rgLI;rE#PhfC7*;Q)~V!P0GjJb{XP3>g8))D#{h_*3jqE?KX2LqurnaD zLaTKaf5vtPYMo_`9X3a6oh6I8OM-0{dIA=@vv4x;gs+YVf|24Qb+e8~Vw2+AbYCsk zoRShZ`Dz#7KPhiTu=Zy(P^A2&R;{z7w4g3f#{=L<@iTO9+t@-9V+)S4AA_;)nDHH8 z#@C(;jih8JPwfD-qNK#hzS?h4_ehDOe09!*T1QN%)pCI&DS;c%mNKo{Bvd@x?B^B; zn*9xEB2TMA0jxz~{uk%LT>m@|=BgB%H*+4$Rju~oscUjG&3;$U^3zZf_z2+VqP+F^ zmudF9E-qM27tVdT*5=ds-H0Ivp?vpd=s-j=&XDbvp?vp zd=s-j=&XDbvp?vpd=s-j*v{+^wwnbEwm18Oj@ci~F#Cg<=EC@B8nY{lQGL zKbUFu2Q$t7P=?tb$}syw=c^$An*Cw5^6g)m{oxF=Kb&FqhyQ10e*|-XZDxN2bAN4S ze>B7Fk7k(t(G0UckZJY@GR*!!JF`FFnEinavpN4`i7AxE}Q% z&Hg}!*&q1VW`A5=+n4ODr|?nFRo9y4{tx!v1U#xLTN^&7>ZIl=Q&lCEq$;UQBmoi# zkT3>BgeWEqBFe0c0*Z<_w!~JEK@=QYjEWPY?SQB)P7TgDw4%0it2hs>EspK%|GsOV z9V&hA?R)?4|NegN{XX(M>*QT)PiqfnpR-r3y^s2=Y4lfUX;@M9S<|TctZ8&V#4}P+ z^;y%X`mAXz385L2&zi<)@3&&TA?f<8saO?qY`;FSDvUy~SRQPvLhetu$GOY^WGOP;GZdQe8H>*Oln^hs&&8iUXW>tuGvnoWpSrx!#SQVn(tO`+B6{xhb zDnwybAg8Pf(Qa0SXg8}uw3}5S+RdsEg;jw+aw@Ar6jlXt%Bm2BRe{`ItHR-EyacTZ zQCJl&10z<2n6fGqjjzTiZ*z$k>PEK%KQeIHG61$EuHoBUDMBn>N~Xa^VUBajs{5c$ z-0Gm@JxK8ivPKubghGq@Ft;+5+YR;_f2DdABh zco>xIghEs{c{{-S1ovz3xCS5VI6r6*L>2j=ykr{S7lMHrv;y$sc*)}cq6FvJ02}72 z&=Rj^NxSa&1sf+ZgP5H(L$D=Y&FbE+uV+cS`mVw@C#YJslnbz5xrcit7lj3`$YQRM z*F!vHBlaSK(ksAB1!xDAGg`%!klYJy6R3jU8GY_*!)O3iYy&gxdTc-fRc=EiMj>;Y zB7-Zs*D!x?dGoNYPd|yER}trBP;wkX)2NkE#&2C7FY4^1I#*}q{f4pMh4@><{1lXa z1N_%d_(Ou}ud-eAEp% zOb%4ekcv@|Yyh_sl&se|P0(Pw2JhMcvHYlAZw`QbUCknZL6i*8LBn;>$EF&7(23(A z1&tg=oH`kh-H5zE6;r^R2(XaM zTrkf9JPbYw-E8tywZ1*T9i@YgX<&WY*&=X0|meO2()0iuay@|9CEF{&P>UTf@h95GC{#@Qg1l&EWU)J=@)v!hP5qxv$V2JEOs zTd2*K4w(#6XwZ$QirM)Y(i9)h>FrBL4`nztQVZ#B{k22XDZdHEPEg%qexTxOM~DjJ zGdewwKpvP=4VutP4t624pB+;1afm$@)azA*)XbQ1WLJohoQFgccsnPD0kLrW3{Ayq zm0~UU(ff7eiqneG-@Qe#T1Pz#JjkD4)44ytc#Up(GLr!*|{0FRfEg` zSv8DxKkm70pgs>WwmX~QS3)jOp|38jr_J2 zDZ19o>Zg6Q;!#&4Ki5Z!-fg=3WmshU?T9c2Q1P z8P?c8K$zi##hS@ujM7^X7GN30TAJyEMQbbr#0iVmSYbwRoWL4OMs{C>d*%HO`G`YS z_?!YNAr4vLl?u}#E4)f!T4o~|mf3a4B-e1Cjep{h6-g9QBo0}T49jdJDRQyqK7j~Q z12|;e11t_%*|5wqKpe8NVVNZ(4p})Fmf4&P%WO_}%Pi*`<&Xu-ET<`P$bw~-zoH{6 zI%L5z`!%x7i@-9w7~*_7WWh2k_%p_y|cT6`kRb#Vi;iJRGuE zGUqB?5Zl>v!XA4Li z+jN?DRp@)>MTe}s4AW^|hUqkKlZr#rXkm4Bo#${{O% zwxm&})BH@+Y5rUZQKr-Ud65`jk#HxR2Sr>KwHDK9{(L7T%5)lS^o*lwG@V8>O{dYl zrqdpX5Mr$O#28GcYkjuqG}g^@8cSuGPQl4qT{&dMx|vR6-At#kZl=>%H`8gXo9Q&x z&2$>;W;z9zVLFXK(+tQIfo zi8FiRB_(lp9eOUY0aq(g2zgfG1;|~A(-700_^}2vL*iM;y@`t<@g;uK109<94%a~9 zVZ;n3HX&^&u>zstL=y2MiJK6bop=qYaty7&rqE_Tiat&hI35wq#2eLA-~(W1q5}!7 z#6)D3l{gX-SE4`^@S+G$VhXS~F&7#75}ks!h~lULjCPfyRbM8Wxy1YDG|ouk04rMQW(ph zLM;kY!nh209mCNCsb!Aw8YRn++zjL~!z|}UIIbi|BeA*B3VjJtdryb44cVKWJAa>_SsVA}*p0{Tu$n@{-;k(a%H1u!o|r%@vkwPp!j9 zqn>8xq!6rsuv@LLitOZ-OOIJ%m@Ad3?ERZ?Y&WQCMlE8mwB&~G^?O)`Nn$!*Wr^v0 z5d^bA)l60~Bslhsc%?#QAa2LTY07)J|<2(e3QJ!Ci z;uoWJ(KtJ)cV|6}foz<`U5%4kigpKI%Ta>1Eu}B2d5mf-oRm@e6I=KgD~Ds!v3_Q0 zgz=BD3Kc)Q^srjt%M?Gq)PYfn@E(d^R3%2sC2DlMkE*}S>d%Bmqly8}0(ge%UkdOV z!Daxencf2Mq0~&rdDo7EeS56gSW9lMjvfxhe*0xr(ZCBbFRTnaJoQgf_W}KV@O5cd`M#E%~-T@#ge*z$VP+8+J zzM{�nUMQZh8Q~uary$klJ(rNT*(|!OZ}##}H?imiz=DZyL!Owq}1zd-0S?V|YfD%qQ+=`91I!{A10YRu2!KRB7T{0g#Rs?SbrN2csSFu@h(TGpu4Jcg?AidlUAhYaY0E}ZK|G)|GD0@(MDKG@dlmbU7 z1>Qx@FWU+n^$!XxQVKL~!H*Z9^dzmo@c^R0Isj2%3xFtaj~&M-Ka>MzhSN0@y@uBk z3>GFyea+6C;j|}qRGdGy%y15~`z^(@y}-9CUZ#c_&RMEq0&3cxr8;m9becxJmZJo@ zMb-lRo-K48fGBti0K3R2@52t6=ydIY-AJK4Vxzgl7rJi{^ z&Z?p&Pa;nl$1ehi0&f7w-Tpp+YOPM*orBPMkPHz8IQMdt4sz-jm{iy$k@PdVL6tW| zmDhmsYC%Z1zGLJG*;5sL4oX-KQnPL^HHvpYa6hPCc9{2ahS+H72uhXSCLu(P_GirGrVuc67Cpwhv3 zDKm5QGvFAdU9M6&U4a((h$Z(0keQ|pKy;a=C8q*>!#L*wNOx|~K@R}PeeooKqsu8#oHrJ?oQJ=$i5v^|2tI;Pv44T zQ$guRP(t4XzzYEKn0XyQhFQ|duKvLxPu?Yvg2g=XC^S)%)DI4sC2vMPn?ZeKviQLv zll=1#JPoRoyW$5&3$?KB!12%!rY}Tp%*RO9a464k$j>_M3A`X!EaRO5J)~whdf7ut z?aY|r82BmD;lZx%w;7IBRX>kfQp|G5GsUs~Ahk>52!}jQ9P8W56@X9Sp{9)MR4p;{V{5v5uJNdj* z9dMwdf{&@8Xx4gA>N*v_VV=~`ZlMDmBkdMaPu;Pqg|0+`OF)(Qw#mV&6RTjAKL!Qm755VWX(vCLa0qKu1dyL*jUM8V zvh40IzztxsMm;eA)#$Mtb?oj#kZBvJf=_?T(Vr3cF2|?8|OVnXpDesc(C)J=^OnEbY4zEw!LF$IvV%DjK zu+$B=#q6hePfBjME#@%A+Yi94YCqeAZH6%%l>QP0ji~~#V)nSH1(3JBqX1;K?*Nd= zV4V(f#2vq%d5-@_KZ>~pX^$rtYN!Q)rUZ8wX{YV#pr1!tEDxj zIIiHvQiErWDb|aod$95aaS*OCWx=%`>{^OsS$(c4xAPqk+zv`#iVDaey9$6qD*Xb0 zJQ{ugkoWBhw6{pc0ElE3fV^g(3m`9PR|2ptjq)EjBHS8vUAW|x=A zL7ZCaOg$1)F5V(_<|un8s#QmwIZ5$>l&o;;@ckeexsjBtaO=#Y6`xls+X;KAk-}Dz zg93Y*u?L|OTS;o)Th)FSYW^5Vj0!(w3NMn0qzFJHz*iCocitr8tZCm&*MhGqEvX9h>NgLKq~*Xmh=zVsdfO! za&EvaRBDUVZHFK8Hk30vKS$jLios<|E!B>y=?zjw3qntnGNzU3{5FUc1lHE3w>aT%sIuE{h-BYszXeSlECcrn zX|1}n&snXtK&@e4ERSFZ}BX+L#{5NEd573 z!9nT!p^(h|F9FCC(F?sf(;EZQe8D(F#$!D~7eZ!sUJAWctDhkQ6Rk9ivN4EZ@-mRo z&IY2ula*hfJTqT~ zOx+O+>WN26-z;cmb^1%kER=rlFTJuz-6<~F_&eYe-Y;>f2|apFGFcN^i3dr-cr7zT zO`2a};}=TWtDwxqROn5lSX>1#$ZLaZHMmcM*ERT2g9NIRnc5#fMKAc8uhufhLe40mJxkV~AAzRT*t7#~8rcR?)-Wxxo=_iV>2 z8Ymru^kiy)`pPmHN&lI z%re~Vq}bP{YmBo9zaxQSPn%g|j!xpt5>TuIj6N|d3nyl^et{c3jo|`{J%LEtKdo$Opj975Ry5t+%ENa_>6PwQ{B~rJigvhL^@(Uj$GKa-wXl!? zl~!ksx%V7HzF3llFP4nC0&Pc%U5XO8&XSeM)0-c!={ZI}KZeoETD?b7?UOB?^_phthcE(bkf zM&M0l-*)M}r=n(s??2nmoX`EtGd*zQ z;VEhVd_VKvQ_`@XnJ1&^{mjH&`M-`~&7kgomA|G_C~*w4K8lr-#T z=J{v;bU$;(DQVo#+;vLY|D^rQdrwK@e&)TWr2T){&%F1PH1206w|74?xxG$#U8kgR zKXcb9Y4(2R{Kk09I}A3X=t)MrK$e?E^kgGmDA0=1@D)!8``u5_jPJB(wv`s;iiwJCgGq-EP7!HO|4@lco% zvKewVL}!4Ch9JQKcpEP|K!b4_OwnMD2FGY{2EYWST4hV1(*DS{ct5CQ{x--W_VmL> zZc(KW2EoD=5>mrPhAM^PJoVeb>SryhD2jX-%_yGDc#9>6dgQ?0EzHgjx^h@tW#>== zlgMKIBTor-KQ3;XC)M;6irIOw{ym~lesW&iszM{Gb-9gZnjjN`uz{sIXD6hIJ`)?ZTpFDjsfT=ZY|vt?Y%uIyO;P zLlo+UNQz0k$Tn0>PKrgmNE^h}N1ckrTJkzHeF2oJf?gfHVZ-4C`5R_!?x{g6r=B5ohX|Fv8E9`%UNi^QKb;B_6p6>eiH)s z=D(&d;`1W$hd28}wmvfvcRJ&5K%m4gN};56Y}*+Codox2$+G}5IA7DC1jTG-oaq{z z3UDVS8@1#<4PFP3UNai(R0$0RYH)}KOEkC;U~qYJc{dAOg*FQnL|qm7 zu=cz=U6uMcczzwWLZA4Sce%ep+hYo+yDKsbR~6dgkvKD0@j@2vEKuPJcZIg)6fF%@ zT#uF@!3I^KkD4p#>96REd!3Ybx2r;1S`r<>3jMX?yodZ1S7VMQ<-O!L0x=ptCN^{# zKR!XGG=8kZB)A%H0=GVisbQb-W1sN@!$6LR-*;Br|4B#0?=ybvGk)wdeqh1-KliM- zea4S{#*hDZhq>)Deu(Yj{~zOreRAWb&|_Fs7s`&tLfO$+C_5SpWk+M7>}V{USO=e( zLfO$+C_5SpWk+M7>}V{M9gT&uqp?tSG#1K^#zNWASSULh3)POs#8X@tH7hsD)G&wf z0~Rc1=T}$=6p6n}vnl7wJ&)DUW1wR38*DcFDEoy~Ok)w!k5nrw5A7Mv<~U`g2+*L> zY)-aq7A4|%)ojjCd|t7bG@8x%ijODDv6wIiDFayLgIMH)lCmrtWERpKbqEA)3=p@8 z!OH*YYzUTvN@cM&MEl`QEgO#NJOgk3vKauc5iAGzfMBhbYy)6r%XR^L$)FDbej)f0 zzz1Lavg{TGjKstBP_Tz7rm=NHvGkY5x(8+i)h<2Elx^2h?b5@nr`m9LWxMn+hp3u* z*e*S^FJ?fsOAqrvyPZ_K^e`vd?Ua0q#nzf(7IY_SdMik^OPy-0w;^}~RQ52G+KN?8?v6n7{9vno3U;5~vH0b2q%E5WtY`* zF;9FC{(Vp-hE|6(*O?C^7O47HX5S%ROrLi4p#1m)U$>7IR z_I+=}TOs+a1%C#p$E_G(KSNi!z^4M%*c_e~SF-~F?;yr*P?>K4%pYubiJt;z@Pc@- zspTA|c-SDR?iXy&qUBfP|q4L zTLEq&(;v*I03U$LjzhK_3}shqP&Lr*1*6uR2iKxzl)EwusTpovLJE-RoV4RO5Yf#Ul!Sn)%k~sy; z^8k;KSpjCmPHY1J^}GPg{Qz6ZTnQ%d1omB!xe3hCVCI8r?*=mys+*gs`hHopRQ+oR zuR!Rfpqh`sybkapnZJN3fO#etRI>}rp#bB^JOX9~KnJMoTQt%Hw$@@~J%ivhfJFqC zYsrmT@)*EL47v#|dKSUsHoz!vvM1Lj4JHAsW27Sht{_+eAjvl9I9mX2V$gj6G7~?h z!E+kCp~3qa9HcdytieYBGPUo4LU$uWj7i>MDcpc2FUvS4Z;s7`tmZXbZb#*BV{1GE z=5c^W$vgz+O@P0U`2(150KNkC)_L^&0MgJ?`282ua}Std0E5W<1ZEDvG*DR|l=(0# zHUr>Uf`tHoA^0r-s|v_l>|@G!+X(mub(C0HsF8p)0Oydh$*9`51Tz7ot+;t4-KM#@m%sCoP(Q}3qH|*w3KSzFQ=!@xOp4|S8vIkC` z{?I5B&wQD9jDA6RY|B>;O%B8c2_0062a;XhpdnJ8Oksn@@{y>@7<4GhYrK91${V6e zNmAJ%vMXPeI7GfK(zuTDp;BU_C0N{68^7>VE@d^!*0iC6SZ?E&j5AEduOe;{Y}79! zlg0`3m={!Qq#O2XmmV(KNs9ErpRxv0a(bp{yhw}vV`t!@S(2&A<3ENmGXTw<*Ky z+>~LbZqoMaMAX&9U+_rrT31tsxwx6TkV!@3%&exn(GsM*C;d$s_UopJF3jMd!tL&6 zdjFD&h9SX`Uc(?29_4P*9*c#u+)dg6v2cgGnNHQDqA{ksnLf{?qLE;@F^z;n(ecSu zH`*Ljc#ONL4F5@m^W4qcr$;IpYr2}XCu9_!kj>gpGzve_X6*qQg$HO8f8`^^tAoba z2<_p|H+I>>`{A~rJv@ci$2%?P{{p)2zi1D4{M&D*IR5RoQyl-{w^JM$-%fG-+i#~h zGQOSS_)or_vhS0r`0bH<+xC4jb>Amb_kA+8+qYBpeKK|5CsXl++xN*-!|-@*86@@4YA$eu%NXeu%M5Kg3w3A7U)i4>4Bk zrN+t+F_!6v7|ZlSjHNP6@v%%l#8{>uVl2}SF_!6v7}I`;;(-{eboxPCs94H4 zVF1gZnOV-nI#HIFW1cpQ{Xxk#iy z+e=yMa%49Tq)Kh?XP2sM!R;gFAxh4lV50(+$O3r0EPzLV9|}rNLC(vmz}Wz62>u8l zy1fN(DJ4#*bS*&|fRT;THPkKST7ret4m@tmPBx&@AylDsus^XIkwyM-C~GElxSI(h zg;YKL3^u?~wpC=6l->WVVf+E4bj=oBzX1OsWm6b0M_O{kE?7}OWwNz1C&qf-2mTJq z^7|i_>7W+03_99fFCGX3?TZP1|a&Z25?0Xv;iQ8;5vXL!OZ~DH+O2V zU4u6OBMgU5Lj2IszyvAXaZLD4_^D1hu& z?D{Ccn;7zYKMHUv%w>B&3c#>^9|hQs86vdV$tU=q3GWd2G2tHt{zCYK!2Y;~{w(l7 z!nbe)(aOc!rcUi*tPmZ$ zb{C$?2=?wm`@Mq7ToY`f&j5<}^RBEMjpF&x(`+MQ^sZu#qFk$L5dCRCxu^D1cBd|~#2ujP3?j_3W z&PZN`0;;Lty#W0P9@pSC4L;N0X8`Jv3_<1Lj2s1+PU}dcuFb&!UN}z}+cj9I!3qto(BJ_8Y5OeQ()~1; zV*{g{=M9+;yHW=_jC)NsC)escDevK=Jshg#y9tkq3FHG*;!RMkd^X`x@y|#_09Ya}D^_plbHyP8nN+Fhu)- zlB1y9>1>c$0BZ=Y*5D-#{tj>{gCZCh*Aff^*g|ly2GaqgJv#v;@?8LoY}CEi0Bz4w z2EQ>lwO`ueTG$$Tiox%!Vp@t8LYp}t8E$9wQp3%v+$CwXy|30>gsfIbO*;|!5|FC> ziWq0zr@%i7QUmWC8F)W{{~A;!&Z{f!p*poz?0BoB>3jYecNwVmau_4cRoQIUrQjEV zlD9+U2l4=(1$ctsbAT5Ke%6v$tKE3D0IXTE8Q^WkSpXmnb3DM`D7iw%xk1OdAK(WD z?FNueu+ZcjUq<;A$*)VPf zso}6tDj#|g(Ll9gyIUx>yBXjQqfBgf3&nP~4*Y6R@j9&M%!z*R5?AYI7+#>T3Q>npHDOS=apw@jL z87!53^k9+04=V?%+rm>RUuvivtESq3>hNmm@P030Jb-F1W9wE+ho1+2HD&VYf*x_Y zh;IRZD`opLUX3*0i{KvysWDb7V{FvRn65$UKCP27I33D;S{JtO)8vP!kjxtHQP}d% zMk)i4+pjl(v`q_u44g9nniyvX!2Sd;07$cqKEO_X7{E9N%?FU=#{o$4RR9wCA`L#) zpa6X}jj4_VSO8#@$5=m)i*_%J7ED!~rKNQ}rFxXfqsr4@Ke<%hd|g$Q8Oo=tS`7~> zUq0)76q;o=sFrUfrcb7@%fVj^s+Q9c{nD(@fPVy(G|)&g+TsAxHdO#J+lz!4SX=<5jf$=oK~ zpv|C(>Fz%I9J?sav1`civue=$gp1A$Ht4;<_zr0U56~r|BOrAjI|4vDql6dQjV z^yzl^xM?4Kx*fla+DCg(6~HFikl|0(p#8~;I)V)u{$zc${k8!1+lCB>vIcFlg@0Hd zZKo}Oowh;SX%n;E4cbnd*zWG5?X)GZ)ArGa;6-r=UPJl$7(k%J6nBI6B1;_QZqSG0 zB~EcSXfLwF4tE2OHYF8ob@$Qs+XC2cjRkl-T1GLBm$VOiyA4C86cfM}yrERVziZgr z=ns!I;VKv!t*iw{FEt#N^;jo_|GCqb)r1iM8!Zp7bU3n}hyBNDL!Qp6qTvu(4`On4 z_K1#VuqSJc{BzG>$T)@!s8~r1GMwiY+=_n=D{CD^iwdXmBjg)fSb z*U(!OinrG%BIGrM&tMzjn;8>du}5-VLtb>fua>&`Kl4li(ZUadxhhz-#CMT*8;3W!yVO$ZP0%3U5T_?l(lpYv@A?A4T!*FGa{}=qC!#pwNwr z%i=YZjf?LkgdB}8wvGhj{{!+0ByFuZVFyya?+}1KVuf55uc0xxggaU6L=o~Dnl6w% z9ae|0xc?bu|Rf0Xrn;3Ug-A%|3vr)f$tDLDDdxuPYVp-8hTkE z)epTR@G!#9aFHS9LFdbm$}rAuLf`xEpN)WT-5mRd--8Rj*vgy2^0TpmKMCXUFJtO?+2o>T z&Tw!eBi}I3m>He~Zd9ZfuEDtJ`5bxf{bK8{;P!s8^)AFYDDpaU>1lfZ1a4yF9_rak zag!rE$n{p-)X3xH>J>LL@>izoWBT4ky4jK6<$&v}^qe30fHC`-o-B;^MMm~PRBc1Z z=Rjow!HphPTYsCCxa-@jY=N$Cv$6p^7@7S3s>@<;OSiKQ((RP8zeSpll0^ECN53(k z>*zOOMj&4v{YFN<#~M1PfCbCW2$u&J65_TAzl5IfnaKrk?^n zoG7G7zQ-CaQSSG@_Vd@AxfV8 zJyyY=F`rlb3n>4d_*MVOz((NDNJ6RTjPJ2B3x)`f@3FFE&TPVGe2?`y$n^JEd4?;d z5=PVCV`Z@Z9xHKxm3rC60aco5cAo-F zCr=SRzMXjxIRCKVY z1H5D`q|8Tz5M#wA^60mdkw@gV0WeqMd#sWm@?98QN^w@?U93~VMHr^O#~Q`=SVw~k zM9yqQ7{13!E)w~8BshGJm0Vt=W&${TkCj|J@;;`DD89!^t|;2zzQ;(n`h)Ekz4-dq7nP5iA77CS@S zeG#$|PhyNmtS%1-prDEE2&f~3-L+UOheH~f9c&myV|kMOkYS4T6fYdkT-y0|>sTKs z$wGG6dc;g~;i3@+C7(g=W04v9kxi9)hy@2-d$4x65mSTN*@!VFg$8@*LM5MIU*>~C zRVl$ysuWL&*j>YZR%!`K=mRPpF$W$IypBEqmB^N_>=5g@4txiw>;fn{lW#4&1QB9Jiw59-`Z@%Bix^*n zl8X_z6#^qUa2#CBfReKTo+8);@G`-Z0Phm)2Kb!dQ-Gfcs>a)K+5jZZ8~}-P0)WKX zq$T%j$-4laFp_@;kWcVEKpBBK!3JIp4g(NSqJ&CW1;l*`0{Y_3kWpmK_G_Tt#*029Ntvqg2TRm#zqmCIy7 zES$Wc*Fr^7qHnNL zFRu${yQ}n)x(G|^O6}o)o?S86|~ zc#mME_I--O_vvR;#xjl_jH^0XJqM$hi|yTL+C8{onm<6h{pagyXA|0C-)1U~4=%6W z?wmV_xxDri6>;3C<+b-V&jlDVvb^@*o;97rN0!&#tv-HR7fZLJ@GtN<N`E{oUD{S?ab`f(BR8hVaGSziA|guI46piq|AUx<*`(2uyN<+blK4=jOd zdF}h$){V<+-=6T^lhu7+6w9e88I^4f)zE{oR?eoC>I*S?=TH!(-9Lw zIUc|Qe^oik^4bTV)4je=K5Q7>>-*$$sIY&f?~}jSL+2q`Ui*`_)?8luQ@&3S@PE?b zVu5cwzvFs>%j>|m?s=%CT3!c!^galzme+xwgi*`uz|X>{<#pf}VbtVX!U8G)t@ zV0q0DSzZUvDPYsf@;bOuVJ@$Os}$z)I#eh}VFdb_uvsA?me)rzJ(t&^L?K18ybhH} zJTI5mp`^$q%?*ek`eAu}DX=WB!&qK3K$h2GEU(Ep`Mi(BbNOcOx%j-yC z-qFNdUi(UNIMb-*wJ+)6v?j}IU$?`>d?)5Sk7&6O--}rXB8n`peJ}4lS>5-Fe+uPX zUi)74F9bFMk0A-AqBEA)%z`1pV|mSzIkO3`m)E`*JeNQw%WL0j-eO=pJ{V1w*S>d4 z7%aQhPF5eqWuPUFQd!Q4_|{$__Z^rAy7nCEFm~g1GdmB# z8=@Q}eqaS5mL)~B(3l7I>y7z}OVGl}4r2;}?m%ry%<+yBaUGZC^tWTqE$(Rt?&==6 zr;ULvb|BrJGEzDvhpaOK=SbjOJFu#I;E4=Oo{Yc?u~tZK0Kg#(*eL^W6(x6T z$)mOe&lvHCDq~Bu$Z;hp)cr)M``gI9R2)89YB@f@1O;BinX_3^~m!0-%GZRV8%*P^hqS)lh2d_kMpR|808_t#*$2FGf!T7zpfxL1Q0 zH26S+?=^6v1|PDBJ^)`6OaPFw7HY{E08-0yZD3UCAIjrP16BIq?1G;Ds>{#AWIKgprR8Up(_2WeDRq<<2VQ{F0{DN|=AU7(Iyjqpoq_Iinz^`~U2qZcjYYVuD8MK% zoDZgPIY;3y%Yj!G@GZ#Mhj>*&;#a~+$ho>u;!i38UXu`vc>Mj^!1%F$zjoTcU$11y zX56Fr{hGm9meZR8cTF)lX9Y9gTq3b@sm!)g%3aoh%*u4_z-ynI*cn19{Kn1VJVTSX zWO+Pm5a9hbAG!Jhxxj|^9psng&u<1}8JMt>FmR%Y$a&aB;<%-WqRS=+T+n_0W_Gi$dlvv$ABtledqwcC(cyG?fOe2dug z@MBQFG4GF-@zIaL4L=5o{Pbh+l!qALryql-kGz2T>Brz1pfLRyJc9(gtnrBHz7#P7 zy!hvV_4ZWhi-~&)7Hf;oox|ZI))v3Aws^#uA#j`LS0wh*nIUj{)>HUrc%#hGES2zd>RqEMU}#)**Ez!VC_nPIL7c?~SV z#q$y>cyy@Pb1fJzA7-JXtu?JJp_K1XteDV8r%F0r13Y$5IWycLLS6$82xLzOb_y(~ z+Aj!fCVW%i!G!!#*kv6___aWGLV&+NyDYX|z=twjRvjUKOm%t2XO!mzfGQ`VL+tS#h}wIvK|3pr(N z3B%e#PFY*Ru(ps>)|N1=EhC_vvbKa_Z5a(tSzE&0tS#Yg)|N1=EnlNj%9$YyX9mvO z%9$YyXNKY6lruvZ&I|`5Pvy)IE;7T@!6|2kaD^!|m2zeX!7m$Iqg^XBRax<(g zxf#}$+ze|=uq1~wjpsC|Z3UAaPHWy=Fu~IBp}@$B&J4j5bB2M-jRarJ+6Exjmf*`i z!Ji>k@D=|~%4uy0zUqI4NrQcHrBrkd8$o8l5aHcub70PF!aEI5F%m_BFL<1oLA{mC z;Wh7SgySj0X#PXdHoLK`B#<@-6_~^`#4`&9B*?doQ zocB-2(aZ1HMJEKdBhc{DnIU>eE?@mD!}$^3+@h15H$v#?#0oGKof4Uf|6V#XM5pBv z8(toh7@aPRa%PCm@UsdYFP#~pM}*jx0WbZiqelu8^4^M9$>?lJ6Y+jE63iSwZ?ilv zof)EYB_!_sl+3)y5y*$m46mXjmqo3ebY_UocPhy#2#=kOOPqNa9#+~DYxLX#k@o_O zkXV0lDK@aA>LPUdp~S9AB|T??}j+M8@7S*55YhxQ0I+0-LOLx_Kg%` zVe7I|xW@Y766Y&eoGmIBBfmT`-g_qkyf@&LJuxxFDHeV^jbIK5@O{tnPDf6ONfP4m zzQ|~YN}mM0&tP07rUaIv?1=X~{BW3<7JUYp<$0fEv{}J-S){jw864^NVBJ{ceTX5m zg-IFVDhBODERq^RE{poOEFSTh;GmLBs5gXvrjY9Y%=p)^GEQWR5Z>tlN?q2+xH`{Z z&I__wX_v)yNT87AXIV^LRA&ANuDBN>nZ*aA8jj*Op_o;ig<5!uosdL|PsKG=yajF1 zQoIGB9VOqe|E-d8{zmF4nTym$q~vJ+OO-s%e=Q}~@?S^tD8xtJIFm&H_E0Qi0B-H% z3TA?LzvOb{j0}uqgTzT0$sqz-jAWQ47#&9P1Bq;y$)hB);Yj`wTH&uHH41S$@OP3? zWS@h7s>vVji;EG}ES@Q~iX%rjLI8UV&t+1%a!)H_d2d9l;>wU(zHLJ>#Z|&s*yM)j zrr#+$4m%OIjE*=El(QGo6Xq->(~AvRwn9af!&S@Y;y~P>QwB%HndL|lQjAe~0!lW& zcSw%)$HA`vY0b_6ynU*e=zB*QbA$b?N^<|+QKNXP+K=fT;e8eF>9Laq{^(G1M32de z%VDTdGZs1X`+Y|3-zfi3m1k0zsWN#HdbW}5$s=|j3IXzvf@UhBWRpAr6sLI!v zD8)d#W@uW{5-U$jfz&y0GVQs#BMWIPD!DPAepJF-=zMZGp552h{$^)}lb z%Wxf!2cg;99Ov+K7`=Ab5%$ZB;P9jnZnhY`UbBN|Wd@tr95~MGW7IfM>m|^;R}%n> zS!G9CzX-+b&1JG3d{bs{rWPmJ5q4%q(8bjM&JJY-Bxk3uTvY&%zJ_HO(B^uFJV|NU zxeo1UcAk*~e;#R#^^O5#R=kO0#zB4GXSc0)w6O8thu|#=uVUk_cN|P%;w`*BfvR^Z z;WWD&Rf}J!T6`WNOas;A9_BDkLmSl8X)wkHm}b}wl`C+&tz~M>c0X z=lYK2bz+&E=8y-;cZl&Gs7`L#X^uiZUC!8T7{`P9;llvaRfRqQyBkz@UI}uWuG+Kb z+qiW=b#n7gS0nl$2wFh>holYT??+?b=59R6&Bc!F4Y@cIc_ySA5qu?RzyvUN1Kb6w z$vVbitmH7SxdY8`F&ph+fNM(u-qw=u0j_3H3^_}j9snXa1K=IhwdM(cTNvlh0QV5Q zr9nQ*kT`t-B>5Tu-dr{J0a%3qZvZ?>$(I1n5&Q`7CV>az{S$zuN&utsaJK(=)phMq zj4zjF=ZWmPkqh7_Hr`QccU{e~2wsyIhw*pTH3p3Z^aG%JH6sDooJQqy9QqBa4jWO2I;lA8r|Qt)sMcfl84m9T zN0YistZGrW!O^OCPtD^WHJKv4s{*#9J&g{ud=RwOkplZqa zJN?BEJLm7rHaq9)(JDXtTPT6PtElvM=1~kk8yTDmQf=^qdTD$Sf+s*6_CJ`iDX{Wg zJgPzJ_V`h~e04z34r&}$h8%w~yY4J?L;h@b-H>t*3_i+%_Z8j)K}Y_TsE*tNcf5yF z@Ii79>;!lWR5KQF)jjYrT0jP<6CxSk=L5*Fz8An*f!J>X$oQ^DBZeVqS^`kB3YQ{q zM&(3Sd9`ZNjyVovl@omDesK=aIm;NN2dHY|)n*?y@%vEaZBSqNacZ^MN}>CGSZqPn zGAdV_Qz?WqrW#x4n(|N?iwFr&-7W0)bIlkdt@*$(&H>fU=lDL?Oi_3j1iuHVp}JPJ zEQYEYs6~+)$&8lS>_1EdurN{ydPCL5`Z}vmBZPFOI7X$ zq`f6~7k-*hxi2;41*#i1 zsZEu%8KrDwNhc%EgV~^~0S+g)3P2|ITWyI^S;ZR!-$UXGYvvL7^sFfHEtU9;tv^V2 zm{I*PUn~ddLapjIsQ(~yZU`#|$9hjcc~}oIgG~HB6nF!q#_dqGf=hpl)fPxi8^iWa z8_h?jar>imlNY{^ng^KPoycdvdW6hJnj=61&H{58z@?y?mk@O>d$49L(DAI_W`GWY z`vJ}+V1AboWF6@+HUZ$JI zE)^W>=hu9T=yxzr7cv)+0N75+L;&@odM@YQw90=Y-p`N+Zj9|+`KP<`ujUH@qRQNk zx8J&Ns9J^U%&n;D&8+P`$b+xWHID&EMJn%S*X5}qWP)C}y{7Uc-xK?4qot1ZJ57$WvHz}k;_3c z)LsC1jymi@EE#IXz`<^*^0H^usLjHOz4AU$OTWG_)t1{K+QD?gD=! zXmAT3!cTQQgNMmG@YC`%%Kj8VpccN0{(c5-Fka*adp%eUt>sC45@IX^$&+|Jz*+Hv-5b;bR@gKwC+iY5+;q1R#%={WLgGgQInv^K4)Y zY~|41Bz@XG4R1!$z}F_xz|x|d^z&M^=q5d+2VFUo>Gq>F2$PX&;LXy&_n|hofm8!; zwi|fca@9~bN<$TXhVc#>hBu#^WK^CG?iA2qS!4X(extd6dCis3N-Fp&fHcDQ0MZCy zj0kyC=>s5j9}KXEqjv&;yt^y_kmMHtNV8m_!Sw(?G4dY)nA{k64@dY)X^nc!VCn#j zhf-*bCJ9N}BYe2LZm;a8SW8uZwN(FlRN@L&M8?UQu5mI#UMbF%$`0K&4&|IHZ+w42 z+}A)u&n$;*t%QFM{&P?ZZ=6@4h{=nLql>&tppM);!~X`oKyvdO2e1TG^ATdo%~LZT z=pBxlV*sSVmIKIp$VvcDC4#O1kXB&<@*eUvfGkVO@z4@UGXP)qjDa8VZd{^Xn5V+R zpax5+Zk{C-cJmDSfUUJeuOn2?A1BST7CN2{QcZTe$X)>dAZ5}-OQi|+`y8VKRMQ6q zN#70y$fM2^HCPBB%cPY6DF$5%AoaQdK-=dh@RmGeaYMAkSg_hW2p)rDnt8ZC_M|LDmYmx7~KQ&7D!d_ zFsa~gz%K^X^g=;RRP104jsh4-$;kli1Sir7-N2>B1l1W31{E0o?EP0vlAdCGai{>88 zVwB8ygCyw)nKcJxQ;xkbOqC9D6m-DqutGH8T&S8at;dHdyh7Tm^b1(_K*Qwqtx|P9 zc~H$&$VC)7pcEs@vC}l&n3~w?PTm@2+w+u^C6*1r)1FaiWHk<;i-+Su6Ymjrf~&d` zK)N>p7)daiEfqlnoG4oN#N9aN0f_K$X?+6!=RluXpw<_`Tmi5i)WSsVNFAgb9E!k}=@U$eQYO~r8Koh=z z#&C3+fi~^lRJz06b|0GTPPB94vOwFZ7&04(uMD| zv^vmUh_)rAv1h3*4|$Txdj#6Fk5=h)cUuk~)1>l2k@iDM@oPm2wY$s=wDa6D63%q? zwml71NrjWL+8faar1-C9xcz)I7%Bc6)73r~FA^jNehq7L{storlz(8j?bJC~!h?$I z0&PE{Wk?l;S?#l-5D6a>3bb7UEl3rytTufvO7tOr+cRFnAVn_@w~fOa8!2)@pp9PJ zr1VdrHob+bbi2Dv@6IZn-jI^ zXcK(MYAr-Kio)8#Ak(!2B|C{dyvUg*_<|L4x1cC?yyxDGe_r|p@qCkS!MLq^DbnYg zP~@Xu5Y9JYfX_bPWD)TkXoB-i1k*1F=bI3_t;cb7(qYU;mmr*PB1!2Ig!4^^CB?o36qbf{wtc4EZAOYm7B3@D37U)79+=@fc3FwA}4<7wS}mO;?-21n35Y zO;;*Mx&dL+mE@Q`9NKWx)nAxpHpV<2sb)S;0`O$t$W(9xVp!a8!YLCa@EX1am&j#^ z?A#_oUc(PjNH-wopG3%O_+<*|2IPE4guI47rI2nw&cBP0*RToRFK$5CbkztZKsO+4 zx>8#I8Kq&<)kg?G9|iEwZSfjz#wF6pVtJB?+u}8Rut4^7n1_nEt-Akw`J0ZMIAX_hdxxfbqHwk>6@OFV865cQHC&I@CQvEOw6mnZ*2;aa(h7^xv zks-Cv@QWJ|HeFqUo(j+n2%D}ru8ja50|qu-$p{WGTWq=_;|VN7cVW{NnLvPUK-hFe zCK8|<5H?+r$;dZ}7V z05_m*;3j6%Z8HEjAaawlcaVb{5V@(@JkulqHz0B|v;WF;a07Y{-0Wp>1V-QphFl{pUIGIo}MDoDkH)%=jF}8O;-%?z5%Vc=}MRpWZ(uw#ur31Y`S98 z`?eFWRM_5hCGt;EG&WtaYQbTs^&%w9HJr1Uo^C+cbVZSmZa~;{#dtot0b$b><&x%l z0MW0-a9#}Tr5g}8T`|B*Hz01hA|t0IVAIuDWMhp(05)CCB(^tQ9Z$Rr7i_xXY~nu+ zYV!+LoP+{&1Hz`Oj}QRqZLHRbIlI8+anscpM9DuKd1BL*;Ln)PEB?bM|DO0&Ip4$x zK7u5aiq3EYVipTD4>ur|%$ZHXod$mw#vxZPcrJo0P|2KL^Co~Xl`xv`P_zv;T`}0l zpUSZ5idfu$c#@Rl+#P=H=vwNDh}O%a&A>|e#0?eArP z5umF~?f_vd47q`b5N0eN9X#^pN%H6oO?Y#?(@j;EEW^77{+pfjrHaX#;m%TqWPNEE zzkUJPof5krAGiG>s|UpoZDtO`Stj0d3&e=?2S1Y?i{M$HLIX-#Kp*TZ54HfAu%q$mR;MR)oo-h*NYy_U%_S#Dv$;4CXvkte*`E|k0M4< zfzbdgB{3dgyl66zd0Zx%>^=cM9f&3gpRLJdIa(7b>#{<{TB?}KrI-s*#CjIDN zgoWH^NbY&eeXZ&tgwB%O7b17nLu+Gf>RXX`6DVFHv1{$xCN?02wA&K^izL6>1IX_T z8IvgpdApjOJE^UF|NV?QVys}|&-fX!pRI2362m;RkYOL8ocBP*^YJT34n_nVkuj%% zFv{w1jef~tvMfj?_AGT6X(^%**_FtmbXgCE?1uz{Kn3gPAofYV9f)-%_~oEP2%0g0 z5j}<#I!f|dhrAAvye4<$byPL;x)o`z0mbiQ$w&2JUg&Hi%GH!PUAm?PsYgoco4Qg@ zPZ0l#ls_`{^(z>=T-R7W%{()k1*E=#@*vcZZ1iQ8Gg%Ej)=NYcV%j&tok9$S?pHBTuilA|xj6%!+MY& zl>MkvzK>6gjSynihEC5zr}(8X5}WyD3_&jy$Y-}>@{0T;viJ&QB)J?neJ(EGdPz#o zY(;HH90h6KHb{^%aXvz?WJ_EMa1%>SeSu6#`CHtnr%@&;|B$Sdwi!f^b*1#GI)A!5 z#l!bW`K#Qihfam{`)oWv?+%pap9UEyYql9En|;C(gOn9@1X6kho4?&%>Y0tF2Pn20 z0eU%`Kg(UJSM+hL=u=N)Fp~;;xJuhjP$!_qa004PA4g%vANI#pty?#s&A4u@$247o z`k>AAy7iweS@#_mVz_$A&d7bog^b1UQKxb4J1zuglj2>?W!;UNFEm#m@59is0^cS) zP2jix4|{JO7*&<6kDgOisUfGTQkA5VN+qdOB_SjbAd}32FeQKx83hFq6h&H8R1k+& zf)gkzgSMhX!4YQ=oLgmZ7N>R|TNGPGQQ@|VDCqmXwa-o}cj&(F-QVl?d++hbI`yqR z?{)Uswa2vx7YiH?`2|-Byql000NgIl5&qYkN;;%2gfrJc=(p7c7S3Eh#jsmlVBySl zFF199g)`T62&pcxaOS!hoVvimnJYPUfrT?ya_RyLXRhSb1s2X+-vp;FuyE!&3!J*Z z!kOznUDr>$~k|MaT!fBk`SBZ4EuM+8S zUj> znqKP$#%~ZGzjbCOGC6EXA?pW>`Ev(Jux!gMOctAQ)GB72!QxY3{ZdLsd=eH91?LVC zpHl0SA~JGTvE1rZ4`!%Tt_6R^s9@IV&dy?$acpwZ_lek@ccetns z7pIGLt_UxbY9=0iLf5uxeo43r>#O-2L}+^&2)C4Ltj-;kR` zxwWC55}-ex`D5uRC1XM{Nv+^bPP%S4-HA)uv^FAGA(5(fCmAP`2tj`h&zbp)#?=17OZa{3oo;Ezn#?8W@kI8gq+vA+8o4^V#Odi`ZO#a z{mG0{Y)keT#s#4Gdq`mmv&lp@^SOsx{5)!HUa2zRWCw2=8O+D*FtMFgxYF#-Bv9JK z8O6d6VO5buVgp14|Dz~3%-|E3LG<8f?H1mj*q#u6A!Y1X5lYNM!-4-&3dpe{8=633 za5zfkJ@-N!KET+{Z2bz;Ez0RAvr<>?9+u=Nv!Bjc)+UZJn-%X(G_Vp!nbQ^TSCyZl zD*pj0{t~EU{d5GHYRWe;;%CFC2PxxIQ%%t*avL130hJEB0U?i3T>`X@lzz+Xr>XO7 zIKx{aXJ@9Fa>FIGA3Y|h;Qr)e68XFY&hk(sLOduQHdQ5+Zl3`et-+CUQ`lN=U5o1vGsx#e( z%zgx^w>Ut(+R!iPGC}d}$VLRS3t%|K@H4;!0t4lmPT&Plg1Mj%3RtEJxTOV#u%&?f zMrhKi%&cHr9E^1Pf|9ZG)m(kXRpSuvdripKqtr zRfCZlTn`|!xEX*AI{pNJN)SLLsKH(UDNpDE8}!hiS%XtFxI%+_Ge& zF#t!Pf40N;h_xH0 z!E^v=C+7f26S@~bn%N^7Y}4Sc0ADfsZh#*Meg`n407Z~e0Kn*WETz=Poxr!b9lY5} zGg#d_71FgcU)0$s$vjZ^vKZa!D2P_@tLXM~oNfc@wgvnXbmQpE>@$|){2crax;>eo z+Z4W9@9&s&gStpJ(@!MX9eg<`ehrF|C*@ksa&>dhMH9ST%C!UK>M*UowkPT-Bi%#iFbYe?BVTQpxvPt{HUV)Ohp`eYrHh}G~^9Vu^|r+N$qa->Kr zvUms0g%r8WOt1a~Lv>PQotakiOee!26)f@8=(YDe*v`@``h};vYxDuXye*!ZH!*-E zW$mzPuE)1e%G&3tnVgST2r@JLHTu+A);6nJ+X9Qw7ML~|mi3NRlcMmfrV%fa6pv+B z>yva5oTRJP`vflR6I4Hdp(-iz8p^HJq7_{fsL{s*i&_HJ50&AZJtzv@X*E3hPf85* z)C|QSn3O!zS3MsyZc?<9BUr8X45HjKn2+wqW&AL_ZO>o_I@TnHu+uTPj$;s;jsv~_ zY7J{>G1P#z7C-+$0~)<)!RvVjGu>O9*m@!EpxtZ^TzSHc9f#Y+@mHG#FFI)pUi8ow zyx1pb3tocl6K=$A*Qr`=$|OHypJ;6?SjO6ir=LB+U*({A+pSE?9?1+Sj0HBY<2f|n}wTX-R`;PwAC z72|;v72~kr#Wvn%!D}mUn*}d2Z5F)9v{~>X(`LboOuGdya_ttp$hBMWBBzvI(SjGb zb_-tQ+AVmIQ%bLB!K+=xcmSu}xMJRJ!HdOjx8Oyt-GbLO;My&C@r!J?;57(by9KZI zJ%d1pJ%d1pJp)?s+KhPZ7QD!{Tks;+Zo!LOy9KZIJp)?sVmaF_c%|$aq+0N5+cOBH z?imD9_Y4C6EA|X<&a7RXab@33tno^02aIsM-XknOE4$ZSjwJ4 z_x;5GBNgLTii&aTKdKnFQdEpvpZ`-8=nc(v~tz=BuXo&hX)weJ~Z zr|ubKr|ucRf>-;V0W5ftX|v$P1llZk@iS|);6+y~K_qq0 z02aJhVd}VQ+cR*xxcHsA-kpAbS4b!~-+L7|9>#RT8f;;d9gShd$i#(lSRn+9_R=H_C2YB*maj^<$P)NsB*oF_PaByj&|fwvr^QtJzP#DjMrN5fi3 zrbrlRkY=k$r+pBU{>*>Uuh?Cb>c}2-!LXr0p29^lgN%5{c zi-~PFt0-hl%VUj*z7SKm*ld9N5eb5)U-U61bhpYQv=a7|@qL@E465?D+syBf$K7Um zhdk~!wbG&dUFyI8g)2KfZ=;0lH-yCJ$^I1u~buPpwED4Tn*n*b&G( z3#$#WDF8(Ts{pzZ+zil*;7J|kHGrY0aqJs_A@uU0S`1@E=dk7rRfYB}L!uafp+bJF zo{7*FnsHX(VPv`iR49^LXm+LJS8(`@jv~H=W>1PJW|~GeNR@k$D)*6aXavQwm)phd z3NVI683b?)!6bk`5L^au7QyWRQrrgsq)MLyNF@&dT*NSGD{ujpU?_li&C_5hfQaTU z0EzxL?e!bLDoDhL-WW%HZT$%wQ2zmNG+X}-^^c48i+N^|nm-$PVjOCoS*3Va!J|D9 z^enY1_-9n^F;LM2%JVF>MF&kov3HOrQ;Y2a;7c%~>&i^%DxvKVVZ zb&_hQlG<3ao85-;WtC*SDa#}uAiGzYrRZ^)pahMj6jiQ?s$7*0(EtdB? zON0w$&jS5OxukqyA=AQ2N4cbZVWncdxmU9g7iVuo7v)@W+ro-v!WS{2#Sr%Spe}NR z@e=9X)vDR0vO@MU{GJ1;#goMu?B))D{}~jUk21-}zY5@GzLBQ@-XoZCIaC1<`~hGO z!Px)@2rdTjW&>Oga0ki|yA43Ti;I`ynl8Ow21pQm4bTk${T_>7_I7tv+^h&_vh`cMvC_u}u_ERzE7!Mew4N&Rl7E)A|s_KA^tg*2)1 z2%FF#6s{hmnoWf?n-jrLr<<(xb&+Os4fy4tm><~<;oxF0~;@1p?HexCu5qP-4qGE4N4?P3&b%X^frb1F(wqAl<7yEnSAPpv{f zwp5DBDtA8;PAFsd$%L)|xSR}gxfx&$sEUypubO#OGws*|aN?g8;E90pFLeQc{3q4)!MKi; zcc!OCAL5NY;%{3b%*PU;UWF{kao6faJ09+>T?}E99B(@PwHp9Pj(45@)WynLlT8`q z*ojc}03^pp&W_8T`Zls-L%40tudpT1wj3JAa%htWyR@LZYt!1+DzmXxxewWriU#{@ zs*yOUsE@yChOputX{*+UTxLfhR=hP zsPNaGP=@_1P+Ac6ydHnIr0jj3TD{ijz*=MN!$UEU0i|s=BSx%<+IF(Tw>eI1HHAGhqc82C(JxZ z_%hVxADDUYbEu*2@@g{=*D#xUjD(z5sdFE9LYgr7z@Y6WAINEw4-&&R`9OE*P-n8H zTNXu$Qx`>@1Ce&xurL*|D)SF+uXjBdG5_FB_jd(W<{#Wvgfh|QA3WW?7+@#^37)FJ zy$GhvKX_8jKX`ftUWbP=|KRBx{0fXR|KRDD@dFrT{=w5AHW8Hh2hX6uGw@O7A3Vb( zX=VPwlWP9KGb)41O_livPqSPWQ05;z<1&ZAN11={Oo=Q8qs%{erV69XKX{H2Mwx%` z%+2@+nNBvuK!O*`#5bUJZr3r0D+Ut0FpxkeF_7RZ4bnplB=}McB=}McB>1#}1TNxw zK4#QeOst!V%4Op8?t*2R*z#mj)?ypMpK2Q+u-@B%QIFV02t1JH2UfNb0vpqZfx$9y z6hD5x+KB)%E8{XTU4wK{wh^WSxm|n)|3F8vjWAyv`3x?kBQHgJE*D2WgV)fJm!dsu z#F5V+uO2Jg2*Gc?KYO>xF_RVbeqaHLU3>P8(@@egy0WZ%kZa*dzcR* z9JB#5^sjg*+X%q}-pR;LY$F7Jvs2_UaqxGQqAU{!4KsK@lN8$sK`awfO}Vm-5X3Su z{jf~zMoO@CiD&Q_Jd|w&T6S=|_za#wN3o4?zBuw3Tuet^iuUjlrQ5}4u$7Ly6zy3j zj(i3mz(d(a$SCxF4n}MvWE9z@ehV)uBazN?xp+rUNIX7+yYNu95q=OyK7+pr{fiPPjFG0iP0$rC8b`f|R;b8*#5`ql^DZSv~0#6}4Qs9MzGX!2oI7c8~Y;b`< z7C(5Q!2N_*0!ov*6F{1jwvB)zmyP(75!(o%RNDxlUw!;2lx>920b!JFgwR1@lx>92 zZ^9_s2%+DFQOm?3T#9B2YMD4>Do!mEhj1yHerlOGgk@rKYMD5MOVQ-iGI0o(qRFXc z;t-aJuSao}ZG;e(iPwNr%fz7$wh=-dY$JqlDH`)>dzm=Y!8Ssu!_o2(j+Wn!G}Y1a z5SED_0;i6ahp@N`KTcaR^7t$*E=H5RR6UQ_I9594#lOmWe|+T7DWh zb+kOxVVO9Dqvd}_esc`xtyl^Rm*7Y)xW4A#-saUyfK$$Xuc@7m_nCQj~MoHcdtrk|QY#$&r+Wk4=%{O1zdJ0_;y-n^jva< zI{0q7;BOHs_@32^?p#z3zHc=FLoEiP&{fJ0yOm6WKElIpC39v!D7?0$5PZ{n2HeDw zLhu9MeuP0U#$aMeA-FS6Z?U8h{9LfV6GE)f>9k#;7E1~_dQq8Q*wZ?UZAl?_O>h&_ z;uY%L6iW)ZH-|YA5lafWcc?I2RL)JYq>#H_!iXh>T>Bt;jyF2i*B`4}Vo4!7-ftk1 zvZN60u&5k8(iufCWl14ACA6J!co02$Oct@Sq!67Zj4OA-j9EtXSc_FqmK37L1u08q zNg;Z?Fv^lbbf&~nmK35VSo|oJC57mT;-f4nL}!Kmf_!)oeK>yIE|yvjqDN11(#3lr zO5x3`^IBM+6vGL5sfH8s+832~B6N_Uq7z~`h)#>=au7Y%;UIdf!$EX#DF@MG9S)+$ zIvhlgbvTF~>u?Y~*5M#}tiwU{Scik?;8G5v$2uHDkKrIX3#|^K$8ZpxoH~de>u?Y~ z*5M#J4jiW#PKeU@O(yaZl9FX$<`7-B-BzRxA6bV8 z`5NfcSD0+yU&!>6Mj7?(BZJe^XrTqZeV9BIz}yCygzt4GFhH16-zWwfC``Gpl1zh? zpwc&o%pgg+DtEk5FgU|b2RL>Vu$dk_5AsQK&ZOna)yTsPW>OAm z&gpb1q)SHT2}mQ&ITbE$R|#CMb#?rgToq7A&$kpWXg+zDi*^9Dv&dH+toVea5yx8;*}@>%NK71*nv}3 z@ks#G{TV+2pn;$TU^Kyv07nzt0Wgc;dF}NEz&yI_1Xx6{2jD6K3pIa%SwsOOiwXeA zq8ETKrm*i<(rLK`>SsmZL$NNW1b)AnZ%e1siKpP|`2A+JEuAtYi495; zm!WnGS?v??$8A1f2KM3iRXDsvN0G%wC5xZo@EskcscllyZSBC${+%I7+@Xi zvjt!iK+)>}_hI5(jl$V2DZT@4QtMvjxX^_)4lv=sBM(me9hX(GUAm==`@;; zYQD=<^Su^1F9)fHzFal*7vZp(j#ADQs+>WuX?Q{LyO6px^k)IsZsXqqP^NJoiXtw( z0K{b~fV`wX06fpbZ>4pV`(h>cxrmu3C9OyGI*&SS7QLeU1p6VcUZ75*c3`ntVGFS`fz`I0}WT4Jyo(s)9_9N4g*wG**kA-Gp7D8cBw6kQe z(5z(!%MsvmQ2A7yi#f)uN??PeTIJ_OeibiM&{Ne_v4+(+873bVzxB?e8tK!8HFzHB z{29bDOf`G53<>PeWrMoNJDI99!T%8sb3v-6Q_V4Uvs0~XnrdZlBfyIw)u4`54XOsG z(TYLw`6$F@zJaR&q*XivupKT%?*Oo5=Ymw*Nx)#nim7f?$}t~N_9DQ$4C!fAA#eLH zLKc_vIyS*8&HDS2g?1NhEn!Qpt2l2?{Fwu8JPN?!LOz@?yqZp=Gk#`stI1jb-1K}v|W zI_1X#rm-HRzKdM-UHF0~4Det(>uD61z3IJJAJw1U-{2-+K-DUTv6Eu|BLHO>Uj`r@ z*J=Ry0v-mCH}aGQ9|K5q<9dhjJ!7Q>q3t8|zR zI?NUw=52r^!+fQ~7+AQGbV2}I{JH3_Kq|QvMTwlxKqu^E!aU>V?+ASVp(p zdIyVzX2dkKM!B5^q<`Tq(iK}oXPHX8wi4y zjwZ)9*+Y`son(_k7otkGyL*R{?e5c|WV;(Xlx+7z#fIWZq%0Df3ow#BSxp-AygkI$ zYbNnGS1Z}wUc>B^9`$u$t}fQePWqiP^r_=O%)C?DXx*n2&7EazuQcm$myCyunzQM= zQWne1NlaICAg%1ra4L_L&60RN=7v;GG=@S!h9W6 z#kqpnlEd+nGs84~r<)XgkqEv7Zb?x5b|fWz{9_tC2hcZ;SMeHvH1+oZq}Trxpb=h1 z_17%^DeeRuj+BD%RrQd1pHgIhz*QF`bMrJQS8wFi6Qs&8SIRIN{NXIaAfz&$IZgnO ztd9YZtY-m8)~5kT*4?g?-rAyYT5f_KW67Qkq=z)rshxH9Qr&5i)rrVvI{!;b+gjGMr(`xAePR^Nu^6Re*M?6dz5#BM_VXIN3vdtP{Q@Al#ZYTjHaL6{;^ueww6V>O0VUtK4AC(^}Qc9vSUqK4Oks-B`C%cb#e2mdT< zJ`zdFaBe(+4ChV)U}fU-03HP}de0nyhv339C!Dd)+Sc&+p~dFA|eYo)`230c(%tBDKeNrY_!)5P1w#nDzrN%0(O0}?npws8`+<}5H6-4z9IFI$rAt529Snv( zm}#uXXW92ZXb^VC5K>eQLuoKYp`wA2X#FXvwa9j^WXlV`^^@R)ZmRxx`E}KwCcobL z^W@h*Kzbci9#&S2T3&@=W9g8bXhuOoDcvhB2ABaGnDi#?)>CSV@M7?gQ9GhG|d4qT*=KfSXW( z0m#GT149bK+?uxl?`z;zcq~JRrJ#Wig4qbL0Te$1A)jUC2D}aD7Dna+9fV=N5_pi2 ze}=~k2>To(e*@-YfDak@N`!o)EpqT$MCJoQ40Bs>ua5j9!tT|Pqu9O60mX|DQX&uL ze?w<*jwnWy<{Npd3y^CK9D5>MC1~IPFbe_B`S;8aMj18|-W%a{Hz?j0DSd)M#fJh& z4=@v8H(eG2$S7ka051f^Z_zFfX_sdK(y#>?e;Yvh(ep9JVLEUtLWSi|?koW5Tekr4 zdyl^cAi+P-;4=-xLI}>gnAY&Ogf%VG{{0qbTJyw!N*7{ zEJ$zEcSxe|SdG-RPKx(QYdRAZBgN)o!6;mc^3Bi(LFN1NRO_5?xnw}=D zKiUiZ(M|f|NemZH8ufm5QI5MwU)G7?vQA@fEQpX2XLuTy;g^)S&C^ItSfs?nv_@{0 zlM-io8uhiE#57N%zF(8r>}edCgdT8EVUedPhVO%vY=NRtt>-E+!_zbZlYf$Tfg{xP zQa$cGgS>Y*LXFRr!TbuS_^Cjn-e8XI^EBxV<`Qf$H|o1O(H&N!-l~qSwwh*Q0e}=6 z15xP>?GkKgH|m=^(QQ`KStuPThLw`0dWeh^`vaJrXyT;UNW|Ayi(KPvZbIUsCeZV3WQe6vG9f#vSFAfvFaGcEj(5~P?K}dj>(D-3iH7D<+NYgcO*mEL zpk-kzJZ-7`wC{*R`}DbRLay-skJoabeR>IecopZ*3}L#rAgG5}cAcSknhAS(6~~1= z)*WEnu7~JEWz#O~vC>Jd;-r-Z=^jdi}<`-g_?m<@$~HfwV?o!=kcj@5Xeh#l@c8IQ;lo_+f4jCAB{&{zwzzO<_UI}^%)}ie#lylZxH*c-${ym1`k6bN@bVt zfEOoD4U5XAeZSc$HZk7sDn;2>^`Sd|j!DYCst^0B$1}|kcYJ-=SEV2JRU43!+r?)P zotV9^iZu>6@)^9Bj&~t(&m-cGU}@z0ey+ z)^hzOy~r*#_f^vq>D1ticl49Q<1<(S7qze29mwtCGuT@o-*j+@z%_);0v{x#3Tn6O zMMA2ecDw#cNEOs>7hgho0^Ic(xN2Y3!oKR$;MBgV)nQ-N>aeeBVPEwcq@u3hSRM9Ntq%LD7WP$NM4D<} z)xy3ibtkKRRjb4G8w>lYn~1&oTG&@5r}kAX?5mPf`>Gc9Ri6i^_EoJ8 z`>Gc9RjKOQR@r4~m0i|aFRLvoyR4f<1WIL>b&E(qsqC`acTkrgwA;nEEw7z*2-G4| zy7GOCD^*a7YpTjF3p=Rv@P3TI7IsjD8B7K{sAS~&jel_-MK9NH{7V$(uBrbrg}G}Q zuy;)>(6o=lH;n5yhvUaL1$-bsMkl#`6HvRRa{VSyB<_C3S%v^oz6Qgy5ZDV9uFy6S_?8C z2bUG{y`5HzzDTa$_})zy{4GMk6#5Xl?mvOoBebW2clkvu6|D zX{2+c74p65y#Q`j8B_Yemj;X;jKO?VHtpLPr?+n@q4CtaeI$EeID*xqcJALxtf^X*lKjO*rNHP1xQkO}`M4 zy_t31Q5brOo~z8%J1d#(+l!?L5M(I1t&*iS#UdXMz%YEaheaK8ClrL@*KEBVp>n!l zuwl;5r4J@zxw2e5yORI3SUrx;M_>lS9yr7GlN5H`fs@GyV76|$BUxA%Mo}|#P znkjsP!TXn>oG+PuzriY1Z%h_<>Mh17iePUU6qA$n^?7u=1^l%jbp(Gvn9+U){~g0^ z#G5sh(x^c>rqKr!n=5W&F6tcc3qVl=op>*dtfFy%Aq2+&j3GD)U@Ae2_F4)+bL`PS zX_sdJXcs;D2|x>h8={a{L4Ygh(j9=YjEIZE$rRzdjzJqY!_C%p*rrs%$&_lfi8r&m zEnX#vY!SpwDD)Mqj0hrIVnlKw9FP)3LL zZUuOP;6V+Z0Fd$&>e)y3G*4X5GN5xHqfk##vd{DseuR&Ul+)E+sAnJ9GdzWQlpgss zShx=joRod8r%=z0a&z2;rOWU~3Cf=0Db&YvqZ`77!^$y11?64tDb&~VV=V#Wc}zQ8 z#>8=Ws)76k_CUS`4dn(DqOt6Mw}HHq$4wpA#Ma_{{g?Oa|NWqTHv*^JujiniPI^$k zm6#S}{^_9pRfKH6Uynh(M70O?#D{e9j>bsykWOASx0NRT*AD6AMdu>cWcYQc0Y0tC zkW&MET9YBC2KcllLrx9wX-$Tl8sO8KO#A(MT9awNUr%c?vk+3wo5%p4)?|d?0H4-m$jAU6)@0i5*Tb4j+x_}L%Kds+ zli@4)Pw&^mn#`$8%eE%Na5BJ$H5t19*Z1pbO=ca-r>)75kpVue$qYv_a=#wdWTp^5 zZDP=yGQfv58Lm#K0Y0qBwB4^iq?6Z>`}MFUBX{sQz(1su7ftApPTu~Zqi|^HU!;@Q zcU>{g;GUb^10Sx^&gxu*_3LQ&D6iQoExplxUTUosExplHExplHExplHExplHExplH zExl27yisZCjSiAaib_jwG*wG)G*wG)G*wG)G*wG)G*wG)bXWn)skHP)8)H5X>K(i^SHxE+z)u6yv5yH?cnD;j>4F5K71QVlP{+yVjp2Q9tP z>WnYp?RI^Or=&ooyD2I3MO>w&S3KAeBQ#w_OK-F$qcbA7UET1M_|(QL@r{Vz^!ZK! zYjwg}g=xtZQ+zO-So-~MA_ryV?Z)KDu2asm|ODx4(h^gl^jtjQdBv z-`to9eKT+q)sgv2__{}c9|BTla0=yJT?T$WsCX39E6n1{%*{6q4@gxrF4bHLej!L1 z$0?E)a1i__3|GUrMPUx#wiMv_E=bt{DvHuAgh^96C^7yn>{(Jo*8to=@FoDSpeOcf z7uVemVJ+!3g~frJmO3Z3tKP#9)S00JB|BpkcaX@UL$oYu!APPMtIBLlf4xPO?*A!^v^W$Nf@pa{4-5_QE&EG-)5vJ)_eZ3 zCcf1OrmXis6JIkbE7p6UiH}%W?|~*hGOj#cn*8r;;$xiuToWIC+BES^0K-d@+ffjh zLc>!oO+phNUF=ts^I*`zEG75FOcW~DmqmephVy@p++8@w?9BZF=Tu#}Uu9!QA@?DS z6y3Q4;o`|X3L(9@O$g)5-2|8P+&kc6<@Q24{@f`MyocN+2p`OS4skPbdm_zHZV!YE z=Z*l*%>4y%vvL<9R(7r%VIsK;5H}|`0pHwQ3sd!|ZDJ_5&RdHz%GPUc>eg#+`_?Nf z5oD;?gdE)LJPjjax!IZ1;bvz}hnt7W-0aN3%}y3t-R#W4%}#RaW@k=^o1HlwZg%E$xY?Q0!NgDw zZg$Q`D(Yru4sLdmQ#U(vaI=$K`_0ay(OmL*voi-bI|o3LvWXp4o7l3Pk*Ah3qJPZ0 zz}F9RL(6#s=F%(_l3)(-jhIsFh@}mBI|S z9w&3P1RG_2dK#E(#Al4PHXqEN#HQB-Yc~_PR-`=Hdb|kCb;3-wxKW$8O5#kn-bjGC zUYMEI>#M*hdln~IUo)T8;xotkjrp_+GuPTs3g$*(=H-ny@@@+7eVmQY{5-r<=d<)) z<6H}@^f?w>1861#Y0ej*bG>j7UWi$o$@ib;oQwObg+>EhN@T{F=9~kUxH$+efi$^= zvwVkEg8vG#DZ<)DAgz!&Vm_G=U40p8qN}ezronwd$wv_5g&z2}ibpUnw@PO&T+st? zjpQvlV@G=ooX}ao$&a>BDyQnrv|N6cNZg2bYk=QAmlPv}u=Nu56of6BI1VZz_qk*a zj<77&K36AIELUR4X;7`d-z9<>k0KqxVpSjoUUf_k0AM0U{61!|LuJtNiB|XJ&A>EV zlGx#jGs*dgemaQuU3R#-(rFdgYd}f@pSeT=Pr~65P?;Dk-szH6h&^!l0+hT58Bi?A zrvct3_z>VTf<4+R4MqD7E=GJNCd%e|mwange{~omOv>ra3|;s2u2Qa}pzfujvvIxa zFvYt%%Rz<*T+%|ID^V43qbg$GxM|dY%HH8C-iSX{BytuU=F%~fFJ_}FPRIM;um+Ss zr8g;2!eko`U!y9=p+LW~;PU`HRRF62vIsT-oJc7@15gAP7`9}-tqcm}yurM?#4l%CnjBB<1F zbrq`EM)Ds)0_yNlcj?&*@QsVg$*r7|!oUu!_Tpi3<&wY0?x zy81F+#eTN5piA9U=~l(!9&`rGb!`C;I_nv*JJLMpJe;lHh)-d#FP+jnmt#`95sqeS z7XHLbrBGiwJ24L4DeJn+DWBr`sOQP7>-~t)o3HVC4SoT*J`XPWAD|&2nPfj381cs` z;agQ+8{UDcN(b|zLR6L4tAN5adSGz~W>S%WbA?D5^BHbW@~MjJzLGQd=VB^o@T!N&k6(d!_< zJc7V`>Jv*wH7L=by9Q$cB#U!2SOu_%(LVvWk{}A<-#{=EKmyMPxC1Umynruygj4$9 z*WZL?8WH{{7%G&`QeG9d@XMqD9slg^D-#uhp$LdVtgkt_(aPy%+sBT**eBfg#MH2?Zo6((0^Kd0|2T(GICfb;wCe+^Vs049lJWO<;fFqmlo zlR-6%Q`-|RjujK?hTwMSpaw@{aZLU`!f0Zf>9rDoAA)KOt*zS0<~Z$~$}RbuR5fxb5DmSDb7wF%C%5%L634Sj02zy;kv?JM#-weAD_ zE`#q;9Y|5 z06Pi#XqTbd2(f(#Ci(gSGs(mT?`~G=~w`gPL6g-YM1T+66`W?)MzjUKxA+sz)1|V6Y>?8Nsup#Vz=sRQ8}Er#S?>Z!yM$yjiED;R^1DY=`c2^ zo8hY()amFl<}AA+C_#;7OeH#$^ zN{9Rje*lNe=_q~Ll@95?J}ftl)u1xDL4K7(W=cn6qh|sr8G0H!Ypi7Oc01^Hk4J@q8i%XdX;{oJf_hbM`=R5#raoDQ>tmvkgG&fvl zW@B>}PEG?D>o^OU|BfJcusHr_?E+Q+Y^2K|0Lf~y2Im7v*>BWgHUd1wz`L}|585T~ zIXiG)fR`9%7{I#(M*&DlPXhRyE@uMB%R5hlM**Z59|LUWmmYfFE>8~tk>!~H40G7k z0IX;$Mw$4obVW;2D!K_lL`>TOB=Zjeq&7bT>|rS~U$A?LS^x=rIDiD60w94~G`LlV z`LhnQU3={Tcn6c{WavdZRxbeQ3RVM%P@e@jz)W{&;79wHEXr(P^uCnsw$UL+T)Byu z%fE!yzhg??OOC@gI=XB{`(BEsb`hvoScMk@bFaYRSvpF)Zgd>Ye`J_|Hqt<)rEJ%Y zjyd*BLACSYs+})Ifb&4Aoex*-+*4^9e}`k|#ubP;+)=@dohu$)*!gv4I^5AyIXtmY z{hN<)$iMj#M7tE!rh6ZP7(4xUw0BMmA14xT} z8^BwG=-+6swEJzZG63;913>=vF4kVRYcFHH?Ue~2pI)H`s#&`*O#4aRCPRfAa? zob>=MN3&qJ0!W!31CTPm1t10UZB$+ewFK>2n*ALB>R(%fR{#=BX*trC&fql-GB()7 zF9wk4l>m~-0Dwxy8Vk^y;9LNSz5+n{n>zud(hq8|S%a4}_z6IY??tJl7^NDFuq$L# zPH8|R^s6t_bS5z+l@HVJDB5a(IhS)fzoQl}+^CRG!0%`hMlLz{9Y>St&b37Zn=3x@ zY5EudX%wS>lX?CepOa?#6&fhZAOh*i7DzF@P z5*FW#Zg(@CwPwKNz?!q}wWh3WspqF>}d-;}&R}E!b zP=!lIpkC{HiDUg}Ox8xhVK^OSVXE02xf?~C3x_!%)w7LJ1-cOq%RpsMV%!6jSh5=R z104Phq-Ho{Ri!Wk>HN(R2sBpJ3#0bV$JYv9N(o?{t4!Y6I2ArzjdMPrguJeCD$=oV zmMCr@9aea{6#*clFH ztNe9;29_gMBVNrm-^KJ$;9IuhUt0oko>uxR|AM-h@(ptGyH^G6$pva0RZ?TZO0{7z zq{cM*fz-chH}$HQ!eId&Z)D8wrmVobYoRp|ln||o-Ob226KWCQkOxZcKoMjv^fQ2r zz4B00=>m@ekbdqA?a~4uVXn7bjBZcz>u}>U;(}dwxp?O`Wzn*WG*YiBSr=)cUS%`B zi|G9EsfwuXA>IBg`#(Mi>HQSucQ_X%8ZFY9fOWZg>HL1`#%~S686fLbKMhi>YoH8E zewL-h2GpxR>$VmNTv35Gu?c`_7!4mX`AzP*e}-N0G{9CaFV;)sO?sJ5<+Q1nopk-D z6y~PG73&=&89!ugMRNEHFO+q)hjJ7`A`q#JEl-Nr-%9} zc0!??VS8w}VkZ}hj2@bx*r@|wWxfx~xaSm9=UC8S>BAltJ2!s?{|smdFF%AgJ5Zh$ zHlVN49xlTWrWah#sl%~9P*qnjs{yVfQv~KofX6^X8MzFR(P;22rnpB2B=X1b{*d7r z`QHHckYQxcVHoy-lC_8;-`Zds;8Gfw{t{c5AfGaud#=-$ED@I|3J@*Es9oVHlR1gd zAQAY?UZz)g&BBs|r0@dLbV=`Fqn z7|OqJ5AM{<d;U{fS1t4LDX>ha#EdU~b+cnsty*||7Ck?_+ z+38ej(4@g}8l11eDh)Pi@P-Dwg)OV%bG7&{0+1f=Dh;mJ;5H4`Yw)-R&uU;mw6fZF zI)GH?W(~G#@K+7I5UYeK1rV_e1mKE|(Rf7zUfwFV$%$x_d{nDsJ-SJD3Ra1U=%#!& z>s6EaIW;|%B%VDBk(*@CYt z%GKz9BGa8M-O`pv;ETeWt&epaz#yzC#wwXOCi~aLBY?#%#0o z21)(6L5zF43LH}X&g{jC%^o1-p1oSJ(Rz{L?0XekP%omJ{iI4cq58j*rT^QH%IpQH z&SH*qAk{rhqZ=ssAxb}npTKSad5`f&9R_QXEC=9{SF)D|V*z9>ZZ5zvjI~sQ>i{JB zlN!7LFdJcvhM9bMliXV#b{M~bH(S}ss7`iLxq4H!peFTI)p6B}peD)AOPio39jSc% zN>Gz#E7lg&q=kyL1vTkv#oB_Jbem#rK}~wd7L@dsC!y{bn6bA!zUuR?c5gWm@;L$| z9o}Mqg=E;_Jq_?ANP5e&Br>0=z2*1t{+8j{Te^GUWG+Y|cLwMLN?xQTzS0Je=Z}z) zh|#M(D>WFX!8jd!xIw{=446Zahx)!o_MkkQl`{24Y$qZ&D$)i)Y0$G@`K*}Vbd z6SuTkcF*;Tm`>+{&C)6j)pjbR?es@M`?9caBZhP-pJ=d4gTHHVPy-KYA%Vjh4(36Cd&#^D<_Cb?WOjn7>kUm}psMe|%mbJM8p1T6 zM4C_m!WOp5UC(40WFx%qWq3y34e(boOm=J^{A+_h~EE;AM%yR20V7VT>qAy5rn>lk4oxY3|G#`_b%Qc!gZn1?^)_Z9UZ`ZAZ# ziJYpgg7aVD{}!lfHJI{#*e3ub@A?RfntXjP0^C6GBfuSeebwU;aE~O`z{E~sNGf9gX00X*_S*SfLpFfR#O(dgDCJumb?pqEKVK)AdAI@FzsT1`Oyr@>~NS}{lkTRhGB(m`R4dvpx1l$76sRI@N7 zBE{FIHR~G-1=BpubFs8fDk^X{_wgzfY6WL{nrWwu6n`ac^jS%zlq?5I$(pHejZ`o( zZS>7$FmVP7_BQ>^FF~B7#OdzQT3J~Rl$A9XU>}c^Jlo$)Z5^b%b)M$iu<1mKT@+~6 zTHOk6^E7)=3{nBY%t2R0D(+@AQ)wY7InUp`WUyh7O3J;>m-!8Ylzp?iSu3q8DM)YD z+Sgzxtob68m=rmpWVBX(mILKy&06^y%#1acF2j5aR4~OedOQk1${%3{n`@CeDfwP%s1Ts3NJPlc!lLpexwyY1Vr5vfr^rYYllh(2zG; ztGml-G1HoFg}h0Ho!rd_P)Sm!ZGq;WunIydoq#Y62m>mcoYs6h{7IeTp60=DBbC>s zHS3Ee1>-!;Uk@@2Qbo4AnTK3S`3Hid^;H&{R%^ZwEtwQOGthi20+0$W@-*Lq5j!dS zLHB5Vm4(*SnlC`zNu@`nHS?|)sY{-_`R5p36{r-A)B6aPRU8h_N$`N$=rlYychD}s`EmRyRx?7O0~A(YCn_t2?C}w zlw500OS#sZmU68*&A!$gOkn)*p4`@PyIw_9&tOEA5$!Pmq7Dc;yQ$&FvnDtiP62B8 z@hA;HffmM48h!#aucP5Nrx|KX0qA%!#q>z!--dNp)e0s`f%cvTz0t2 zcyKuJN-i4yTP8T1cqLa5{s6tF4<}y9CBoI{=zKWwO0G1#4j&n~d~)UC-Yg4FyppR7 zzs`6#@ybG1g|EOCx(_E_$<>9aNYtlKyoR}J@6#trzlSZPZPP+Ov;LE@ z#Y|mmqX-X1QQEXogfB*6+q6-Hscw$iDBeSusxVJtQX9oz!PSKyC#SVhgx4`mt&JkQ zkojqC6yY#AXro}iG&KAp)70wb!rhq))Xja4G@HUVGZmkv)n<(+0czYrU+t80_-jEFw?_yZpC^1eC!pf4jQ5TM^prI*2r^=aDn(Al(vO z`M$+99m7O%?QBFEQQNG~SY>FVphwonh(~P{!VD$@Z4_hz0R)3K3W`2}1quV&C#xS`Jl+m}4DsP8Ro>w62-BW$KR zlAgzrnnR4BVc9{H=O z>5uh0P+V3lJ#sd|v0_YIRy(~C1p5$iS?%!3_6oKk;ud;0(_6X~b)sc*S*-Mhnc=NS zYYnKV_EU%PJ~Ayj8Q^aO^8xk}Tnz9V!8HKs7(EoN(co?k9@1co20H+97&r|LOcD$O z6w@USpa(%QK!1YX03!&F2bf5(QiHnyj-$&H08)(C0ZygM_jVXG@B1M5gdRv|6}S_6 zM4r9Hlhi|DABMsSJ*tkpl9tdz^_(1cLXXIyGAyabg+7c6lX_g}!?-Z1hn_wRJrjC1 zklPYS>JhCEBie*_2)a#BR=Fps=MO&2AB=;{>G@6HoBb0yBcoD+wc~tz<9Z~~k>-lXPc!l)9Yajl;Z9Tsjc%?h=G5Im@qV_Y<^NWEOvC{L4 zffqG!DLua_1FyAkbi01Rx9fi%VY!1T*F5RE3XHf?r_^LE8ZKEed4a>B)%3X?8%o|i+un_6i#(F15Ee@OgFZH3Scm>yBVg_ez1E% zg>pX!(`csAs~%gUp!gdo*UMR02mb+J6IS}--o2Qt&?Oh(3xYC$r!ljRAErS)z~AZB zticoj0|W5*Z2*1%^v(EG*%jLb<1!7}3=gkYI+vJCs$v8gKR2rYya ziq|{IN+_0jk`hWtP2~disUTGD91v%GK_wgK0MpnHCnbmsC5TaQ91MzIin2-l?*x!) zKcc~N08;i->pR67juMOpuD0Hp*&0ICR%(cpXyE(2f|M$xsb(q`4V%LgtU;&Nn19FrzD`hou3HHxKeY>jS3`gfydSAj}o z3cJmo!j3ADt2?LfJtMbyp9lW{s1z^bS!t(}8ent{6u%a=?oTPb1u&f80Kf!- zg59>uU;q*61OREQCj-bESqRV%n=$7yMyJ{r&=!?O;u6$2#HZ6QiCDKIhvs=Ja)kyA> z7H|*V!_A;lS-QAi-s}(HcZ1ZMT`zC8`yf~_1;sB#u4l7K9|4F!cLPXmeRz4|l@B15 zEVF@8^exN1K+3)R3mm_2f^Fr?D?>pSMSjHft);f1N=6Ss@geH)0soCvkxj>&%Doxu??R&)HIF)sp_6nPPf`&rjY?E zl|%IBN_DduafB44L~yPgp`Qi*SWx^mRN!KY;5!X|0a!s7*O#_eHw{h)xRG8r1Bg)W z(%>%u(&~2rhy)J+NXqG7*|AChM9Q@Q5@r&BggHrvxm1U_R)^URAmw=*Kmw20WrHID z#LJJ@Mqm`pq{ExO5mdRN2!=&b+&mG1tNW*Mp z7KsP32WKAE+3tZ=oqFjHNY$yg)G31H*Z@d%dCH{u6!0TJ@exQ=3b7L4RTknN4W7|n z9{{j2M$s)SO`-Zmuxd3=N<&#BQUvz8o#p(PCFjQ`A-TgrEQeLr zp&S7b(Y^4zg?V;H8q&gR0lsABBLIFNn5JFk0!R~G1R#PaFGm1UWVGok*XIW!I6qLX z*AF9DKP=Y^fDtSJR_GN+*bu1DyY)dJ`SjLDwC4Ee-~hZaCF!fG>a_A1)8hu^n0ZpKEB4OI+Y zy9bF6*+CeM5Ax6gC?+$97C`YmC_`s$JI{v}K(X`uCgh?FogG>L#d=bTp|eAF5YRLX z4|Obxp|kXz@oR~>(VhOeVA&^s8jgWl1~pQ(8|sa3KmUoo)M0GxhM8-WjRPKo%1kkI zmZ^?G{r}kxg7YBOow8Pjvaqu0cI9z>vlNdg4~*Da1+h9h3QqrUb(C>}43#IVqf3zJ z|LayqS?KoFQF8zD)zPbviqa|=!5J%ZN~>T5XROGzYZd$z=Ne)>V->*}t4WZgXcf#! z(JI(xB;guF%#UHXYF;FhpO&96N5E%dw#KkhSTF*2ZZFb$yb6Dx!Ejxf8CEvpn1Wmq zcnr)>m~ZR`70HxTX%lQ5X&Svj37L{!s;8uJS?gFV)3^KJeIuwyrc6rJU<^kELZIY} zD9DFcTS?OhyISs)9^N1S6~UUSfL#e0SOC}hvXS%`rh5%vN;X{z@k>K!1}6w@sx`8V)ygOo%pX=@{n!0i)Ik#r}1 z>AR+bp9)I8h|=9lnY;%e4Qda7w2|1q*#fKp5SM-ck23HOfM*B}2Y8*}EP#&*E(h2} zuogh%{}_O@wbucDq}N9PBFWDIB*EPPOwcHK0?msQjii2Vu?NwpLda`L|;qD?`D;z zF0qv8C6r zT5Xl+WskhuJSF;e1a452>cx~IET)vyAVpIC=(LhsYjC;_lwTVt(TDf59&{Urp{==$ zNz>a_Kz>F99sz4XPgsGW(ugUCRzO^bRzMCN0Yjf+CDOmfCjmuqLHxK~d*fIw)6RzTX$-iN-y-#5?RA6fx9WC_wX^`8EwmrER089tTt4}68dhgLvl z8CmwNFpIasvW^SV6o+5*+-DsxOwhU?8{t_qv%bfiS=o2UvTuc1^_T%?ohUxazC+fm z(2oelTVZqX>vm1YQ*MQ2o#doT`h}4Cp(9}b&mRGcgmR<4SFto9?>aXo6I#Q{nvH>Q zzA!H9B@9t>3uKz&wf39}rcfBa;e3K#ap!U*kQW(-LG>jvgP;4W!{~!IY_<+YbBb~O zBT2;jE|(#Sc}e*!cw=p(;27*Un#z>IBFt+Rf(kxo5Vg#)3j8&o!t0UbeV9_9G0CZ| zwG1;)ax>tC@*=mp?A+!R>)cp&b6#~1{1G6xe3ssv*ET~-BIe^rw6GE2d4gtux0p@d zUl_AmGFZOfVVs5(%+@(P6^80mCv*lCtaWv_)74T>K5r+Q)eWk4URAqVk>eKB;&D)c z=n$>TV2r}gf^TIZ zjzTKT8)g_-`5gBi%v}zXWQ*aPzn2;2B)FQ17q03Nl_Z`<^vz5nfFyolsdF_b0&rt; zWW;+h(R4Q_L^C8&R#=raJz{v6`7GpDcn?5=;3*A01gK zSVa#(5+v7aroZjFQ8dS0r0;Ok9AS~Z0ZwCvZ5NTSwV%*eZ>^z60Ks zOtFB8{AQsj5K802iPYzqWC(5F@R?@hc%~V;i?JNa5B3EckdoWQXYe{a zlzqWl#F5Y7y>z?_iF+OqM?QmF=_vLEUlvC`gYVFB5mNVjDvo>xc`Q%a7fdho#^Gr_ zjI`2=>{7qQSC~kr;Y_?EtaPF*dA@E+hDWKo&pvguq%tUg4G|^%;OP zsgsR#xtwkN=xsskvv@h%vM*;_7%>^vuRgY5Wna)bAdJ^K3$M#MD2(4ag%N)fCS*-O z?$+$lpkk1UQIPb`Ej;mYpPSU zg*x$Z_5+aV7EM6j!N=K;fa(?H$Jvhiadwn7<+vYbNBLIaGu`mTkZFqY<7@{XXY-95 z80E*=j{9+TvN#Wz{b%-%G%8#=he4I^c zd~^dToGK?ZG0Km#9ekWkYO*X49V`$xg3=~($Ne~4z7cZparWCtFZ+#<<9;LLwD?(U z`9{cDDOI4q5pu4U8qnVeIjtXOFN3sgv9+byS%z>=BuXyZTe#a?ZvHny4nEFifS(^{ zJNP(Thyf(AcJ?Bl-+~8Tb@l_ULbo6axsqqxFGv*(5!$ChOqnB_(C+<$_+T`SI%HDkq6!vTukIQftl5tZz7LozYP!Zefpa#lQoeSUKLqST{Mvw z=9$O~^GxK0*J&Ag3Mtf{LIS5lSE2S4;*XM_)_!pHs;UU4V+!^c)7a2S_5Q*;g0p`rAsDbo--UM2<0qs3wc9qLfu3g|i?kQuPo zKsZyAG`4~Mh&(Zc4lAUV_W0SY17xPphN@vH@`iyPOy2w{M=E2u%%W$5J{(Ze5k)A% z+^J+wAmv0R0O>&FY#@DzTnc0_A}fK6B=Q#^6No$yM1+5EIniG{Y9@n9vWQ9?%u;sN zD<8PdI1}YDnh(I-J3VsVT!d7OLrr5UoZbhO)44~su5{&e9-v9Tu8pp`Hjwk>fa1fc zxm%p^-vRwPK-Wfhsg0uj3>5W9Dz6JdaKxa5687>@)*8z|@^e|LbEWx*O1n41vlFyN;<5=5O$nruWld^~^b1h5w zX20w)9EBz%DtzS`3?Brzaw;fuT}s6#_{ysBvJv7lePwl6pAr&ffwBSU+=Te?zB1Q- zlt|iTu8*(eJCQQ?7;7BISeHPDrM6DRQ~OYQ6eX-eicRPePveC=XKHRPZq}g!TRkXo zo!Zusl9hF&q~+uyaBCz+H#k!24q>n5J#6+|Wj(|ftbJ01{oZq^#_u}>|M(Wdtzq3l z;sE72xAp*Yg?sAO1&CGcupCzx6Qyvj#lu9|P2+=QH+CLg@L7{j(5y zK4bqPgr3jXzX}l#aXw>XK0^)Z&={)2e1=phe93^qe1=qIi1Qg6^BGdLA|H6(Nf<6%Ct1~S7#oX^;p z&)f}aY>4w28}k`b<3pU!*qG0dni%4I#>RYx)Z`F1ylu>9UI8^NL}xSbGcEa?72-F~ zHs&*&A0Mg0!=fDmn;EKRk9Q8}k_k$b81ed`5@?h-qU!Lqg^=zNN*idYRAomT8>x z8Q)nN=X}PW39$(x&*O0g=t5TLPH3FhJ%la7!hG z)fcLQ>Da#bXN^X3!Q%L2;*UUOFcUuxcu~}O$=eBGF-}69SAv3b5`xXse&ll!;=Jk% z2d*NoAq{dR0|oF40h%E~`&8sB&=XzSorK_$}W;1|f?C8d~5LY()?87z|! z=Y7HRCmkV7I;3LQZSQt-0udYv2?9#qqmDg-OwnBa&MBo=knUev2btXv-WgE3Qh2rGtpa^1d8>ujiM$^{ ze@)(6;q@Y~?>M;61nA$=rc4X;p9T6PK$%Q?nkvald6cP6#!r!c*~pSU^$RMy6S(Dn z-xK-iVNXWga5OTSzk-Oa+#XUlZsqpKRm(HXMvopWCZ})bA}S-P@)sD8u=xWQ$E#p8 zGhtoNiMpO%_*g>jJ^-ZIT8aM5&D!yXx&crjS`&k*^=;6v0(1i;4tiQr3h4$&9JN8n zXys&RFTHdL5~>lOdj$ug_X6-U>;Ae&@$0VqU|H(b>3Hg2;vbPu{t`#gOJ+j++*$Y~ z?gwNSfXTn#jETXIn(Vq(8208noq*hS0~&m;;1+{ z8Khc!7jh@sm5?1KvTxuS5ZQ?$I~mzN2;i#_$wr1_rtAv~xi6KVs)OiWlVT(;g6ugg zs^5ASq@{f@Iwr-(*({d>w$ZHfGp@qTkK(v)sf%Xh>S8{kur3xM&O?~qG#vKFXC+ye zj+UN%cz<{Hk)35^XB1uzlV&D90Xa0!z{4JcJdC%}{>MT14xKkcS(ylN<==QRGFlSZ z3_R*Xr?E<79|KRT03(tepht7}tC$8(UO-au`K4+SSf&hGg2C;^0VTg%!qa(10)s2CuO zF=A~cIRg*ID+^E&i)6$)A5Ujb=3|b%C1|QC2s4_oF{KKwJeJ%t;%`kd)XRYA)VVk= zH>aNsUil#yn*fE^E`i*!MJ)57pbr3q=P2X2IAd-Abr+y$m}5%Wi~i~&F9FGzk_%Q$ z#Nxh+a|-jayL~IRP#YvK4?;^w(%rp=>7q`eQboJ(&Y<{Y-2DlN>Y;BKvoR0!QGhT; z~+I2HD6PI25c^>AV87g46`ruK-6 z5RM?Gp*^B%FR0lGyN9og**+;6^n~5i6Lt?L>}H=j&Lxm6@NmU9}h%7!Ft#5skA*2E*nX-Ni+`@n2!_oRl2<^ks`dJ9= z!_oRh2<^ks`c;T{kke`l(`sr+2RW^_Fs&w48sxOv!nB%HWsuWq3)5;+wLwm+EljIP zH3T`WwlJ+G)hXCQotRdyK#XodPOB|Ut2z1Y732@Jg=zI<{BI0$T5VxkO{$-4zFU}9 zbK%kyz0hEy!s#u5R&71~n_l zX|;uE^#e%nNab)^ZMi-itrkCvEj}Erl~M)Thog11)PVNkXk90&IIW%mX}v}ZvE5mQ zFnbWWY;WN{<8s@n$ROYaoK{u=8{EKpiZI@)o@^H-eW#as`wRjH8|1Dmq z7Jr@p84yK#Dt|jUo~4QgD1U>XR?%L{-(FBZTGZb`&`{Cd%HL7YXkcqG6m^bpcRwEZ z6$<@bB&0OZ0Y9_;u90^UQmL#d_!nZTq@}8`BSM9i;`n_}KR`WCCq{u>0O{F)^!?;LBio0sf_{m-D(2u> zk+Tj(%>s(?WAV4h0f@;n(;57BZIZf}g|J#c2ESd;3Fo+JxReu+!Ee{|!Ud9b`UeKY3`Wzf z;mIgl?G=Wq2Cybs`#x(To>J%ZY%JATpb`<5W1ewqg(*8CMsrWwt+#nnZ=<2351>@) zZJyLy;R>Wio>bmEsl3O)dk|2z#Rr2qQb^y?JfrzLf3YPl^l3djh6j{i^HfgFCsl4q}iYKk@c{f@{C)Z5*y=XXLIIbv;?|T9h}BLXzg~#v#P#6Tib? za^|Wbc;GH-;J#(Z;w)=U^kWeIkH;eG#}*J*{>6~8jw`qxc%`2sn>9D`9f$@MSb={; zW$Nuy0nT%|<`TNUGS7liYo56dY~Kq=c#}0hx(~v20t*U=XA?MqYdFllB!LqnSc|Ap zD!@d^cM~AZAa}0M1W$13h01&piC8C@aj?uq#1|Gb*!&)4Fph~)++I$`K;+CgHpT+j zSBnIsjpJfWz+MMN;1)by1Z2x%(<1M@PpS7aV7Z zP;5QWYP?#aZ6r1XfrlQXHrvQBz-v~{%E}FO<)E%F<(_5kdm0%Ac+D*{y(-j5R+GzW z0V_O)tWidsn^Tblb8w>NI}60Ehht2_f1~*aC@9z;gAsz-li)O82G|p=-kl(V0Ya}x zPPCdB6+ca(K2&wGl{gbcFqgNSTKEj~O~7DO_#u!Wk#B*>OXjsOps1oNSg=Vtb>k3( z#YD*@t3e3)d7NbRW(r|h08O?Erb8@_QF^k~a~@Hwc&AuFylX0PBh;M(o)?RDWZr8r zD*?76C8bKcf=fn#FAHUbTcGTdfF~!i2zy}CxeZiIQryF;W@MeQJ*?fCF(%(+6;Vji z^rCEDGm11*@xw9LT7}F`Dn9op3=E^KLiQ8M(3nWCs4Cpqt|TL=r!9ldYzS!w}*|sFZA(}kir>2n3cl$K&V?4 zJ;HQ-+2$UB7Sj3hSq(x+bNlj}JAk_eAjbL*v^IC}H_ctEo12-C=H~qgQoa3EvJVse z$g~aGwRM|*WahQ$N9OKKooRexZr`T8+&2BEnct>Am~NYQ_T)i!}3a>YD)JhllS>lQ~FLg z%}9%M*20p{MP?ZXf9c@#sp2(^=u4eRY9{YmcraGwu@Me1L*4=lT zr!x~r_brz6w|Vwq;JB5zsSQwyiRhOesZWlu-;srx=$D>2E8$eI<^W1D75&naBI{d_ zACrX^`_hvkYxXKbO$L-=GWw;bjI0kqZYB%cH(z=x$(nQx?tKE3&Lpdbtd~JPPSz~4 z>dD&oTI35*dR#a1+LN~t^k0OBOLf2WbSCeR>);a(P&yX8uXF*N>tSjJFVmj`$yc5v zhlt%)V}=SS#nAAzM@FjSK~4aabi#q6D%3I!>AHnIW`NrFy8+iP0aVG8yPB#VB7<`x zrWSb(!7qx)!@KE0b%ggyw0vqi+qdVFGS?ky-Zb&gucy*__fF>YjAxjK$Ty(x7MOH1az=< zGp67S#@NUo!Q{t7P=y;jw$X^rq6dl%9(kWIfU$b-^ypu$T}(9`(TwI>A*ctiJ3VcG zweIw^{nfhD)Am>EFP?-SX`0KIEi8Nz`W_GCjd~AA5}TxjUjw0TRrCp8;LCNoMgffC zI$xK28ibGm>~c@u@6`%VK>}hNTvm8;zgNw=7v%k3P1FMzGa&<59U{pKR-w`+3p>hV zZ|Y%UKbi%NB3H%o>om$EBiZ?=yfXoM*cs*7o!NO4j28fWPsVs)Zo-F)n5>xN z!P)+Cj;9c>D*VzRga;T^;rN)na2G z2F^j&#{)Q4Eit4-?QexAJpjk5B}SYX|2xQM$--E*#7L2K&uv(^0oVphj0{ z0FG5lj54wkc;kO13uDz1qmrx#z*+_1Shd8cA?t)Y3^f(Nv1*A?PgdETFbDu-tXg8U zC+}0xHwh2p(h{RHd4IVZO$?B+YN;;3Irn000A$9oe=RkV>>w9CV5su|(y)e%Rj+_t z4=8yQ^~JYf6Y5OAx>pzhYQOM7INt=Qk{)&1tnhVCWQ7)a7{L#U$aPtfB&trayo)f6_F#_ z>4dJ%iL_{u+Yx*VMas8iMRZnI>fm<~^cI8BW6|YR@;G*>v6!O24^6tqjx}UVP?a1@ z7GXWdV`@fohX_`9FN0OI!B7!EHN!7KxPHQ?nP?K3T@cb0e?|KP8mR7UjLQ01 zL8Tm(p|(BMYJEc?IfOANNtqfduA$Z%YAd_}e94|Fj05GEt13BnRhY#r#XqC@Rpzt< zSW}?rU_dp)6A0JOqbY?SDUn%>@I?S<;T$lEZLKpQXf$7j&9JJeV68>yDnQj75YA(G z>q(pfVkU?QfSR*G)Le>3Ep-gy)|eW?=E98bzo>`OPeJl80MRpfBf305QrHaSc|aZG z)Ki)BxSfKO8lFHs11e@AS#0mB`s=}62F_xJY=JK9cB}ez;NA?*^#H_TIt?>f zL_Vb*F;nM_lak($Ck-_S(4Oh3a#yB?DHaY!jBM+@0`;8Tt4gjjMj_xO5JvM)RAeCF z5Ga`dsEU9%AIL&LyAlvss4lGM$pY_F*fRvTo>u5%LCgj;P@j$Ui+)N5v3~gqdfQX4 zR(J&@F9VcQQaTzn*HCK>wH4NZpUvuGWR9g)m0aH~LV)gQ15iCxhk6ZGDTK){yKN0#hpz0j34HlnhdH4Yk%#Tj5&pvssM; zWvNw%4MSi#1$g%gtLdmUOTBv}o_fn})jrUTK{yLMTE zEd2`;;I#~HYXUqEEceWwY1kW3C~E_FITPUF$o~#afMQs4O@JhFCO{H76CjD436Mmq z36NB)36NB)36NB)36NB)36NB)36NB)36KW5RukaOp#GQ%P)^qUArs&_=xj9sJ_4%M z1h@uyX*B`f4XV`yNUGHYNUGHYNa~N70G~j5J1_yV*sckXc+LdK8u*O~@K`W$z7Arc z4S28&VpAcP?Je9_UGDZKKnCPYfI=)<0t7ahqp0WuG+2~cp3oG<|j{uu;a z6QBcp7yu@~CdQwD;RPl@vgCN=kw7G)c*!|X;u=gEhN3)Y=4%N}MmD00@bKw#W>Ff8 za1Ex&@SGX0!4#R(DWlJsiD}WVO^cpS@fP_@;wK{5;+x?A4lnTPKs;KB3f5+pC8%Y7LijF*!YzF)PQx zPh@PbUdmXL<18j;7iD~r45Z^$TUrOpCZe}SZ&Y4&*qa^UY16;e-1Tau~a@ezhN<3 zaX(Z3+-r9`1-smM4UFcapePYNOW0kH192mgxCW4Tj~UwLtwPUIe+T1bK#A1Q7v3JM zAs(0eoI<~Nr6%rs&QNOsskLPOs+pC~V}%AtwP(^wmv0|1`U6;vhGtz1@?5g8M)lZ{ zJCOT#LB0k^B^cFX7m`{20%QQXx=md*lff8Erc}43nSTZ2FJww}dv!AXVCEYjkgLG_x;{kF$qQ7 zeHphALcIWt`;`@#j1&$6Ii4(7Lcg+PRG9;EHd({4m1oH-e+9_JfU>dILg_b}X)a&A zFh%2-@ej@DyBU!P!HoB(k1u!|(;ooFC1lD{7tF>}Pc&Ae0Gw#3 z(=ac=`ufJpFwuAjOwR#w!aqAFzySnQxblpP@SnE@0?NDXFl5Dh7KJf6kYkIUOGu5| zmE)Bi_jnErYy##BqGx(02o6&mMJA@ZBf#>NGvr_)LjEDjGb#28_;LT9%5zBUYoHeg zexm&3n2G#fY{>BGnIaTAM^GODbUuP4A;j##5~q(tg~^gIMwYN&H63&5{>rnE`VTcR z`BLuDDMO|+&gWq5-YOaH3_LOs;)b`Be6QKG#;X+`?ur?bOo1xEhxq>FSdprPRCFxk z)fiHN(Q`~3d<5P60|W}CO>2xQ5*MMJ&H)q-*YbT(x#|Tlo&pr1AK~sF7P4-Op&USw zY`E7M2{Lzm2a{z$>>4ESCL+cbo~scRw^-)5#VSc8Q0vB4>3kcOm})47UZeR8$R{N$ zTPvB9HBfX7ASv5pTl+EmGtlpo$3`@^?pp_K-QI=$8<4u_V(_-fIfV;BF9XCjFU@A; zqGh>^uv!yOQ^CuUg>J~gY2X>n%yL??@Nzk`fE}|m`;PH)d-fyP2a8byo23G*_YCzd zlehuV8Bt{hH7aAHZ77ThC8A|xoLWi|=Lv~}n}Q&+);72^qD9u`L~hd}Wk)k-7uu5- zo6@C>W?nO{b9JFK5%=++@?w#{0@*klP&^mEu9w7Ey*=MIR7XJZT>QRXk|e7cbewVdlk|Uc`Ddr7vfG%adG_QpO!YGajpku! zGM%S+`FT2C^7I^ZYy?Q27D%4De~6v|kUTArJUs;RPGKQW3nWh$eq^X6fa1Bx(*nuU z^pA1h2SDfPguFccgLxWmPd?pL-%FluM4og98eY$O@A3(ZQ25l=v+We3qot4O5!aC=PW?%25?zFvD<*K@nRb&2W>#9key7`vL9~( zH5!D`T!))R_zqOT!KQi}YF+}=Q^rQ0H~2_V5PcrwdL^a%ZiT~EKur{Z*aOsY4*+Kb z0BJE23!&6&4u1P^C2XUBd0wf>>d-*M^4Sr4CzzH$+Kh(M^0NPrPrHg_Q>fnuzuHRgO%sB z!TVdM4c>gG4R)T>20PDbgPrHJ!PZxj+t$NKwbf~ZFVAU%uZuWv5T_0Pe5Vb8Jf{tT ze5Vb8|Gd)%Ti0Z4;r~lc8$x+b8$$U`8$$U`8$$U`8$$U` z8$$U`8$$U`8$wFETWIy_cPILjcG|#;T}f%D4WTwp8}JpRglVS@p*Bt%LT#KjgxWZ5 z2(@wA5NhMJA=JicL#U0@hEN-)4WTwp8$xZIHiX(ZZ3wk-+7N2vv;od}1M5&e?X-bj z{YYu24fN`_5!CP9Yw$LHG}^oxAAkfy`A!?cc}^R`c}^R`c}^Q5|H5ely!su0pCxhHu-&}|x8-jUG8*s5}p3{b)>$D-5=d>Z1=d>Z1=d>aCzvZ+6Uj0tR z2rA!8!mHo*P8)Eq0fXIp4T#IJ+uw28kh|A_Z`bxt8*r~d&S}HHxYs~rxUW@|=d__H z&uK$Z8>bDiJf{t@e5Vbu9XM?ecMWmvuECsxDMg}Z>S#=sg8KmPl<4aZ1yC1qQEET& zC!m~mI0%{8LtGeRLH!(Od4FtCNM^W7_1!+*WRgPzJCY1F7 zl9ERaektWLMg&hqY0N_yp?7p2i7*n+G&OB6Y_6eLpTapJHXqL<)iDPmif?Hs&{(is z1TLij6TZn6NNoY7iswPf=x%TLFH^M#Z8Sdxfz10LmpPzI?q_&A?c@Q>5h6p=V`(Sg zMmtFiGs)6VN0MyM;$SsZHk=+Y+Vy0T*dxlEhqxC*VdgR*D@F64sW~N@qhO8`&5!0Z zr;1q~YTi=>>$iw1t9&ZA@`_`9L9WKk^EyDeELF7^zxAN+15_N2R0cw^!2?1@MPM~l zSDpmsI|zLnpfZgJz8Rbhh0F% zU5NV}VyT*KQ0D1uaPDie!D^QZL)_1+y2n8f62tBKS`5X6B;2jlndq;CREb^Z`jbdc z^40MZP(rHAu6r25g!C9+9Y6OZq)Kg7i0*BvA;;xr_v27goZWwcy1N0@`sk`ZKD+n) zc6JXB5S>t*{MkJ`K(K^6nBBtzL~eEu4-hSs%A4K81H`|a-S2eCW?PS<$#%MAv&FZ= zPM2)hDB0^`19yN~D3?&ED{_woPP*?s(v&FZgwC4ceDGT z_@PLo{cmG(Djow8nTR+Ebm)g7Q4(Q5GyyLWiPG3M;Ati90g1}{51U^d=2XABG(LXo zf$3hNp@a*G;=#a;zV;j(JZcXyqq!p{*_n$$uES(hl^o6RE;7gG(J#GvI5RiL@6vYl z(53C_p-XP{ushY>BuIB5kamnB50 zEFqde?*XWgHAA_q4WpIqsIEd*fCnLPEFiNUdL`B8fNW;+ZvuIrh>d)FA^GUbh#^@f zROa$A13`L5A982(m9k8T$THz(1MzBY+Uej-Ofcp+b#bc`Dx}C zt-jmk%T@WJ)pv(p+N~M_{+-5YXv-a%1^$dVy!dj4S>SNs+LtrT0$7T1%XvQjiLcdl zK;*@yFK2Qi6Mj7AF!sIjJ zL&Ixd&M*szM_ydgrC=7&dBf^e1-~fZB^271Gt2@W5ZaeB%mUm+f?0qcliC)akpmgu z#;l|iW`Vmvh%aZD1+>P&NEK!Q(I~#0X%_f9x}EmrOtZjJ>J(qjGz%~czMQ8?3VcTH z!$bRWeoUBrMmCYjHLdS;Ve%RIfXu(548AXf$!A19L4`?C`Mh}8a@Z_Vz=G1t^K6&} z27nM>&M*t;T))VMstkUM0JIUky4V(OqU(REM$)_9{vn{rC1c!1V`Uufu1;tSf z6~TEPaJjJ&fk_;whZ(y_P&Pt@Cv9zuwHLWT(5HyEK|f(@OS7{K((L52y@eY? zO2W-wIM6J>0P%fDvw#o-kRZ(hB*gb2%mPeUd>_IrAUKa@!Ym;8XY6))W`PqC5x$&{ zW_%vYgjs;B9hn8l7qh@RAdo=vv@d6v1vm(a zFK3tqzC{33twph57NF@f7KK@097M#IGt2^lZ-o@h0yD|ykq4Lsjt8znv@4J+d4?}% zs$huFIF8AbIkE|j^L%B96opyfYVe$TYI-fu9yrD&in-SvGuSl?5SK|_Zp;67t~;h# z;A;p=T3NS>Fblj#T|DmkFU$fW^FL)4n1fAQ@v-=OW&wUM5~0+N%mNpIpEC<|!%X%6 zf?0scqYBgyZl` zQ`7dsu36w>5xWAd=`{vU7wg;?A#wKy;CiQm4Z(5M3j~ z5K^i8Fwtzkl0H4br7KiWTzI7BM0wqg!_!x(V+)8Yhb}x)#}!OMT~&(G)Z9o5LK;+P z40uG{7lj8BZgpv_V(7vnHP2)^L2==cnjifVgic^V0r6}CClnZ%dN=6=PK*?S7^Ol? zlzcY<(hPD-!33*Z8V3jI!XtH(c|Y`u3y;*oVg?rv#6;P6%KqXKQ{9Io@%0tBnZ%#) z4KF^Q%CvKlel9ZFMP|6jNiK4Mi(H#UV87uqqD9t8i!R3TALhEb0gD2?lxUGg&)IKU z+OEJ_ax1Wh5%+%P=NTYR5Gg>0g_8mD5;+rH&P*WhkaLyGxe>@#a8&u@%+GQkJLPEP zqC!?{%gadXCDKI>aaDCL1<$cZA-#@LFMrNu`Wz8wro~KhPFKDxIiu4#t{e8ue8l~p zsg|5XWhY22Y{G;{uNLdWSQ$zBCzLYHyRam?15hoi#S_|ZLCmK?KMAOj)#6FAT5PJ7 z)#AyrTKo`!TL77D&@1&}AXP7xLzys;LL$9^lmSsCMQrRNr1Tdo$5|-wjAr@bQ}S_y zTd-PLEgmIRk=%w)3jmq5h#@Jg2hyI3H)T1h>SGpgy4`|I=-PT3h0{$u-BqeXi*-9quoVqK^aZ3{J`ZJ|cw3YCPi zeWg&FsccWF`fjMU1ElJI$SK^@Rj8|eFRA*K$m$AaccfeOhqzULlw0*B)vT?qQd@J7 zQ{A^tFK}zCtJK!h(DEce*H%}lt#?6h0qEN5F11yuYpaLU)=voh7LYj~dZp!80y&Vi zbu$pDt(Sr5zBQKl$VfiEK<0Elg6RIbk7qLM;|*WnoF72vBhzjRs$mb%{Qx>2rIL@h z&PSQ#V>|-K05Sz`KB|CBXFfW+`8Xh#k1JWxVX5d%Sp4fgJ{9@UEf+3fKJfDDiY}0f zUIy)_Glgx4Atn74i1hKOThUeDQ?bwHj)Lyv93Zt)pQ}{&abM>)BZ99Ff8uC{ehhJs zVRzV}X*5mK=p*={A|!i->kh^53nA5F*YTTaLh1^;j=mlUsq5@Ix-TK5uD9#@V2mfE zR=1i@i(x)>cTh6PR&y&ZhOVO*9YSiQT}NL&gw)k`9X$#VQY-8_6Ffqy*{-8QHbQbp zq%MMZgyf!K^<4<_b#)fbnPzui&O%?{?#r$C9axV4f4*_&?#shy_SOTJJKBBOc}v!X z=qo#K$+E7(d}8Mla$!pLw#B{4-Pe7h*Sc@&eqh=rP_q|m==y1z?fGlU;1CJr@e(k(ff%ZP#Y zqRVi50y1MX-w46d)gZ6HEVJ|h7kS=AK5~(tT%_>wtZ==H?3P7T*{M|DQC2C&7HHPy z+KzH~wOr1Sc5L9}z5K7plhLuqOyogTOl7Pxv9h*Y>K?}2)xn;DteeZ+v!ePiW`$T; z|AO_zZGh4T5#u`M{TU$Zh`g5NsOk%;IAzZPqqCHDNlt0*0BWV|GNd|Y*Az8!v^BL0 zbA~lV>1Bw!9$Hn!RaEAcvT@=~4+{8f7eTd>OK+NIL_b89wg75nm%&@N1yboR@wp|S zPIei5(j|t29tfzC%?7_L#QqEPB0%X2P%lOL0LW7;(m#N_Lc~FK-eY#^*>GQgI$QF= z)@yekSlgiB6F|d85ZE&VV z$b3NQV8oML?FVEV^PoE9S)M!QTb?`QS&}>Ot5Ja&p$`0-m5`Vj>5ylI?%=MWV1@3$ zPdo{U=^=G6(y>$$r$Do7pHI*VT>FedpSu!0Y3$Aay=xznj!ryXyPSvOy3UVBBi-$e zrmkUd+oP%Ys#QKb+sGip-hf*75#Ql$!Ji?(wjRPWcUv%7?)790_+z&PKMP4;S7gw= zEm)$Kfnj%v5Z~c#!AlVC-WEItc<#2~b3nj)$?eY&Grt0ej5D+_lN%vNTbQo{W?Otl zZY48HyYYR(UsxDm=7>`4(aF8M&KGu`tu+35>dAK0~Hhm^TZP&&a!E ziiLTrF!_x96OY_&!5xrc_qJeN5411`D}!$#0Bz*KKUjtFjC93ATbTO_lg|iU3fUH0 zIx_;9Kv_H`o@Q^O`IS}bmu7w%51)mF(+753Eeh5X*-4;wDcUv%t+-<=m za<>JOXuU0%RO@ZQq*~WOr1Xbpye*hi>utfLT5k&`)hTydFz@nhy)F1}p#Iox!7b48 z$8HOL2|8PE3;qC9>utg7pk;XOw&3-kT5k&`)p}bnsn*+qNwwY<`~s-oyDgZ0NOo{r zFpDh~X51D`Tw9oNTQF-tTbT213x-=5bQ!j`G&{>6%}y@cTev^E+Fypph!D(T}ZNY-m!tCA_yo-UoKfJ@RFptAO_qJfNc63`X`60$x z0Yq}$qvEC!Sw%AP!c~4MKQBC2Xkb}-5ksT$-Oz4#$br8Wf6~; z3x?(9;9(GPZw?lGE2MC9@C5Q{ZN|;PM*!D11(PfJhqak^k}^bSSeuzLM>(NgYcp;R z{u6j&ZN{32=5Gw(6mxG5X0TYBadR+nnV&uaB&#?762IKd!F+!{a%HmCX51Y73U$p# zJ8gG!Fn?a<5TmHwRN@$2SL0^P>RV{QA9{gZn`sLa80CiD;kI)@B@2 zt;HNqtj##4$}%YV2yOdgstnN|p>2Oml_B~gwC#_n@@>=~q2ZV+lhM{@98=vNgtj*0 znCg`vw6z(>R8IzxwKn6JDoxb3)f-PS`tswllsq^caIMWJp)_J`#xYfzv2AN6o@r{@ zUf5j|(GqQ2|Al9g>X-u&)z)SlQ>Fdcw$@T$CQ9*$E0E$8Mg_my2j6lf;?bfYs_Rt{ ziDaC(5}Rux6|V+S>Gb53FCCzU$C0mhK-1)o-=86-4( zTJaFY0GIYDlgTGaOy;Wi1IQ2VrfI=upO*$Qf2UbY&IiY?K{x2C6xT>x7{BBp_)Zs$>l{m--l=_j`guHaZ}6 zt+})^tGQf^gyjy&<(Pk;1IU!S`Z@!trQ*I>j;dHs#YuY;CdOSv>G3(GNmr>hpd@>= z$!@YA>zoFZ?-93~To6~^wV_D7vGK9!oK*lm3zkjrq9+(J;^0voT{ooOJ zcEM%&jcQa#t1%a90*b691ixkF!@QH=v)pD+`I5U0D#fvKE%^z=L$V67{e3 zFGK`)WibqRZe_8UZ;Uc=yQT_l0RLhjVY&nfBfI2A$dQ$W$sK#2-nZvuT2>ag4u(uV zBM*|vm4*3)F!_w|RI98k%(sNeXN0F(_1V?HR{t(&UUy}o^Ojv%{DL7Qx3YK-L~do# zf*&ZqGQSp$d`9|0Np59vDK%zS7FuI=Wg!}KD~qS7GFpnl25@$D7Io%U77R-(b8l$! zS$syC@sO2;Nk@x5i_geyWU?~M`-RD8gr{0%Wnn%iOgL5J9gYx}Tu;5S=9Gvqa%! z6|(OUohv9CAp&1(;Ij52XA8Q9D2|nY`w-C8-pH#qLS-BEen+!$;2nQ}Lo`ufVmBm}2T2~fpAk(_C;Eq@8%7Rqu%7Rqu%7Rqu%HnBItt$)W zdRFv9%*!2IF!(;w+ri3$#dcQ~#B(bP)X zL68eqWXP8|7Xy)8Hz{*5@Z8FR0lAe03AxX^An!i!g1q~@3-o>7R(3VP(ImH;;2`9# zCSCy!RoT_VdQh^OXvA3Lt|kQE%DirNhLE3KO^gSwLOexFuH+f3394X-&{$0{WsYn@ z=dC8r0MA`b1c74&qnNvzV6eNIATHCpTY5 zb+Ft;hBU<@$Q9<@6plrP$Yd88B6B)rvsnG>9EO)8FlH`^e)UN$q;EOnh=d=bZx z+){%f@g)6S;EOoEp1Gw4lgTYL4grx{YFrN@x71hyqCr{ocY&owUr;`)3C|RBb0Cnk zJUBl{OY!mQp)?l#U0|tkghV(7&thuYUf80)3z%On6tT+kAfn2mzY8oi)``G9 z6ksaPxB}@9Kq;#eChCb%Wp9CPGOXYkFsxaa(j|_`(9OR29v;Dy!5E&r&i~gSYV}EY z5lLQeOQxNBMuAu@gyr0c$jKXo@H-Do194-tKavSKgNK5+$$v?hRlJB|Yy5YBh&x9^ zb@FEavmnyWlXwS`xA;E?QR-ZBFo?Ahr_!ld1md>XHwdY99y%4o?TH^iG&r|12kUHh z`A*Ic6F}S{IcReJ$&fpR80b7g;xGR42;M?v&4GK4#IfZsqdX=HmH7n0>7>{2(~J_O zli8$gL~9|fqWdta&j=PFJu52Z@*7exf7F7aWWeyVi-e+sSu)3n@}7ujRLU7PbU~HX zjcG2Z+#3lLOa^YvL(vmgWeyhh69l|J3R%# zX$~mq;Ss5Ph##yw3IIXcIj_5w0a(p0hc3+>xm=eUdN`lfH^wUo> z9iO$r4VL#zqBAcDxz`Q(I2Vx^Lb!VOSucX{S!sE)NRkNOBAo~;K$lW-hx>C8P+ z*ZM5JOQoYwRmK7K7ufdh0AZu~KuDBXSDI?KLLdnsLx8CAt56xnz;F`;SBhY10j!8e zABtOw2KFS5?SqOb$KpzzfqO79Y#&tKgF+aCWazHM>LLly3+}-V$HSSRrvR!3MR5ZU z6dQcRsC|_81LUK6KLlI|i3o?MIXjMtyG9fwqgMFVwa*U zxx!QzA)~6{D=Ldg&MLv&PZY9lw8B`etMHH}3U=p@1QfOxg$cQD%Cr1Psm*bSZ}36I zMzOaiv`B5i{2E5+(49H)g^kIGrt8O7&%{+n*7hRE-9^34 z>?56ef`wvM_s9Pyq55$^r(weMcOHlTAA|80p!1<1I)4L8ETD>-;%FOrWT>t-Q~`Zm zsHd9o4}#cuKs8gC17tR!E8|eS8&!9s%I>TqvOSNp!}ShJNtZ(S3_w{WLZqZ9;(BEL z9+vePAdeAw4af^XRF9>j@p%#;Im5JjJUuR1q@fl2*@pV;gM&#~xS+~BFio4Ofe0@+`=7T}qbh^T2iKL&Ujy|F^D7pM_+r1sSeOB`WuM;JTE! zc_Xst_Z6)p&OM(%z8llvTK|QRl|7%}ZC=`l^`1}g_TZ%;V5#Kyu^|@fdLXiGOKUQ@ z5puLO`F3Eo#b@MxGR2y_QJ8#2o+DGN$!`dg&&Y>liZvNWAP}9;$d7pFJs)SQe+XJ$ z_I#Xe*}QSj$H})QJNedR=bKp8nrtH`zL3N-vM(Nb&&T=6euDRzEsto=e0cfKL{@E6vk=^jn z*5pCLx(07QQEa8h~Sd~q`=yX;7tU&p6F^p zUnIItPeuHaK0PU@Q;Cq zP-JaQ4*w*CwkC&v7D8K-!@mfjt;ykEh0xaIF!p??LGSs54Nd7ipD^5*GEDFJgxgq? z!*FBDFums!h8t5-de0{eH>R}p>OG$@zE^%7l-~0Rw{c?{ZsW!@+{TS*xQ!dra2q$K zVeI+vb6~ya6UO(-UxLzmKH)ZQOyRdaK&zDA^9jR^DJi|@6NVd8QhLuP3^%5v^qx-` zr)pmSrT2WoJq_PXPOUxe2A>~e4Gk@&VuYz z735ivo#TsW?u|vAm%L&%K8PD~uLK3(in?&}EXa;)L8irc0!A*$GxmI_BHx0{af~CI zgu8n_PM!tX`K<-nc~7jyvghOcdkb>WCq{_fDa3bXdkb8fgq+ke9hv{?o4xrgruF%NX(4>1L>5a_aBM>w#8hVqnYR|lN`NI zmFVT~idm`bQzh~}vL;$Rvicwpp;T&Yvdjn^0Uc4gT}@UP0oJ^VepdjhQd3s+y{J%8 zhWVo`K(flvu2-XH3Rs+%G0GcbBq4XEx$!7@zEp+e+EjG&f+35T*PManseXsVUmu%GsTbPusHqSPqu6y^T+I)1<$gZiS6c_hy=&<)I3> z9crs|{adg)x(-l@OIkh;Q}d^wJ^)nRh6MLUlUMx>$TEafy$)myIH)|HGN>+N?lwv8 z48F28lBrE{NTNn^w5cPrPz&XocBS$f$;qZB=A=%R$j>{hfI8VGctKjdPO|r+elyF4 zGmX`fM$;iB0+mHCIE;(&Tdbaew09S(XBd9w6g-Iu&mK`#Kb zljZVisgPSi-$=OzN$CK}y$kvc@;(sWWM(&x*Tz0(}iYABeay^AO}b%O_UcMpZY-Wckg1;!+DhC9VirBV{lD4ut|#%DICz zGWO2~JsD7O)(MEYrjQA~33?-Wz2MEtSR*~_i0=(G9ni2_48L!vHscgr;qikQub&R}caTcBdXNqc zmD9nBarGEBzGr!~sxvfGr|P(>2?3W#a+6_VJpeqtBctD#OOiTDHuXz7X#LsbE@_+G zCAs7zZ$4u0#FZ4A3vtWzuqQfqnx}bs}=`Fb3kPYk_cENOc^`>Xo7aX*WqhK{t}@3)$B^98^Ebwp8wVTes*`3qXKjpp!Cv1pk|Kr zHP7;~rPAf+q;)qNU%HZM&Z*Pn#L78yapTr8g)I4=h};vP``EFP`x`-D2B?a!G}UUh z>QOFoE)Z$?KLe3Y@eL5^0^zH5gI84mk-pI0MS8l(!9W;Gm91uuhWS|5=vBA|23awh zFURCScZy+dr_eRMuheuWta>wmip3#FkC0!lRiIapcLEiTl%IpwLB9eheU-dX*-DvM zH3|tyab^IKj(iG`J6OQWfovdhBaml+bb0`Y=Xh219R5pbJ_GV9MZ9RWiA6wq1NnfQ zeSieOQDvty#oj(v^c*;^x)lG7W(L(uf9+k#5Z_O5y3IU)zZ}7hQjTfhO#)Q4AR04J zbvKYNiM$KsXChl&ju%;B4piq$m|jOaije&!EwZy;sH9oBc(1BDBUFme$3>c4WIrGQ z>?Tzml0{UPtyEcIZ^8n$hp4;(Dy!ZHnWW$+K&pv+4x|f_uYvR>@*R*tM1BS`28im+ z?J!(j)C9(9qRfv`M}IYwuE@Uk9b_y{w|C!rKi~WG?)+iL)@aoX#FaKW8^|Q8zZb~i zR9|*4^BR?RiCbTo4WYU@;&s@MT|8QsO`>X7gwAJ_uKE7Q4}@e*zW?!V{FU2s9quO* zP5kleemPjE#qQV2f2;d#^55V6KKUQ&u@V1!zJQ17@iv~lsNxr>kjK%~v&q|@!snxT z&jYllhUB0;r}19^-D(|QZY8-QJ?gzS+63ecM=C4a^b1E4n(>_$4QA=Cor$6|y!;5<1=s0U6H2%#PDAJFp%@fA)Z4|Nja z4?B&0kTF8(Qg5G8m_ZYg&4yPsx-jo@|THNDVl8-?a-c+u}3A6K=M}mX7QtD9=Xj^k#s8W~VoUo!$)aE`;;0kJ{u2HTz93|g;`+UZ~(TXosvbpPi1D9&GvC9-7LbTjTzM^7@Euf+^6BP+Be$t~bu zzMqkuq$M4)-_Vx~n|=b~_0yz3^RuYgTd!F{8TsIT$$>gFnt7m-iA>d@@r-O9ESaOp zwB7?+CZGII!o+<%piK6P&XRBDu`g6AJ78zaYW#czF9no;hwSc)X=!=*7OV`B9<$N%i9lGY@>8=xsv?6)sd18h0o3%6Qd37}m~hkUbg4@(90#FO zBySs$=p#({X2zh>`?H9uz?IGlH^hIj##EP!E@rG!BF_~U`JW-;hkz=nx4Gh_vHTZY zOb)1$1>f8rtdCKkhXTq|(7gu|QN^798&kz~!W`(wXDnzT7E?FL)KXo`*}b&slGoFr z;$%RzY;DXaq{z*nZ=&k+p=BuZzY54WB6k6qO5_Exm{w&chwz|<&(=bypnpvN^ zM7xL^gvX$213)`h*hM$!1sPdXEkU9$VOn~mgl~VUB zL0=B2mL0k(>9kuwZ>F4d47xp_yaL&fGWG{@5pz2Wh!l1u z5Ed5uo6L6H=BkRc(aab+%W>&-`$E+)fPNq2u5Zv1>2Pt^H>l2hQZhdk(o+Dnw9?mM z+tFNZ+4%1_m-B-7;(8`&N=-!}u~m}g8&)afgIU3zwg3v|19b26O7FV>^tpiYT@a0( zPSv|h=EO2zJvVL$@o{#&yWCEW@wIbT#wo0f>)o|?dO@h38)k&~{=RzmU{P{|uYOgN zQiS+;Z@s$?FHYL^?y5RD$*1Z z1IID@Ku^e=fL(~NxeW3V^D)FNFndF1)a(k$LUSMBMdlBP8#7Nsthi}ICSe|rxJk1T zp()eB4rv;9toaT@zASwev*q#4LMgzUCQSPtEFZj$z_Eyajx3LtYY^{93#@jfo56yk z`@?3>Ro;itZn&k5Wwrd?bL5{7o2be=njwAaD)0|`%)rkr-Wxcsce{YWyn`9Hv~_0i zYK#${i!%)NS$^wCiW&9>BpD#?<*6dmS2P~DHdb1_{A)mnu@axPhJfos^;RDtEakWO z62Sjz+TH;`xTU-wqtyNb%%Kp|)?@#K=+BHp>#_gf7;$Yq_D>SRDx~$;e~80e zYwNN9&>HseUnn3X*+c2*52n1Y8x%a9mN!2y_pNez$D6dZslnA9j#AzvxK6+pGdX$lU&6r2E& zI1-N_t{Ug7;kT%_fI?1fMDPaUJ#=5KfN zhE>KEqg(KLW>U4W0eBsFJu|6>*kWXs*E5sq6vKwU;`Pj@AiLdS7~B-^VK@U+uNXg4 zL7{xieq)T^vhjLmQvG5J@eJWy)2{g66e}c!b4?tV2FCa;8?R^n5Y(Vp7iz(|rn8`P zaBL;D;9S$?poYZGU_6{_8jkff+o{wblr}-{F}#O?0f{$R z8#vb_!~haF*F>Tq3^Clpz=R8U+79|9Jf zKQ4>D>Rba{g?X5eTv1-2!W`ZhBD7D1{|5RFmv#>tMPKmqk^@=rMqdjY037cf#R|ru zP|^3w8C-A<;zr*W+zMGEu0l>r(R+D6G7DX>J7kMy3SROUzR@*)wlBbM<)Ki9(*$_K zN@1Y?IYkUhpR$`Ub{R0A@aM#{{OEF7oEUni?A+K#pf`jjK5vTLDhYTZ9LhIna7;0 z>XhXqch#Z(s<%o=4%1|)dL6U-QX?Rc{h%b$pRqrh+GAPMXy)`L@M$Q7x@^72v?&11Q`b8 zG{%~f<*3S|Sn9!2mve5#oFDzbXl4#{T@J3)WzW{-;0|r-a&SK#>aUi%96W;LqbSF{ zfT~%Ysd};&iR!u>JWrGHnl}d`bRYRq2w5I9E$T?>cc|3w;h;N^w}crSD)k%15#w*X z9@XyBL&$5-I)|CM=5Z0}P4Y#EYyi}>2yZZXhxGuI_pyAR$hxswV2h>bsqmtUTS(%WFq+Db$5Gmj{E>d|{mNUvljsx;N(>f1`7jv14D}hJ> zH@L{VK&0#@Mg&pV!9_;6NDGi6M!yY61rXJ651Xk@hBU5Xo=0~vnz<~jmRG;79lPs* zphxurR7;Pk>&*$uHK1F_lTKAPl)R0g9|5$}cY;elM!U9~+7nvarP_3~2Hnvh{UJbi zq4v^+COYV@fcDJB77PwXm%3}i*byiM-I0t=Wx&pc$TC2u_8?XPxe~zkKry7Fd<>)$ zOIyCyRGa};i~%x`$ZAQo3EMF?y#eBHmq&oCi= ztFODeN{w&ub$3^z@kze!u2DF#DBRt(<;K_hx<8E(j1b@7+kGqk6XH{R-3QiUb_7Ts z7wGPqX8kLi?tS)#ITnx_WOsjVpi+d?U~l)U@sbk!ci7!`MWqws$N74=mgzJs(>)ep z&PE7)Y501~MwJi(Ul?}xJ&=7u`khGkYcP!_B+dwT{|-N>gyOj&bvq_Ymip6DJdKmV z3w?qLu3{_RYpPEXdDO-~ZtyjKd!xAd+Z)Br-@Q@X%)3$C{Oyh6roK^p=La}g#P0k6 zXXghv+yeRpujI(LXymW zLUI~D=T3D=Pr`~g_zt!S2BvoN?-Rt<2dCtz-Q^H3e8)@%v4;?rd{~s~FZL$Ca|Po! zNl3^!u8u_VAv9;y`35_qsXaw3?$|=aW+Ei*R5Q*12`P1cz!WnzKtd{=zmwQYLTa72 zG1X1&Rm36%QbBfsyt-wV&&PIw#ziV{R&a7;Z6=bQ98I_r2y+^&=HjGs?O@y3Ud{xy8`i;W8n z$E@7?8Kdvm_-tas%3|0FLB{5?t|2oq$ZOWU)<`mwGw984Igzy(7OCJ8vYw{P5#lX7 z=Y%=ajo49PHlCi~v1Ce#~YimW__nG$0D%d9FgQ$x&KXKOE+V*^xj zwRI|)83E>?#<~d$@v)i0^hU|z5N3P;5BL@d2{?=C_c$lZ8kuc+eHTG!H9=^m2gd;$ z)+=NzVfq=)Y~;uEJCA`=UM2Bv*{E#A2GnKnZMF@->@)w+Q|H1Ze>WspTFY;k1@j!c zyQ-7XuKeZ`!3|cNH(xeNcek)6@tsh?$djhxs~~Ad+b~Ie8I+J6-EZX8$nZO0?h?yn zryV`ZF!#u3Xjl{}T7nF$$If2S0|3tuyb16+fRWdQ`P?S?T(?0Vw9dukOXYK0yhA>> z$>&2@0+f7i(_d$(d~Q3$&S&vuofzqOY8)SfsBCYSZ1+X>x`EUh=G)Rg%mIIVGTS?J zwpGdAk&@j5=Q}_}ZzGTIvjjf@NSPwKOmzTX&}o=1T*-V^&&^V}`oB31ZaJB4H)G;n zyrn-~s`y57eRFLq*&%i%6c1lcb}Zj>9(n&tJRie19<`wIwL;8t;}HD z5iEgQphOSKR*An>@MA!wvY>Ih6dMZ~rLv%LdoJ5HDyl%H{;TCfkiWtATE-&#+G`}1 zc+g>Ffy$Pnm=m6WH4#3d2yEV8&t;f$S_&BhAEQA<)8Y6N1V+)-D7*u6$nRmMmm^GGi?Om_bkua4MrOna_wvNW?Xd z!3qkxXtV8QyxOXkM7QP~kZB7J5}#3a54` zOX1la%2K#Um!*J8REI@gME)KJ6-YNyDrM;(!g4G~m8DF|aw_aNtQM)5hG zO1%h{m*cKH4=YI|$GXf)y)=}+AW*57h6?8TtMma52M%yljYT0zv0d&+Reu0d>=Q8W zK;@*^ZZNmv#U;f)19Kz*Ddu%Vs*ZtwQtWs$Ql&q3aNuKys*#YAVpqfER1}fqC`Y0* z5ttNP?u=B910cnIjTjkdJ}x8c(&Vbua)jrq)gE+UJUG+fFGX?OnP3UJbPOdA;3qCE*eeiq~&0I>;4d%=_jDN*)MaXAx z8-)Y$aDFI4K7-uiRrZ4M?J0uu8AOupwqr(u(Y9k$-mZYQU^|8zqRL({Y{&fOM$zOO z2H1{y1TL@_%tdPtY&Igs(TvfZ#v#%^?^?!~&q(&CsTdDLs<0g+G0Ha#v>o#?qZE6= zv>h{_amqIgv>ih?*b6>FQs6WA5FW~2F!y*p%C5@u6pFoI+E#%bG(3avQ}{HJcXE-( zqn3KUr|^6VX>Y~j600j-@JZV-Gzg<@$EaLyMTNk2%r|gA9fk4Zaq$_f$3xi*9w9`yXZO4#nw;e;S-FD0lWVhXR%uaCa zwquxmWiObvW60HsyBB6cFZos*={@LCvfey zWA1?;WiObvV>W|pw;e;S-F6JQcH1%J+HJ>d2iI;phWTu_9kUPV{R`VMEVi~CL!7i7 zLk%Qt$1p0|3%(sfkBhY})y^_VwNuLa7OCHDOaIY!3>}iTV}xl$ytExdM%#{I!rFF> zV4ksn?HIv4V*%SS%#VKnn)Vz7guUPy49_zbupL8@wjD!%VlNoBVkVfc zaME@R9g? zd%>_BL+im}JEjF*#9lCL#|Zw4@ocwRDc?){wly1A*#o9j@(kNCjDjx0!(K2`X3r+P zKGFf(F*iacM>=3TrUV%M61|DNVAzhKv$h>WEcSw*1F+*wH4IGKF{1Nl5X)}u$2JTM z+cDgP6T`r;9V0rQ4}Y*7b31;t?HKWMI_eL$W5mw|^pj#3n6_i+Ahu(sVF09U$Bc)z zleS}q0J{tqPyfMoOar_nZO8n;Ft+U&;-u{uGD+JpEJD(D40V~b9YZE*JBDGBwqy93 zC2hyhCAoCIs{4Sr7M;zxpYM)xpc+g$)zj0B$uwpB$uw}ExB|> zCb@J)Cb@J)Cb@J)Cb@J)Cb@Jq9QjNxT``}@r7K!INiJQHNiJQz3MRR9MV;3hE_>-} z5}Z7)Ry@V-=(zw567!Jg(dDlo(!MkoFkZtfCyc zMa6*u;aeJ;y>#`ig#So~=VuKP-f*oy0&q~_?~tU=huz^&?C;(oSY5ID%)^j)ms=te zYss-sg>hM9(Hq1*%VaK?f33ctWOM<_gyB|TW-{q!?3 zAS$Ny=x9rU%a13=HR46oKhbivB!{f?|7BzHDAzFcs_ffGFg&x7IB;MEb?txob=qjdOtGLdg?u)?nGrifE>s5!cP>gtg z)5``~W4QKHm$OU0WPx@ffy?7Jncgi}0t?MyayOgVvOFNhqT{!i=_eooSLkSHH@-p_ zXe*Pu)hjQk!=xpRJ+infN`*=hV>O>2|N;W`s^U1l)Zpy;;gIb@Z0_ zTPU3vrnXmUm1XMmN7-UxTS7xIsmqyjq7i#B$hXnRnME8XcIB{^V=qZ1d({i^vM_%2 z4!n~4F;yo+9`(z37EHb?_KoQ{2TLrnvJ~5+ z26l-yR7~t!GxJk4z{Hg(R_r@7i{26!qW#3aH?tOydF3WBKbYZ5$XtOU#C|j*SCKiH zVSX|r*OS@K*nT#1ZzS_IBlyLP-%92dGJDPJHDo5Eam0Q#v+pIdhY|c{Mjs?Yn=r9` zX7;0GdN9oIW_$ygbMQvR_M73S$vi-pKg{?RGL4MDa714tGl@Ac9g(-d6wH}6*NC|s zsyqX-;gV)Ei|Nhn$b1jp&}F@Y(tBL25|4|06gn}H&=SlKBOP&|Y^A>qt zE6=;-`B!=JvnY@26?yXLW$a|6>5YA5hJsj+5_8(IuT>K=LQ9w*kHd8|Ji3g$16h4u zhx21(Pi&dTV9WduL?yP&W3Xi|3~iamV9Q(>+A@#9mboyrWgdeqbH(5tj=`3>FtlYJ zgDrDmXv;hXTjs*hmU#@e%!Q#X^B8QI3v&X!!Irr&v}GQHEpuUL%RB~K=ECfu3v8JS zLtExC*fJM}w#;L&WiAYDna5zuTo~FikHMC?FtlYJgDrDmXv;hXTjs*hmU#@e%!Q#X z^B8QI3)99huw^a`ZJEbl%Ul@RGLONQxiB<2o|iN^&Ynm9&=zOnZIlP!sHi+9344*`LWc6XV%(c&OKWq2YZMuT=gFQx&!aZ$$p_Hgh(alWit|7bkz7 zVthx#rC^5y@g0HJtKfZw(-2p|M=Gj3;6&ICosDLhD7BftAVi|G%`7F;)n=ZM-~_D{QivxePPXX8ua%Fq;`mW|GbHWjaUL%(=|L z6q}h&Z!>LXI}<(GW`>LcGtXvZKjN|U0^eJLA`}H+sqEStg@MDOy@3}*$KTB zK4LS~O!RNs8(lWp%$bbsCzqu3DemMpb%z3=0)hptF8TvAQ9mkS!20T2(wU_ z-iGUQCRF6S9R3Oq7y!J)%;unVCl+K-BJ2oUgVGhr4%!W-j7RUl+Vv_>@h|XmY#}_A zTnc5H=bCAJD|cd5=ST?|$bsP+*)clTtYM_sGAff#jOUvLbbKDMJPRtHg4<8b^G(TA zaoT3wYKLfxGc)Wiw-pc{$7KSe#uU zpNoz&r4q0iRVEvY;}yRXg?ksINLeh-VI{laxPV4rlq_ zf#4MiMF|meGL=x9D)06_0+>Zc~>6Y@|y60`MY%XA?}M z5i|pcWC_47NQ};Jp+_>eOGDp?Hdp{Hm~A%}U`Ixjy1XG9P@LGTABJKK)Y2dV;S3RY^PAAPCm|JaU4)*X~*Jdw5L(zk}e~2~<-BW)r{@pdJT6Q!CInnDPulZRX__uf-7S z1h{+xFFQfS_rc3|RBG{;NS+-@u@5WW`w993q!$6450FE!OoN9sctwLRG)Q~K_FSaF zKn=!eaIyxAG`K~BM*$@Dw*e$|<5|0rq-(J7dE3u&fD&e`;ssk$2OyHuUbH2b1Bm2F z0JfjvtpME_%Kehw}Q`@*VgubQoRNfH@3c1eqJb+yrnvnXAEk3h)7$3&Hd# zz?%r_dODbs0H%|f1?FCWHDp@BdS9#MFOV2L%_C3`_hfU}VX|ZC^*#TX@9D)qo8Hn>-6uU&Z~1a#t@K2_W#F+OTHhgt7FW)uHl%d?todyLN6Jj)lC+;jL_<)iM%%lTXm-p z_h}vncpm>Hd%Y+@7qKJnBjdihB_fw$U)>7Id#|EO2CIy3DFPlMowL#RUOJSy>(LvY zjmXTl1EBX>DMMK=DuG9C4u`9}5XWjTTZ1z-xKM+o0BOajs=GA!3xEuq`sot}EQ0e` zq}0E=8%f~Ifhd1K>Ir}W7ojFd@#`FE1NB*gq8#^t)Xn?>m*LNm6hFd|HsD>1GfDA@ zV19${N%6@DUv?E%#6ZQ9Jp(EcDJk9pU(N7AijRgbeX5~&v}a(-iG_js8=T@JJp=XW zg^~q0JK+^lt{K4ByBMya823DvzWMd=I~*ic8W4>JNBI<_89BLas^ilbqoJ zn@|s=_#QKD!177B3>p;w7R>voUQ+yFN5+7K$SEnl&6zgvg-m7TvD3-!0evwVCdIFJ zWDZyf6_DcBI@|-k0U*V{G1CTWI~o;>JOeTj4=H{KO0Lgs6wmPtym|mSH&E^<_kf2H zCn>%Rx@tmhN%18Pw=uJlOCb+mfv5VAr=b<c zB5k0^-L97*X}?LwopO_oJLM)FPs&X?-qf3Pd?`2S_)>4u@%_JllTLcdO*-kRH|eCO z-lUVBdXrB2e|?iqddf{Y>8UsAq^I7bliuMbo%9Yj>7?T{1Pw_3@4QLJO1VkLO1(+P z`aka`9ax;W0UJKr;so2fIt>Af6HfvsEl!Y0TAU!0v^YT~X>o##It@XK6Xeus2wI#V zr%prA;siN$8iE!l$f?s1v^YUdora*r33BQ*1T9YRN*Q$;f)*#*Z_>fXogQXiora*r z33BQ*1T9Wn2Tq-apv8%5aOyM!ElxCmQ>P(laiaYu9a@}dze$G{C)U8HIt@XK6C1#( z(-5>cK~9~9pv4Jt>NEr`PLNZlA!u=eN2=6m2wI$AKGkUmTAWC^Nhj6f1dFXLP7o(8 zPEZ3$ixZ6Mf9)n6TAbj0IdU3;7AJ&hM7*>(K}JqPz~V&mCLLIu5NunV5WE{>Ygn9M ze&kl16A>`=CLLIuph!+b1XFI(3I3;>bZCi!m*>c72wI{bBRA=UQf|@-rQD+Cq3mRo%EEObkhHqZqi9lxk)GepKsDhPq|4a{XgHN zLxUHhbG|eG_#sbL%1t_1DL3h4rQD>Gm2#6#R?1B}S!**_AWFF=IV*XSPIy%NO*-M! zn{>h*Zqf;--lP*wxk)FSdXr8#^(LKg>Pv}S`3X^SJO>ege6SdBw%SvJLtpHtC2~%Vx$f&Oc$}B&6 zz1-E}(%JfnVb%y!ZT)dHm^20Af+19V6U@j6S zDq4zOED_{e&(md*Fhv$^b44!^rp%&guBbAn+1bi226LH2P;KqW2XnbFHCA*Pm@9FpX}nymF?t`%VQatMz&jm}SCDwO+je%yMC7SYI%m z8-q-hli?kUhpCTco^#08GGD>N-$D7ZF#Nnj6kb<^ zHFHn_EPuY>kcxj3>>HrOd}QY}=J^JI_X#!tNGUvjhs_8|x&i!5Fdo3!3E&uj41(hT z@(E4@s3cecAQ8R}&<7IQ`NF~hGAmcrxp9nzm2jz2$LtUA$%KpQ$i#+jv8dxxrH-$V zzt2H=Cn*0~CwXF5=~9RO=!!bJTHZjI zhM8!-20Z~Dr{rn?QOhF$&p`s&{b+OI{VffC)WE;fcB%jnEe-|{Ej9s&7BAIc1%PPr zJ^<0;Mu4qM_Dz5@P(6uCs8bX(1nG-D4$@$(2CW)w0g#M+seunKBZC{2C$JAW$`LRb zZI!grqa5A&YITu!{b<$LyGWxxS~c=6G?Zu_qq?^)($^j1$UhlIE{oKEzhtCM_8UAi6!;21eJ(R98J# z(h$#q(4X11JXwr-N1-kT|H|O4#_n$OWYfRiae(5ziAtTH1{)ah9gMkD^>PCzT^g`6kABcE26%u*RR!CPH zbQ=IL2E&D~h@|qKo2p#BD{XqWB&9v)8<}Y$pC>ADn-D1NfjL!obI&6jMQ}ycw#zH$reN zg|ZDAQsvzN!K)y4;hCxhmUcpq4=R~dXc!xjDU%P>9ZpO*dY*^qOBcXpBD{9Kx#npvMB=+Po=~7jXtH?Us2PqqahpxN+fpKIj+#4n+9V5 zq;HrCAf4i+8myonR>cDVQu5aT`cU#Sfb}3>VGe}k8T}oZ0RTzeVl+Nx_ zI(ra;H6W#lyOk!aE)L@l2orh8ki5YI0Hg$CH8=`@xlEh`(8w}f4R9#I-P+Gn8oUi4 z|64x*$ba-cfXVdieaBW(Ccq3zq5zU;cYsqN=~f587w;ORmwYcqIZlJ;COApEKO8`s z*;EZK29U1hZVmnpz`dut$9}BY9uVp zYa4*P>7N3~>l}ZN8N5U_ls#WLd9D%}EQsrd0{arWp@==uOUz=nDKr$7*GtS^I&WgP z?h><3x%>0w2+d`x?l&P{kAqaxxm@M#dkDS)CBm3YNF7%JFzrMwfXd+A%-~p+!B^3~ z!)|7omha6 zP#o8G4i6`r!RIj_Ejl@}vfz14#4O2OzE9^SKSOG$_#E#4qf$R@eYz z-YUFJ3*o{1g@u}D2B%|YU)sQbpc;pSo|Jk88mh1G@9S0OzeNzVn9J_V)?;0918SSyF+@qk0VINQfEVf13qU4Dg8?MUW(^((c$F_l)4NxJI0yLcI8x|z$qs*CiTmg+e< zVezY8%IMp<6~2B5m~0ZYaQLAc6Red4f9S{b`pHn{CmG2Y{a>OcHpz0l$@LrMb5kjO z4&X|gxv4i(9I)p^;*rDyTd+tYi$wio7PUFbNz_1@L_ICzoPLtOXJm23sJn!DTIgkz zp*NkzP#4&?91PnAi4~KDMXLKX2FbK(VNb=n2K~XjEgYs;@1P&4fQ6G3>mM{%Vx6nl z&>$|CnhO^xHhZuX_+nYL`WY|RSD=^_e33nbn-CLKFS6G^4j(MpzeKX%h`~@_(2y~h zf6v~I?uw6(QL*M_c{_^G?iPYS0*;C08a$%GOB#HsfgAs&;<-wL;Woelb|^%e>uiAi zY|;w>Pka zWQe_cVj+Mib{T+-;O_*GRmaD)B=c2!xu6q(^rbyD7^J~;0OG#$P_LJ3P=T;|+%$+=8s?Crm8)MVp+S@|t2bu9 zpu}=SFD>JK0IBRp0VKOG0I)S1{U2tYDl=GjW+f)014MO|)r`3IP%K1O_NQCF3(=>U zU8D;dDD_<}Z@N*xfDvT4uYLmu{t%(r#wqQfN|DAkK!PTr`i4viu^L&s4Kz$TvMh=5 zS@2IY%MT$ISy9^z(4DRE4FL5AsKKWie5=848l>s+WoQu7pj3md8q{jg3?ToEqW}gX zQR4vir=Eh1!bKK678)7xQPrGQ{Du41@v!LN)9{&k?EC^@68shlsLaP zM`NUkA54y#^cBkComP_zQx#IISD;B-+KzAZH0xWPBe>PMITKkUMLsptnpXD2fjUqg zLTJ0&@eQ6PZEHJzw5QpLkuE9nqM6ow6;_Q&5!?ygq|Ywq=eV2nnZ1IO-A&peclbuD z*@Yn)De^bd({z;=p+WIgo+f=_Ffl*SGz(uWx1M|zqr#e|8JSLbfh_cVt$Sxq#%Kq_41Z_)=H6AJ=Ow>KIF zsVL!T8rKTDNT8f^(wc8Y&5;8AOn=k*1{m=MMIX*=%Ei2h6n)9pw6hKk9+cPYY5vPF z!yvgfn2~0EWU_F+nbFiA1t!6ARP!Lz4k?o3NNc_je;}mDM$^+gA37pMV0^r3HcCJ$ z&UZKIqnIUg{mtKFqE3oThV~Z%kV;qjnzVuP!ViPZ_o7viB0Esq833fnT+`jWxX3U_ zk+G()Nna#Za=O1MjA%%uxA>a%QPnaSt7_86J&Ph~O>ba%jugMh)3mZ4?FLjnA+3oQ zl#{|gdz$qL)-sr*YVx&W_ZL)gi`8`SQ8*+7s<=JS)DQhPsbYoO_!b?k%NTkMp6amW zX9$43AfxCT{Ldn_6F$dbOJz99>H4QTzGfN-_|I2;!3I?~x};q71sha-Ad)-2V0;R- z_OI^vg7K-d=?g^TQ@7Dq${k-YK6NRbZR1mPcDva1+c$i9h~@e%n4V%1Nz+ri#p{z4 zo#=$0)WeqUl*5+pp7MpIHa%620NV5v@jo86gy|{9iCe311XCThOuGwp;q_!a40)Pu zdWt1anx47_ezobTBY~5qr)a6jVR(+ikDmou0}x;-0!WwAASGgY>QAfb%Jh_HJ({Z9 z#bBAb#8~K7#}CP}gT4AVNNaEdp87!N~&uN_eb5F%5RIKrsk*wm>lhcCo-FX6G7# zcM;wsa0B5T0=E)ADDZQ_Cj{;%d|n{4AH;|Pc^pBAts&KcGFYj+D%W9Yd1YbuHEz$xpvc2rRIBa<*e72jO zss`6?dWu}T=_zvUrl-iYo1S_DT)XKh=Cj@ORLWt?fWF==>Y#F#!&YLDpPqiPm zgw=FL_3sW_vL|7SV0}yf!jqHI82-`p6djVLr-W%lNSdA^qfJjG4_gLP4qL+XRPwMT zOiwXC|MIXUOi!K2xUi6eo4iz?JIMt8$HSJ)b-m$P$}BB*p{1oBwhY;aE#+25n4aQl zwcN@GtLamTZPQb;iLsDR(^EXUoisg_>47Ya7YC-NzJLR~*`}vn2PdYdM!<_UJtg=n z#*=c`5~in)habcL41!Ds5}o2xeMUhS;bD4;DW9eJ6w^~nAhRkM>pvg1gy|_dYtvK2 ze*U#SrQ`7!_U&R`-Y!PdQ=)UeGoNZd?WU*RVqB*|=P*4*f4=#6!1UB@#K$6naLQpz zn4S_p7tqgI@gs*VX?ltdVtT3-BP(rsYBVY^X?kiXuzm3)Oi$IpThjE@HwJLy*4QuHO()8=VqGEiJ*=RGqZTt%nygJuS^S zAIG$!*3sasESd;Ub6&`!TtBr!a;)3<0gJVW+HAW4Zt)>tD=;K8V%-^HlAFV@W5oUM zbRP<~7u@4b07D4I0*oLy8DKoY8QRaewjU#J91|Oz#!O!QJ+3d42=mh6`5v%S80v8i z-T=4;PDcJ*471H<2~`gvD->VQ!>K?f>dpFOSwa@mM#!Q@T0eZN2r9hak0CTdnS9_N z81C;XT!gSiPr;!aK1xCHv*0)z$>YN+pqC}t$0P7ORFVxr$QJ{qe3QuzEl~>(M!eDv z67K~7ZY&J>@sM9L<#yv1xY%yW2@ zpfXvtsp?DFQQ#*tuRkEzBC0CmTN_kqFkFLH4bIZw8V&9MxQ@Xe17O1Ow*i>#_-|U0 z_nqxDP=m=DoU6g@06m~XqjW5bQ|N9*z9x&3C@z>L(n8iXmOl!lB!zk@r(8DWilu2^ zfI^+if}Mc~Bp(X_Rxm@?0Ng`xyO#XLmcSM|$Tsy=`Sx+tX6PB_U!j#Uf{!Ozj_EXK#I3>GS_2AA9}zgB{X6iPuOqXWZcfz60Pa-!j;9N_@cA7b2Nc{udwciJ#Lk z^7>C7@I}4&fNuk0lsV;p{Q=*N@TTUJ_<-*a6jtVx_<)aC%_;E#9~oC{%+b@0|NaMj z45Q|h|M&qPUDTWsAMlL^u=79N81 z<#tWNQ|6QrbqAMxy_KWpl<{H5pte@3vu`b?%UFeCnr(GRGEWR^tTZd^xlx|%RFUjtJPT)Y)&UuAkMEbE>1iKumorA6Yl~1O37ycZcMIV zFLoFbovkvl^ACNjHX9Qfm5JG={jrLX$FV59_E(v5sZ7l_4^f%&7F>g2r+JFX6b{Z8 zxLCeZOqi=>rVlTaGaGYM{uUv_b3ujSnea4M9fk=Fz}N(oFLul3nvvuXH~|+!4K^#tAgSV!b8s`%V6&g%Z50kS542TSC@QR1sW=DX=nGOQ6g}1}J+6ds zF{rSPDBga#1=_ct5+Ci9-M;!wD^$$|~V*ow-+zzwZ1E7Yd>J%(j~_<0us!@0HV4D0i9Y zVQ)WM!==)k_v%us3!e9mVr}Cxrt+RF+HW%XGzQ`O8RWM@iu;?KrZp;LcKTZv)}PTy zRJKo6E6~U~OVjyX4lliez$-xs&puq<&Jv9VkW#MzU_KKMXvsE!IrQ@pfRy@c4KjXL zPL*W4(s7k(9sKWm7;wE<$_Kz2P-8ifVAJPz40x%_`z)3w>TIJ5aCwgj<==znX2YW?;2Emp-qRue){(b{MaNs^znlYwOsO za)#g%DNyyV62rl)>EYn}fRu8tovf5=l-Dt;>qWUQ!+9M@&GxU4Q=hBrv5EldDm}~+ zt=4YL#uYy!M>Xi4%oqGF@ZI;~v9tjV64d=GFwX-#Mdm{=`vJZK)i6kpv=G)_8Xd++ zP~v{XbRL!c9)RfUD}c)=`5i#if7UN{rCkTGlum5`D+x9OtR>j87Yi%^fY}K5EM+4A z-XLIh`(TwJkp}M)WxxiNg8^8PW06f%q^d&H+t5Zz>3mv$nSwJDoe=Mbdc)faw@L6Re}Nq#>AD z(3?6;epY8zQ15X^p8`kuVz8Gi|C}|Pb=yZ)hR#uMO<(TWn={=Tu|YHmj%M2lh^Caw z#pcYI>THbC_t{!zRw~w2E~jXYmu}(>RMJbVs5G?LPx;Rg0Qi!b>-!`_jd#yR)Xft0 zCPpo9^!T_PwTf$^#N`-@v%!q34I!i&RssA>HQfWCB3;Hvo82J@4wFb(aVpa0gwC&8 zrqt)ZOXd7w^8nSbz2(x)jgTa}BgrnHL_fsGOSTe+0!Z4E0hqQ?!W9&=Ue*?i@V1SR zWa(KYTVL8C+4?@Z?~-Kehjd7`QIZ{vBoAS-LlGZiGD=QmO?I^y)%+iw#*LB)O{A+t zx|VcEq^q3P#Q(c0Ti3xI66r39oQ4EuGm+JZ&xw_v#2Ww^1b!qdh0F$!LiX*<^o!lI zAyDmr!vK|bv97FA=@N?NoEFoThE%M-Nl=|bskE!xk?t)_`&z^&uhzW)c}#mffDAD< z0WcFr375TK^OYrRK^Ci}>}*Ub{rvn6WzX-X6)a<){CdTD6Y~)EK#9;|VR9tGA_%)n zgmh97<`j2`FvtFK!Br{|<_xzZEZvSVfSGfs(yc#nP%{1t7{5nl7%OKlO8gu^srWq| zE6bCtEQ#NvKeSWvds^)HOAnjESdZpr3QV-BX6lowd=IL8h3Y&HsYz8X1CT$emjOCa zuit2i1KE_n-dcUqCwG3JRxb%gbKJErL(!!0^%?!*4h-!;F`SsG{n>*L8$hwk{I%M? zS$wjm_GgUeNbxg0wcqvQk|_qmy#loq$ye{tA_XcC36qIwf zr#9uJQ|(oVn}p*@wO;&^;%hv$DJP?9*C0(&^gvJT0_2gDe`slKBML%_&-2tC1sN&6 zz*C!YXsI^kq)aWZ1to>wvue-4Um~d>KfPA3rQ+OH?InHwtoW1|EYo^Z66G*Fjw=0;W*MqY>m~F6))Rvz~d}luJMX_GQAj5Ha z>=FK`<1agUg6-nUg7*?v04r zL+lI|;qea^%{s%u?fM--C`4vVldjkAc(Yd((XP!_D$eL&}~AF?I_F;PE7&OjipH=LvN6I+sHf+>5^;ug~lK zk->h#d*e&@GcLnA0^P9B%KQe{WjJ|$CtVp!3x-k2A#1G{U%aXFJJ$Va46n}bSP!J* zJ01hegeHFc)DZ?;KBT2aMb$=l{me>=md&|DKFJ7-OlmUH`Y) zZ-P;G$@zZ>UxT*-*H_&qG4h%DBV%+U#(e)i?`VXVyX5@)?HCV4uKa(f7{d+74eV?M z?`M=@v`GVYwjz@lXZTJg4eM!igY`7FQ#X{16vpF`wG5s;$B2;6%vlujE;-LU5%QVI zV>?-LpyzTC@|n4WLOIZLs|fkbyc>_;He~(8K!NvtFmj+LP-y3RD^d#-rC)>mqSF2% z;rPtN_vc1d813l*;yES3F zgGLYsdKQ4|9bQjPTTctGVVv4}TKGJs2kU9~z)yWRlbp7m7RG;`5!BYx!aOJug!Qyb z5a)s6TNw)u^eh9{6kfn^IMA~Jehv=5Lk`x{egiiq{3!DY>uKaBgg26d^)zyaho2<} z>uKa#!@SHf2#*Wn>@BtSt`)9ms}1xWda~i}keN zt)c>TpeJ~nXh2y{3$B*6c^>F#f^WBrwJp`oGDx*k%K8@RS}pBlWF3HHydSa1u%1Q- z?|aB`u-;}G$>2Z_UF1Md#>FwJUhb01Sfntmr)6BC@NQ&3WLr-=8Kup^|7*nXSoo2< z9LOWkx;I;3@YlFqv^FT<*Flze~CZ`P6SMevhbK|j+xOgi^2dYK-?H(5|i zC~KmF>ls#%DNXjPSe~PoBSK@~!)4`?nUT)4P-Jh`EXR8cu=*H?Pt4$7x?!En_)k(g zqFUxUf*3tn3mEh?JJJv7XP&LcfwzD;JXmjn0^~ZGi#~3_^XR|MeKPc$ z`y~?_=4J)Pjyh$ok#(?}6_tA={fu+74sy3Lv6-s8FH=6-&64HjFwQgF%(NjNt1UuG z(%kd$Z=Y4>dxlwcFm#3b>dZQmOlM(S*3C@2N*J$I%ZShNv2=dJSxA3pr!hk34{!-L zh4?oeb!FrD6#kZSC%{8?Vdm@bklO?K$S(HrpbREVc*=iwNRX)A?P5;w9|pHzZ}`4E zJL;VR#`=!Yl%~B8XDmyT=@Q~##AU5Vs@dHna~E1qAg9?q{8JHRkr8*h7}n3%>r4PC zaXk(M1IyXBFwVZwK@1IsarTXj7#fVE7#fVE7#fV&h6caH*fElqeLiyIf{&O?3=VPr0TGz_YD*+vZHeToEs=b+C6ceUMDo>^ zNWR(d$<`>3q<&X&o6S59Q1Ii5wlWpBamkeQ|)&pch!sJ`uF}6%$aI+v?vi*Fg z%Pg#T8@Z7T4xBq1e*VioiHwPQ?CqN9EkWj0wrip(_7k7Dj98qDKRLJLG6YUwHdnF?pb7x@)nm|a-tP`UFi4^e z1rhB-O#c4pbVv|w>D<%6^`Z-6#Y_JZGFo;7RBo>JP}dvL4>U>WTj8f%HU(A}(53G% zhtU&MEK~c{Jy=1AqqqT;XRaQqSa0!qW_0xg#ri9@Gx)P9t$ejg*14RTFH+9 z2V)Xb;y|8jS%|V;41SH9_1Fs6v67V{crG5xbgn5@5gQdB4gq^zIz7%tq{o3OTIl6^ zi@99^emN662eAyLqAmtt8YR~OaDr5_N`rdbO4v}n_CKOb8CDn3>q+WH{T;$}C0gR(klyb-j;x3|*7Rgfe zn34F9dQ=84-|8Y-87)~b$_^?YQc2kafzxM{HUn9Rp_WBW8L~wFKjRpb2rH|OtEwot@V&>Q$v#T zo*~9_0<<#?R4Cgjy|P%ZY0gD>g;Y)VmNMN5AGcDEryvtj(`N%nO{+yq~SE`!tQzDyhk7MD{0$ERb*oAVv&$6|^ z$L-AJSbzrrjFK)uPZ0HDy|jY+P-5?g@q5j1h!A`4QSv*Z2fY-bT=Iz1Uw(Qwcd7cZ0yL9hye9(80`*}y2IU|H}ZR{_g;gDt!jvEo8c68^Ff|yR_5S08-odyXWAC6yD<> zxCxa>ay@892Iw`weB5xL4?-5;AmjkO5}Clo3%_IbM=E$IK0q((6&_kTU{d=;#cbfItC^uWrOst@ka3C$9HxM2B0BnbMy9|Fi3T|7wj7)yZ|e z75wSAuD1vxuG2k6C)2&riNO=`zg(x=2?w|9VLX%TbQI}zIy(IK*6B9Er>7KeuwJK= zp!PZ)u`Hl@Qg0jZuJxXY0P+Ex_x?2gO{fJl?*r+a*<&q+E8l)*{we?&y>J1I(jX=3 z12`_@xm~iDw~9hpFIy`@K7)@^DC=dLMaXCHWeR1z>}?V98T=TJbXhO+edUE&7qwpI z`^L^2*UNl+GWMd%)q0ul+iZTxq1MZMKZI|@Kojd_UrUU92J!v1kuK|HzI|SPOd#uJ zzWsKLTrczep<)biz08ME4nH2jO};3#59?)97-xvI1lLKyDYG!F~c+)4`zvZy`KH;6sEH1wKzWRp9%CCkbRF z1kV&m?FAPKlvSXs1wKycjRIdI~F}fx^2M1df8LpdWX1P zX6f~^5H)4#^|BD(Dyze71D0Md3vs>7((7d*4rwf`mpzX-4-DPPSg>C9Hn^q`*UPL9 zw+&cWFMALn)CX`D*2~DL58y1UmyuH+z*$%?Bd0!qv#?(FEI9Q6oTb;xLc8!LSXeLn z0O`##GPz!6=?~zn6IZNZ*30N1>tzt%tI^|C;r$o&j+6+B3;u?T<@25J!?h(!Q8$Ra=xivVO~ z5g;RF5g;RF5g;SwwgF!vi@k~Z0M1wFWw$01e_wG1KdVAiYgw#$S?j@tL%uiDdZ90p z58!-nr3?NFzI@xQp_Fst?|a)i4A}7Bhai+no-y%f6m$_D6Mv@6o=tfD0i5p*@41l4 z#NW5Wmj;YK6?&72zwhG&on_+h`$Vuz{O^X)j@Ld5iDP5wSTXt^JqsDqml^Pt?1t1N z3-;tX^Oj%&BAHxgrcACgQ!X>eT&?_Ya-Eqnxz0?v%plXAT&G`vM7&wOy>}y4nOtY3 zPOh`sC)W$$AxK{`xelwzb@cpc7%*=1Fsm(=%eWrzv)Q%~D^f9;n{JHJ1>?||>_>0x z%0F__1~5RC`o#12TECEF|uThD@j7*ud3 z(w&PXnu6B=<`ZQ5UB=}EH364#1HnLmRRl)@tRt8UK+iDz&LS+ABDAKvj87rMO=6f% z#Hu)jTAphcAt5un<<+_fQouGTLJK~pt^=vlgl$p;`*hw-Qh+URd={h%aI+NPOYonA z3NA#dQh+4@k27;G13XXg9l)CeZj?<5kN^-#y$y`0ISko!2AD4n99KvkFv8eUEXkS9 zQk7#Pwv~$(&K^5aLexPlOTrCRtheZVVGkqgZpMwP%&ts`)1(L!AR7#di`lTWTt@l_ z`0pvZpE`7lE)F}$VH^rlMfFHg7lWSzim#wQPiQ*QIDCY|I0zJ9EwTd2-Ua_EsKDpN ze2L{A4Dc1f`2bS6&jLuDZUxv&r!#!E{%!>jKj~Vd-8C2vAk|&0Ckxp}dW!X7gX}Xs z#rgz8WPYHShX_bHUEIZb4w0MVE49uGuEBuJWxRV6o@y3QcdVKP>_HQCVlMAab6~vf{VOu` zAMYZARg7{d(xI$kI1hE9v+a~$4H0Zy%sg?f;p7T2jAQVR%Hd7BOn%yT`e7X7Oo)&a z9{)TGfN_jPbm8v4Q|<1jvEp6-rc{d$!;sme~SKXVABE2;xZ_ zp7|hf`Ya^s#+_x^$e`Et9z`cogdKj0EFTz8S&$A^XJU0{nKcb%^wi24zQqktkGiwW z>-qvded8H)I-~5Wf^z2I?Iu`u_7wS z4#Rg1e$qaM{1pHxe*jshG)RfeB78f5ye>Y2pHRqIgzp;>@)^XL4mFGLx$x$CU3_8- z4?@l&d@&L787#%auXo*Ng9&^~$v1Z1>|OW%Xm5_dS#H-(%<_EHr^9}r$C@CU+W z0)5QlDuD^YwE|fQ!Sw>Ey&xw+Ue~9DuL|5p_>RC#JcGLgRuFzGkl7FJ6F7$u9k^;z zB>>W-jyL>M;KE(^jc9!V&LZ@#djOr0fn9gL6s~|Iwoe#u;53BCt~*`)ffEoAyY6H{ zficX}AHt|v1b5x(q-GJ^btk805!`hrr)Ck{btk805!`hrr)Ck{btk805!`kE9jU5W z1b5w?7@4VAL~_?%W)aCrPJ1BDm{LPR$~?>rPJ1BDm}R4LCK6Nbb7JEP}i4g-Fky zMPS$6?|@#p>&{{a_8kKy-zq9F0>@C}w}}Q^funnX(X$Az>pA%Lx>(!Nldud@?Ub^< zMcQ3U?O8;+yhfNs&>@{#=dQajjbt#3AY%oPFm~OkdTRsmB8BZ;cad`zVeh)99f1bF z1fH`n7-pEs;IZpYk@Y40sab?IiSj~`OPE*SL2_M>*$Qwv&1hs|7C{F&|B{JW1R0q{ zWTng^vQlOdSt+v!Y#*{W@$2nFc0vJ~(ZKd$7BHgXECSnyzarW&w-4t)EVBq~9}4Cy z0^5iD2bNg`whymm(6p}+gi^_KhLOf7=pwwwNMp+E*@Sl*{sIKz_Tdwd1u7Wp4&QKK z^h@++jfZZqeMo2PGUx`|hs0uF;7b5IUi*`$beho!+rxZk;jzeFQHF(A+3U*0Q#P5( z0dm+BWg**0V;%Q_Oky$(Ybv6M+!CZW>olYuQIi2{KKw=0WWYL>epV|#?B*hBGGJXm zKWZ|N9-`cy4CH!qM)~eTjDf?ZAmPLOXQC)ZfSEv#fk9X(%{f+FqJiCHriX?ioqT9)Ju>2TG1u~8RL%@1B{8*88+|DFEBwWu z$6~q>_k}S)iGP%X|AqMHID6=f??RHU_-EOus`$eh&~AJPB%b(0`1HmPgdbo0K}gc$ zt0A%CwTQzs2pf){k5Jihe$*6+&qLUp zcoAH4;}(W>QNz!Q@aFdRmOxtpE<@$oldnK6sxDVgzPv6LB1m6(W1_fz?MUb_#53Q~ z4%e?mi_}*(>iRWsq3KK@L@h@c6pI9$I*?%)tFWr^bYHF7Oz8s*f1tC`K^d{jgf*ROSjCapne`7t$( z^}3FOXRnLuDmV^LbCde`EL4CE2?))$ThQtf*tOea7V~>8Olb?{i=WLZOT7=qmoA{9 z*)yja=F_J28$z7~!Awx0T+Z-}s+=|mZU7Zm;~g`fF*BJcw$=&{Mn3>vj?8X`hxMS6 z;n;H;h)l=>YBkK~P2Wi5rF1-8tdSVtfXbTS160OPw-Ag0xQE~vfJX`D z06a}_lLq$#yiUoJ0PhogZA*-T1=Pp2N*^2JE(3FJ=p%#s&oeNcfm0O++0aP&+$!OR zDBe|`%_3cEw$L*+pUTfwQ5~gtf5q&%XJAKI>BX^lOvPNq2bD@DD7`IF?o}vf0;JTw zRH^+22+pK%Z7Wh*YR1_-jywcgx1eHKP*`eKPzVhd$!r!k7chIz!NYn`nKRF2e8Cb| z1N=lV0>F_6a6CYe;5H53)lNSE#OdVCcNv`sY5_!ZjT(&9;2eNn^m7Hk5P~%T2NSFZ zkjnWDfT^PuvV9c{D?@?s2_l(#9Q-^Bc{ba6pb03g&ow)D(E40+kgau9?9-Hj*sx}@ z7EUvxR6`|B0~dglF6Jp+EP&ut3emn#Hv>%aBe2^+g>|g5GgK8+w&2q(P}wQSkSOK> zfQc-}7A@JO!4Ck_=;T71IfWn>Kor~vz><`;0Eo^eYj7@r#C$n`1aAY7;A;UyLj@a{ zr-PJkLQ$7dCb}7mKDB%b@(!oYJd48?Da%d=nZ4hUCg4&n^dR#9r7LgoL)6W|x&=-s z-ZV{k={Tvo^~ybd3E~}(qK^fscYLIJ$LB$CJcZERAxd|zfPD(2TI!*yB07!23KytQ zwx?TEiswQw7gW{_r8t*58Vm3s3Q~4Dz@?Nd0a!|KCxA4|#{pJR@*aSwF9W*f#&TIT z06iN8AF?0~rsp>>ujaapI{cb#j2fnt@YXe$c`OrkByVwpS#7r;rK1M3!PZgPZUmRi zxse`YFbZyC4a8LJJ9G4+*;DxcD|aiWQXRY0NX)ENHR4h=5;KRsgLv2{h(2QGNCX4# zSE}M^#fJ?_$%d& zdHt|=L}{T)>C#`Hrc%$YlE1gD^6xelI&TJ5P3d8n+hm>ZZm_qAs3$}jRJ`*rhw-zB zdO;*Z+p!QG3hJ_fs(4E-iFPb*>hhehIU6M9mM*UeTdLRz)zVJ3OEOm@@O)5N8;aeA zfmYWi09f*A7;kkmThg3ko=5}0myk`}%u%?-sq0SL$EDiGbJ|A>e7H_Cdd7{ej);op zUhU~p?P&r$@tU483tpt{bOn&MGhBlsG&li(t*O)10M5mJciBwex_KerG?$x+<@4rRy-pjrX;3 zhj`Xss#TsMtof zT|vF+tIuR}WB-$tYFWM<`N_qwpl{s@!_tHRw} z)S+-U_qPkDTGa~C)?y@e6_a}&5lC|10!VVThcW6U0h1}#h`N?^XB0K^dMs%o?kO$w z28qk)_bEf1D%v)4k>wguJ}d)Lx;;DVlB9gXT*Lyy=1sFvo@T{8Rt3cd=| zMaE1uGR(&RUv+n8qDF=eg<~B?2B=!b6E)QwPFx56Ldwo(7JB%(P-~2H7{5YRCBvp29V&n87`xQp#}qVCzu0JM=&2i{xmPsV2K7B0GjCM695@%bbggDO_r#3 z9Tsj!p?qc=2j%K5$tqC|$u4ZR6m|9yi9w*!S};oiE+IqP3%>$<2kJxn3w0ClVuJci0&^z7X`n%ja~_wo`RLAwAN3b9 zW=6IgK5hU>WNQKLCBrnI26zfISO=3Nc0jTnG=xc%wIN1U7hnxwD`6eqqY##Lmourh zCy-KoXNb_U`}D@|UWEPzG>HDjaru`IOiB0}En~juyKW-vFMj<$VI8==k||EY>UTkeOx1rUzpncI^6TxBj)bNo z>B*o$3^yAcj66_e_7;aCbSXnW2p{)@N*TrT0MC+PJRbnO2O7+<3^s(ZmYomo8Y;;s zdl8wT2FmsW+|0}-;3(h#4UV?Gm))wvHR!!9$GXf$ZNfeZ6ZVbTYJC(|>l?p^8c9)D zr*F_F_}jV+jwlcH^ATEiZ^HKe?gLJfNV3>OGA%p7PKq=Ip24SF9A7X2IgW5tF9 z^Z5;W9}ag0H0nJz+SqT<`)atapdsZ8+D3izK@>M1G)~2|f)vFFyWvHTVUXfu(;D@; zKpIGFsOyb(04f^dX&8PszRg(K>WcMQYAeHxZHyqvHFi80$(;5cgmy~}{ zny~-_e3!A~Ry@^KWy1`$RcRz##)TM&G=%>9Ta}J~-l}x`^H!zf-)>dvkCNHw|2(kx zGI|ova&+~79#}Lyw_yZ?FB$Rt^S~mNaKDrK`18Qxp9dDv4E{W@_!PRy|4R-m#{N98 z*zv&PCm6AqTTMCccXel%@dHK=_=XI-L+ZrhRx|!EMEfzs{s9!1BXnEMZt4u3EB=rQ z-=KJJ{C34pP`p3BALA*+KUeXgJh2b8&6J~Yus@h5hK#nE_Mt-il;c~b9I*c@~0wiiOt5R{)ePl3i|tN`P&3p^dX8i!y^ASeZoE@f#un-$iGdWrRb2d5Ztch zUkusjz!mPuL;l-!u@QUaG6SG*8o*+JTt?prAX?l5kR&G+imN0D+m)c@{zwUGRpD18owsc! ztqNbO+a|DDcn=$Ut=>fy)(A`CYxRMOwhLdY4?n5!J^!WfJ$0w>k#~`u$oD&dh@Ng2 zSj$bNSgA^^sR*G&(Q&GN4(S!p=R!CoYpOn8$r?}< zm8#EBvW5!3z{{8JSF-*C5x#*dyn;gbb!?d9-Eg=|YXukC4QWJ~5lAh{?BJARFhFOj z_gsM91ee=hTJ#$#?+aO4S`YJ|mr&t)V=5{xCTjg6t|Zf9=Q7hTI?@ZPcCpii9IQw) zCJpS15w?np&YTCpqzJ|z-l zoa@rua7BNPM3ARsjFy@JIv#Gslva0MzXHAfQ)hSBne;ZzKw# zMX#o$Ekx24c(;a4G#UqkD@j{8<4-JW1p~IV8%ODw$yohwahfBkG>#TS?8Xt_6hq)j zsRoKBZJ<&bGuC>GN|z!+$7GBy4(fJj|d$rMs8s!iv1 zY`K`sr?w)asmPMrfwDA{_TU#mv#)DXu@thil#m!~%fJ;9B$o z(ULLFKn!^_W3*IDg6%+%Cm4qbd;stcTqT1tR4YbyHB5}02gcHE^DfCo1x7k_4yr+awZ*2fnA0dp&d)|6lE3eF)F}w52A-{ zX|BGwh*Y-Y<}Js-^x&MG%9}< z|Lmis#zZEvJpXR6yf|7)VdZ;@1`NT!1K}|~#M3!7Dwww4xZUkE^2Z>0N?V0H5O)-; zK0)C5#oP(q%dtDpuU5wg;2-tJjaBv0=%Zm zg9gVGas$+u2L`jG3Ie>Q$^(O0QnA2dWR5%7gh~dwqtZMun5AD?U@?UCz+jeCMS#cd zJTRF312HNCSaZ}oFqn0LTOD|u6pr0d{C0uOOcTfMNOcPE*qsLkv)e$`1TskB*j*1$ zJpw#-=fSbN383oadtM$G%$nf#4Di^U2L`jbpn3%sF&+$NUqQ&e0bWz(fx+zipoRpt zQ%)Gnk{TM=MG6M9q=pAxBn5+6QX>N2F&+$NTY(xKxCuMd9vr))oZ|vtF(eFTxdJg! zOY2L~oMU&M^(Kog$L>5ELDooAzHKpngD+#yNvnyMEmyitVgf^04XaadzHdJpakBf3e#ZL z3`;``4n^cupffc0)r>=fSu;OOmiRpiAkx)nZk`~OJ9biG7)uX1UY82PSQ17DB<0J^ znudSIKxF63v#ub17D@WTRs(Qm$p2mnCTd#NIe7R#@Cl}sD?S$2mi!~cANhL%Yr*%B zEV&{;x)%H#G<}5jYQck`&vIzztepQHa~gPZRt_JFJAyFiq6{Wy5F^M{EYG%>=rWoL39BNo9tbpC*&RwnFggl;4pPZbw40H1ta!D@kR4UyL7%loZBr z21~th4?;EhsRw-uWe9B0nnW;*(NiiFY2*wZGZkcaMVh(t`{m6La)e7ej9-~Nnf&5o za!4A#rr||N{w#?&y%D4vT>dVM&&(|UGY1?2I6zLYsiFM>pcOb9AffuS0_S%qTZngV{#=hT@)m&?sVCjD3zZ|E z)cp@{5%?Z~JjT;_9=}C^Ea&%t9{;^t1l~YMZ%gzf=N18pYTqJ2?A-SGFtCrZO-5k< zDfCfigG_b9fI1tLdcV05{&F@b^}!T|RcC`zAM$Mmfz#`>otA{Q0Z2l;VSwBqIqHUi zXMj8gpFw`IRoyV~fiU?DeokgbJiOlvlg}VOCQ5XhPiP7wGaA%`!I@hKs5_ZUACE)(dXV5O8*`UBNA=KF*ocIz-oejc?FQL@g zAe{ITN}UY~V5-Bs)Y%}+g@jUPg94c9&`+HW3Sg@9CB#){g94c9dr-cg0w36Ek%-D1fOBDRnj| zfT<2Cbv7t~sSYW1HYk9p&O4yg*`UBlHw@rwv?jk|Yo84YIA?rED0&IScGhziu% zpuk4afI1r#aLxvKj0X_fW3aZR+F1q}Nyue=3pdB%o_NDR08<@$n0p{&08Sd~vc9p`M>ZC1Im{Xmgx?#ZA8m)XDBI1UD>5R{*PB1@AmfSE9JmH3c zU{v@LXBz^D)HRxSGq6m7(lG_1hfIOeF$E$aXM;i~oDB+{a5gA(!r35SVJ1ftbvDQs zH94%w*&tt0IuDj0DV`1TU7Gm?sH~9hy_8`HB4>l}wI#uvHTgc2&+5wAAm2y+*$9K{ zNf2cMkjR{_`IrQKg!XDa=FE{zXy3={&qo%b_BCZHZVND#F*6NSyq&B{@`- zH8RMmQiqDNMhT$~6=jW8RFrk0_^3lg_}bEFB+aiaeF8x|2BmhswnUCP zuY<2Gt)*xyF=jhoTaxoSmUCXmV_bp&L5A`e7vU*WQ2T33xn`3-se75glJThLzVbB_ zEw2^}H%(3#0yd)=^y=q+0>SKdp&P+oSlZ4x03Y0Nis_!7vjy0d^9Y{qoXfy5az4Z} zCFd=0JUJD>-kjnI=wvzFfKzkM0^gUj3fP~s5;%Yl&f=f`kV_Vt*5h5FH43FS=3=oo zUzYG5a^VOLRv|EZoex(a3u6ztnv;pe$VlHYlNrDLSV#ry(1MGQIOtw?rIHTh%c9Ri zt~2Pr84275S6Bd<^haEo%w`W5FOu1W%&jibz}O31+9P>%C zg~T#ejH&~TOF5b6@Io%^fg{9>MDI3n;ZqKEJTt zmGYV&myf*(?qCEt9WMS1i0c5Zfs?N&BzYa=PEhy4B@ck;Fbemg!6knMu^3<~2{&IL zM!U3QAc{M+GqiHd*^4g%XiYG&y#iPX{0Y25sNxVZFXe|{YCNS_5WEz`KzvdBQnbk8 zVg&DwcxAT%Ffam22rS4N2(CW$gXTshly71!G`PfYcxoFM%0l~kZT zAf5%6FSXj>>cYswz!(hIR6bhN;OfJwy9tbya0R0K2G?*#hlyK6bl>2bs%S&ie}ikj zs(-UU>c7FYoOz=?6rME>lB`ly{{j+x2Ch&(w{@c{cpn0N3&wsj-+(ss)v6W?#<*}8 z5EhkHc(vJu0_l9@vsAab(pDi_{0jK=L6BZ>@mU~70Gvl+0*ILa(@C5M;u?UZBnE=m z0I-fk4-k(6JOWqYB;R}`xXst`aStEc@hJNQdEbZ~uH%*DZWw}rM=Smf9{pIkVYI1X z0H_aY&ttH^w^+hjndwT?Gte|zO81)SDx=O@O0CRvb)`?`j|_LIDtV=-;Zj#F(`hBI zowHQSuauSFSuXrwNEWPt@Km<)DXKdUfDm=?(i^F@0?BWR3t#h-no~V_imR2PjfhnD z6jx_v#GWiQJ;l{u)oei3^c2@9MTb<+p5mIw@b5rpFT+(ar(wuf-^JRy*cFg^NnD86 zV>qdoivY%vV7=4>%p<{ixe?$760Da80Je}|z3c<{7%stN|HC?&gG^POp#Ny>KPUAI zT*LSXwc20x3H?PRs%oIWOTIDFQo2BYmwaKST6EFhC1+AviX!^E&S$}^rM>reO()S( z8h3x!TsH2?WmNq@yKY7)LdLDior)-;rYmJ|8l);$D>o+~(q3IUYJDs06=CkBH(rv7 zj(V2zDrHWgu`m~g%Wuu3_Uc{8><&gJG9~@J`Vgi+4UEZf1%I-*d-ZV)iH=$@Tg6+s0u5YBTm8aI*zR&|ZuSs>N}+(cpmh%W#>Bry;~tBYJ( zIb6I4h$#SL;1WzNc?CF6fqDS0^-2)r$W5RKsIqoyjrFDmkKMCS$fQ2OP2k{2LGbA>GNK8UC!o^pC7!PnhiK{?71h54z z!K7Qi4-U)uH~Bw2c?kc%h3{8zWs@Kx+cipJG(0e$eZXjVjQ{cVut(-|gerLrZHy%z z3U~Y$KBTSG{vp@d?BO{ZPl;+s}F5cO{-G+&^BH5A?Y@csrIFn$Jj1=D>-&Ghv7Enp%~^+ zx2oIpRst1Fc46Jf={CKUV7tIrOQz)9TR)9CubJY~R>Ku`pMaE3Q6tG=g=JG|N&x0!>Y}fbbru-Y$P_VQhs;57D;T%IwK)n2p&sqKENpZ2Lp{KLK+fcp zUyN&s;o5!Yy*wS(A+Wn)IGc9a;gv&?_!67h9{DZM7oudHq;u^lXFusA zeQQsRU=d zvqu-F=`$Fk3zI00NsPZS?c!E~MaJS<(P)20C{@}zz%ZrOSmdB}{FIRcDu1@cPV$o< zC}zV@`3F>La!N1IiLpB0#z;Zmc?hFQnXcrjVGVP&o|g{kjhws0uLo-w+Wl#8@w-7B z26zsx8yk9Z8y*ub!P!Z;4p{1d zyBzSc1M({Dz-K$)E(g5qfCDzbY=-qS6T)d9Qn&}wJ5eLIg1G=W&xMOOfY=1Efy5Oc zUIus`F2N|R?*a#}f61-*e-PZS;ffa_#nqH}1pt4yHSJWko#&|revv|dCNsdWwr78KxSJzKV7;X;z zx38b>i}}ERdi`_~0fG#5;`P(n=Bb!yZIiFxxhK+iHRg@Xq<|vR_;{#ZnqC=jL5a7l9U8o4Wo0P;Bx-jLV&L zA<0TbPRv`xxQ|QRi;&ZBxbR2_#2H%nQh*l-9syW@No05*z}w__yW{*mK|a8@1SJk= z<$z8O=;46r021p40H&kmFQWjBo)ujUZK)`M`4ouxZDWZlp_U`>C5=`4qzp!ml(4a@ zBF!8rVPjuK26E=Y;7o5kTalrh&#>CAH(sbnD@V%TI9-vsxnldY);Z*od;bUoUTf=a zctn=1*NL_7JJ8J2)XpoA^j8-62!JT1UyaQ<*8#HtT$n|M8yv9F@p=|ORImp?6!(n- z{7`NXv9$cDc)!tCduosa+6lz(=f@Jt8H4(Qn@^>5Ux0)3a80D{SC{TXs4<`~AWzh@ zx;1%MfnH3W=xB9!^6mz`nLJU{>i*=t3Hnv?26bc3!^!&v^bc@KWveHV=W58!5go0* zT#*IQMG!I{FZwa;lDHdkJ@_ATHx%%{rME(1#;}H0dJc7Q3d7K9$17v3#SUxttC?) z26`ZQQkZU?$-5o&dN|d3yY(Rt?@_Atb~{UvMvfGr+h|3aO8Ray6&X-f(QTn3Lpib- z&}|uC-=TcfdQX+s`yO(77EZPI9(H>lo;QWX=^^dC-(tMY!R3t*UI|Bt4WO@s3+HyS zM}l&IFk5yHfD(d!096D-9k1B{(nA^nsGsnw0Mh6WIAIKI7<6GQ3qZ!0p#ainraRyU z$7>6Kbd`r3@VVoak5(n}^aD`Q9dMHab~xZ28)(^ESjLDPGviC$?`Va3BM&s>$SqP4 z=aiWmY9eiwh7DC&5oviCc~xaaqz9q(tICQ<=Rqe>x{f+yi>i*8R7b%TE_}EJuhPu& zYS@44e5`}U^|Dk0yaey)oQV(@!zJc`xEWv-iK!rV0&Is%I?;-602lAgCF}A3AMp7W zu7vO06-xl%!nY!aKGgVQ08%}lJ0JtCS?Zu1fQm+_0(c6qtpm<+zyb%cwbu|c>QC@_9ffvE2>8rdX(A1UOAUVp^^&udS!DsMEGDBGE^U|IYrod#r zMW&d#(z4RFul$P4dl-^7mbRrOhZ*%TEttCY!YjIbd>*E*N;ccnH3RKMeM}3cuD_z; zsgG&F)b(Nbz|_@)m>z@A;OTg%k7>cwbqiCpO2Jsq1G>P>&%Nq0f;irmk-alh5EsWQwWleqr(%{5zRq>Uu<& zdiQmX{maz#6Hxz8o4S6EH2*SnrQz%Uq^avak>6jYu09v_ z3R71WTTb=B)RkDB>Vc^%HK0!QoM7s@9!!tH+Lmf(8ICVEu)c*$qgvtqtEnqJj+?p) z(VZ;Po)E*$g1^)o9+; zz{gEp>2ciDmBjxYQ&)~A>SJ0kb>$!=AJc-V>$mVgQnslpKdmLEuBRc0W9lmSAVR^^ zbr|_PAOura{+ep?u`F^$W_(PGNzg}Vd`ycub7T|RIUod6*Bil;141x$jR0eOW-!Op zmEMl2D{-J0A$Y*RPS-YRY|>JXqvQUMn7Rg@h6uD-6%qb2b!`LIe`V?_VgB2ut~-&U zpZDiGrmlY8pZ~v@x~@SmpWL4hQ`df2vGDW$e3-ftYkqDz!_<|;$)>J2=mnpVK~`13 z&sP;2fTgsVh0Y zg^FTSLIemhl*c#+&l62u9h2sU;J5I}=|2f+<}Ac?P0tyR zrz_{TiO4l)2C$K{9M6=T9th*fIfAEGb3Y63oEw@@o^UO&{;}a@Jw7lIAMwI}y>SK9 zlrKv?9~)tMjlmrKEVzP|r~!m;!OdA3stzF4h2inWQ79`RpBkxS5#?C~-vJkW1<6_^ zIDGvLz>NqQH6|I_y=4Gd0KzGDIA;KChZl;?!i7KJZ2T!DUk#3>ek}5}MP(`Zo-(48 zPrK5keNXvBf~SmTlmPM-bViX8zqO)G%KMa2tKBCr_1>TaTyYVMNHI+7jSQ^>Y%mHbVAfUGIYsJ9 zzy?DuCOs}-gHde@SilB`^y(-QEj#7S;(Ei+L?TOZRVZBaYh?5mCHoyf6qq)_R%u&+ zJ@gs}AYqm`UK;=o(CaCHUkJW&!u$as=>$FI?)+X6rTDS?7I!={&-#DC% zLu1ezsSj1=ajMJ>5OpS;D)YF1Df760Df77FWsXUiFH&X3Yh#ftbWJeCUZKO)xH1zi znmgVuL}vgg);ItWc_Dz5=6(RZ90h&H@%jlMjhsSgPIPdJqsuw~@tSROwD>L-bciab z&WcY+rx;>HSRDyzY(tE4)?Gp>ZivyI6{m%VF=lHOGj<{FycQK5Ij*ACN<~+qB%|Pz zidz4rB1x^a(NQ%6GddS(UZDEVm}_tYCtUPB zq#;WG3ZNM8>(Qp@EhP|M3vZ@cG7V)H-xFNPtATk*TA4 zS?oge$KkNNN`-u)B7{cb69rPOA0vX&)h8+fEki|DpSVw!X^&gRn$%@5Za{*nrGMs@ z-hI5K?{!N{e-nY8fQt@5My!tLd;l4c8UUopzX3qaM!y7*#(NY%0yjY^mC{p3K4G4Ff4DnXF zrD+c6i_Z~egKnIUHFMQrR=VSA+|-gH`AT;+CGU7GY}(-pWM^Wf`&89V%z|{4UVjxS zP|TF-kuIv1EqSv$v;sf&B@JM2M*Q30N*)98D!_{*?gsG#z;`6pg2=uOLo!?`6DWHg z99W5zy)FNTm+!^@)8X3{F1iL8Nxyg#;7peISAdZOsi)f<{{<=xENc!TZp|RdM&mU7 zUU%pqY|KhZ3N-B=B)1W+BoD-I0Eb8fK=fIGm3O$3V~Bklz|C-CiC2CKywe)+D+Eq? z4Tyh$_zJG%o4pp~$GhASTn;xmAE;i6HSlUb4NQ+?gm{4ax$0Br11{8%N@x-21?8dOcP?;Yv1uxCme* zi5o!N1F(_Al_35J@B>^a6DWTIoYQZ>Jy&pLFM*&w-@|{;D%{!)X89K&&IU0ME_yAp z7TLz5_)?+;0HVg#0HU-bj#tJI+p82nyewq4s#U%bBCHDQK$(yy0kl~rZw&mzlBwDCfJuk^s#Uyy+Ql{u$M$95aVyg zyc({gC5Z0HY$8La#> za0Y`q6|U?%5Ui!c_`eg3hvCXoVwl#h$45foqHB?X=<#I-ybmCHJOCgy^ap^{ka3<3 zB4}m8DR#hF0BhOB@54waUXR-VyuDDbbbx~nsOoQLdm(@Xzt{nD9FQ{9uIttgI1fOC zy%j(bd<0+%vvr+qbMgR$Q|*AE0MZ`XI|E8Ddq9c)G~7-w4Mmh`S_D9bp+NwW#drWo zunMIY&PV_e<5B?eTIqm$9q^n3K5~HTd^>t~2TTQ!=t~{WZvY}{J(MSvuo}Q_sIDSh z(gEdQ`hn@FzQG-80h`d0j$jW%Rh|Y{(gMUg0MC*r0&)5Vm(~%k!~(G!U>95|6DaQm z&WMe$mxn7q14Q53uvZ6HHWCDX4yVZf;pKDi|0a0U!<8=u(fxMV@xzth2;we)RdCVA zAe`vsR{+se#sHhs1wc4`0c6A)0w5#S7{}{*rwaE1NSpZ90lzrlFltT|)EhOY(gBck z)&hviwgO1Iy${;F9Rfz*02mRM-kycVzXCbBwGmX}?e0)t{Nk4M1-siObUe6{t{}Dp z+(n`a#3^^+^bTA}F^H`Io8U^BK>69=bli-a!Qjd+1i{`u9sk{T;#3Wo<@F%m0C5jo z`En4i--V>%%5MSj{1)^|xbn>)&bb>u;&8=VL9`mku1^ze95Ko01moF~7r_qSgB@SE zQu>s=3l2N@=lI_T-0pDYe+RJypdK!IF_Mu=SqmUq&BNG70LA&hB15R=H-O~zm;+w60j3al zVthJ;AN+}E6V3DidaGuz8=eWM&XY#FKuuDHiq3WCJPn_g@(w*u&E&O; z!+f`DVduulkjkxv`-I$DoS0jS6LV{!a#Lwmsx(`4p}3W9IXBrt-r!r=a-?w9-O8Oy zIa*x7U{&fpL8}-;YL82mni^Ab>~WR-Rq8!1c^y%u-s9^3SE={7V!mj8u}gIEI2!*$aOwqPu}f;; zXD|-IX}yO5r1ge++kG(K0j&X~-JJ&@ zv91Geek4AjfQ*XBXfRws;L`qPi!);IU)LrSTiA3 z8+fr)TE!OD@^n`w8;#B>nrcSVU9F`VNq?E{>Mh+$`pb0J8PZPW{ePxXy;f1dCT!a6 zloKk|PEFNDRPQuZ+fW&ps!gcgX{xrM+NtlvcIrQ|o%-!|Dnj{P<$v{;fU4~l>&HNh zfJ?q*sZ|VO+4k$I^Y8~rWxZc-C1n%4h5dRh%cipaN*$w8UF2(Zj7kj|U+b!iNCw}i zGgVrJml@2qGvIHDJtpb0dTEbIdiN8?Bz@pty>qsHE<3TxdhUr?&$F|ZHb2kKT1q`n zSEZJ!n5Vb?O9k_lP%S>9O!MutT@`ydYT|Pt%t-%(5=yB@>!*-V1-($^rsNoF%OPjC z#@Pi`$NMWhOf1_jE`RV%QEHR_TM7_ z7MWYi;QyPfDy_s2vIMS;i1wRE_6_Jy;o8cu{kyXo)kc0={*Wb|&JVyFu8m0dr|_nN z9tRhF9kR$ElE508^zhCA@{@cffJ_pqW>CAIitM{;4Q;Q;&UZ^C`=|Dnf-U=}9Zr({ zGm(88GP|2Xi0q$<>}e0WG#yUKzV~F=_lcY%;XNEq$^NxAv`Qt$a1rA@B>fJPk0F7s+}Ers zWvTl~d)a+~q18yL^s1IF-mfK#grC=Hsf&L0RVjwbv!7G}wxp_MU9z9l0=83>2>m9h zxS?vPqkfli_<&8K>L&xFn!bfJ-@qv;2a1%(K>tZ8e}X_1CF;j&D_1eKs+m+mwJ0If z1E0DQak=)X1gb9Pz({dLpz2mCOG61%eX0`3Z1YnOB-2K6%Y7L02{!9s*gAg#9K`(d1lk?k1A!E{-c0sf!;Zz4L5|Q0F zK(CY?7iE71|9vdN705+8;R*nmaIXQ7Dfrg_A5-#Q0i;{v9x-e)B1_qPHnlG8&Vv+b zo?YGX0Xq>jQVLOJxjHRj>%Wcc`K617vme3YEnM^fVu&(+0pJRI*F0nrZHC8JR76eF zl}Oo4<-Q^9;V?bNz}pR}M;`@ArEA?dTiK1_?ndzpA(fJE!0Lw#y1AnrlZn$VAxTfn}3}LQ@D`Dgf0P9FF*_{Ae;iCN!TSnhe z0J4cS+vaG|R~=OAe6%e00&lJJt**R_J+&K9L3CN~`)eJ`$lRUY+8;fT94_|(@A1Qz zVI01E8Z}3kJK9^@1^#sTp9gClYs-TAw7RehZ_9A`^?G{kJ4l=^YoEXNH*6BqWv%fa zKdspWr!}`v!h1hl+G~MYelmitU{PAFe3Ht!J z+|Axv=T_|8d%d-eS!nJqZ>{qYvcegGlTMYsk%|=pxU5y_wT?+??sRW$GcV@taJi4C z)NX{lbXkvhGz*Q!(9V4jPj!;C`xIsJIbxEbU4S*ASl|D?$tP~H=CJK@$t~7ytlVh0 z#kvA4L*0e#ej2^i{lER}7%sEE9D(r?hR3qJ_4sFBX6>HHw3g>zMW4=H@VHhcz+(RC zz9Gz@JYmX)>e4;Ckc5|5Zay_W%sGX)E8?ZpW;_fm7h!vF5w-z=JjUx}O-3Y7QnBO~ zRBtj!54i=^TP5>LxfR>nR^bki$=gw|$DmPym)4AO3#!>%MddB1W(&b`3u>x2b0-3d zDX34~da6u8{r8(&5LQe<{ST&G0<26y{SW!>2LUs~h4>d>p>_hua7R;6a)ab3Q_xp{ zJO-b^cgYM<#=XMiGkAbZF$Miun0yA0l6en9rlO7Gwog2RS$HT@(7-`+1PCz&4g6rs zMpMwhq4aXJDP;;8_|Xc2P^O@PpR-;C0aMUINs-Us7^dh+K}QJuVLrnYX$l%RYNtr$ z1&*l{#S|3xV+O^#R7^o}KW6szOjB+>#r>G#2UF0gk^`T?7x7T0pl=J4&)}zIiYe&V z!sIjfBbj0fN|Q#9!Dr9|ag-@&2HS$cXD}ZRWeS=WG5diKQ_!@iEj3L+(_%gsw1+w> zk$8Lt2jihkLC+H=pTThgS<}Jk0^cN@CvZREQh`SZZx9%yVCw|35`tRF?mC#n1Tj>^^Qd; z)dlat-&5Hs)CKRsKZH;hya)djLS674JSv2`;5~Ru2zBdeP}7A{x1I)Z>nYPyx1I)F zic+_p265{t{gNSG@E*jir=--ar$O9$N=n^&8pN%q2N6b@f(CKx=}(}PDQNJdTTg>0 z-Fg~4>DJTWNw=N`PrCIqh+9vOAWdZo8pN%qsrZ>trl7%-Zaod+*3(xZnY#5fh+9ud zsasEjxb>8jy7e@OTTe-;TTg?y^>i;Nb?a&Hq+3sexb-w0`PrtRLFa<^;ChqA7E{pR z22p`B1r2T#4JcF4;9s|%K8Da9gS9Qy&N4`~lgs)RZq(tPXbKv{t*7)5Q_x_IO>~FA zL70NlM@&J}ugs(B#S}FCDusVQcIitMX5$N~TTcV0qm?f~M3{okW_+50hVsK?i79C4 zgj-KTQQ=FRod_UO*J$4RfyERw1Gk>iLrg(4aO)`vF$K*$;nvg46K*}tJmJ>UKw&0F z8f6L^h?*SM#1u48lPfE13{y}hK_8)E3d)>0vI*^&f(G6(?*mUvK?5JBwg$%d%wS>)8u(iwy~PwX zuwSs4f_?&~o$iSzPqT1${8-AuK6A_oW7}$4>w-TptxHfh)_V2ZR*!JjhK%+2CwIqN zcc?J5)wJ$YVHPsX{Sw9uk)NwF$u_eGrq03yMr<{+2L~=f#cE=!nSIi=q}gY>hai}; z)yy6i@?zp5wwl@JW)Uk}&Fu4pFq#axV62vXzMnF1DIY{<@YliU2`|${CUq(Nh;;ei-5#P)^idU5*kG<$`LJA563gOcn1;7>>}ylX0m@D$8d^>80xS2%{JJNyC`X^imQ zz$xJ@_emBYk zx>(UeVL0oX>a+*Wthw$>QCaD*H#k*aDY04+Ti!*2~)t_yHh; z9M57yixA`kNSKxY<>ZV3;CG7?%K=)G^PB??19T(DeT5Bz4#;yr5`cC`i2(plLtBYe z0K1^q#CrfVMM`8Yu|ZFO3(1)RFbx1L<~r0y(WF@qx+~wQ z2U(BMUADED5xq`DtXB16Mi~X+`zSh4vFWaO1L7q ztSm*<(>q{1O{UbSN9lPGgz63#8?WgeR}L%rX^`9DisY!U*Cm}c^9kIl2bcU3s|&Lh z;CEA=>G-c_x-wr%gN?~Q;dLg$41r5rfiUx^jFKx+be7;C!r&%1cZ11W3RB$mucm;; zo+G|3mbe9huBH+n0$5G(KEUk+VWcD)F9TrBl?(=8ie2GOOmWbODN@J>7=JCm4uaPK zB#*xVyi87Xq0MOlAc1QEXc?6l4!{;vvIu~g-SaP*jXW{4n-J)8M!OT>?*vZ({6_F9 zfMov;fHwlpw*XlLZnR_qt!z7M{9`@D8s+a&p2Dy7kaWOgq9XI3t=vSOALdrw6Mer(3p$}zdNA) zWV;&91Bg=BvjCbA{OEY4Bfbm-VFwgDpwa;y9Z=_hr2taFYXMlnTI5n{=?V2s%Bl06 ziB@QAQvXCUuxaOFc-yRG#k2ay9{yho-q-`093Hp;m> z(R|@lOKq(WA~R(dmaV~5rEjZBKLyOraO#JnoztTF#^n}(c6zQ-*?_nld2XjC6+I*_ zH&(RMD-}Id{m``6gOvHu)3A_)E0PVG4!ZpMbbk&eEpTd7?5MiR9xy&3b5RmS>ZoV1 zNXGNnRtHo4Om@_xWL^#CVz{D>R8=QEji;wx0pn4)X1mg`fs}?1#t(!S`u48d;#zo zT%rdOp2enfCct8Xv**DknqV@3^aa&>4~YnTrlY)iH$CkeioxFp*GmusE^!RL(tDey zW9Iht<@`k{qtMgzymK(sDsBgM93h*)6<2_`1YjbG7>Jhu9*1keI4ygCbN0(vqK2y+ z03vZ13EoQ4de1Smy9iF7YiL^mV6MVD6(>V$u&-r~oAk6cuo*3W3G6Pfz*G#b1$|n+ z4bCi37s0js48*4ZZ;<#FMB7(!3o%^FUqK82=mXcvh3sK6k(i4NL|xYbh`MeEkOAi& z2W*B+;`M|BHbIjTYa4)g?E-j)1^An-;^$!54nru{-h}z!)Wzdkwa|(dS(-}bI=?@@^dC~#1oGQK^K+-t^ zbxK}6pcqM~AAqDY6oBbqlE$uD_331^fSA2U&xUadMz)yVf+JhC{JzE2=u<7zri2S_SmLFH0O}j19J6y@++DUT1$)ve`?*VNz{Wlra+eym5 z%iCLfnS=i>15Ue}IH3L^tBG2hUn%GZvS6!Ip&eun{y{5_bR9N|XGe}m9TFTjJ{ZWc zwY|)QIq_YCxCpO{r0FvNu021qZ{7fEW`|9{M zYp0r~Q~*hPZi{VQLptc(3RHZ)&qt4o4S<#;W0l}a&p5-tOM66*iY?tLrV7 zc9fi{<40?H3;%bBR{~xPPL!2Eu~9@k<;So(?PoLrQPw~N=?|Bvgr`#0*T~tAb&W(S zSOOSP-b~s8e9m#WCxA@PI{w0@lOZka0nA2yXft{vE2!Jmc>mNhnz9w4jj6_xWw(x@ z`SQM*WzV7PPH9PVmQ(wEzRK$(Cf*Q_w(!~9Aw@F{We_UTjVR%(*}|Y=mQ|{ z;3FN*0swgjzZO91;AR_WJ@V0WUE_6~iMkoTwx!LX>{^|()tQH_&Sev@M++BDdg`3* z)BK&@I%fwl|M8SMXXi5iJa3(IK}|suPtVEN#HP!s*Hh}8J=w^`p1QgCou?~&J*Dn! z%sc3!XQkB5$5fZj^*~0?tvz564d;1N5A@`AI9<*R-BagmxMuJ3_pC=}pv(DD_trW0 z>1IFUuiFbIUE!-Kbj+Jw%U$TH zbM|zz*ZAuu;bnp@R*~8>XEg%Dxt@oBZfKD%=QTa0=X5kCx}2$cYEJ_~(BdiFGhx}s!y z&oD+gx_G^wUKasD+e<<1D=CG^0NjpaTU%zzhYFj)XJ_elTT9&to|BRFs zWN~xYwLE`0G0)AoZV1!c7=a&f*NstPkKvWi9ow73?hol7jG+!c%wdMdzl{7R2(R%r zS=^1hn*Ik1mIiJOpsP<-yHL8td-~Hw% zOyfof?|U$XVbw;m?;+nl5P1E682 z{^=a#oId$VKJNs_OuuCo7Pr$wS7}--{ZDXe((k(hy)tzEWfUs30t9Y48-F?e8KK^! z%+RMZ@h=qWL@E|~7_qdP&=gYj8Q)CDKa?h;^=tzCl2u(ypcxr`>jlIzK4Ik}4l0N8 zXHv|pH&A-_CLpiDXXgE6hRA$en0#j9Wm3!HmbV+fzzE4_=0{|5%iFzQn0#jb9S^nT z?LTOCgaT#D+y8^DMQ(Zf52c4NeyA;P|Bu!$UP$Tx0;&6d&Uy$wrsh5(De{?F!&;Cn zZ~q@AukMj8Z~sv{MUKAyV=6_f8>I1L*%=Ganqi^iYJO~aU(PhGyBHN)-t^1W+`Pxf zYw(%LuV7}~jKFSw1k-EqnYoQjZh5<(5hkCRuaU_uZ}$hnel(H6gHo`x-N z$~n&ZiXpM(&5hBCno+zA3oYI}R#!@s0@?mf+aT&t+uvy$MH_1SJM9ih z7PctHI)wHbOh}D?Af*YA%S(lX>p>qAZmE`4hmy250+Q@DIoi+uwrOy|DewVg~A!!Uzo{}MQwlk zqb7$q+5Ywyr5}I?f^qxXe`)4hpmO-B^galZdk)gXr_u!a)4CZ_)o!-u;(urmJ`xyWy zT`KQwhsLIW@gWG>DQn*YgpWVq^A9lc|8>7yDv2E~2YZo{=wJKg+?{sz%cYX)5f1z1 zoAA%sFPAX(ez}BM$T0UynB)89^eEtd`3j`y?3a&1^&H)@<&1NDznp#a_{c?$6 zIs4_LOv~9X=PW2-Is4_LLYA{%PRg>J{c=*dma|_@s=#vg%Spv7XTO|O(sK68NtId7 zemSWM%h@ld(3O_6Urwspa`wwvZS5>)znoMj%h@j{Rbx5(<*c6`ma|{J0jcz|iaVp( zVZWSIU(4AqCp7@ND@F{j(G1FqI{W1pfpGTAsUqJp)P$ASJ(M264#VV`leD~3J@nB0 zXP_tN^+@Hc7BiRrAZo?O^w(SoqNfl6|FO9sdYSA&A! za}Hk^K7-sIc=+zQ3YAjui@6a*WVBZBYao(D^vH}UQ?-JB+PZ31kG6S42s1Ky%vi19 zHz5L|xPsq>K$X0W3JQ<|TY#2SaLla0 zn__I*c=Tai64GLW2I1lwJ(U6)v3^~URzyW?a-~*~qWk%NQe&|O3%n|U zUYe1>Y(6}ppdDXAcSEg#f+o5-l^I@r)wq1hHzC<=3Jge+{XDAVeOdM#|BsDKm| zA88D+&xWj?ec)HAo70+dY?+GIP*|m#H-gHwR*|aK&AUMrSpOUVseADy&Qtqp-cwQKe=aWlNqKzaB*>+J_9572c|w(?iI8 zIvUgwIW%KkfTmoy-YL+#%x;5SpxBi0muQ8z=^4KxUMNQ5c16Tu zBWGTy6>ic){$?20VjMII?@-YOD7o%bat%=$yG!{ERXWN%biZdPs9zn#Us zQwYPq6@9JnE+N$5Qn*E`E8v&vy4!phN(uSv8SEbOZ4j1UvcA{+9z?GH6-?O*?=u6? zNP%Cf@qURD^GEC9^I%pce3JgB(JTue%FYE*=6`?^JnZ3wqrxxE=@F5j#xFI$Rfrz` zXBljp*$HvbQKn+F4Noh)5an^RP(=seom-fqn=ga1Zk>j}9zE0@q3tU5I#tRpS7<67 zo0fru3R9Ji16EI#%&&)fAzsLma;E93ps>8hpdOxH@E$Voojw;mp>VEwTBf7Wc_OFg zU%D7c%ooD&FU43HxZ|BL18L174SQMT#oNQ!V$H}{ExJ%(Kt_$|BKeI8`I{oY=wk7) z{EZlBqE`r!DGXFB>yi9(_D*UZ5 z#zvP*1v`EW#APp9)<>S7zPO9K)z+GkU#fvxjC} z&tHq#;YBE}n`QQmfY{0Cc++E{wk}4UL?^)T7EQzd=oKI)nMtH#_#ectZgjGFDhShm z9W$F^&HybbVbuze{7M`1v z2?=}&LYfuB%t|OAF*3R*@pjRbeY&1@i9?3u}0BJ01A!WDlmk4imerB zN!7&G3y~{T6Wbs}f!~8N#%>cL7MZ5SZWovo(PMW=`ejmOu{)*8Dn#osH4apY)?-^l z>(!$5*xgoIOU%hc>#=)9>zy>C8`^DnUj7jj%FUAb63|m+>~ixqyjP3XV{>e+cS04% z<_7f^)cU7rEU|fJF$mLt7`-P}Z}tWe@DG^=VxhSNL`do*c7?eegeAjK>?-pO5V=wx zv86&3s6t&Wg^Edi#IBM0NcvN#&gG^TqL=wsVNw@cDRC;a_#jqJea<5g)JU8e$tPy1{xG?c5Y?6s;C*1R|4R^CD^vMaF1FHw&~dQ7O7b zU@q#jXpO)E)Mt^Z+L-?+s;Wp;ZqmPZ76?_nW&ZEygIFgqDk4*-Plp9Z=9|b@)lbnT zyM8#}6sbCGC%Pz71AQm|8WgE$i&Sup|1J`D3(>>Bjl?}d^zy%b8Hfkc-$T-U{cn2B-XQ06Ff`X5s6E_v(Yd~vlS9FoNHpi~uBBxtjjG8N&Xzs>fV))&t)1t{j;8z80 zzi6ru0sl4VmqpWr2>AzLlq#BG{){-5)OOJ&W*NlDmD(AwXXyJ(sDEQo4c>B=GXs@yFoLeUwR zKa7s&>E>s-kf8%ck$AqI_D7`#su+V^yg(1GVv(##C`CM?XWdwWnzyQA&a9;Jci#8CSq{}ix=rqS-I9Cs5hR_r7;y)=c7r+lZuL2f1pz0#p+ioX`O`v z#7h)aW<8G{6E9U%g_T08Oi`6qCrVbXXE#E!YU`sJpqlDgu2y`9`i!|Z)3Z%boveeD zx~;;l7}H#3ql@;w^M*5QtvZ-ziw79vTX&Z|s7Zv$S}Xo-q#82+erm zV(4#a;kVG3&jtON@f*#|JhX?wRNqbMiy;TTONI^~zd7xB{H)>)d?DjpT~LT%MXix| z-}uYAc??u+)U=6O{53tJL)CGezkZU=-*9v;T7J{fIe*jRyB(cNsoz$mwqoN)Pu1e@ z=uK*nX0Ela9wFaTAq%W3*1-FUidnhT-G_SUYRH_lvPgZTs4}I5Pm~fWtnZo19zFjw zq*-He7>IwS=M4na!&!30V% z2K7kXXWp5Q1iri++glIX1L0e!#Kc2+!%jhI{Oi!g6I=5x0Ac!DFxa;2u^<96)k{2X zE(8(s??*`!PneA$EdK_ymc*0h(;#yFLm*pXhq(_#f&UuxwZu~rC+0uQI6KXhYEB$A zh?dx8MnRPMOX>5p*#$&}e<IVjpm zD((DTv{RSs|^jZ)PwqN*NB zRliEGUVe^h3HA2e*KaTZ_4Yi#-vo+C{4OOO;{OEAE%Ar77$qI*_fsK9MLWZ-o7h5h z)wxDkH=rdYuxU6Ekw;qt7|^YY>c&~`Go+!YiPpE&P>LRy0ZmS|bacan{f0cl>O-MS z^%^|O`i@%m>6vrTZ05+|nh2=DwO%u3_CtNH3)9>sYb$Vk@Zi2$czw<)Fp4&#AuUUm zxXq?fv_($4l1<$rn`V`wAtWo@)>|FXw5=B)O|r`Et&gLUt&dTPfGw3(t3v>d%M%GMaTixCQ8y*!a=l9$uBBAAQTgR6Ro~_kRTn5#-|iAs$5e&g;gSlg zvA$z9+~>;LgZz3}UC{iK54xm3_fiFV*j4xq{Q7D}DKsD6l=Q~X1Ybck;{i0-@Eygu zWZVu<<5~{ZcP7fgD4GJj1&YxrMuM_#N6i!)y2T%I&Dw;)vN%N#-O+|^a#lSkkDksS zDh${|_!G0GWHJ-E0ywvLoNm6wME;39iZ9Z$4k8-filO}C391Vk)-BL>@kB+LRu(F| zc#`^c4OpL%nyman)*onU#ZwezX+}rn9=2KvwH-h z6!%gTe)U%&mGFacUU}#{7ezHnem7fyh)kcLmHd&}G>$l!58#KbQz<4)>7b?FON(^t zK!OSW1{IdVqA@2)B~(Dh(xjSMnX;Z#TB2kOSef$c;$-9m9?4D zriv;M^Xt-P>bE;)En$8YddB4tC22K-_DY*8s!X~{slB#UVLc0}aeap@mQ-4=p>(B~ zFm;8{)iNxVV!}iXwbOhzLPu7~QJv-WzmJf>Tw3NrG|TKYI6}HY#$D?$W_9n~Un||6 zLp?=jLf54sJ$NQUB`8x^9t<9?(eV(pi6kFLiP5}9X9O+!xgG;bX_g);f+{U80hL;+ z)SApuOS5%(IWw%A5V91@jvWxtv^ucVIl6f^sDL#d?Y9)`j?+PftaIpx=`#JWKTGk# zdg^LWxz^t?q?hLF<~^VatPnL>ps1L2KU!WXj`qC;zognoVrF3uv452Wl2caMXJQV@ z`)w3V3JUKU$D88(6&pV1(}zl+Fv{mIrGQ$z^^=B-Y|R~@F(DoJ?vhJ;?@ zArR37i&Ut)mw@H|035HeA5Y1Z4fMaPoF61kJEWU53i5PUFGMPChYnkiulvp=(U}DF zv=D@rAWI1&MX^i4SfZjiCwr5GNL-}$8lyn?cA!SA{Pp^6Af({|I}NV_fqmQ0M8)O5 z8gdu2Q%=_MUsJE^k%`1vY+^=)tH1fL%YbUCZHhO92&kQjH*=VLNM6kHcZ&~3j0yPd z$bZXy7sVKXLIv`F3H4wuWALJp|Eo-6wFnJn^ZzL$w;@yC{KG0A%{U#Cfczuwbi|3i zcP?;LFFY4S){7vLM*a`FYaYhJ658wLA5y#f#f@hp;E#GnJPo?M_8buZ&@&mVc=1pW zKk1o#IVpbgRuDhySsYA@mqQ2nzv$U3NLHk&x|77P;UIp~t@}tEVgkSGxsQ<0nDigI^*D)EjPs`+-bG^WSs;$;Suc=yh(5>k z@M|QxGlBn$y!VchqT2pPtGcVZt5bE)Oi${`Lr-9UAv1so0}Ku*NRSyZkdz=|API^n zBch<9f)@iilFSh>pn?H0;8m|;1idN-%%T`EpuEp#pE@{mfA{y+_pSBbTJNp*$FBbD zz0cVv)~QoxpFU-Ha$YBMB6DDRGIxV1pFMewk!N{Sd3qOCPH&j9dyN2-p_qWhMFqPK z^R~Ry3v->?A0zajGAVb**_A@gD!I^ zlX}u+Mv!^NWzJ-<7hL9i8u*vXB&m7bW%g6E+hv}jfe&0}D1&|CGB+?gU%1R%GW%TS zL&o{RW!`0+11__jrVqNz-DFI!sf6g$IPBRLZrR^h}e5z4+b>^>tIoDzYFT5t( zi&-4H64%WF7MC^y7FV4!j>jW5VEu@Y83)cK{0lH(9S>c=;yYF7!}HK;rJtEx*p|Tv zSPw>-kXcV4`-Q8c1At|CI~_ocejH$uJ&|ydPS7O%e#xC+4eKPvSr?tFu(^N>Q zD+%eA;anYtUN#AXh|OBal^PY12pZnl0c(@i)5WIr|4Wu%gDPM>;czmGsC0qJo)2tT zA)lxDBBSU9bfdPKPLvfKJG>C@5G5xG6A8b337BybEDqCL;QLri1^&&uv zP9}ABScXVk8xB}^=-^zcOfrwjN?s&nHz0(08$V)_K9Ck+B%oXvFi9;!KP#pEUB}@< zr&xok8dwZXr|=8}PyXG7C4+JUP>awTB!dHW94>hNXPm!dyK&~}&|DE!g*b!BNWt7` z#BERothcgwy$RXG)=`ewJMpk9In7i<(Fi=NN~XKa0x~mQCW=Q|$vnkKSqeMAJ})pt z4;8u>7*WyrqHb)dB{xu&R?nqcE`Qhif3MRE#O@Fsk!~1CQq_l)&@J2|r~=l785ow{ z#~Y$uJSV;rBDzZE%7Qy)Lq_pDfq0MUGan0;=UVsD^3S-CRGWy=KfuBqEd(q&oC4N+ zz*0E+IFbyIl-BRfF2D=I1fY^IbbYiiC)Qn??Q|G=M3fz=h5zlPWgi=^Bh!QOpOOE2 z6)w|J=x32A$mmmAXm-?gq}+!`p=2jc<3;OMFyDg$)|-eJuzo^~1Sg_*6u&FoCO8(8 zpW+V`_Mtx&e=L}XB_enY5(#ZugjOkC6F(hHxB@qI>AEPf5q^0wnDxSNE0pX$>5tH* zw^#!ZAYlCyqi$$n6CXBPOfIUbhs~D551U02j9V;1&iM?s+kEzLu-%7)WhQBjE3}~l z=p)@q|A?Q{3D&rBRQjh3F-CYgo^_>v31fxDMQ}*Q8(UuAOL3YaO-B-|@$f4(%?K^T z6OWVgC|#m>`sDMBQm+|%5g~IDAdmAz-u6(P+9tOIn0EMUC`OY$(G6G9#?8IXR5v`QR4CrZ1U z<`qzheKIO~$=kGCy45uAJgfxcDi@*jm8DOZ@ro`8B@O$OTK#vuKijk?f{QVwPpcNQ z6Fpeq?WT0XNFsk0xMvg>Pt>tSpEZ+WQnlD~W;t6dN441Vs>QeukQpx8c@ZM)FfC>< zV0A!F0@f)gZN?Mm)dA}$5rokVOU|3gvV3fsTqaco1*7YUE|`FI7OaE@qrWEFTxi~e za8jMXDp=?&JS`J#7Mhz6s}{N{Ya{w{n`itJL$6kw)w23$ zg#Sb#+pGz4ucZ~fnao;Q`cPX)+N^W8kbHu^)@HrD(Z$2;cx`S`?}y>lFx}=>VRFKC zXuvkNNsr7gz{_Tv+jE#?F^a=%S|8&%-sTSP4q!ZslKbVZ@Ky*)tI4Bjaz4wq8axoeFeqC^bhBM69ER9tKh?&GC}tIEXQ2laY(7sCM4TI0zxb zeJCf!f@$M2n=uGiRl3aeWIDLa3wUd->f$oVlfcxt%Mk9>R(t2@5zQ}1FZtnh;K5cBg0`yrN}%Wy}Qec`J!C>QE<~d9;%BHx?FL+>D=Nnd#Sn2WhOO&xyxl5sM(;HqA0S{?tC+Pbx(Jsxep-uI-0e`WOyf7qbUCZjPldW z!lw|z%U~t_F;eHGR+@HcFSO-c`7hZu2#dlZ=@EfrFJ{9Y7SJ36&FbiVGb@)Ts$#>MlMxcBJuD7a7z@I zlc;0Pmntqlk$Wz<%N19gxbJ*$S12x(h@m!8%T!h>6VK4fm5OVRjdAD@sp)3X0T$r{ zWb>iaqo!TRLPnYTW4Z{t(Wg?6E6z%MkHV%f@7RohcA|vfq#x#GJijircMOc>w>d+%Ibrxh(nzrmW=Nni$Ix?J;FT z@tuk9aoeUoRH@&q+Wup+^d+RQ(I}aUwojzaG|eMeOTxE9o zJb=tDI~o}$pwa>sB>`&-?hCANBzau~oKc2C1guY>EV&g$AKd0Ze)lpXleZQlkjKUL;-6f;jiZrZUyw%)^TgFSaSy?W_ELQ`QOU7_%Hq!pbm1#$6{|98wM+> zMmDJZ#VMFr?9HOEKLoufe9VUM5^tEp)*=Yb1yzqkf@?<^M)gF1`v~T1$s&L)l&k@G zo?rvO>i{Uy9ccNEb@{M3&Ff!_KR_;r*lZ5 zYSFwnWTV|sct#MBAB6&MtEy~NRq1;J-=P3?m_7Rp!#u$o;{8zpK^dre0+NX{7v};L z02oz6+8`GdDi`~2w2a}Bi>!XC=oQ{nt6WrgJG?HbTJ7XOlL~K*&PBfx7;39>QH#WS zgW6XtfUup)#n}){XD-roE;>eWk$$EEY)@o zdgM09#(#B9Q2Y6aXFlx7=9ZINAXo$Hz?~ZAW{<;t6gwbznnG#iM?BKXzd*1b)cN1T z4C5+f!ZfyFA;aA230_}|vx3NU{RX-=Z{f%rQ1x3k;CRgus05>P_*m@!Sj9NI8RvOV zX7~PB*vNsn9zh3!x=_MZGWB5kzKvc0sy-iv$Fah$ z0Fb-zRe6#z(ieMOppS&nxH2@GXRc~X@WJz#i4Szc8AE^;mKUi99{|4cqB3w z)I)2#u7Y$fB(s?O^@wvPEp7mid^`g1u$Zo1hl<)xmcIhgN>6CdZk zj30htu2(hc%7ekZ`g;TsL%#vM$JilMWuKz}vH-rMqypdaPE;qldB&?_;Xno+X19O-vMBQUWd55NLwERa0!!|p}|6c6_i{7u$o{UfHc;V0Mb~`Yt>r-_b|+7 z0Mh#V0i-_|D39DIWdPD2Isr(37zXetVi`yLIRkYv+~eQ25)$4M%{0>aMD+bnATo{R zth5GCa3jQB$aI|wop(3RTt%hznGFUlSN$sjKg)dhQRbZlH2_Q=@Es`MqiiT-UohRO zOJ>1rz6bx-#!(m7SjLOewGIq2j3d#t@;x$GABj|YfmFj5dcr#qbvy)PLG7bsVWP~F z&57512xd_z&-8NDqqakEKd8F&T1K=lSd4M4JS z4uG`Yr2rQq7CxVYzK5e`a-N^0X;8+p##Z zqc^C1ml&*XH|0_EIt0&x)QoJqna7x&--Q5FU5~U`tm+8>GK`T*nXuo|N(Af_r{D+1gHQe};+m?!=lABY0A=N3#e!whrz?jRoP z--6T#mN4b9d&2u3<2X?F+i^QRyo~M0>moLAr5T$w7!RpupjwPDi$L8T0kaO^dQcA? zwCk&oeh$eepsxQ0<9vXD7S!i+FuYA)fK}0KhJWvS45@K_-B7-2#B`DXG$`ep)pGfc0N}Ccs||b1uL@Oc<-L z)M2g#2sc8qR;yS*u{;7fBB+@M@Ds{ZG(?7DJW%m?^?A>D4J}-ArK{}IT6y`x*2?2Wx!+Zu*jl+!(zLEt z<($`Axm=Vvu5x8-Wv!TP?`y^0!x6eYd*G@vW6#i}F!dxuCW36;ZzIDp$2uZW85(u5xp0<&C2J z$yL75TDeG+HcroB2ixCTIZKrJt};5bRV9oSWhYlz)mk}7ly$DMzO}Malw(}wq}IxG zQJ&!{FKVs)=@nLAldD|aTKS&bek)z&*4D~LMR}*I+}&EaOq7qi%AZ>+->g>fx_l?LI9QpY^RWB2ow4L9F4F;UOX=^dAg$ zj>Aea*(AfHp3kYKV3<4-&*{S_V*Smt5Mo{i|5;sMRseji%C@9`o`dBue5G$Xmx<1d zj#y$Dy=k$T4~^k?jGrk_@tvsimq7y;l`~v-HrxU5-?J^wMkINDTnr%d-VtAMQDLlP z?n9iKH&smXzzx+K##S(w9rxgTN6^6IPG#s?>KB7w02(QaPvfO_o(8`aH0Tt=oDkxk z>xCIDJvUj$utJKMWKrfNLe4-JHJ zm*54m?h-a#LlJud7Q*WImqW9mmVQR`R%37hdr{x0ITm4uppN?X;!H<1Ro_95eNjoI9Hr2Fbs@S(@Z1y$by-G!`yI{~gBxDVh4f=2*uBX~}O zH#GPe-~p-vOEGmJ$OMqNWSIs>YSj<`naqr0rAz>Ksf+-8sp~ceqJhZB5uk2OV446H zkXZ)iE`W8Q4chgDLlGjco^B_w74gj%gYIY_BYWPj)!47Z@v zX2f|5_dcofBs12q4N_9)nW&kThpIL#LxQB#+c5obojTst!tt&R{ZKSg>S|b*Z5)@z6=2BI@90C zo14@v)7Q8J%|+@y-ru+qg(4Mg_BS@5x=2N@`x-`}wn(Xb)Y#*wR8p$Q=WFa`t8-&J z&JHx>VN@ffN_$!K^DeS=hS zGCJh}^fXf5T(7U81LBe@#(8`VpQ1yODoz8FL_?EOxqe^6EHo9V@MN#Qp%-eNlp2GU z{{ogs2ZlqxzB9c-gPTWQ8>pqHj`mGnI-%=!}-&!e$ z3OW7O>Jk}GJlR4* z@9I3*&>unG2b+QP(wHmmfV>5Hr!t!oCixzeF8Ov^I*xT zPoRcy9_&-#)F)6wI1iTjJT3ki=v|egJ zodFxVT};{N08I#u&o%32XBndHkPM}4Z|MwtjTC9iPoRcy1}qhF25bmtzzQ<}F+(^5 zmW-SM8(xyjs+Tih!%G$Z4kZX*rZCTdjU;89jFh0xkH!6sPoNIOkDLJ;$xBisXTU}Z z)!522U?W8$mpDrhK=M~>1m*$D8L&}&0+k9m12&3JppubKpgK7jwaBJ-B(mY;CXOS1 z1}2?kVhS-H`-WYZ&XGo)0c#i89M%Yu=`Gq$z-W1-YYd-2Wp|43p4p+pxJSCi*Eo;R)?Bnr ze66bUCWMQxOXDL|j&zORuELzlF!!r4ix_5ugpng%xy6Urma!hMJuja1Kc8d# z-}PDcelhfcp4@+lQ@=BCxg>Wb@m+W}c`wcFO8j&iT$U*OLkf6lZg0xF5MP!j;ma{S z_g!TQ?X&OeFGtX8^2OYpcwNIM;2F(ld4t8^))$cT zmNC&g3sH53H-njcw1jee{F+Iaewhmq%ctS3Q_?bs9a!+GPsZDQi_naI+ui_0@Rv-) z4Mo}k8^MoZ+aJyx2?pN;IRlvwVE&|L6k{O_asCv*{E4D)5R9F2s0ddQtIx@YIe)U% z=j6kjKiT?o@;(gIkvJ~VsYuNTPesgN2W5b>s9?2V`?>BIJVVvCA4Y@Ul_K3v(Y1^b zl!3TQPJ3WG$Z1xnCi*OxNN_spJk;BH4@^AR74;H2BK8HCL~tsK8>)@o3nnM{LLQj@ z(MQ4L2S2CjL1MZ%_!x2;su$Ch!97VZLt_DC3g5_JoMY2^f$0_uFws%zgTV9*E@e6= zWiA0z8|+X9=44?82m4SnR+tgNLdKa9+lfTSU|S(loe-L5?>$_)^IDc}p?oycEnQQ~ z(p}WDbcySioRmbWb34J}Kzs%7bJY+1V7-O~B3 z(@_}#md)WsX2jwAd}*-^47Ksd2D=hf9lQ?O$R^)U_%VW`pou&X>Hr01Tj+d7j9vIh zfH-d{&WI^>C`o$-m%w0L{1&gyC<@~gjuj!V&QuCzMm$S|ygCaglo>IWz!05R2Md3O z-Hv&S?z2At6a1ci^gB0ioDoO&$KJvlmM3^VHQy(;fU$!7LPGSXjCmo%Hv$;MV3Akn z6IzrnBt#F|wXhuIj5zw2YmqbJ=pkh>y+6X@EPZD^O{SyU@GSkzezcj+*&WW(7aeBA z-%1L+I)h*|Z509sMgaLOUY!#ulo|145%TJsO`*()=Zlb6XEB8`BfeUMygI9Jv9aL< zACM`qUj`H87ZRKzH`kmIJH??UJh9M5w@N%-9nLn=nh`Yco(Oq$J`>26cD@%ljPRhq zQwRgF{C&_D`P*~)i%od_#}k*B_JbH5CS9iN039C6+DP4i5(Qi4$ei^ zVt)z~37!elvA=|g2S+p5Az>2f{6azuGh$lENgqXXm=Tl9Pv;jBVwe$=D^6d`XqXX` zOQjE>Ma+oFRi^U`2{Fuw$+b^kOPiPxUxeIsO2@cu#4saX0WuK zVMa`@PdaDBG0cd60#}>P8F36VV&0K;>6{VAFeB~{?x=Lmh+~)$UkRJ_>Fa0(Gvb@U z4Nkw9@h~Iim^d_@191#9;u`#pPUqMe!;F~RnDlMrFe4^+vV5i@h8Z!r3F-VoLJTwF z^YJ?={f2aKm=QCdr=@d79K($G7NmCuPJd)eRp#{umtkE1h9g3P-%5zx=-3`)E)rX7 zvoeAQPl0fqRE!Zkh1p&&^;uvnSTgAhlybfz(g(G)!bsz{ z5<(x-BIe0dgx+TzVV*3^05X^-lkwgSvuV`{_NH(YQPP&=vT?#s5ieDkbLO)PpM|M_?&U zEhdz}Ar5RAm_Jj&eIG^!=Feng{+!6k7>w-8{5g@EIEnZfR&g?M7BT0~(ZY0&OZEa3 z!HO2y90Y?IV4@|l`+*UR^XKTi^y|Q7#iMWeVi>uyPefwTT_M4oKSy_mizw&(Ir>hx zBd`&>98oBhJjaX}O;96z0Bs1Kz>&cGhXAtJj4nS?@&P7WZp4>y^tlUbPwR0QD#d8Nz zSBw+o@l%`o7z%7OC5s?5lPeIyle`gEE7=heTTjnJ`3RPY>G@QIj`0Q#h25f0V zNGNy>8Y#O+kP0JM15?>G!f<*%9swMN3LlC1?#Jl!e3zjj<%9IOMgBGstX1B81tKSh z;A$o>#?_O2bs1Vb`7}aW$#O`1$$Urx$z_-G+7FUoau2lrR_iO~ss#9eQyrPA`D?a_HxS%BiWi3=;2(hZa^`C*aYAl{_MW%UnMoOyx!} z&w<$lY8$}xw$oiS$}3_U<}+rOtx*`xh3eS79%Cq|svor7I3IQgkHcH&8=d*B{6uF7;l-KM(P;XA@oYd z_(aF3`W+Qhi~Lm$z0Jah00344j3IbLgPj_Dt%3h`H%x&B!vG}u9DqrTzEFdqsDc@k zoDHymU^##!(H#@X-C2-~0+3i^HMkN$!rZCBGa7uL!EYKQ?sEfgzTdU;vs0!VfBEunHc$;9YU=!U|Jv)r|`)9e{VBe;QPo2j;QQJjQvT%1SUJ zzrYShP-S;88TgXe0Wt%?dL`qA4#DvNNrGtr7%LyWZ!*Cp05bpp zx8g=!K-q49r34S7J~rctUiC77r1m?2q}D|j=nROVM%WLc0SGsY>!M5Og^C7 z%hTNURPfQ=ULN(fr#BzISSZ`yLY{14+6{!2kS8U~x15NCJUz)2$+okw zCyfS*&Y3pJFe4tgSHMhFj7KxJyP+3D|0 zJ!-bd)T5?kN+tc6DM=SfskW#ul^gATr_D26n`fcgmCZBF4z$@muuRl_xHMQO|4%tv zC7^81XlZk%vRNd5Ih<+AjHhrKOEAk!qv;N6K4;E0)01ywN@yg1r#870S5I;VuHNLG zNYG05!PS?18&%;?mf{*nHsOkyc#OH?P%f_zL8JO#%>P)Gf37&sgjuth{ijrINmH3x zf;)F1@7_ZQgEd#9Dsi)A+)pqVKzcyOZ&>w%Ods3Z?05#b_Ab}yRHlPN=bP4}PfHpN z=&U9D4j9CFjDiVZiS&gcRe9KZ*14DkEHN`WqCa|8OlTu@Q)CHM_4ixw-+-#FhT+#)r1bzF5Ih0!6~PXG0|a{jyjb9^`VJsY z@E3r@O02_wbSNnWs3I5!Ah+-d05YWA1i&$%>MgCxL=h!Sp)PCB&FsG~s}|*nWW9Q_ z!Co$A5qo`EM_kQn>dkV!BIPOVwdif~&e6<~vHL|+D6Qb_g&MD! zd=|2?LTY?AqE80Zpe?VFjJ*Z!C6KJJn-8ROR0$Wb^&S*lHFPyL>a(&IXmFDT_qxF7 zb7(RmT;!jDe3VInIK=j2@h>WJyH(Y4C`T~Y-QHvU^-z5ULcS}T&3w`5ejj^Lk4m?% z7`3fF++BeX?K>hgKjqCJMt^p&<*1F9#Kb-X7;ryCDD{9X@@rK-kKdB-un7`W`5KrL z02)988TltfR@aU+@v?6-Y?LwXc?dEOR7QhW16&EJV|a!fM6-ivt|}M(OKx?e>H%m^ zW?gLukPiAbfb`3~0H;wk*bQDa5q{(Mw*x&_Y;DMf$G653MK1d+P-rvjr!HB?o% zLM$EfaTgd>BY@7K@l#x2^ygr;6CAn%Dt8%eQe@*bNL|}ffpO_P+H4Q8l%eWdZOVX% zHjVy#?A3z1T1;`4QuzWzccVVmgO1`Equ3XR>m0GZAFpA23-%*qIhjEWUddp45&i>E z)rAOo5p%p8fcHk#dH}g!Uj$f*sE~~Tyot)O0Cx~f1CZzOSz59MfU^jrej)A=5V`Da(J71y)!HC;%L3zK9)ZxQm;2k7U0Y6Bhc|kg%cz7SL5y^6+IlS?~U<~RB*Jf zejy=5=2DOyjTFsWpVuYMnXNhK2l^?KJ^$y0&) z>w4f1kD$_QU;Q5#Mo6Ve-{6nYa3s$ZPqcnKaziRj`RZfHC8@N`H#lX8rZZDye;5Wbg&}B~^4Y(*{p2M;<`|2Q_#{AAEuw)M31T@Rq4a z927Xke0%f4BR(Md?;$wkX|=!nmdT5BD|87URX4 ziW&&3EeZ}NP+_%2LEPFA<<^dfTRXbJKAL@iZtdtMUly=(Yeydl4F?04X(@g}bYhJM zkPb_?HhWQg1}5pejDqx6a0#4`i{Iikb_s=X3YUwJ*Vv5|il6&75%L{&dxOpvo6#@q?79p>(D=8E|_YETCHMX8Y@pIoNLSAE!P$+(G{$avz z@fxFVI3j-TSb=>AjQF`@MQ*O&L~60((1U(yG;YuHTfD|BNYcg6%}KrA;x(2lkWC*; z32Y+dgw}6eOW0fB-Gp=?`K_l2M+jsi#7+{(+KWvQxRh|Fz?%sd2z-E$o8SD_4#H~$ zGW)Tc1txHf-HD6zv1b6Jk4-ls;^&V4Y)`aN*2gEIzqRyp$6NZj<1PK%@s@t>cuPNb z-1T#3(9az=l!rPeV-%_`uKnB@^mE6xpF3kQ`dVE3xijeJj%z=6#$r@ST>H5*=;w~Z z&%GMi?Ua#8oA7hr3a(qm7INCpok2f$T>H5*=;w}WKX(TG+;Q#a&Y+(=uKnB@)wBXX z_ua5rpRtZs;OE`~Zg2+u+;Q#a&Y+(=uKnB@^mE6xpF3k4Iqm1p*g;PFxijeJj%z=6 z2L0S|?dQ(;j3MFY-iGwfP#*30jZVaaY((N~Z5CTR+VOQ#1dxJ=#%tgp4>m+Ehf}XKlcvEzAHi@Mx29q6h{rHmlxo zz1V`kLkZx;7Tm&%9pYx5nxJ^G+vCS^z1S2vExg#yiKrcTu_@15I*H>!PT*27*}K4G zB*k5yz427wJlQv3c*`e)Da@LHK(?Le>Dder>8Iq27}d(ng20G4*_MxE;#{fJ@ax%GI&8ZhT(Z~|rTWs=h z3e)-EjmRbsr^x0EKsI?eC9w~nfGKYBaOR~y4=yL}yyfeMAhOBB*%cDJ522jh;o+43 zM*L2AJg^bkf+&V|5Mf9=+0C8? zk!;IIw%nG1L6Bn;w`DL+jG-KE%gCE5{srgyQoL@@PjEJBrwT>|!!ek-qdQhCMmy)r z9Xq!hn1%@7RjlAREHxA~ipCDU#bC!v0+HY=Sdb_VLJ+0y3rK= z24UKXK+tsYps1Akty)~Y7ctRkzGcW8Y$0H5CdBz%>@crT3+v1A@a>GP4>(5)3v>nI zWVymDXHr-hEW8_yXkMv24*B~%n91UtwUe$CVICXaD11|K)#NUN`g~B~ASLWa;V%$; z0V=MWHVc2pSH`AclH33)T+WbJnOO`O_`zfBgRn^4J6EfaMv<)PU#(mzMv*LvFL!k% z;?!ATO5G^W$~9`;{c+g3AEdUG{6h&-KYENDQ0Y{ry3!1DCAbYsejDl`XzWDwnAhWE z9Ly|It08Ve;8~#53NZekJjSnN7K2#^=0Z?v9+>o>J%$BJoet&(fXm5@1ylHo2lGNY zgJHV-9!RbMHy>2-C>ZaGUoWh9PC(Pb^49_C58#k6Q28D(zXI$ARepx-E#hL&IJ|RQ zMKDi;_h!Sfn?q`^TAvbVa?yJ#>>gKGe8q~*;3lGf`0w^Q=I2486Kz!PrZAGW#R z-RIoEpK7pQgQgeUL=R}t{-3VoSO8hXnhNkF)4B*ivT>6J54!-XQ%kWFRrWX*G3ELI zx}W)w8Qj6vx)!Q~zj}<{K~)SxZN)lBrH=0tfI5B*Aon*9ZX8r=Z-jf1sg3~HMQ{#) z6n?#yY}S&O0i-&1xd2_qhb8dPlgv;hZ=&^Pv;r%~?W!P772+}$sSE?9(!snB@Gnpq z!_k%G_ukoAVH7d4%@vdlE*!~T? zJdVK2tSMLQr7+BUgFCSlm-+>o8iel-O3}Z4EWl7uA;6^s9RVaiY;1}C1b}qx7c_W7gAX+LQiGo~IHW;H z-{;o=$gR5-K&tM6=UvH{0Ftp>ywFLt^aYU0oDLv?e*lo^T`)`#;Qrc&K`;;2aF87D zulvomU9-`ra&Z&ik6v>-yHNzpF92VG+8siKGKTF?4sm%`Tt;}j#$ZsJ{$PfQv9&Z- zXQm&*&6=73@iOR_g4!Jiri|+HGl3q0=zdU#`CuwXA?`m|g(m^5C79q!s?P+lkma9X zuwxDSwI_I}<3RWKB>bA4Fk~apeTasLM*?mEtbP}T-ho@N2*v7zGs7@%^AsDEQB(o- zl_vu{FLB!JKpu)wkEZb`v%kSCd4_fIA;g~`kMDz0Z-PmBy+%5yjKRvkf#hUxqe11r zg1H{xAE3&0eFLnO$PXoU?qSw*OSN|C7q8(KA2DB(OY{|ie>m7!{9!KHt;a` zouDm%bfoSY)M{{y2FGh~ss?9iaGnM~0!UBr<9-)#Gj310(Ov_PoZX6?5g1(pSD`jW zxjQJ>VYY$wMx^Yvmx$T8E!O!r-pQ|jYXnYGnOvrJMMl*~?&Mp2oaByCcY!|Y8~VU`G%No&p1#8Z@f zo8TO_VNC~SXo|$`DKpEdGO?_&$3s3fTPmg&Zw}^ZX`E{ty>~EjM|q`K3(pl-fz0MA z-0w$7WpwPwC{N>Vdl+;CKT2zM?8~BLT3#a!)JKZZS+dd}e0R{1l0+9tf{*4SKgaum z*)=kmbNUtUUDy{p61qusUW?ExKz*m6pLCOKJPYx3ZgJ@iJ`4>YdB$%=K79tS zQRKty>Erj{(JC9~s)&PvEMn8k{P?R1<-a%$F=Pb3dqbF3%(0Ji7 z`mcuP)3e7kDe!Vm)b%OMVklu#cD){RO)~F6-E{-zIb_y?F$T~<<$2mP6X+lkn-2sP z8&ZjVB&wQ0_>N`_WIx%DayEl8n>h_h@lo+BYW){B!*DR^*i|0~rT8#u4^TyhPne?s z>Od7!!FX5fy|6NlmxO`R8UVuy#sJ7f@EN}2`ZybyZQ?+j@D^cf6<&sopx^* zj|AL@l%08F;pw5^jc43kUa_S)1cDJ!8DX0nPQZ9l^Gdy z6Y7=Z!Tz~HbWf9PxTx!TVI7oIJUcMx8`L4mb0k9PjRQ6|4%F$*0)1N^G`NkRUY5I-KP?WR@m!g=6e1o#vz02- zzYReH#PUaLulq-9I+iUsmOq5TZ#|5w96)2iu}qO1K;ug}RLB7|KIK@J18988u^jAe zAtC(->g@;_XoE394xsUOP*DpY@K*~CF%OO4-Q_g#QwCc4DeVpR<im;JaZA1_LSCH@ zC=|Ekmm=iV`4Jc8mJIH*YtiCSx+R0(xp|{oGPpk$3?Oe&{{1%ied1f(-Bwim`afmd z0}b4ge~Cq2ok0kt+>*hA_Ig^RTQc~UYmsir;2~vE4x|afEh%T*$bmFLxFz|gFm)hJ z5N=88;FcT#OZcZPu8#b{aur+S0TJ@*JdTSxkY{WetO=K4*f7Ag*X3U70L9Z1txguFU~1+t}` z;{`wE`a@Tr2Qp!g~aMM7UWXmWmALX@ShX z^RmE!gu8H&F7*R|bSdqY4F7B|NAHV1jJx^`P0NE6q-7Tz;^bQt$QnzS{}tF%R5OPcbv1e*{pZC%=0{K$bc zX}7B|^tGfZUrTTi!)%Z+av)8b>uXW2mGo}*$rv!A*Ps^DUDryq29=opw`-*v0yqpM z2hwCH*GlmEQq3^6oN$*R@@}Qo>LKW3j_~=vSrhIC-patFCh2~lrs=X(0I-mfF77_8kz4mBJu|1 z>}YxilWo+1*_7c+N)wE$n@1tMoVz*I{94IqJye_IB>OP(_lU^Z1xYf$o@ zD>)uuAyh`@vt=lMM^hSS#G97Ui7nFnC48t^a_(_QGnb9?8S?WwD68`*3EzPkogefX zQ$R^+hmNK+juY}4zeA|%tE1VU^|cKuO(5m2WH&zaS z#OetkvCh+~rCN2TR_z2hnk~N{pc$)sIdQjl82Mu`u{RG%TgKnO3NPBoYz-S3}NP>Zfq`meXDS~*g8sSBiYhnP1RxVLhKcwywSHI zim7_-5cn341gWlUnnjFx3k26wD7S<=-#ZAw4-}qxHdZV=W(Eh(Bhzr3f!OX|)$Wa8 zM}Ue}V`<2=%n(cBS#e^{Lns^TOFinikxqt7pOIg~-Z?}5DY5fqtTeDl&Ab_kkDCL( z;|$3ZUhzxTUk%MHSwCq;5-UMD#s9L5ui0iJG?=czA`RAR@Q4N@^%~r-!G{0`nEC+?9Bc#>Nv#Gm0L1bV4K`}9LxcSq1a`WCJ85u?22(V+NP`RmLLpuzbXT&KZ(8hoh10S%njT{|N*Sgygp0HnxYxWLGtz<$^$ zOG4Uu7_>2`-xDAn?1gXpnkO|%U;NJk{ ze1&vl$V^TSawVX`1x9{fW-m|bs_8{+)sp*v8O8`zS9!S~B71b{OI_v3AdZ|BN>=iE zwyLWF$x6=*)Dx)9;K}$*TVaUCJS)bksw-gL1w=l6lP8ZvYhpQRI~sms95g zb;oklk~`L8I#_zOv>8ntC+aJWY8Uae}>9@wfz zLsE=MFmMV;6(bxv3N?erZcY+8l{y>@(3LqI4^RtWq~60Mft1)FgYS+&kLj;K^{q23!IexKT!V0w6bRqj}#egMpAmEFZ-#0F&}kf z881JNt6EIzi;;5kEDKE0pkC<;AEla;Fw#e z4=*@Tq!*m1&Ex+#6-Wf)lad`V7~Ate0>jJQkcJs=MGs?7bTgwm=~LCE_1Y zLw0V)XyRF@4m+7Kn;4Tm>U=|C90>&uh>%yuM3bvUs0fhX;?>Eb@Lq;wkH8*1 z3ftkLPDKvyv(E)1ry_^HbMwYUsPO(+e{?o=DsuSyL^&9BDsuRzj8DK|5vqq+?x4Q zsmPHcH`i~X9U{e{Bx(VRFaB2}MibW`{7NMe8gd(RFp`uuX@?j8D zi%?N4LWRMpMW`qip_qMjDsmKyP~_C9$Wbgp-3v}FLPc9GLPc9GLPfC%l?Iz?5h{vB zs1k5$5h{vBsHb2>EkZ@H2(=5GT7-&X5sI8zgo!b?QsmRgwQUmH#QFN;vlQiZ=m za?WK6a}g?*l(9523>|(o0%H;CAB@Aj@v*!lMY0GLE0l1u2o)<5xy0Fp0Fu92Bd`Nl z7NO!;grY(gq2gGCA|s1XX)P9^(sC11k!3m6EiIY2lz1*K;lgx|H0o63aFNYnO-@A) zm&B652*yRI@Vs;nxQuxCE#LV7vIrI46%x!vsPOLa6_o!*{7(2LMveS}oKPxx#;M3O zL5=V@6`3h>WD{PWiX48!ejc)LIW4^#90rW>nZaZcD*Qi%=Q&t1ycg zW`l&0MW_rcLNSp{J25i292UdJor=0RE^;~=)(F3XbsOyP?+uLUx7iGPY|T~?Xm^5gG1 z;K~(O9PgYBu2ONS_#Fx1%EiZ9Co*G_TW;=kf$D64}h z&DJx%ls2ms*C&1g%g|AAwed5jfa_#R`_#oRYXh#c8CwUNgX3jKg6pEVp>gvJa9tHQ z0(HlZi@njPyqt@e&2FambTG0qnLSnYsd!FakpFTBAA@OBPCYg-CU!DX11ZA==xF?%3Clj|cs6gH$ zKa|eU3w&o#VfJ3Eh@rn09t-d@0P2CI%w36zqxmn%ZVgxvj;LPPN|$dD>=IZ>f4y& zv9M{P8ymR~FrkNhtlW(sV^<`8&1O4_`;(3EP$3g~5>d8*^4Y%TLv5MbKJf2@imp3> z26`+)Mvz+ZV{GWnQoeE7UgKntk-MFV+#6(=8AycFXsk=M8IUpnV zE+%q)kYRRyq_g?GPUL#Y=2ZxJIY?#mddcR);O`R)6KUac$>t1LP_^0UxV3qC0Smex zA-_3n;qporvKf`o7oXs0_B8#Lh?m);} zKq{Myq%K|o|GZeZiP=0`I{NYtaUzDaN9P#wA$Q~1dF<#|`;g9dc6-&?tRnF%oZUky z?IP)WXV)|To)wYgqa$gwk!&o9rF&5EutAW`l>CnYKLS+vC{m1~?-lL^$R#L1Daxcb z+RWHwslQ@qF}R_l+>DG#Z=9URoUDM6D?xeqxZUImDltf?8)0&1roI`%(VR09lYm{V~Rs1#pQeSIV7Dh#!A_T=Bu(xVnZuiB{sAR4OiyDC`ctX zv_EBYz@G(DH~XcrU~(PBBoK&kw!6BgrKt+q`2r(k>>4!1Pxulo4uFA zgnvTpA84Tz5sqj6s$5{?{?49PB>8Llz%u5Dxe*vai<(DMlj7J5bE>Bl^-!!;G?+sL`aX4gVF@LO)Uc$8 zFw#AI(pW=aZ6GKqS@N}K9?l1U4rS7VeSImr5BwdJN#=Y*nYlgS-vOz98<2*}DDdLY zBIIx@Qk0DKLVlzJ4+ogZjFsx8s@!pbQoVeXJ3mmm2v1p3@+PhxCBD*UAtU82 z4V3Dot^6#1n?2Z?M#{Rw^tBm*r#UIB+4Pm_g|ysJfi}a>!9O8D1zkPSHYp!o)<6XX z9;cMfJ5t_dKI0`k)$z^27jRXpPo>M%>eB=~_V{16+SP|wpS;KmmXiXfVY2110@KJ@ zfl2%^{f}YLv3dfx{@8`ZWhZY%K0B4q@=ZHyj$!f3Lf*Dn4BUD@lf{oYcx%d7%T~V_ zaL?*XiOme)OLA8cyC1t?Z0l(h93Q(7{6h+OX>LEtyAWTNC*jM{^7z<=gmFK1AsFEd zeC&dM{C1bJtTUL`EAy_Ti6i?0UzLmbkYTxJg)pe!vVz6XtS=yEl`)|^3nd263BU&~ zC=XaC)2!*|(wCRm>IZxHz(o$R0}J@T1+#JZ0~dEfp+9hu0ygvqE{msblBupY1155cxa4{Y!wU;cOG;{*NFxWvOH5?SsOoW9RKZ zg;B@O+kXk8j-CHM*n1B+DXOe(ylT2SS5{-B8_o^9>))0%7Ii(csTlT z08^LUltVB4pA^1_`NWh1smbB>q%h?`YDyTJ?zI4>97s(M^EiG0Qx1#pe^!{s z@dKE0U_R%C-)BfnIh5f40?i!Dthol}104YtTaM!gR!bGAgwu)X#2XPNoJkx799;leCbu%e-*2#E#ISs>Sv9uc2I4-FRBSeaSOXR2WU@6> zu)5X7?h*JBeND{b*uAW)AX}4LUF<$7b`5p!i9OJI9E7^n#U5h61w!5GVh@dM1EFqp zv0JTMK&V??>^AFu5b9PJdsh*yZgsIoiD-52i9J@jlDgH!-ZRz*MNzl9*b@tP0-F_2T(p_+Or0vE21@hcPKq3Ob_RhVNL=4KUU8N;lVFahE~ykCHG zJ#s8MJ|O!6=H8w7K=lDeXRAekBtyl9K~!R{h;kn0$R?KLWm#U&?Xc7CH@J!%ehoq+&%>b~vUVVoBXz5M|OD0Bm)hqr=xkuJAKZ^iq> zl@q;v6~4`xk@x|CR~27DjJ7f-D!RX-jm#Ux;y;>!G2SZncEl(W^<1!BA&6I5nueRG0G417j*&shp9xRJYkAH-K>sTq=ViydFd5`vVMy9+H|5 za1|0yo$7)P*Xsp#;Gd*7ux?pOSs^}2 zAFN7cWa1d5z<;bNMWFO;w3ohAmGT+n>j`G~)Oo^8G0+!aY$NlrDlku0MXSO3Lm6CY zBYF~;5f*I%7<-T@RYCV*(I+6<1)C^Y~+0%%9UCSa38@{04!ouQYjVr3h5hTccfMrIEcbwsw5*9~iv{H#?eAcg?#h_66>|?TcY!PYonoe0n2W*q1DRtLvyRO7z<32N zbvyDYC49sMFT3Dx08-}Q-?E_E1+4(>>=V-gq?arMD1xGqI?DwYxZp-N%OC165H>vyG*?gmQKMS|+ zQyff`&?}ImikBb&URCrOSb^yxxQc^V8Kd=ntnh=um=WiI%>F0&sgaJJED-M@fQ@Ai)f$@8DIDZS2%Cc=P*^IuBqsi?Js%c6XKC^`E#e z$XL_OZg;(!+5HL`_zX^Ex4SMMgZfJ33a)}Hm_M(Sm7b6wsOBDzciIlYx zzNf;aK0|t{498JGX|@dD?k#0_47rfkv{bKkU(*otTdH@bR4V2{6;teV;$x)xE9PhE z{}B>-6RrdsnacGjS-q=ps1z=>8mT-3`S?(9l#%|La{MX>n?E+R)8VDJvyLPOe!b4k zfu!iyhcI`@L6yyzL0yK$rE?WgNtx4;&J?)PPZhJ7%w=Gl#0=QTz;|rG>L=*^nRKsK zqg0>_rNydfkdu60%Ew3RHV31{IY?dS18Hmex4|&}H=Y5Hs%j{*aE-qM zF%@76TxtZNPFVsk*S1@vFx(2f@(h~H>t5^u4lHu*U$ zjv|RSBnkF>mBglM)?u;+Xa3-tM3vvvi=hXD?oS?7B7M`&OyWS$`@z+o&5S=H6?zKj z6XEJ5dyiu8Ip#4z-wc-;gCx(0qVNjI5#ZDqi?)g{z_qHkfH_fw(3(Y!Wck_}wk>|pRByRndP`$14ynPVrXt2j z3O*V@vUoZGv#3>XVb1<2->vl@7}^OUm|;{m{9{?R8>%jMQLf9?N|(D>`u~AQWG^`B zdY4E|T?z7XIO$>UL$J;Vno83z4;~8f(!*Xrh^OJChsEkJT?v=^5+PL&dmTu6n2G%E z#S#<&sQ&Z{Ux7u^pDLi{{1HuoX)TngDZ{#2RLwWF5%Ox_nyz6n7xiQp)))ml}+GPGc$N11umo58yb0hXI)R)D{5gJU_c(dY}?cWtc$#D*?2gQ)?i6 zo=?94F?#JW`%nc;+1GlW%X-+?r&F8?wQo&6)V}gD?IS&TKPjA6UC9^; z^_znEoSz^?Z|66nuOyPFVs!K})#(yVOa~vs8mYBJe?>vrj4Q6nL96~{<2SG{OJPsgjqoqyw)Qs!w19e6kM{0 z)v^O4P&#Lwf0(<8t_YjxTE4-zkgn(~v&Ee)Ogg?{?x|1{r$Sr4p018bCYJeH+-b+6 z{q13US7N540!6{0(iZppWa=(+*a1i2USK$Lz8)Rs9-uUFfO42SznI4S;xKo9F^&1f zmLH&5oLGy2%dp6>c`Gq(0cSqvF^6r(i$|AkD==Hy@IujLCYUYmNz&pYe8b+xXooHh zyVETb%W?AyTxPD>@-t%6Wu}@fS0KN1$y#5_B8aEU9AawIFx0~q@~7}r)0yG()O6-j zs7%%Pq%68NH=X$(&18Bw5Ay%plbM}QVyaDWIEi^YYEL%7;Up$^d#X)vIEl%*GiT+D@f)$c&JTqIEmQ{pE214hm)8pZ`qTW-{MVCo8WK~^9>Mc6I}4iIJbFV5{xGa zeTJMT><=Mo6C6%razlY^g2PEnC6UVkIEg6|b0;w$p~&1xOrBrLpTwje=2TlD$!G9s zUxbI+1jnO_K0^*H-bm(k5bo!pMV}!@7dMdkFvmkr36oFzMKVt&^DSZWY2$Vy9G1f4 zFr37M0;e{?;UuQY_48;DoW$e~P_)t45|2-tgDtfQj=RvZd(j37WJ}w-2wX+Dr@-3@ z_Y?Ry;VgkXC2Jopkd0s;FOaoopDK{^toFGAdFIsqlR%y{wXYV)^QHDJ0-1gLK7oA+ zAH_qu)Y|~krQA($IElFwKM=AB&OM14##}<~BxbntNzCvu=sfO8%y8$EnBo7ilbH7- zyZMut8$tbdpTv9|GV>=fc`oyR@+9V)NH2d9GgN?9HE|M?#gqf{ z2zU}xFsGrjCo#=#=-T_>9mXcOG5F`6#3bw2PGXWTad`St^4F^QmjLHZV#={h&aCnz zCW-&dNlboC)FwEb#N3b~SJY=WZ*`Us6pa7>wBHlf{3a5#y15_qx+4kt0a!1yjPn0peF-tI|E zV%Y?j+f3)zI&Xq=Phy&PKnjmtN?Q4onAj%&FHd4h7*62+tCN^&=NL|6@`7F2Ip&_k z4FBRJW(@+^4AuE0X3|VVf)_CAD2y!48AmTPdac?IF9v%-v zCpE{@jKmeAg;Zw9(eCmkDV}Ll8gG3q950PURM}s~b4ni-bps^6D z_ZC6pA*faaRbgHW>xBDpREW0&7@e0W!sFmKLqUqmw5~V_U5eUn*fxdmAuRxdVC!9HHc{X zt2*)2X6vL#Qu6efivUX?=Qy|`NzSv=R`6~HeLb93>W*%c7~N|3M)2X%j(G-8HNad1)9OU4z zMt`upTrP+Cj~03dc%2*m`KQr`%jGct@jGHJix-@hW+?9lv`E3}3WMf}4K98f>cob3 z0fqm*_)M^T#&h)0ee01)Ke5-YKxciqh=KxKNuyDazk~1@Pm^^RSuhGhmU~8n9_|?p zc0u=yhT!ZO4Pu|M1y4W6cdk(oiJCp5K^$Tp4nu%2GvL>}JdXjRAgl>>c>#u^YvAu1 z1z}jtH41VK2n=&LfDu7=0f-<=^S+K|3PvKV2=8X}v0$`l7hss~|8$?I9BRw2!7lIj0f&A@Em9#6A=)^ix(Mhp3^S zl|&h$;vzoVN0Bl_4dI-|6_hFGG(tG1K|c&pmr4qJ+ArauhNxWU#cwg0pOPs<)Nh2z zr>!GpHAFRma9#yZ8+-k-L)1!P@@Y5Wq3$pUmjbB%?VUj^2CQP%rrq4Zz- z+5a^$7Gi!MWKUPdLd+k8P{u;cAB9lHLd>6pP{u;cpM_B8G)zoXQ-V6DVPew+DRoZ6 z#HI;S>YRp&O%tTlISmt=CP=As8YVVPkW%L~Ol+F?5!qEkR1=#fJowpHLsS!+CYXJ7 zPQ%2e2~z5uhKWrRH-l2=G)!!o;F~%^jD?ukG_gCVkzy>w#HNWLWU3*miA@u{jzSGl zO>COjfRO5(hKWrR&7jmd4HKItNU3ugCYB;dsdE}8HcgOH=QK=gns^hGI;UY`(**OW z&S{v~G*OQ9vO`qUH5Oua1Xye_7GkcJD$vAOh`B~;Kp6`$uNG1KE$3Mbb?=EZJIf%= zPA=P9xIJBN=OL4#MH53*5;8=!PEWJyWr%96P?$qh>kNfCM71+A znhLd{!(WKN7^0rVINT{=7iY+lA*x*_;pCi#T`qiy^DF{Lu3I(#gTOLG<>Eg*AW;==DBHXaSV;5`a#8KQ<>3JKmuIWLD#A)iCk&@18d88!4bL?Ku53}Yb_K_8)E zEQBfZ%Omp4?Db2LaObF0YQ3TSBw|LKp}XF;%Nl18A`^& z$+;po={NW@U0!J4fYF~b?T;Xw$52e&iK65M&PddW$LRpaa8|+B>)e2H`<#Qp_d5{w&2|I@&uIbbRTh6P%wsRqTBhLN^8FlW&Gv*lZEp!%wA9ub4PB>%0 zPdaab<2d^xR*_cp16Zf&POm@+!$0e0P)^?vF}7wR2hIQ?+N>)WX|NE>tk~%wh6=GU zWiZZ8LKu4LL`K?0s9kmSs%IcgTBud?o&+&PsZ@W+_ddZK6w9d1d=2?)O$7p9F&Cpj zq=JPUnrPO6h>;4#>0wysAWAA6mp9A$5(%eFAre*q>830pQr342W(!ebjVBQiqQZKf zaiT)hSRwkv0?c1Sdf|*&*ft_Wqjfxk#U)s?wVXLf2+_;>h;fpEI>hOho;F8IIsU20 z=O8V_OnJlEq84CSgB%6Ym4WWyS?5Avy1I~EL9;%GjC4(yz1PspLm+-orf=XV6JGbh z3wH?6OS6Wc9y01}Fsyd^>?A$`YX{s?AaREYklCWOz0%bM(A&CcxFz3Kz%2R1J})8-~ws9>U#TU78b@u#7>nI@f_5hr{PLW%4sd;TkZ91 zeZ!A?o)>F+TY?dEjOTtvAaz&r@EApwfR}))IOym(*qmO-CiZ&PBVwhjRgaMG$Rvaq z4_CSaIq*V{DlPvKyNn42x?noMS4gFFH9#4?ZUbl}co<+H!7~6O2z~}Q9>psy|0*kI zXBX@VFrHzi0!$%T;(GnT^}5{kx*1>|!@LC`iGBgF2poL*_=AvH%j&D~vs|sn{0jWn z+ZQ3}GC2%UQ%Rp?DBF>6#d3dgO?TBQM&+smLf6F^{3Ce3!zwrkQY3$e0i4XVj{^8T z!DX)3{aJua@IA|%#Y{vc6I3?OmP~w+%S2Q%QPT`V)o_)Y(VuW7HT^FFeLh?{wot^S zDeeMw2VCiM5G46{4d4^D5i|kZ0)XWC>R0hIMps;FRy~1tl+Kx8R^L&lX>=uv zvAO&q{A|#bVhj3m^ddTAp~tL#0te0LjH?TxRS9tEVuu#xw#AoXTYLl^j;{1FZ`Drt zk*6zr%dS2iF94mf%wtv!L`1sG@pjc;kRQ6tiB1*2Np$IlORHQ93#AYGt9C|3(4`-< zq^O2=(q@QK+PjIL_)5GC(Qgcmy5{D!|0lF}R5G>nHTd@{TDo^GhFk^b7SkIysxgqR zGP z(aIkcCZG0S$P}&oHDU5;zfYzt9PJP$pZ527sD&eF<)hK^vTy{gT;(mRmB;YXtA!(I z%AoF+9*lHvahxKJB4+D6M>?F!{8{3uH^%2MFZw z#-1baDZ(QJzD4*ufnO7zE|862pC^#DXJ00eJH_p51wK!Bo4}6<9}xHx;o|~jy5M<% zWAL=!#6!9iH^fVqau<%EmDAj#EF8I7xhxz(E8l=3E9(i+%1J2e3DC+(DC-H(%1J2e z3DC+(bag8FS*IX;BHQ7eB7GV@yb z4p4cm{5nYa-`C2YgOq=!m4Acu@>;oCID%HrV#~r2v~ps#a0IQKHJ}!bI%(w{VEPQU zwlq7-Ak9uL+grGPyjQ~grB+UloK`Nxa3n~roP?{DGhtUN7o63~1%JwJr?hfRHDC%8 z5uugOWc&j_Ln|li*R*o-CC)VflD}5Xe-Us_E2l?JD<|=v(aQNXQ42@V%J~tJg(GO? zAHxHpvRXNpkwhyWgCMR}E_fS4K`TFi{H#_!A6S!xA#x?pSU92x`Us7MBc{wRo6zpU z5w!9P!IOm}Xyv8A_%1P+tCiE+)yj#@9tg1!AS<`Cvdo?Twag3OnGf7BS!EeJ|G8IJ zlx6JvXSm=}Jh1bB4e=Z_D0co!7%I!y`7dFXG0a*CBg%3itS8VTL=PSVm<2Uh7LITX zfF8=^0FD8Wpt9UTWtpKwS;jE{dL)%Ln(P(W!uZrilYK+PTA12sa)1zRVQQnv!9pwx zQyWbV6=I`9Z8W))5Qgqh8%^#a6tq$4;vYkrR8y-~bQLvRzj)-qcVNr0OcD{MlO#GD{@MS47rcYkbD(m z*e5xT#mM$3ssCNNd$gV5)VbQDr0VB@K8QTo=C{b=lI9A~%i&54rnRV$yqiGZ0GD|a znH`RSbLKmMaRh}Z6EmI}4{!iE^8w}pXhj$A0|}G7%>25)8ybJw^mZHSS(()IqzVqb z9);WuaAi`|NunHl1NsZ{ zOv$&fYzhWucm9M_UIeLaXDSCKpJOUFg84QAz5!RU354AXuQ*)A-5~k_G{aRgO4Vj? zP5?C@uIe=q?*Y6?;zJNlZ;xifWj;U}OOa%z7?sZJ^)h_{E+II=1uFq0%<3!$o-d*X zu4bsQ5O6EObO1I@=0pH`RgXb%wn&XWzToItHTuMYV^Fl({%rfc(nqKOs7M-M=yeM^8n;Es^7qBQ!~~&dv?R2bI54wiF$01 z_9z>;0X5MeZ&2B2)=D?|cvVQ9HOf>&h16EJIoLH{DQvBND+LFom33xW2@5vmg#}yk z!oo^eH+GG%2vdT?a!&)cBNrgoa5P=m?4Id{`N3wI0HlK%z-D&`X3Ft3eT(GjjB^Zc zv%9%6eV5tfZmu-2xw6UKTxno)WwWbA!y;m{dkj3Y!r$BznW8Hk9c{XE1gsdq84v2o zW>+6iPB5E2C!#;W6^@BCIS5Qw{HSg5#gfF8FD|4fd?9|Vwr0(EV2ZE}>Z{REKD;M0DdOwqNu z%nFN+WPU`Z=-OOx^%=74`V*O=Yjf$ZqihF`#ow1*JX6WAT75^ zQ_Kp6--a}7(tHv=(6zaO>oa5>cQz&Zyy(N&r1=mfas?clG?hf^+SsHi5_6k0MSah0 z(&V~Pev>Bsplfqs*k{P{@S}ig1)NL7K0_9YUn5g=Z7vpPmyCH6hSIgUZ0s{+@z{s# zC|x@S9(%ch-=-Sw%sd7zS8=Eu>@T#DV>LebYavg@!wYl!>Gi3F7o%Crmq9}5+PE%*ME<%AQu*sLNae4~AfxgMV1 zq`3hh^VelGgUVl*K`MV;2C4jY8Kl$-IIqjduYmKq4CYge;da)wxk-~AxlNiv3}=GSwMn>} zG?}pI+PE%5aCVcXV0J!i(qw+j{m{!#LqzD>Con#BZCsZ@mb*!l;oR#o$d@<|0!aR# zYp(^)ZPKJi?z#*TqHE*2jNA%1uFIGOk+K4g>oOJ+AHy`t3i&n3ZPMgN$lat#V|WOb z-K0s)TQ+IV1Y2}%T$dqu8|AzlK8pP8Ce2eARdi``CC|{cDS|#iL)T`?{IUt{>e|?( zc{6yTYh#mUe_;HmFqpeZliuzoO=8itUj@j@4ao|4w0B?xRaUNmN3$#7VXlBjvn$|X zu7F3gE8t4 zAl@4z|8a0dn-Jt96Jxih0lp>(XkKg}LoA=cmP9{ z-mkvPk=p_`t4`SF5R&+IhNKKtfc{4@3-TISzFu4a*;q+4RDb32u%*9H8K3hi5 zw?Wog%KH{E_Jh7y6oNcP(uyNzLf&MNr;i1vMB+`3^F7s4H&f=G;;ZFSYiDZrh);=| z+R;pHyrlL5Qu+&1OCv@HQ)>iZB&~SbS&-LVrS>pWlX%@FwNfr>_LK_HQtwcFwN%^Y zAE417vfge&SefLny807vSZ#+gU~QaU-yqR1nD9r4kx^~HHzoB2!=y#nxjA91hcZb% zUG+^?m^5**WFg(pqb1>ru0ssAtd{zIAjH^``BpGTNuF51^h5pVQ|vaSd%S~+{yc(nT|l0Cj76+454>{ZcgF}$=v z%+X};o6HeCpF?h*hAX-RzLJk?0VE&K0Z2ZI76Ki?9MyH!lj_|y%;=#-_3i;S=Llc@ zerS8T=ut)WL42<0VzZt44dBtm<~#NGB{hvMx!7Ch9(XIlfw%gD5P&ZBuvzy6{?ox& zwpkazZw_4%?trX23S2s4bAhQnk8)rQ_XRxFl4frtNcF1%ABGHnEAN5&6)^T%1+_41 zg3BmS`;z~oGjQ&{WDaMtM&#Xn$y}s!_a*N_Z?!MEpzFS5HUxgh;eB@cI{xdr|9B-> zKI0*J=spfU{lxBSCdKCVAAcZ0?<33As>pJ+DtfqDRWtEyG&L?I6g-4@s9>M*IDGw$ z`2M+Cl|;>IRm84V)dHN;s!m1(SF73sIHy&e1_C2?4nj<3{z3qYIj2@du1${8s#XK} z3_k4}$P}&WPGRzCuP0NqswaiXr~Lw%qE&4bCZG1lc;vLIfoNz~t5SK(YE{@go!6?~ z!|)(?^lc4%pjCY(68W@SAS9<%T|$Xjtx8GEYE>dJr&ZCYPX6fIA(SaAn7o9Le$c8$ zL6Xnl)4m)JrBz)gOg`<~$P}&W0b%lKKSrjkU_K{IKJC}ZloiYmg~_M=IUYH!sumr{ z)v8pkvs%?F@IV{=DDn8Tv3DiAg4rL)XYgt7ERZd2?=J9a!o3ClnQ*$m&4lv>zDIbB zKsJKS?D-7Vo_)5!n+Y!xxRG#;z?TVc61a`xgt%^imt0I-xsz~LvDpGl^id0^!B9+&wNaeMv zO~`Iut9k-dUaMmE^I8?DyjFD?sJvFy0xGXnO#qeGs%ShtuT^aYmDj4)A!J^w>I*8b zRgubTRiyG-6{);d^$e)|C4|gpUaNW^>HUgU#bUc!6>(0hVh!Z9DvF|3bq<(5gRL#i z&N4`|lgsuN?$<8&ms%A)a$1!T!+DbhP@2D!_cZG z;-9Nkk>zSt4CiW9y=Ry7%7WM46~s`hByt5v-M4+P6?6}?@pirC~&=&b-*x!5+l3phnR^%w?=4)r?h zm^}stZkUv>h3zld?xZ_ZobSc8&jzj)l%K|CxIFvBdgmAJ>!YpH$wGu`a zNO{L0J(MPdlXbU3s(Z4I9%_LUcN~)70_m9uU^A3^vW_09+G-SNh{fOM4&AF=ivN21 zUr-V0nRpxZA*Hnl<;CavM-16Ag&5}OLmC(pCWA6%LiSOlSuEF+wG^`0UeCO(eywEW zp^G$qSeTsMAY&L@>5m6N#!fPoa2e=7!qLo7t7KHiwvulcYCJ`^g&so8G2peql{E;j zh|+wX)Q4VeRrz-0c{B!N^WJGl4$YTefMH))>^|WJL7PDy?y98gm+&hl>ryX=%pxY(O_QPFMKz8sHV_A>{WV zKBHK|*Fh06&df-7TBSA4Di(}znsIhoV*_`(V98Loc*_M##swLAdks&p0)f|*lJeA2 z__bv#m=G<|8h2Nc?=!|wlk&8*RW3F#eZ8y>1XDIJeSK1_J!J#aH_+MyLfOFd4Y6MXp=@CKhDJUFp=@CKTCE#F zC>xl*HtTK>$_A!yR}rmjVERUhXk`P_H#Xu&ev}PN-=48b5XuIoZ(?D05XuIo?||gK zAe0SE-xMK~4NTvGLMR)UzJ-y^NOZF1-UY>i2bO^q2=oiAWJ!4lB9OhBHONB{f&A61 z2g5JKP;zoR*y;L`V5d8DgV{TD?Fxi`S>76D2t$lHgt1pc<0^u@FuG>VLKCesG|vGj&Uco1w(LikuNRAi#n_dMH#Vou(tqIlzxF2Z5CO$sG}B? z8RJDA7B1=_6^(s_{NT8

C2X>acK82mMkpUetkmf`lrG@uCh37j@9DBF2k4EL_w< zswT#ZIzY*b+7RPK9TqO?pkH%rGvnc+4raPnj2CrSxTu3vzZi`;;qD=IQAdmyb>QwH zp;}_Rr~`Ko3Dp|of;a9SlFA+tJEIyDF6!tFDWhY&r~@|<2{ksxi#l)E=wV?XR;U(L>w>)+YWnv+Qjo%XEx6H;u%$J~A zV=+=VipUSth}c(@>0TKX>p_`Vh-re%QL)vOf}@B-L5+@`!gx4}$Pdog*sG*)6p_7n zQtTe)6GstAO^&T6g`+ycldcX*L#O zc#F{jEk2f6bL}_V9RU_w>^Ix1r3$p*LCoM9sR3ob+0Nfv&NTp^F#^>Y=7*hSkZ%gP zY;WOCaJltbVkCqm-=;(?#Ly%8I%@+*5rr5|0xAOuit zLsZ>c9_BLX-3aVx{+k$w3o+5+3|Ywq2p7XK@)tq)47Rit1go&d7TiGG$DE7gEzaB& z4pf*kH-$q5i}(_BSt%g23lliG5&_~kwMdWTc_eUZkwj56@q+hYfYkorCSD2&rW%lV zIeZ-XR09&PgwFuR3Ip;^t_Y84VSe7|BeY)&-wyf`mv&7SC!P!34xX4SPHYJd1;#Hd zgIW8cK#6zC=xv>a(k9*&oL2VL%X{j*Fs99@VSh#q`!j0TpHaj9j2iZ5)UZFJhW!~e z>@SvKfALDxWkInF`-{5_`;$CGn8dzFsn21^ileR&FIjmB26PX3$=_;vv)j}j#kal` zHgq4VAj0UbOm^Ko)blA68ruQOiX>K>A_Ha1TPfrKMVjS1SApCl@1JMo(j^u5pv?Ni z@&P*pqrUNQ6)8%1IK#G14MO$7Rg56-5&5j23i<@N%8{D>sKs1t2K5MB)o8ptn&rh{ z6c5h8>W>FGZCgDb9?8M5F9=sX6~st@5pXpYLM~ynn%+QX1Jw)#;A>bj9^guXqXBLq zxCY>Uf_nj;Ab1(zIs8b~Yy)_aoNoZ$A@JK?Z97541w#QO@O&4X1t4iX1@Hp`qr-C$ zQF1y4ued^ol|LSpznq0>pN5}PR{rf(ZsnV-m)m>0m4BVY+AUl8s&?;`+MS8Q?gv*P zo1X5Hn!E<|6|98gk%E-(Yyc_WjQ~#}wVHbXSO~4;4a#0CIf{bWDmh{p=4fq=o1;I$ zLtoq1&C$cVlWb))5 zRd`UiQMjrG)Xh1_q0R?>;x+vm?^VcW^$>XUM~J>~HJ8IPfZ@MZa~zOV^$h^h z7w!c}z^~>J0O>CtRD<+|+7noyrM`+Fv^u%{CRHkQ;fg zeoLoitDsI^w`Ec)t>WtaAaR+zXETw>-Qen)_av`@@19ov$v6mo!5aZrvp+H~B|ZwmZe0^XR>`d?1egXnTJ1Pi^*G;VuU9L^XH##tFgRo5jBCoq zQoU$`)Zlffi}T^iFPet16QtU6)i_bAaa0SeL&H^liotO&WJc$s18M2=?P2I#)x0YC zS%i2RuG$0QU4XYqe2XaG0sI}V-i_A4+n^KprrU5eS3=l)*1#PAiwW)rke6Gl`5L8I zPM+rTYAXp+0GAQ;1(4uvE@z6%Il=`e0Z8=w0VMjX022K}m$MDvItr}vXWPHc1=C%y z#08fDNTRm_h~yUmq}ktcfsX9kD0fXI04u-doovap+70Z9eS8ZIv=%xn_E#fd+0Qe` z?amQ0e!5C!(x=bP>g_O8%k<0k_etty>6cRPf~xC*YXzj;3Q(_fu@vJx6yZ!b^${rP`VlB`KLVhIM6DRkBzda(Ck41VZRNBMiXyM)u&CEVNHIh&f{?=`s`3Iv?>gC6O14%(2; zI#Kuab|=MfeR*&9{A%h!fA1v_NmsBg*2}&7$->=Fy|08SNmqP|)%)*w1?Wl^nY}!i z|Dm&<(!IS7Lt1p!QpDIDWuhxB_xFA;rD=3!yLx-S=Eu=qxYT-oufy_6*O5km&W?flsQ>vokn;&wdCQ@Qgy3pyxJlLY}L^33~=Yj_EmoMe?jb zc-!*`;zm3JAT#ReiI6eRZoq|}?+`ccIT^8F2?k-3p2djkcq-sqR1j8L!gI>S1 z@-+*Y{e^k2zmV0{yw}TM;cPXhAKle-mi5=Id{MbX`=aD$r}=vR;+!z2!o1gFpo06? z>FqZH#sUV@eVqCW5__+QzsFxV8CcEL8~p+|f{?j-V?fXZR&({ZHI)RW0gdJOZ!(mu z*?3cN>QS<0<4q?x^CW9F-b{jXX|jCpd%1|^2pC6!6Z`-VYYrX-c+;dYbuBUrMe(n) zKL zb)juw@A#X*Ff{NXN*&n8vpa&R3vB}jM7alN5=UKV8<-uQg<$GJ+rS+0Q5V_<=05R+b{D&m~<3S!cWR85?dUZ9Fe zHN-jT6~v?$spdE*y@HtZVy1h=Iq4O|q!+1vaZY*#G3muN7!>EER}hn4q*~&f^a^6q zi&Sfz`X;WvlFA+t=cHEMiX8_3}@9~-i$iVkK=RS51?z!j(u=0L=pmC{ zG}T2S&3n3*17tYqg?qXL^J9&Bx-KC9TjE#3R|0DmPw0~?!f{U*KX3FA8uxVZRKe{o z?XG>}o~~!XleKT$)3pyU-a7`1aMBC+bkRG)NiW>fMVvjYE3;BOt;<43FsjrF=PG@%1^@N-Hq4ooU}RXYm!>d|;Ba3w)^2)?ag#gY z8W6ZLhTDu-Iv;N!dwM@T7y`3=93K4sz@$xD&w{4OclA#N_}Nz*Q{*0gbNu zBM3Sd!+`4V0NM!(9i<9XHvn*uTfGOsLj;EcJVUSyU<<(o0PhoYxZs8?0IvliKd0vy zSN41WiFYo*PxM*?5W@GZdPCMrtNDV%<%DkO%aF%f)Jj6{!CFx|j-x)Nb<0~3%F#3Y zMyQzpNAE^Lt1m5w*R~+zY>j)h7OCP}L-?}1Ptn_|S*Kf33va-6ThvJ2F!C@Z$np7S z7NdR#&oAK`_ntUb)3?hfygPPMRl_x{osLM`9j3P!^x<%gV`d)*UKM$Ffxe01WGuhE zJ9&DmNBfpM{sQVdz==e*yh4T#vD{4@0=V?9$!a(9z&}KFgY3FTdno&w{Of zt!XmG!TJU%_9+N)B3zTq?`?=P=62A}Gv=-{5$++IuP8cbuW9&J?p^3rdzN1>x(IW4 zy_bX6`&d2};8EdvSDp*1eYi)v6t4185Vr%YgVVG=tMI$L9&&UlQTksKhoXGt_k#H< z{GWp>Uk9Rm7wngX>&sA8kAPFKa{sEo%KyogZ{Yt7`0fQ)`7wxR0Ujpt6^Pam9<3K# zKOIf75gm^okRC{;vH*-V@acf7q;7u~z#VW}_0z}_ue)h(Lj<skI`8W(;tMsE?$G) z{L7D#>n$In04(&|kEj4PeRbIF9=!pidkh9(_s|B{vRWosI^S~D z6DHJhcro-VbV_}K>J?H06QoxR!)~>`q%KrH*h`vT+i3>n>=t8#=zKqi)|Qe{Pgz6Q zvb)I-`VbMd+fX*cP^rY-c4HiEr@PqO`Y8c?y_A4{J#zy3NhBqp-!6Fp{U%U=>Q!o5 zCfj9NLisMEFp?R_eAcM`%7Lm%rY4`ynojww>6FhJmCrVJMl&(hKYS^)N4nq+-QVWU z3nte4hr2VHxKcRMc15c?|L;upwz+eai3j~{T;QTB8s}?s=QCjgp^YmtbVcKRZSGWM zdXd@YPC{mO^|qDH!0#hm;gPBe9iLbW#-~-%Ac1Zl|L_Y z0jT_W8NQME^D=Fq^5Wu z%Ac2EKJ({g{(V&xUiW`r6@?#V&KU;ZDLcuJf1EQ6zAM4FDcu*C&mxgeU#N^Ww&NEgg-!S7sfp$pcz;0YJJ>w=$LkVE~bAZ)P9QEy?nw$Sujrt0Ok0{x7!Q%U0Ov)_CTLgwu^KL{#+s}iaFtxBZwwUQtQvWa8 zZ>A`oe(r#fU)pbGvy*!<{LDuIX^dG$1f5Smb4ivS|2_7bnV;WcznS6OTa^yuXs*8w z`}J=ATD5;+zgdot;Z~*55aY?-s&oJ`7h!R$(qY6{*x;>7|H6K=XDzA+w<`Vb*l%V{ zcedY58mFIg_M1t&E5QE+`^~k8zR~}yqdBe!OP%v|75mLh>(}i!OPw!;H|#fe;NP#= zZ6h1 z;s?fw)n=jiR3Qw9n}y=j!YqQ?EEGS;W^<^`Lh+eGsLew0SrSKW7K+af^EFeOh2nF> zM{O30&yDh`C7zI5fd4*&xt0@h@p&F{)b1_Voa%{jp=)!BWmLPjU~`HDPg?sCz-FkT zNlEN4nvWHmC|6gL?xDIU_ZKCxzer+4xxWaMI#d_s{-PxI7qL~$DEAj7vA>8^G|K%& z$!bL3W76_aX+a(_`0 z`-@05N4dW!iTy>)bgwA)7bUU3h*ZBQ_ZKDILv>N^FG{+H>Z06Vlync(MY+EyiTy=v zpApeBFd3M{{-PrwWptGLi;~!1L~3l5`-_s;Uqp(B>ez98#`mc26!#Y;vA<{tYEsUu zXAjk+d(@%7E|-H1OUu02YzVS_wTaypa*k$sbx(9M4DmCv;dps}MH(5|aJ+n!A_JM% zIfc7?@~23#V5M1%qcEpgl(HI{z$I|Xe(>p1h)+Pj0;kS)uZU5`^gTV=WVjMpWjI3` z^A^yn;YzQ8pu@{CiGM7bMgL=B9O$ymc$AOB$|hXdCJ++<#*nxh#3=wL!j&^h#cSXc ztejNAopd-kQ1PYwpHj(HxO)-mMz~57M8$YqJ_A>o0OF(&kcU)c_Z?xnQgd zE&<>QXw^*sTmr3n#^t=`g0c#)b~(NJ14x+N07UX67ff@(AubqO>D8`htb+jVBsdXZ zBLLuLwAr)deGKp#!G1_h0Bh_ca+X387q6?%1>nMU)mi|H;46R(K@cLD5%ibE=sndp zvpr|aw@t4_UDU{e)a)K?s~YJFvs(pAKbSp{xb~uHh%{H)xVB*;acToZ)*g;NtIw?w zEW0J<_9d@KbS?iLU8>nXvr9GmkIPnb ziPTL{s_y~Fx)rWLjxGg@m^!LY)o`$yWEBpKhv2GOkSqBhjB~+!fUzuKJAl;TO#o8B zyIru}1zQ2Q99i`Zz$}6Y>X|z;s%in`TQM9!z7>t`a#oS!Yjk(NrY~Sc^w$EJYZ**rv z(m&XZPvYl@E_0i|$vr-h#PNYf*9Kk55x%Auu~12uJVOsPxyJ#LI1bP_0p|kftnw}!;`hn z0k-BjJAEU)J6X^0{9YN|;P!aW1sQsCBIY>;(|zmllkF##i5R2PM2zKww$z82l6CySD*|qQr?9a&2;y8M+66d-p7W^Ag8vl>N%0y~8=<-i3$>bHaGq`%xkem1!m69|Ct$VhM%(l$AINsfIfn_YP~i%|r0Y3|$!4 zTc7X87+lQIg<*z{ewc`vB`NS}{}~TuhVBtz@@a1-Q_Rr4Doj4@_sD!0$@{kplTZ6Q zGEXMciwBNw;AuzjP-f`N(f~Koi5WVxJe%w1(NJbZ=xcbOjWYP>Gx)Tzvnp$b4qrPk z`Lw49WJ}v~1yUolj}-Va;fVsb5v~v@rz*}D$VRX)7s%SPuM>!6Y|Xx1;8wy11%5^N zguoD<_6q`;eS51w&duAO;2~YghsKvKKI6fNL87k zv#_kjUof?-h8;OF^`a(XtS%EV7WT$>ATMfJ&FV4{V|AH`v9LFO8)T}97z=yje*~qL z)nHyEavP+mi5Qpy2|fu*O~k+yh)`-G2BtuSQWG&S1tOH1h=K8sPR6}q{6liBCSok? zjrX9pXD4DTcW=Da5n!=pZ@jfyszB|Hx7J7vsJ-!4-loKj2#ss)(Av`MEQ2&VxomIY z#*xxLOvG52h@po}#8}uHFT`*Z)WY6)5@LqVK0VE<7c+GB3Wd2h-abR&PtoHd%BBSN z)MIZYBEk&a;f&9{@sZ*TSz?ARQYHgznTUy$3t!^gh5(YkR^0atEN1AU*fUQLF+&%{ zo_P{75fke)5fkfV$0wGZi1`FRIB8lKoT2YtF>k=Dppq>k^SkI_x94FoS8yFg^N+gy~?8 z6bZ*e&rgYjK607u9T;xj2AAqDq3bB-SqOaESA~%+czQd%92#rV z>q`F)4vYEiN|KF=G#t)a>2(7Y8E_=`b-SrbFjbw@O;cplkv!KO$-ES-OgNI=y3-Vy zawMm9=P9xzJs7*p^#*e)3jHWDy^$IJ3$i8|_hmC)RO^BU_b<@tKK?5zeU2G)c|8m~!>;etUbgec_5_ z7oa67-Ep9gB2TuJS~kwi*b5BjoZ+qNj!6r;qNKNq z2chY37`ocsI!N`Ws^%O_fxx8>@K?Dy6^=Y>^HB;z`~01pcCiR`&JB56(RKDhvIoNa z*>7Fi{jX>jS@YGurcrbt`Cn)hE5MSaU1${a{-;a3ztku`Mc__LyVNMilBHc}6dQzD9%GzSEJyYlhY`E^=e+W{r}L?E;NeK zXn9woPQ%||7%OT)F^UGyVNLz7>)#~QIK#o z3MTAo6oRuFh2YK_1(#{LUJH$4CgUFf8X5&zzot=;|Ie3psZnsvH>XjM_)QwcF|4%C zOS{k__z@Dr*3cq2$cLz`7NM4Qp+$^A5Lb&3yp3`?UCj$Ef>VWB{%T&nV83-~7h1%H z%tRff{^QlW&?4w98}*^uJg~AcAd^kyG6=gVtN+G{2p2UaEG9Jdlg2h8Bq*9rR>@MeLR{D zSB!I4p6>L8c3G0$&)E~7mjUqX16SGrzls_R==lJK$`Om;f7uW`_CbhAaOF+#98KSH z4QLWjc?MtxS!!*uqN}|lcvSYp_ktFXn4VVE$zD+P9eA1P3KkdG)yu1J6cNr@ulu!q zu~KGeKfZ^jKIKZh%ipfT@5yB_IgaG&A!xxX7;a~cW7k5iVOK!T%SBi+$6!~?ZhNyg zx+r_uUenkUGQ3gaI{wproLTowXK;0l##`W@hcOr;&l0AX=k{i8;;6f03>w?Ubp99w zpl+mjPDzg-rY#T8^5P4Dv8lnBj{nNIt?^Z0I)sXGTjOg#bE*ZY*c;!=tryC;t?`2p z%DAnOy$>VEiAduo@lnQYjh}@`gnAsFDzkbl?IV@v8{YNQZ%8 z14Gt?hEpPj4Wt@EG}2*U*g&c|)IpgTHe7}ny+Sx*r5TuryaH6e(7mKE5y|Wi3SC2) zn203R65^>D0~3*JK(&Twq{F~O%Ys zrcklE>OQg*Awwm4Yy{JsgH9c)%m(Anaj081*fIud%m$0n=X~X3^u?DX+~}~$jJgis zo=Mur@f*Lxvv4XNXTeFCHKSoQ0t|>OgMjGO4E*Q9L*N@-bp`MPQHD%TK^VV5d3LD} zH*#st&R2nO?m`&dc@eP+oc;0L@i>Lx7>;)h8qn#7Fg~XVPruUy-+*%to-~Vk9a}SI&C;w7ES2tp*)ufjLm`Y{4T@-eBt#(i8cJb(EQA@{{Yns@SWSo@4aP`p z6Q7#kgN*Yx@o5My>Hx7_ePDvMSAp0eL~C$4v;4Wl84)~(alQ~@bZ}uih_8eg8+?R5 zUt6t6XMAt~bMUPYQ-W*h^SuO{7o5Z#{2)FHg8MU_pM*FzG=b7IUBWF7-9bv%t-T>{ zMd&=r^C;@v(8tV?SB1Pd^fmpwx?Jbb9{P;&e7cWy)Da4y?k&GAWxO(UCX)*)>h91e zh72j{snFS^Ohs)CJ888z-dL6=;>1# zIHSl4J$)(bxLA=jdb)_|mMF48Pgiz;ELCK)o<10Fj#Z|}UV8fP3|y|retLQXYqv^~ zgY@)A^sQE8i=LjzbZZpZs;38&tX1R)J^cma)+utdo_>L3y&}iz=?;o&P~><$eHzJb zikzgUMNURSEPj(Br|9XQ7`R!H)AjUIip;PkXX)t^SfXaVj^sQ&{XFZcSszGp zfu1g7Cj07XTJ~9}r?0FOvWny)J^ecd?x!Rli<+dU0gC*cj_mv@ywX=srTSX<2n4i5xHZe;<77C4lU8H276X=m;2S75yYZ@=*tqhCF(l9f)l>SAp+!Iy(5lJcyB<8}JM`Q<1Nr zvp=38rw9cIJBJ{=>GWb@oMlMfc4osj;#>pyQRf=?#+(I^T<8?z8F!wB%!G3raMHOL zPsce7af_UTk%yEs9TL(`H@qturvT4lCjj3PryWHubuPrS%*lXX?%WH>70zRjR_S~Q zT;+U)kky*!O%zy~Vk?R%^*LViYzB@v2xhee3h5E~Jz`qJvP6tNJ1L_0RpcsLS+4|q zpJPnz9D>4YP74yyofRlpfpZb#LPNj1^VpVC8KSQ*I zNnl=G8X1TpTY8olf#j?}FgZ+v&(W-zpdw6moB<{n^g^xH0Y^-h#tfFy!{~v8A}2^^ z^o%B>J3GVDNG&25&BQ0GVZdX^MPzwIhW3vVpX!{0FkZuW1fjeE&ja#LE~@lKJ@2Cu zy(!N~m|sQK4QX4^Y(wGbCF)_<*-Zd}j!=F|A|on#gt%y>VCQ?1I)z$P?+m|XG! zyylFi#`(6R@$8W6++HW$E-qPom^O7=PRG zf6)`T`ER)RIo`Ya_MEb`F%Y4JpM0z6K?(*7k`ES{CD0L zu-M5rj7*ey2c9m+{Cvaoaz>V8a=u{}%H>WRsqqan$QmnlpvpH*S372X1=OJATlRYA z&PwuaQ|EfExO+_{`Hq>s70s-;do8a!U)s#`8(4DoRur?L;X)qn;{SGLpz_G*5EZ+2**(w#Q>&N-tiUu zjZN#PF<QS=0KgX?@nThW+_EFs(la2SYMPO>1W~B_G=hTXo?$A9&Lmr)bV8Olufv^U^wP zu-dy!CB^?meCNNw?5h4ft?dQr^u-@X$whdy7XKH26gTg~#T~r)VcdM;P8`*W|4UeZ z>0y*C{T2TCE&N&b2l(@Q@5Yg`_`mGWaP!b+Q+XHuFZ(KPR^DYQv+#e}KjP+haq$dq z5*UL&zQt7j9sVzC$IV~k;xBpAhnv}VW5X=|FI$Y8VO(6xn>Dz31Q+A@zjO#U=e-$! z@&-V-0T=&(;=g9STX1vPRvf8}|NOT+vb4A0>59VAUQt-uE3Bo>8Y=@!du3p0uM8~h zm4T(bGO)B)2A1~99fhU6az|lluM8~hm4T(bvaqyQ2A1~9z|vl|GO)B)wz9O7u4HjX zqi#Cpc624(StquER~J?4_4O#CvkrT@E~{T&zqEb>=5CsOg5Yq9uROvDmhp#=-ms*? zpZr37A>|8K^bO&_%9<^bHneDZBQYKIx;C8PwR(Hd&n0LVA9T2(!6)qlXm>SAI^HN9 z%xIt{o9(o(NKbsFtAG{0zyT~~qc;gV=?Oc5bFdLTorR~l8!FrD4dJfN2Br-rSM<5* zSlV|3zV^_aT{-*5ukItDIC!aepVj9?@Av+ft1-26e{dqHbR}z1e_q^L)Yg2w>S3ws ztJt;c`o5vT_OZFTsZ#%7g)_XPL#kqGFbn^NR+z|UI*4c8;bJ$q*gf%L&x{v)*0f}O zotRqST<t%5Gtf~Y=M z&|*l~K!5a>HaajL81wezzg}IxrFW#hDgC}W5e}K=Ya13hkl#(5T2xPN0hTSkuz0e> zze@}&-d?VF0tK*^)8Ld z(7|P42RJFX44zKMQ1}{7sIJ3jxjqB~M_89vrmpLH*acsb4uB$Mfl z*H+i$qss1QNBD!a=?n3~;_jS+8_bQ{DhUs;p@6w7Hj;ld34ySaf`JIaa@kM8|8ME- zO3q4nnJtmKtJ*QgFBgcSiR;X@%M~*2d6v4vviZgOJMpcLfiLI8JwycG z-|Cq~yn*PLe?Ol8^QvyU@^(}y*O^;hK9DXq+A?f{8Ed1(hB5;j_t!&V=U)| z9YApSb}-dT`=X((u#n0kkYTU1uxf##{;Ifv60r0JqR2- zCVP892n&*sqDHl&i{f@~>GcXArA(P#-`K>{O338dRHmbBwsbgaWrkcp zgYR^B*yW67=sIdNH`Hjx$JEtmc25` zA*~&zhMg?)O*sC^;lN&^;=NoD4)CrR#F{B69Gud@N=paQ95(n`IIsp2q`v&!K|5hlM<*$@?>{Z~NHz9XPzF1{EQ4e~45hL^3FkgO=DFgOZuBW#<;`#wqCf z7;P-}s2L;Sl7L+;^>u_FS@d0|{OCN#kCZVfeXT%`@cOJ3$Lh)-f-AB*`@q%cZWXWB zHsl)I$PI95U%`p|h`@=$DS!_roPcJPI&98S?S;`40f39bChh!O>?s~pQt(pexUtOh zk|r92$A%PlSu<5#9u*1gz3kr6G7Z#1VM!X8t|A$}HMKO`oUCpS=TTLJj##wLD2vw4 zShRN8zGQ0Hm-CX^xoX%R*1s-LbSywhaDw~ zrX3DVXDI&Sdy1-3PKtCg@|VpuUq<~o&UXV}4CiBBObYX3fw!RW>=YIf$e>C8q`FDG z6B4m#(^BJ%F|Bw7%#7Ten5k`$n@0tTB@WZVjv`Fk(Lvyb#2>jVMnPA6o|6D+sFAAG zbSjSDN=>C>#g7EmR0wuS0VM^l_1#+`Wp(P3ChC|zohw1>lmUL0AOZXkWmzIBbN+jo zE7EPDkV<7IqOFJQlCUEJ3d4gsI&@I4-CpiQA-0FoH(#ii(xS?}^-hVqLX|jp=B*wq zkVG(E6;EjN?CL_5z9x{g&?rN-I(p?gyA+-wLbD9`83uK|9i`UL<$iPAqMH{Rp@a?^ zbGu=?1Yr{!{Gx_h#l}#IM}XcK0jglUC9Lh1|E*y~B*}-s;6T+76nsuRY(W>}=5PYA z<<<`sYoWBF^=@fW2;S+G^6yj4V8rR-o1Bt#E8`~|78U*5;u#Rf+U*eo7tVG^R0JR@ zm3P^q+~N5vpva$^&A+zvi$ZEK;%;TeEb0rrvA%%w&I<$&W3ia+CN}M2v5L8%1{aGB zQF)$QNDZ4>1sP!#&jl7JV}P=OBD4Zs-aiA^ry991VDye>5K9&X>NC7w4)j7#g{odq z8+>0e`ZDTDW+?E&ix8tf9Oz+#5y8=c?%%W$ivESNE<`6oxoj}PS@aDi9~B82hdS}g z5;1Z*M9t|C(?i(2H!RH6X!eDb5x=9X5zMfS3UAg%odGIEVt`JTLEtd6hnP7t#!P00 z_?ZOWDuK-o$3WyMvIj7+OZ$Sz0I}6Kz^Zfczv2Q$Aoue0&VGz%&er^ro=T`s+4#l}UIF^kkZ`(j#{(@bu2o&RoL;r0Mg&`sh6rB=7hQe+w8$c>bT#0cw52~%y zD#1~*Q3$9+M|&&FhE&HUNq@aaaDeWDZxQFgYvnK;CJ;;X zZzxeZw7O3x@iFE=&8hIQG%o9uG4@7i*lhYln4>5cDwT0tfn7q@$1p*GWmsUBK`kUf zWbOBqZ@Gh2>TsC1SL#{@<9xrC>{TX5u3TD1O(JYbR3x}{7Ln-I;Ch`YA~lP$IZl)n z`LlL`A~bXPvv>wMrC3EZ(6f6{11s-IZ$Jz*pp{1DX4ADpkmll`5zhdQnn{ zHUSA5VMyVSZMY38!_V(-3qg0fq24CyyYwve1#^4K9ZgfS@zbI{EOMb0*}#IMz7QuJ z^=TQ1E!I30(do~!+o4?GEo`Gmb(UTuig$WvSpVDz8}I~f+NcPGepb$_*ZJjU&xNG{ zY@nr41pG1UB_`(Nc)^JSMDPq%-YaPUkmE5^cX*&pDOx#Cr<76AU*y|tMx6d=`GX;MMZHr~N|2*aD4bmT*TLq{SCExP8txhMQNR9z9TCrLnVIJGf>>dW zJX^la2&YInqzj8vu_i1ywe-w!Dn_K&*M{S%aVlgUSM-q&m3;TnT62q1gh;WF#@pOU z;Ijc21i_?GD#zMd)PrNiSZS|wJ8m47okBwnhh=$b6o4vmMC!{CGmddg&~Djx0qx4+ z$mTph3#d?sjd6ys+jJ`pCbmekauLbq7-m5tFV8-Amr3Pz!Nq7e$989_d~P7|M=s#*>6Z%}I#_6RmYYx&aj{C<3!^>6UVF>Lz2Fx6n`6e~@@Q;>5t=ga z?%x&Z9kMMJxZt~VMs;C%p^YG&zexEh3>LR(O?gedp;lLiXoZS8-ADQsF5z^t6Gs@Rhi5DT!6}&i~#x# zBf_NLFe+GAZWq3p(ynMbmB_aWn3s<7$`)@EbFeu&sEg5G9rlZzZ4q4BRw?t!g(RJ0 zQMeZziy;);J{_P!m~n)xt5T@(2Iqi8hLxY+4KAB(qgvQE$}<4`7G4nV-Wu^OVP!W( zMOe^NYh{`)I<4RmqLCH4T2toeMWV0Q?6e8eD06C^rV*dq(VVE^vOQkGj8VT5tq`%d z#e##i#kd&9!4)gw13R!V;b|RZENhvm5mnMgi};Gb8nLE$x3;YJK=XPpv_-FER$24f zJ9Ge4?jV=%jZ<4<=~Z@B7t#x!X%dFWGxCvAOgUO8D&dg~Sx`ubVu3+9O9elZ)nwE;Vb*sR64%VsV5JT(K2Ip^!k1PNs)@v1oU z2(#IQ-8}P%NTXPX>fwPGR(k3)#YmU(7M3{!H!N%R4}}bha5cqwtd0`Jc|5|S?Lv2> zZs~!BZzzNlgcSCKGs1lv&FJbhOOM-UPD8R^v`E8inqZgL;ky9&lynW*`phX=9q1Zs zoUVb*S@h<|&K;qG3z{X(%O1FTxr`*IQk=nIV6R#_hQ%MhVo~5KVs|a6A;d<@bwgp} zEC))gQUYjbr$qfkwiPkOrf7WR>OSH|;T*MO61^M?7QDO!|0SEbEX8;r2>c1QRqW<> zRMv#m@QJ!--gDshCdvs@?s4&|XNH zxEqK zCeE?WSt(72iP)eyc2j%n_rTvkRp(K8#RtJT`B%tmU?e7>o#C=Qpq6f~e?q zzlPTQz@m^vpJ@U_vw1SbV$h=-AwWx;bP~4-_OW}~?k^Chw2>fMd^&f_jMF*l6bTin z;-m*Hdof#Nni!U*_yNL_{58q3Wd+Lt{Q`@+ig z_E1eO2~n`X5fq&1aW7UN%H&$XF;JkV_(G%uso>EQI*lh3JSl~n9YSiO04i2$6hmEL zA?(>je*KHZMqKH|ISzrC1yDfG5JP15K;b=TQg2kgL$7fyxKkI(yKx;MmvYGw+4Y26 z?8ptByyvS>MqUmoV)XDA`!_C9rA?27xH#}p!!zsv@;Vwc6Ia$Go_OdB7ha}{&P>^D z8=jAeCw{%i8%w9X1WFB`LOGH4ymX5*Ofd{Pi3?QIMJ#sc;=K|UKy``PB^|{D|I`Nj z=`Wh*Zxx|y%X2TD>+4#S5_BY_HY;$*NiCq|!JC0nsVHzm6TcgF3fcyzb#3%rx&^LO zZfxd)Z;6U96|aC^b!yx0^|=u>TxU`nt-Lap#avP`FV2s`i%}Rh6m+tlEgZ$KXF>PU z)Gkl3ma9j6%B3(1XXA=eX^vQ(TVk!D%juRlEDH^J-=#3B67zFjV>|=%MVD^dg%psx zw$#NeT>dTR+R_4r%ZWZ;DcYxOB`!T%W!BmvsNUkFle0KDdG7O>#o4DskY?3CS}|Y@ z*-4r0#M$zS56pKimYS#*Xj@UETK{a0PvOC2eWa zP_#aNdHgbGoH_7vt)1OKEV7b&*xQQ`96tQvy#F)Y@e#$@Q`}tH9iP_Fh<79Rs1`c& zlxtVaIM%7RV1n_I>2$lemlvY+trZQ}B`b5*mb4kZ7+T9{x@5n^Cl6{LupGEQ{dAQ< zH1)Zd>X#TaVyFkMRSDL-| zG+T}{!{*?040{AFhtM&i+hj|$RN4v>WSWGr(+xy%=g}1l(3DYBUV-N1$TG#(i|$%} z{KsWOwmRe`oH&&rUBVa2%idT5# zovP@3R8a^V8zWvcQ5VZkY;$bMeP@bgnbQ3m%D8np#2l>kkKT8XaCSS zv&i2TE0V(<>(NmTY$2`sz5fm`ZPteb1|)O$b;I0%ArXV&*{&XgI9HGplV$`^V0d)5 zd~H_LfFg|h1X_qNj57Ld1AT$Vn7KdlpfF4HJphB`I@e*K)fC|ZU-1k@QFDAFbs6Xx z?5tG7qeLqz0p8A~%qQRQGbl-suM3b!ww!YW?PW`#YMiIoz>4Rgp=tfUZx^)Tk-Meow7b z>`ZD#6_MR-rGfa87lF8a+(e#5F0-J5`nO>7FkqhH6hKad`+;i z7CL(gHK#yKE7(FblJIdPx&#eggfx5A;swrKdj|Uf3I*)+Hciu4*qpstXvHv_s1?g6 zLrH^kyk82601GBPvb4;Y;_#f~K!KU;>w*KG#t#RrW*ECd&p&@OZgjrmEtQD-YO_> zcM;7j-tHn8|9a+fFD+lDAcLk|lp(GVIf`R|Fy~FK)JWvA`eZ2z1rAw`R`^3oLe}ME zx@}(QmV`>_>KlPo7s3e?4@JL~vypGxmU#zc>7+HyOjgjiyT$j!F-@{V((Y(ksUwl^ z=$3Z3M3fXA`x8CEkv|33aKp#ZzK*Ee=150WIK!9jSIGyZFu1S<+rS|L&X0m)M?DR` zF_IfXSeHaauY1Be6J2&n1=FRS3H}m|=x&SfYO;88#GJ$MQQTjIL$Nw*X)Nkc%b0go z0HI|?>UBio7VQ?PTNvBIKy`t;ICi24-o!__Om0v&dwq@b`nt#w1KNeim-tcP&6SU4 z!2|3ZsWnw(PGf)jq^Grn>_lUb?%Qk_83i~$ljSFldS!Q<2jtQgFzOo`eBNWhmjZ+- zZ4Yv*J;dK`brI6pjD4Qsi>*^2LL7@E0}neU9=b$TfyDB~C|A|R9U^S7yO`obgV37W zoQTRk&)n^J56fESGAe3m^7@hhw_M)7Hh^9bm<(BDg!*DANd(IJf#t|Hux$-QVGFKj ze=bYkj!e~;Xw#u=!z~uNI15@pfwt1jE#tkpnAO*}H}O=ONuhf<6+9-C;=^z;mb>tX zWlJsb+!LrpYlrF~B1WD>(nGj=DpDhe-K}A;#1P{-syBV5*kUA-c0CTZR8@R8K%c^s z?e?P!rNSf7jC-*=;Iwe>-?Gtn=D1h3`sk1%7Ri*8jhD?po2-WClnV31>R_$7rS!H7 zR+#xx5OFQqf4(D&u3_qK86%>Xoo+165{I4NQVUe9JKvK9COS=o?@&MXz&icdcWYT> z)UDel6_S(ND;1XUpngw^*f8bv(`Zi)j>hyfflpj84Ngx$0BF(Y-~HQ!r7((L%(m`O zA;Nk5@nEB&y6sasEPzz(>c)H)BzkE$iRF*hq9!*`g;55ycUC+UQT=8QO{`UwkN>f{ zj9-=F1Vy_l(IUD4w@?64-f7%gpkzY*s7#2V(rt0Zx8WQ&zJMxGxq%|IZIRX{x`1#! z(&KwGd?>c8FVwUdQl~@v=o1+3>(Evm0t_ygADzjddlo%$g9O7thKKk_3(=%ae(D_+ zDcYOvOcJNP!4wUtz_Jp26T`8Wf?V7eF=XZHwJ{Q2z&rRYP;U?6XuDVs)K@OE zy$e==;OtoK?U`;<4BxgxY4srta{noJD~97B?p+;&9?khR;RtM}*M=jvW!DY*+33eY zV56e*5m=4ndT*@JL-6Ki)^kHtgk_kT8zF(u(8?-O`dS!f&J25lsusBgT-NwCz9ZmN z3PZd(dg@OGMk_j5DuvTx?Rp`vD%@&Xdg_i=^6YNvtO^29$j2zJqTG!VPGq}h# z$$vdraLd!C#Zd7I6cp>{1Psl?AUwzUxtes`GD?dzM*?aQ=Q?{@Krz*DF*N&CUc_ku z2x|l$+GMCo?gVF1uO1SoIJNeg`g?-P!Rrr#@>r z3X}*x&a5njgLQ5*3C|PPC{iPevzY;X9`@vjO4=d<6%>V{5+`r=;1$$KyV5IPY^XR} zOd2Z5C+*d+S^~6X zyYbZ}uNbjUhrpD6W;ptJ>4%^<6GjW!7O!^+TiuQd!4@L7+fJbcik9wd0AI;%st7BE z5&sZD*=R(IlqD@AGtJ8#=O@0z<#r4&bKBu2iUx2z|{6Qha+Xb}Gz^9nM9B8`IDvuupN6sbWn_ zXI?nB#EjGO2^758F;`g|zTfP?)5;QgZepjA78P+-w$<_=;Be(xiR`t^-dBZ6&tRbR zv<_m20z%Z4V$qQ05w;H}g6EQ9Fy}(mbZ{iTXTekY?Lys48Ghlp1MU>A2zTI-AUX*( zI*75Tcex#dtV7FV7(LttcPEOjcmAC#2s^w5B1JH-S2a`r)lm_;dKGo4?>T1QifkRT zSL#tJbrE?j!$LS_?+YBW58n!zeMHjQXyN0x*cB08%>2=1w7b))NAX!OsKoPK?M|#k z0f{+>zF@3Vw_H_XT%7TOhDu>mr3W$t&pK7b@>H%WR`3*`w{q%^by-Ayd&TV4Ehqp^ ze24#Pr2w2bQi@@K=+7MSPb+{$k>P}1xN0xOA7!PUAO}Uxt8vPKUnw%^mRp(q;#mxd zPpH6KE!7?sC1g|cq7{)vssI@mcQopzV{Ql0yA!5o^_AaP<+PZ((_&r?MWk7+XrXt; zZp6s6Bchy1ltQ_R+hFB66J3E^Szq8n+aarRx~H!c>m^wG0Z*ynmfa}7ROKxKieBC> zE|6nM#BKuKWDk!f0-fsQ=wcW;))gKmD?e?l1m8Ag0iqSkWspE8>Ig>Xf*x>*xFQm~ zI~iKWU#J`Q_I%%u8#~!g(5ACNFAV2eyd;90cFO{(2@h{qT`0xDv7XPEKl$7j}vo3!S zUn6!K_JpSQtKjl~N#d!HBh5i{%lL#>JH6ObA4&^@j800bL6)sM4}bV(asG*8_2kXS zyz(+_sfsy#308SK@X$Zw=i@~E=1VIAAqQpH^<03%PrQ1O2H(9UZwnn#TEeHu>JD3o zYz3&v?%53zXNO0Bir^q)?p{=o(@<Y@9LT*wKK3?5X{)#OJEq8Hsc!FaJ4r^|G) zgv+42@4h+c9yVD%3|M3ETAoF;Kr@?rH(Z~s)R z(w=FaPP5irIO9UpAl|y996>DoFzT7QieepFEd+Yd!y@mVDv5SH`oFZ)pYaTF*a>7o`2};vNh1tJr zB}06;xaB7iUTGOTZ%yyQ4HuLFS)f0=@#tZ_O>D&J(jlDDk`~{ijHdOv5HFdo)1+=+ z9~I%{Q>)vj<^HhF4;n?UU^-4SmCtbdI67U_vP&*t#dT|ppy5J7PLmO=qLnX>*fs&QV2YI9O_(d`kWVYE|;Mz+=bmNh=T#=#KC}m8&~j94fx;( zirCjeyx{Q>zB(5TjtnKs zt*ku_YdU13mjrC|(!iR&%+j}q1?F`zH4)fDPOBrI;97-4FZ2#6jb8MLetvjRLD(4M z16MgHC6{js&8%fMpPflraIVyKEm#xs`3eMA&U}5y)mndcz>d+P(s0;rrLv)DQXAY@ z6cpV1#t=Gu&^D|SP0(Az&MY&&DXd*W(6@!)+xl;B(%Wu!4vBa0qEfk~nJd0CD#BP} zM)_UxNP1oX0LTkojY#;*?u;!Ds`;=_yNE(B>OgN5C3cLkU74|q2|F)tr}N@=ISJ4m zvPiP#1~W-{aAL80PFC9G*MvDQbX zDJih=*U=q+FPMQ#Q4>hueGO(7MX+!!z0326JFF&=x&}FOaLI;Dy5wPs3|`KB{K0e- zz&%?u7>+&bo{AI8BQ(c6Fcwt_gI*wXPE5%8^&Cuxb6|sdp@xfr~<=MPIl$Ci2KDhER{4 zL68ZNhTbsGJS2C-v4AG_?-EGlO}ie@P+fh$YdQ)AakZmhkbN)$V<;k4Ck_G z;az-4$ybFkPvrGzXxB9S?q~EEIKZ5ha{V}MMcXYH2}auliDM)o3Ql@-i-L>3nY`k0 zoCxV$Xkjxg50tQ@(0X`rQ8OaNr|P|$h*Z{pUk#;xW-J5G)ZOaQu+`!dg}i!VQI7jK zqNR;Pi;7cjXJokCrJa#QyTlhuxMBTQ{z%R<_J@_%yIJ9g7sKI$&;{8@Tj;22cYLVB z**8Vfvz-rlQ5jiRI7M32O;6V;qI{~j@PzMZ!h8L?ql-uwge)bj)WjJaatMs1@tC=w zfc87;r_fP+YprmcLBMEgPPxrTH~ADapfJFGD%znk z!bpg;PK5So3Lvr_QOb z=-HPqzvUKbUi z)7Y28Mqjc`Vb@VcG`S8@W(AJaWy*xq9d*BgCl$urrubTftb2)WnDJLeHD;LjWw-p@ zrN8>M4>L?c9JlpL>O;g!;%`%(a=Bi?EyHdxrZ5Cwd6h44hhTPTp=d%Nuo!z3kUSlH zv>=LD@OaxPQUhBpx7%*%m$BJdRTy8fLZ@tq#$g#ZTyWGk+ET5HXcSesJvgM~R}&9j zBV-$|HFY*mnq2EbI=5O{9DY<(r{E>Y7E6VKNlDfUW#5^l;g;%J)QiOl&!@%Ow_YMh zWY5_L)T;>9-WN@lk{+7TC0^zBt9U#+-Fz@V3z`q+$N6&PgS~>>={13sp_Wuyk63+F zTnN9D7rxr0CpHU|7MvwIyqis^))LtkdLUh}#7=MYXo4LTCG|sb6KD@k;(ohAdp2X)B3j2!BD-Mu+ zuEUIy3Rz-4^g#LHaM5FJ1qIHJ?N_&@J0ZdyMU{dPP;D)o$q_3k)TG5R21lwcMV1#g zw8D@k$_m&?6>uK6!2yuEjR-D(OMr)*3dL@bm0_P2b|4n7V3Y0~N?Fm+07OA(t*vR+ z!&;n5*^-epujAQ+S9=|8oYBFncI6`MadJ);kT~u%GA&SSUEsAZi>)>p1|K%@q77nG zu`ZH#f`Mo?%ux&jA1Z9QZJ2~6eM&xl!6tyuG4hv)G|J7lTBXZY^kjMJt;0G{o{R0X zs8eg_Y>NltS4)OS8(?b;=FF;rSSOaZ4sBT`XzrVA1K0_d;t~yd8QnS10#PB&~$-Yi`2WpjD9 zaIe4@PuF{4FvD`4(~E*3J#;N-87n~L5!(nX!rKD3kw8|62Kj9fnCA=*c>n7 z;CSBTUE@KV#4CB1vchL%`O|;pC_~R{!h9@=WcnvKA=v4#&Q7&Gs?zB!RSTv&s@vXT z&;8U|&RMh~T71u%4V)klo&9LqW_BM;J2F#0CWVU$ z)%E<-?;xyY8`HU{-!_;oz8j@OnduysmTK9@?Z|GGc{q0rgIt}Snx?os}Xq}`dh|4_OJ^%B!HHj>VkT4w8TnwmyFBz-NAviyp4nOr34 zQhAquhSDT6wUZoDmJjqOXn0V?``N8_%)cm*CP&kLv->#unLY?u&BMoKp=#LydE6sy zkEQ+cn@Ho;D(JAko0R!Apw*O=8B@_qBh#rVleoG?@z&xhU~>ctqVxm`toHWCW@mZQfbXji=j)SXs{zD?5sb6;Ca(atunW#Z@a}-NKQAK2huX ztvj~v+KP+kXF!GBu;dEjzYvx&Llf_hfFlSjgez={xR!@75jLAKpqH#eYKk zzpxmzKi$&)fS^-dv8%?PK_JqO)bx-74guYN;RC=> zvl9qC<1KhNV=x^w4WZzMhyWecnMG$JX^_M;&AvUU7=6;7Y*_Ujq*q7-GG=j`nI190jg!679yF4+DSI- zh(sExzF8V^Ok*&6n*fz;x3v6o^3DY26YqY>^04ZXM$!HdCM{p1Gk7drWczT$PC%O4NF8|q;o->jrx25go z;k-XhE=6TgT>$wNr4yDtx@w7Kf4g!w#&!N9Ys+{PT(gB$WnYKg1 z=0+5hO_;jra`{|C5uldsZeTcF>5O%0|8P2QFwO5D)J3`~l{Fj0>~0h;-wrNKw%nc# z$nT7K==p6}0bg8i0)gFU^h;Mo#o$ zncXy7C%|^4^$qE~v2^y(s6sZZOGq5pC@4TNqB3(pe(MDArm({ijL(dXq1ePQN6_E~nf0!0w+Pm*!R%R)pG(Z1VKfK< z+dd}UrrD!hjDu;HdFc4yVBQZrp~BIXuNppxxiw=z(gi5!*bm*p>=sG5I9D8bzR?4| z1l9wvxAm}{>@zyN)r}s-83lGY?Y2N-Zse6wFa!6_ZTik8HpOZX{rowC8aJ^~ly4TK z0@F*=&q+UD(RaYl6my=JS*yPliVjL1$VM;@DoDv=4y4JdavDbPPPzU8%R1hW{Zg9F z-k#Povp2aY?av0&4)X~x%(SNmYKg;s{0HqLXIW1E(oyPa&{&Rx9xaZvoTevQz*kh$ycIzfP zfB`Ph!L)wK@L1Y*9rZucIne+<3?0Yy1r0lOd1ID+;aBAsR9ipTcv`S~tRHQd2M?t) z*%DY&BVCD3dLZW7v%^q++sy5U(mwQ!d7gJteihKf>>TDTCOb1r^D!B}pgn*Rv~S47 z{F*$-2Y@A9gnf=Z<;2DWN;-9VK2x!iKPplZ5+99MC-5g_ujvWYrdFGP=<3UHvzs>% z_`{a!H>5KOj?xJTeZ{Y!>2G|NFznAhA$`L#P}aE5{^~>~c_Yi!0-(mOi2Ixv6=}A~ z;jO@!tjjEU9dH$&S1V*F`>d^zrun7AS^i~z`=c^NZTTSqBHsY&QG`?pnY@pyb=?77 zt%-EySb8-^GA)Cy@+P@R()IiWhvrYeDi_1)dANffkvue(-L6ejFp;8WJ(_|qcm2dD z@EMh==VPumqW#fy;7C3wivLh5<_gIBQ=<^s<2?t`^wXRyXj5bP(Ec$lt0OG78-ffB z0+U4LV<@Lf%l*On56e>d1OB4*^n##b=lUSU$vxTwjcVpPwVDM-o zBPs0;HX?i+>yBG6q}1{aS#Q#M=kOuIv2(Z~I8n=<)P<%TuYOA2hOAi4JED*i!%*Jl zgJrdou_vaMcPk(Rg$MB6i4<;?#g2U9jj&4HYP=sj-HWh3rT z^@qR=Wd*L1)v9J@JDMXPq#bHR{2|v-(c6}j2p>iJ-znNhvrpOP9T#Qupxb}0Bn?t- z+P)vXeF3k%P`nm`6}|_s9w%6)Hk6*H01X3>!OYAVe##>4#0i?E4-cEaDcS=VN6Vwc zXgfzva-{pvWQX}iQGJT;5sb%#_Z^WL%QrPR;WE#hj3cUOf-&$8T~ddr3O6YJ(PmR&h74r zrb=)t98Y_P(v{}D!)Y(=l62*p@Jjy(mdNZpna*J=eM1L%TN~x=MB29>22W;Ycs16} zJGe5SCi>=^AT)Wg5i$@9Itc#1_YgFoHG{)cPRvN&4c>`?WlxICZU@E-0t#jHRhK8v z3k7s#Pd(=@s9j?in}A|yGBe-*K``w?ML3KG%(s9N;3`ji5Q?b+An%xe!r7)k)xHx% z%&~O3x!NjBmhFT6nct{POmLdE9eEz2#CGBb?T{KB=0^(b43N1*8(%|@ zX73SHKX5wLzv8QZ^mMBK6{|nQ)<1SS)&C6Dvm+$+wPZS9r4c(d(?Qk!Fnnic=6`-5 z!9343e<;-U+m*rW&tzuveSX=u3AyLwo+?gjz(Zh2O%?-&21RU|J*V=rPNsd2Llu2D z**EG;4``7MRtJ$iD#E;)FNlmrwJ_RHXAy+Q+L5&WlWDSPB-^fFz1a7`8O$vaa!L_*=@UKD5+RC32Yu=@U$0)1?Om$iXRjRCs;!n z4COCq4F^P)KF^OmN3EoMkKVk%dlaj4DCnc`M zNeOSEL=ljq`ieynWL$!A)>(6*6R1*5Pyw9#VCsa$$a65ed!@n(y=v!UvPA&P=zOO)t!} ziq&Bes`Qf3Am%TKgy!?c^c)m)(ykI0(HJO+;*=u0G1IxDo&{~q7*4y^qWrVDqpV-0 zN|7!fN&CdJV4Gf#vN{4J0??QFw;_=ZLZ^iru%AGo)%)?%{W>AhqW)1!J*wfFBjW!u zW-sFofrr!7_h-2p#Kkny&@-y@<=GXYA5kMD_2>Ker$0j^X#e`8A{2{IgA4-{OVjuir}`;1e1fO>2DuJG{#cHe#jMfi}hDa zD2F0S3gOa2)sQh^iFM(IHR|LXVF?^DsA_(>iMGx`aRMHGp8SFY;a>!~oRmhUZGj-`GN8UcfZCuq4wG5SIXeHlnfH6+lIYdk?l|2gqc0+R5Ii;s7V4A zIhWyWdp{ir)r0aRyH6on*R#zJ!-2$k)TQx3J9MQcvs*G7%#(?Q-;B*Gm9ux(8`J`D zEghNq8fi%D{Wkec#``DGzj**&4fG1jss;xrRmmFc3jI}iuZyqF5iYFW|D;C-qIW_E zxBLpx4%k0o#@YciUH82=px-N{Uj|2#EWagPW$Oaf<}0evnWUI} z)c$@EuW>n4cdlhm3x?OwDu=L;EkI-E&yc7jRV-rdz)?454MYPgj~+nvy4lO{mzh4M z9w;~oxMZ9<{axpO0pNf|b+ZG?lzA{eAyplSS$0=in=QH%yaMmcpnknQJDApnfHpmu zS>QKuV9g5{-g`p2Eh` z5k=hrkzD8|xsSB?fpiIK_a4FJI`O>E$5pze=hwR7sGPK1WSx<^I;M}OXe}Hl9Mnl++t*d$o(J+L^n468+ z6Vk*}j(QXUv+TMwont3d;~GRLT~{YGoZwkw%iVL$%9ud`A#H0olFBA|TbgP8;<+oA zU%=D@UTDTAgcu#apO=luJHxqZy1WlXxeiu zox8DU7-(X~PoUwM6WI?czz9t^!tkgjOLV~E5|&sHBLv1916t(h5YJRn%)?9qLOtZAZ_@Ll8c8k^EdBzJlVTX zskm|g1QKpkFq4Pi&m=QJDVdbuDpyzo4{7$8;42)NYoO^3rPmIpZzMOl5hNms6Ii07 zf+SGjG=|h+Ip2kJ!=p@D>A3XUF_A8vNc-8sqbjn7kvefCJ)baT`Ap%Z&Msd)0;h9g zmM3IV?>>@Vj7sgSL>z2~aOdv=M$La!F1s+XR3L}x=@#V#b5%F@qLmsjmLyH7V6_7} z`9<@cz!3Jy5YV`esY_Yues(`M*`JkMg318-!4m`-F#|I&k{y$1Nq?YUD| zQ_yQ3WE$2|YE$O^<04rul;%ey)I^@wh1n#3=owPQ1nlAh3xQy>>6Cmj8g5Cy4M06_ z#bu+K!chXYnO6H3B7x_N6&N8|QmvyD$0Nbc?tlm4yXUDpWA{mv@ws{D1Dh+A8*aJ^ z`IB3B?fPE#s=#M-x6Q9?m8N-G4wle2!VFgUPTnwCI#?;MOT8`XY;mb%@VjWb*WbSd z*wQ8y*?wa6apHf+Fzwlqv~w(-Ii4;u<0C0kwKS|o z&DwEgCV$M5`vIYiMdo46>Vk#{3#1>!0C|koM@RZyasx4-$^Ycs6HUL5Pbfd4J74;r^BVzet-n1Pzes~akuP#IM8L2tl`9kO24 z5J>GeQ=6M@qc|$%^U?H;qP0oL^kW)A-JiaZFe667pGR#JJYVhPoT@EO15LB{37m*3 z!M;kKg|r%ng>UMk?nQ}=Qo~_DQaRj5$l<6duf-%o?*=CW|3`Q5raqcpq!)iATBUcV zrpd!&2oe|wXv)IDOj872X!JZU@+d_{4qInt9P@9*F2cRAoi%Ca&odME69UHb&;mH8 z$6|3;~y_O02u-}a=YM*@-BmF4$lP%!B2P$TCBg38pL)!7&%qy)b|BT&l| zJb3QQQYsORU%}Q3Q#lu;F(sdj{lUx~k9gNhOoKfm#@Up~u8i|$brWx)8`URw(|tU) znS29+zU}$n?+xe4f z+nM$cPP_eqJGXDS?*ZHZde2eO<2Cp1*s)cTaj&^&vkVW7w|0S}d+*=A z!MESL_2#|1#Y6xePHc7Ej9^43x5d^@3T_IO3~f5gbbEABCp* z@u%=S|Bx~aCMH4eBI$QQWo&(o1O{K{^sbp5LM0cw00zjeCe&izFLy9x(`!*`kVW?n z`Bev4)r=k#?{js3x>m{$rB~VK;Bj?Cn9Y$#h9MhgQEav&eJDf3To@nK`G@g*esxL0 zL^+ghgQ;h3h4YU>mW~FnHAK9|?r_1dn>+zTRse;RP5({~gP&2+nnV zRMPH|v0>BhxlRkrvL(wzIgaKkq;L}#ktatVIEh5FA8jz`C6qIOoxtcW zw=X+(P%h8SGAKwwVsNThuQxpl%LJ&u&`SAV=w0()Fhn$C_fsz++>@gbn>8byHrvhYAw)uhl)G9?{Wj9$@+l{5Lfw%A%Us z!()=VUWL<%L`jb?*#NkkB(Rw7{G>D}uA+Xqe9i-fuo->S#=b1!k8Drc5P(!u)8GdY z)Bz;9tQ?KmdqP673*eNZYG-Z!0oAEx&MJ}j5)40F}Gu(IBREwH< zh(2{QZ^U_E|JK%jRDP4&IlMa|x5ξ)P!o?M+BX8)KbwTtp3#RRH=E3#V+>sG0X7 z9~+O*YyOb*Tg(2MMnBToXN)?;zaLH;#YC$p!+1L>abk%{Xv7w+^!+bR)4YQRH2Q;D z$51NKT886@ZLrEHN}x0|WsOqavJbk)At8}C&X5rT^QhI%^x=C%a56^(kBKT8MXQ;e z*c4+y8<#{DveDgq?SiFK$gszbjd0s?`% z5YJ#6UD+1}_j}z7$D$XoVMnqInL0Pg3&*E^;W*yhko9Mu)^3hjxL|#RfW7p7WF#}Q z&a{`|(fmqy-LZe?z%#T~Fp=hM;J(0+i!9Y)qY0RS@^)d)X^ysC1aiM5eU6lxnfjiR(ZDjX#nQ zLFn-CjY_AZ+~=d%qBQcT1oRMj$`Y)SzWY4!9YbMwM@ycyzttr!bzEIsPyv@Um8>jE z6f?QEB}*8K&v!rRoVa7y-D6Gs`%a|uN!02eALC_psm$bT_5-Ov0 z(x%ycWU>({pCmmXnyw6Wjf^9CVYCQN!kEWD%`Kn^7FGq~-^f{mdj(zWPzF7NY(pF; zoXTe#mTRw*I9?we!5h+Z0pmG{E8~*jis^pHGU*A)=qH(QClp+t01XMY=5~y*2O!|V zjOxN}K=7RCf}Kb&#Sm8=1jWkOK^@}X6wx4;3y`o5eYv_T3NE zLR{vMZGrfoX^AVMQb!~ox$x(8&4|nsp!qRMKhulB5t3vb`7XDP zfkIBCZ6ly`pdQkW*&l5i@=dtvH!=E*D3k2iay2*T){yG5E{(ST6EL;g@*J{&LL#7b zlHCirLOU}XlWF@?DCB-iC|qto1qI&iQl_{B+c|_({}Ij58CH$|cq&`6AyFCo1RC?N zpbM934I!QwN_#k?A3lINJe=jkIiSa3OT0atjO>sVqP3z87VJN$u7NwY&tMZ6P;-`D>1P|*&%|k%4lg9A zgtRT1if)GGG#rp=$U*9qgTOkoFLU5 zCw=@Sd0RR8SbB|pTkgs0{uGbxUQjgd5{|5LiRWJy^$X75`_zeO%w0!hC}w|p-66#I zrNQ^4V!g_+zs_MJ{T~mI_OKfZD}G))6Q*^9hus@@UYS->p(I+o6_VxXyuQss7V)pElu8={gkv6 zW<8M7oy#T7en=({2(uGAqM_#{L*PS*?;?1)U(^8ZqR4J-2un*olJ=M}m@W*V{;9U? zWA<2DVg;H4L#>%Qpu%k}d*-OU_%i{O$r8$J5OgLJ>KsM+zHFkOD##TQmZm4ZPW0sF z2Ucdf7(%KrlQ&#;5cGHuEGX|r%r1Nn47YO+R` zBc<#HaUf9;3dhfWM!8Vp5gYoU`s5jO(O}Cy`K@K!5gNG~D+ETp01fn!JN*#n_n0}~ zW@~~Q3dyQUBoLTg4B{#bAw0aMw5VmDFgG1Z7XtX&2vi2a$9xcaoH}gGvcv~dK>>4} zBf?s)vnSF;6X{yAjeTG&!Ya`cr;6z}cL)-;TO$R1So4L?PpZPtt-rv!1%uBXK79D- z*fm<_G9StreMs@i^%mTuE|3a z0Oa@r5bfc7I7_A(68cx(caowG;$S%Mht7*!G~-G)*ctAqC2~+lW3&Z0 zu6#=Tcw{bIaB*sF;|&4)EGNHuZnvG=-`2+{VvhVb;KDVPPr;>o2EmK(W~@RF+1a{t zH;$XwLI->pnQ-w4fbZiG@G?&xk3hv%@d(5)g4hFF3!LMVWz1`*tz!>-HhJs;PtQ2u zkewpn@XpQ7WB+|y?+OC|tz!!1Fu|M0#vZs?XIVl38uGYmTuukVtVeGBawI|G6E+m# z0~BEpA&g+yXcETbCmGj4n4uJm&{{5rfT`0M!j%sphEP*I9~-3_n!gM_1Q(8(c~CW@ z6=b=GNn6xCG+jz{yfI5EQ2r!^7b(*Qo9Nojtq{@!@{k+X#m}ZJjv)o4kXRA5&vF3D zyxsW=2jH*lT8BQ~CAw4_Tq1`+h-vmkF+u1_6AK8(0+6%pPSekm`;27fcFnqU2^pK* zDJO?Rk&XeNgxY#-%W$GIewFz3uhBiCc>!7Kh1UzX68Jb%{d?dDeqKo4An+q zo>n%&S8_92zsPEhhz67CAs)_@(P~ybw}UD~S^kum zw}Zmbf2YF40`n`6K=@ovb>Ne}d$3cums-5DT3&e@-yp~rFb|8sL#V6P@eKJUQg*q~ zS2ODr8z8S3njz|8?agE8G*$CWLRd&nqf)@ANiMr|_ovI@Q2kiCJj>yf`A31Qp8o-A zJ!7Gqz$9(RU>5+6wXJ8aBl`hAi|yHCZa_dea~@N6%sVj<Nn@-dl7M40D$q40Io{|IM6(w#1C$RW9u1uF6HW3Q$02z})Mr0C`u~Y*a_P4QGRI z5LB9@nu>L*JDnG9Hq!$q8*vQCwmLhO9c@rMPiNX4y}2F(1N6v7vFo7SU`rdd0eD-O z<;V4CrvaOO=Gnv25iB<#&M!Rz-9TGKgY#U2IdwPdYRh)B#cT#6E!Z&ZAQ%G#S2p$E zZLo<6?QS|*)D&1dUDL#H2kUO&wZW5CfY!_nNQUnql{)%?b7;1Z7{>EO{c$P}!1n1B5Q;V}0Yic!R666&t42_BY&|4f zv`%mEsuOC&sT}B#qPX?hgp!wm&Rt#xD+3N5PsqHE=$JD;bGi{8y3`J<5ea1FQwNthVVB0-&$UBKVRy0Bw;BMMD z|Hy-B@K{hR@_ZLooOTEQjPMVAL;7a|r0~#5(9UWo74_q&3PKsDJg3= z;M|(q8a>2o%1=J-&OJQf-TzNpoBRuK7Coai=>ZhyA(f+cF_6b0{OAV8ku#Qo zkHh~r9o!?!_gHYJXUoCk?mv-X_nmR>N76sR@3{%9C>stY4SZ-=P7A2 zPMz{(7t*Izc`<}21mB9hp`*$npxkiEe4s7BtjHWG5~X%+-EsFQGGl;{Bu;xID25f% zqC;gN7M~5Z>w&FXEFNp#72fhxiK;PG;$bU;2Gn8sfIaF{y7qk(8CP5HMG}%i8BjNC z2Q=qM^kvPyn%V*iaZws-h_(f8fAnWwyB z%#rnW^VThZ{YICtWtrm>V2=NHV(qDcY$)6I6d2Dw(WHLx5zEAOyR(!w3H8rlj^vsK zd09G#me;lh{6$^3Q19}5IEmgUY)SSpV9z!DtJvfO-}Wf@RjxT+`K`q{a*s()%!P;2 z#i9*wQsV|W_hfI!*u@%py)^15?m-%0U$#66x+b(r=E{E&`x)R7o(Fa{H|Mc8tJ4e7 z?~;l1ia{Rw2flnr;vMhV&z7mFF$Uj>2eYuD2g&yEC-OMgF1Yi!p)k#mqymF&kb0B( zS8!`6Wa4yztElTsP`u3^;gB^Zl!~$@n`Np?W(#m=aXn6^krvmb?Xvg8{O3pDcOo!< z0Q&_suzyBtZ2DPO)og%^5^v3d4-IgPu-d9ISIxZVkgNEcO&4bGF;|ADeDf=tc$%1n z$V_(?R+}YoSPPsUicJRF6kN?NS98-dzU*#aW_n!BP3bIyJUjr6ObWAuQ5SQ(!qNWS zLoOEsB2gnS&skR_cEhLB^>8SreuPQIy2TS}E?VLvvEwCtSzG~Z?(w21tnb9-Gh#Er z=Y0<;{V-cfXz&dE;MlJ;why!<2l5(n49VG;mWIs)y#u3yWFb#>PVWK#oDE+j3!^q@G1^XpP`v8{QY{K{xq z^8(fc%KzOcU^Kh9w~hNvagEKGdJQD`NODL9g4jQe4CScLa#UbnntP_a!Pe0JEF-)AA-H83dkM-22sb;2G zM|$3sIC>mB$2MjOmQ}Fntf-gcX9eNm=bEquJH)(Aq;Q^BpwQ492WH%_1qR_ zjhN6=q0>-Ii=u#fH0n=tZ8d`nf5FT)Z)Ex5koYe+rQk*l^L2P`}` z4f{HDkaj2GNor&ogvSXG@=A3@BfC>84NzZ1=Gx`yeE6ep;Ur)iF$Muy!n)@6eobop z2TaOdS#xs#m3SK#&S%~S`O^bJ1x9@cg!xO@0S%~;ZpewoncPQ_4EC@fq41*HrCb9f z$mmCUa&>V6hqn2``zUY0dOm}NAS1+fyQg@_4WdMqBe=(+VFA4!_X)4i!8)m#E+l(X ztIBYyz|&5z+73`euUZdr)_z3Rv6E8ZZy_(i|L|WDmCS9&ReRi@cK!m;Vxd^GyWj@K zCx6if%+EfI8o*Oi2HSnUZYohV<>j#;9(B zi>1Sn1cd)~HGSKmR@CO`qxS4au|pZjti&6)$S>J3aD%kPk03&*;gzQhGJ z;}R|8qU=64R=u>_j)*Z=6_ix@o_ZudagsIz&Us6ol&Qm%;r4AOK_NrwMPMsLEwfUd zcERm&B0pi?4O7$pndx2mkdrju;XA(5%;OSh6eoi)#;qW@oT`25443 zuDxMZmC|p*doZ+l$Z+;GxBtLw&PSikAY2~G2l0!8KFk8lc$%Ldy^T41ci#U3DqxH& z>=4)SP@#R9`Qr~-{^{})GaO%)_BCv3Dp%k)WWl)YAyxkX2nPnJ9Fa=)kJWo?0~osr z{!TgUt2k)rFu_LlDsvGZR?5V(z%_VO>W&Q}lO0qs1a&bVcnW1QKy&N<7vKW@D!9xy zr#WYb*gFV9!u&m|Gt(4<@+USZsYB^kHzedsg1}*Y@dH9CTu8K6LZ3LNfl2HEz zcXA*;kRi;T++7_A;J?CkWDbz=aw%6J3I-8%-BrOW$C&t@=haewgG)R+Vf| zYu^UywP%-DmbeavHWq3R6mn|x^kY%@)rL-17k5MZGM)Kxo1_W{94UyN1pe}~0OqMg zdXEXCx6=%fTa~7E8jhUq(D|;U{$Y7nKE*3J3JBI(L zWr$2)pDy`{G&$eJ*#<1K>JA2R)#3P1rj+PLlK(H&DYmEGiQ@2EV-5^8-?<>uv5Sd3 zksl%By}ktphx!TlK*g`pzw?o?T-9g=@|blKvHU&Y&~L>>4|qT32e855t7VUIH6&RD zI~>tdE&CjV#V>143$#BF>xfc zB51_b6>&%OUoS;DvG7ZlVt>!R{8-*|Sa;tg>&7q>KZ5)sQ4yKrg6(7ZU&_14cpw9= z@DBE9M-ffd(`CWqaIwEv+O*?dHY^ljkek|9adp^uf zBY+X>`*(>qKL%7y@%gyxCej-w(p%_^b{koc;l+JCJ?46%oKPfJojN+E7l7n)?HuPU z*F)~Ke6s6}@-F3*%xDMP^g!Q!=tmS8W-zIqSITX>8RZwrl=+0V{J*N}mD52|rvwwn zh)gWR2hODGg|DW~`~lL~KrpIo)+VHnKcdlsvEZHm;Z_IlV5TlPhF3luy&}v1M-|y4 z)@gn$K_YSr4oPfigWJ9nONJioslfE@D5`T;v8D%@e?T8rfvDlQgLV)SPWi|CP^o1_ z#ea@tJ+l#!wfpuuS&MI}fl$AVs%iG?On5%5`E`W+r;%XQ0TOM?SEU^r(-rusBLId8 zfKQL}@l!Ho6ynPPXPfy<%V7zpLqd1WS%9k3&HwqxA!L1+Z+H42c7mG^3D9QN5ueJ) zQ_hl2{Nqx}C%p3w90gyIp;cwSBH^LM6)2>MkIp%#eN zAJ9bYjx>NN*nJQm3>7(x<1xFaziyOAluRTBBE1rY={SgmYNU(6O?j&86SBJ-ymbWz zJBZm*tzlfKBjpjf(t{qt;f@MHj{`^K$@J_klxK%9_wDA7DuWUY?ii-#oa~`wL@p$V zK|uJpv`IUPeJ~Wf9KpkMmD$1lC(l(zXtVw#swYq?;GQ=>@yPMC&d(;9Kg2yU_K*W= z-hz2rM2-hd21lVv%Ob_7HJ>kH498Jnu4~|pZNMgUg)>mqBGimcOyZ4%UiNu{L1$ll z2F>6Vup+1?wX9Dd=An9QpVp^*RLhJq)^&%K2?y{iTVm!zqoDVy2ByrB_8k@n$##5O zRNmH#OU=#L@ndc{C})%Y({Af8vC1VGH)pzMD@G6ZE@pTSn$;-}plTr+Q>E1goWz;(yA^xbf&1`T1YM^< zhmFi-;9%(yIL!~I?#@YBc8DkHxo@80{J!K}gD{26IHI=}{F^L2v&1z$I51_dPbtF_!}y9Z{$$3F(=Hvc)tSJsR1thlsC)u<`74F1( z(!Qy=Acd`LW@*a8ARR3AUndLrp{g2P`0ALQe2h^C>lRTA2rS};bj~|r+F)NyWeojc z|Mo)vlJ2bPdISz^P)aTPLurh#E553=?mpMZ<8KsX^+D9l9wG8J#LLlgf-^=h{1AKk zV~TY2Bra`oeO$^uY-%(Y2m!+MCY91BMdV?ZplZqp_ld}b%ya6Yi%0k>DUeM=#T0N6_uTbVa?#$Ik41jo1a&(G981oZ=O4PCJoYV-NJKBY_V$ z%7n!~GOSQDEdxdp<%)s&^;Y>!^bn&_JxA`C>>4$|7#`uE^Yys&0Vi!2_^$d)1_a|) z;N-eH@r4OienX5U>Y|58(c^Ol6FPZ<#A}7PA z>bn7ZmgqFs8MP`)r#mUAKbszWF-l(B^a(*(v6#r_^}G;`DTufI-s+p#ylIyl zBf`DzD+pd;Du4e2?t}s`Z11Ukmq3>A7_48iV2j6-SoZrmURxc3bg^SieYk<(sc!U7 zZlu%ZdI3t2Pcedeklc%Y!Q2M%1@b#}z8AWR=E=#0OpxM~(RZr9O2E=WE^a#{zp@dW z32m-Wc97#su2y`c@IhdL(KeE=;5K>$Qh2VoxOvPUzp21h`-b@WEu1`A%ht-#xQueY zMLrtbGeSQ0f>vWcP_)!4wALwkwZYaJ#bG_1j4TrKIuCpPX&w@zIfSp-!c%)=8RP+%*NcLA0@#L%H)nr+-R`RgPQJpq=~$dh343uPZ9iUTOgoYx?ULC#9v zz&=L@$;S1dH2w|<7=nc2NV)D1Hu_i&l9{hpnl>w#4<*W#-8qvl%Kx!A@_#5_qSWP- z3F5T&qBy54k}XuqKj1gr&*w@oJ0ZUwiBnEp#TUC zZlKpS(22HR5LVg16Sc=ikDIRjX`k>Z5q2=4$-}gfXW`uE<_^8f-^Ga*Wk~c;*j@E2 zCU9T`#!%zYHqxJbN(5iPBM2lsz$B>$JVFAeX0xc@+>XefSv4`ijj84~W?F(nEH>@A z#2Qw4B}A2Z@lK(kqpJSaan|Z6mZgthRc;)e&9_CuHU{;3h=AvY3Gvr_2&bm$uG;?L zVTm>2*}ry>Qqdvk_i}qGw?FmXZP1~*MBpFOgT5K?VSE%_K|H}Spx&uExv7uY&oCmL zRlPdqfiV~IQ_cllpK%17*>yk!eDZ^%X~XQ`EOZZo{;ltMTca_XD8xLU!`K--jUfK{ zy+d>81v8&$kWIV;m!7^5K}Es`y>N5EP0ZE_aEarxT88^@II<1{B|37SRiLKh20c$tw z5L3I8m{wccA!--fLZY?xQ_y}_t9~6^x~bpqf8Xc4%gjKMR$INUa$U^xyyrRla-Vy@ zXJdc4p_0C4D9=SJR6Y`M;lw_K1zG1?wZ_jhC7-hZHx&oYCDhn(C!wsnqe~*(C8N55 z9J%UQuS$f;hnd~(Qrv3>88Sct4yS9OS!f_nBSR|g^Jg@>RG7qjcJAV?QI=?`aYZ@D z_TsErvct$x9Y3la#{aNwlv@Uvk@6bp!zVinl<#FIV8PHBLNppM6Nn#}ZPX9O@@ZxR zg?bZ)YggZM&z6mwZj&EYw+fiiI-5_}guHaanvKlBx@dUNU{qj63N@p!29tp%fLT^< z`U`9X<_pI&S_#khyuuig;K_Kpz@&}*f(;-PNp~daVVj>wJTo8#LqBZLNSS8{b7>W^ zg(HUT``+YRFf`f2+Q_| zF$aVdgq-V{Ug0ZGNC%vyeS3EBQb^t71@Z2i1xH245!#J=Zg8)iG2$XJWw@=eD&}%1 zb@G%tH-D`99tGLi{PI$a7xLm&)=2T-9%}_K%H^TU=mbpz?BGgQj=}DpCrD}us4CFj zt*#xbn)?wcUd1O=dREeHME|-Lb5dRaadADNON=SfGO%+8yn?I3X<*CYnsH0L)*vZr z7c_K08V#)HT*Hct!~qqZeQCKF2=U_vExyRHd#=#p`)QZeXbhH&v>Kdin-hs>r!y5& zL_4YBXeh-Xsy12?b{HH1dPF$FU~9*u-uS0#rA3ZLD=jK*gb%AXt#iv9wJs}3iX7QW zl8?y=MYNhCCH5wt!4xW4gpsQrRM5bk8`UmlW(F*7spQ?czG_EAAL+fPIwW|@UzeK1 zU<3~IcXsUDC31E<>O%AUOdmG4PiW1Yr7b#lPzMFv^&*b(-Rz%JAK{p7HQojg;Ub;! z4|o=K_uZVq&|Y#I5I&3X{3Y@mXG0L=l5rL25`aPZcU#eIoWI*3m=BSLLG?3P7SS?7 z^PLz;9LZLRQ$v?))T5)R^Hg20`R@_Y4TsW?b-ae#!Y0#pM$jE$oXAdlm59y}W;tjp z2IN&Qv7N)QGDpx1iTIZmwI$=0&aiK1>aeE>?Jx;xIkB0_*`q!$=-H4enrR_J=ggMH}XDe{Yx0^~9%A{a#howayh0{Ak~o zM?fcjC+Tv|&Y!fJn)8p@_0RbZWsNatGu+uM5Q4QcM{l%>cmaZ zsSBuE7+!|2Kj9J8iY|n4(NDrVWnzN+<4RwKiaam3fJXFX%Renrqgtxp;*~cfY;dN^K@gLYPffShlJat(;Xb zs_yqBM%Ntvv`GpTA{Cp-1G$8_FAE=jKum_P9LF{GMJ`72aD@r&KGlS|rzaoCvdf%O z504>_YsOjOLUD3Zb(Gm?S{6&HvW-KSg;pyil3B`Yx~Zu#Ido0$PgdW;rj&Xp+yzLF zt%N)4-jAuhvuO?|(htTnf+fuZevC{zCu1t5-Q)yeG!y{&biizaYlSB}LCYQ1f{%j0 zYIOkrx^#>|=3XoVfM53wtFONk`r{lkoP?@~`xJ^Aq@rrg*Rm9|(1{o^uKhfX7_`*2 z?!c=pdKa_5pO{{4`7+dhSS@GjAIh39$JZX`h@PF)gXdvZmcH&p=;ZwB@Vbd4BzBSX zm}vsR2AAAZ46w)tAGK?-%uHAso<{te4X-R=>xP5eSLbVAob7y+>OQi&;IU5K1?|sv z7fc7{KS19B)6vrF*KWehd-a_w*4`Th;!ll%?5pdi#dMWcuVc8c_ znD9fg#|;mc%fx)h!dLGT+iGkUe4FsaH(|UK-Z86umcD%ZP3+Nm;ZH;P68-%BH{%~Z zJRHj6&4sVN*)&{!ZWej6F0<(66g*^@7(~=;&YB2K>E@M3vlg^T!?@bg(XZca=(s{R{XE>x41Zj- zKQH`E*=qYxLoU_!!E*UZl|Rt%MICr&sf>%PEF5m=+5}(T>y>?_p@=H`63S#M@<>Aw zd@6=dl)Rb88@{NSzb;wN#v4AUvVZnger8%LUo4mV)XLa>Hnb0hvP`?ffoU`KY2uq_ z;WyuG*}m%Y`S7${&jhdTS3TeNN%hmo;@|TQOib?pUQ4s^t3I0F^SUPP*Q|ZLseHPIwzHv0$Rf!ffzx}iwlR{+JsIdoAm+I0_KHN%O|VMO}?YN2+h2kG~BVy`%0D(!h_8Zdx6Td zZGPDX@HrpAdqdG3e)+!r;oV^}{KNy3;bZqthF>c4Y?=%|$?t!>Z!)~KG#S3i|IW#< z|IL%(36ej|&u{bp@A&*3R4z;5rvdHk@HdZz?@;{P^sy; zKKvm)ef1>js}lW&-{;FO@>IXyLM?YvDVaV;p`VYRcJX_qkLu&R{t3A*p9~+;E4hB3 zCO*RZ-%`obJio*L)ZyPFZIW*N4*5=;41Yw0^zdh?;G^VPKN&vDT|O3@GIIV4Ilf5pTj|U}-naAoDN25wv_t&=9{&&0 zx@z2Yed@oUrBc=@?mC5=~7yGC4^_cSMD5Z|_>4mCkz;!`eo1Xos_{Sk@1ikMKk?-teV0Q`gW|V_|9ih?#Rr2MMpAwnIbKSs6+7}!@d8Y# z%~2WJ=EOZP`~1}2m%a6otT!}|Wj&9G>l7-rB1^3fLRr@uu9fS3t8$|&R{NL+bL3t< zm!2Of&$(gH`g2TulePXxoLlQk?S0u>vvVKGmOYZ48|IB=y$q7~^Z02m4B@W&`i?Y& zT7C8H^je3uIC)_^kCbJ;fCW8`vH* zO&x7f{Snsxd`22j3GRKL0=<)OO?@|Jp0E0W5U05ZPa9N1xE=OhSTM$r%ao{G>tAZt@|e%wC;i3xpR~%c3@MlFtJoYE3!~(rx8GFd zA9ht?cS1W`RDD0Jqf&-yV8iQjh;+Q$FVz6Uads;9+8A+XwOKN(`GIe=HG8t!0G>u_ z?`v!Cd%98=YMluS;&)s#)ORxrpSVv9FyawS3KM;MnZD1zQ*yNMHRhcbKhrdr@5QMr z7*%QTBZIi68dM38UMXe4jM$HhERc?Dfi$#RmiK^c&nM^$s@Ht{?ETCQScm=iWYb{n z$CvJ}{kX20%#x(si)!D)#kKcZ-r8GOT>Bn&KT!Ko%QDj&4oa%c&G>!WU{|#}+h)p( z%+zam&0u&RLq^$=LBDavtj}6mtqWoOOf}qG?JQQIwG4GrRzD3JYB_2Z&-C_evoKSc zqo;*SW@;O^9y88n_@^0n!c0wsvuhO}sk)iU#kAM3K5!AkAF`8S1ccw_=*z55NTNVT z>o+;|6Id(;Htn47)i+In48_AKYu;D%*i!$vnVfwc-^L9vWJ=CF{3d1|u^E+xH<+}x zcUoOCYM7FPF4mP89Kf9rt}+_>YK+xa4>Ts~9{7(i!I)q>5}`rtzmo(^wkIGbZSDKB zwxt3#a01=>2>lsO_3FfsPSklEA1|sM@eRPkBmllS8ai37KL0}Ie6Mh%d+fvwvT@>f!`l8#jHHTZ#I1QI3 z9mcCoj*aL3c3^|-z`OMNguf0(uQzDb8zQI>QQ`VA{3joizlh4uGoX3JgiKB4&BApF z=|~LxNTesjEN_YR;8!8m^o-!dX-Q)~xjI3UHmnuwO_9r*UzTO(QF##q@Ze!wRQl~` zR?f{bLP3>67m7-Ml9iTKO~aGZNYj;4x6RcL+}(Oy)+9IX6VdD~@S>&91a`1oC_35G zdOx69E>5x;Pi9Ij$7iKC4FY4sW}$(-vW9INpcZOyH7V&XU8}Vi?9T7-RZET!gcNf{ zy~Z6Be$wSGBG_Fe7Axn=HA?AwO5(KA))yNy1Z`KS#=N-3D_oKwECCP13(ERbi&P~< z_Y)#2%l}AIWICzaK!E}NW72Ap%TiqgQrbKX1pOjL8!FjVJZ2%CTwzZQepa7JwPr~L zVb%!VvRJnHecpPq{W9Hw5!e47f%_iXJeccTvF91nTo6h5D-cTV8V6`1Q=j&-Spl$H z?I)L1OkQHo7@L=Dmi-5v&E0m!n7=e?-Wepr3%4JH=#k99;_)&d*D+2}){>owyK@+g z-t$=w8wHvwaa0maEJh<(Zd^`aL&C3;6wyt5Hdlqm;_x9mOj|95=Q`3e#kgx$S8q2# zEY4bdf{|Ia$Fn!RJKnvwyYZYYBH~eXHF`~;Ym9v>)PoHkKT6WmwPl<-17;;Rjn}%M8s!96E&s5cYA~x6kY>rx zAi7P^X>@G6$(c3{8SVLJ7!jk=2gW9gZvdW9Jnd=c+}45_@@Z=^YGwXrYMEa@LK!Au zVN{e~VqHriPP9Q>vu7kWq-k-#Rc4Y7?YU5+vzgf)hb}K58ekh{;6TY^W#=D0ig4Z( z5e7_4{7m41e#)$Pnbj~*jS5EY6A()4j%nc{F~1ez(-;aWJ|=$a#YDvFE|wP;*v%u1 zzkq3!s$=I}%Cnr0Xe#t3Z(q}++9)Xc<@Om~FV)_QOg{C?&7C8+na;?)Li#3M3q|`f zhO~Xd%a-)eeMr-by2Wz+aE&=`MQh(KuxbbDf{4|cbPj%Gw0o1+Ac1d3LvB8%{p~xl z^ZjwI9z>E6vfjmQXlh*aRd7}-#V{9ft{VH=P_Kygx_U40de3X97aM{&2mQ5rrGK01 zoneaZu4{JsP;1kWR`fX4yw|rF8|6j(tY6XgBdzF_%4lI+a`b&Ym_Y*mXUE=}OFcQr z#4KgV?xQ2*a232_g9|#CKNDx<;pEBc>T`hFA{0sHOIiMQbPFAhxY3E*oJ~|EF}D65 zBf4bDanc46zF`_0y?O|IU?_yuslE7N3~(y#Cz?SqS->fz?S z(gX~a8*HYbw$w_kHg%NRWDgn;cIwfWZ`*BW8qbVpkidXpImfBgZ{wcg6x0@9`Zm2H z-1G$%4m}jFyfX}$R(N;3!^Kz(f7FEen^U4FwqUHk_W^W@fZ?BR8ZZTOI%tW?6fV)# zq<}c#Nj!WthmWIR9iF=d(7N6gWPlfdG zFJkG&w{z@GbrpM6foYJ3mE}`d5cUJzI}^2c-sU2A(y0SuyTYb|Ppw$2c&@MMX|)Vm zE#pAyiJrgvTEt4j@MMkk3C@g-$5pzY{;Fw|D!Gkt=|;`mX&}|+=@Ewr#`|7|lQGGl zgtcW0D5HGgWffs%D5A|fQ9n=JE35FBDPU_vHY3w-9;z!HPO5!)t@*J_C5YgaO5n^3 zO{Vk#WvlezRx6=e>4>5er4QF~f7D9g6El6dy`c?EozjO5L-pMy=1}^86;^Gqa#55% zY^ndSsG59TLko%y8pr*{hEd?3B7L}}VH79UK3v@}3SxMr5^EdUz}!0x78Y<8)cg5+wGnc-}mNn>+v)WIl+ z2FKvb)b?QaNDnUbv}-_D?BIg-cQ_r>0dWA74iCcQ?g|w-Nkz`?*D0@m)8w%Ya%@WXfxl7?r5K_y>a5amQ|iX6^qIY zJ06gR3E&Cc3|d6HlSn{&w1oMm?DqlRZS26|yc?R{YzO|;J}Hu8H1f@FjKIb+QF8N;c0T$F~5xEn08E;ZNF;@oFnplb@~< zB;l0$zG}6ds!T?eV@1e2mxg*UEB}<`Cp46P4P{*~HI3dB_(`r5U8a=i0{4IKG^Mu; zt**+^uB~fX{=iQim53B{V}rH1XEtEbMBwCXU@5i(sPBdZN}pZ(QD%#y95dK||N+vTrl3>6n|VFe}^ zYHXhP!aJN5zyW?c`#KBT!~hacKwJQL0)C3kw0)G5kJ%W&&|PJM8@4F8Fe};Ne#KQ% z1-MQ-pn!$dXnyz|hCSLNUzYHNCn0dhvXOCT14l*xY{$cI(C8vWo!u|_!b#Y@Z@ z*65LY$Exr5F3_1U(s1_!6|bsXaz1mfQG)9#YtFx`|J_j|<@YN^1g5G^r~ouZ0x zuP1+Vc&@0Qc<&&}(Ep|SZ~_;Xp{5ip04+zgbiLp}%TE7j@8^@Jv;*Hi=z*6m$jov4IeAbF`CqK@s!`n;7!E{s!d(F!?`$Apvmvg3_8cZ++h zPZyX``_cJ!g|2znO=CcX1rkysKP!9FuS@u-SDa=Xn&uE@f098)y4A(8fSY6)89n{4tVD=a%WmpX|lTC;eK4agIIMrY%Sr3Cv7Dsl1BXU4x0*t#MnO`%ueSvz^qBr z5N(`uDS{XO3?f1EfG9#)T5E)9SLY<8DxYjJm`t$cZc;$JY@PWn;No`#z(v6K{ZF&s z35CV{5`!atTEZs)3-BgfEIWKCI!vVHVbz2!xISn3*Hxi7zV1%xXcf{D!BlBV9yWF0%7JF| z9LZb{qc}faLx-vnj~FTN=rL;xYQqLv2#fpd z)5OrrXgs{M7&+wdMORAkaf1p^B9C_luUL}p;SbT65xJuQh_q=Am&jj-SfYFts8=nOlc=j%pHs3YE^!E>N5U9RUris2`SEB}ox|A2)-nqzdXg|6Jak1HjGt^>_(b&=M;}%YkbZh4_(caqN^Wi{ zw=O=3ct96)9Xgs3nFFGB%y^CMr0cieZ!1q00ld&(g|>D0Yh-kg_bEpX`v)TbBpI8n z%YV_@il*?pcI|>&DSV+^LW$!y3Mq87{)k*sSFhbL{J&S!6bt2aq10bdQ!b$TyJ_az zD^=p!8h#CpUQ})pQy3PB?blNIR6N;#t7?{vQz+*hfDQ{OWz*|~;~5ICXMQD23;=|= zId{GE+{r!u2<`mJb1FSU%|Q}K-c)>< zhC42AVR{D|R5EOP!B>lu@Pv&+G31bDdhm&+(&L9UYW;Fvld)sbJ)7$wNPn@{(<2Ov zYhgyMJRir^%r86u{83yLTPdj0o@|cpU^J--u7Mq((SYi*y2yuOhh2h9>FnH`{vqV> z(Q5o35J9-#C#B6NWg&zHUTa48Qbb%}*8eY%-#W;TOiX%Z-P;(6IP(EE+cGD%u&=0+ z45v0yyR$00H7d*G;ar8Rt^!%S1&KRrGY=t{QyGsNuMWAb_ks|D&3Mx1c5|N-wxUc6 zQPtTBW4NInz_}Mnx^lKSIf*XwpVIGE%$ncAx`pF#pNjDmZJ<|^1Y*9jnUn9D81wC; zOn!?(@x$GZXW^QdL?FI9E5LD^CyNSQ3$8owwoR=a_&H zN`p7~VcS`NZXJ^a=Jir%PJw(lD3K8+@l2U*_Xc}HA-^vA_M(+J)Ek>lO2HIIK>s4CseLjAg6^=ko2uG;8!w9 zBBjfhIMF61$BpKLZGK-AAY4;*VRx!J?{?Uwu+8OxrEWAS(OKwx$nV2d@anEI01;aE zW7CS2g5+|=VtYsQLZ{9fGsUgao%*q2a%VW1r4zEVI64A-n*j|;aTOlzwf1Bfgg0R6 z#q2+O5i-Jk+JY-#L`8tV4pzy?D zvYpp?R9V8{LPQD(w*H#Hb4YI*(Y5g9haa^b8E@m>0b=NwL#H$G6&9L0o(*ZKbN}`~ z;YB4~sV}~Lr6%7Rnn9+pej*S)G?1|$5fn{CO0ayslGZ|+EJJ8%MeSvr6%>Ku5y=+aNVb(CM(HBLC*rs(j!07An+{wTkEGgfZ}1l zL@CcQZyESD(X?oS%-3|J!Y9a3Vz?xqLWdj~Q<{(on^XPJJXR$%#LUu9@+QAoQrdIa z21`?G@XWs5Ci2-+F@`E`Vz5KgC5Kc|e`Vxuzo4uA@2@W!6Cg|z`=@e?vA!u|pQU#|d<~!{C!b{3c?(YW`jI_75Bkeo% z0Cp-=IG)u5pvWn-dk18yM=;f-3(w^;#!%9?Mymjmw9Ncmhf89 zjbZ8DohGO>&+BW7_O9$CmOvVw(#@b}E~BbBymyEc=2VW9u%_!~+uaLUO_w*3BP>X|-C0+RRcFCsqKgGOIi6eq)L?;VCkvDkZ9V z+)lm1y>C)JX*q1wGNLD7fI#6hT04!Bp&Qs&Xrb2Ya2r1kmznS>q z^}KP3KT;l1QqsGg%6~rF(wU5&Y7ajDEIoKXJ#c^%hG8IGX*HCxEA*@~yNgGrvB|v) ze3;q?w#@NG%jlbU`DS74!O;g1Nqa_y##>o%>u=YKt;O?8`@ zP?YCJ>D2_F_2|gVh>asDk6l}C(ryFStrB=0Qul&Y_7A?VlIoB4o-rhh3*;12mOp49 z>?}JwV-6P;Z(LN1yVY!@WPo&D>+J@!jweXdkS-yhtD`{ZZiovh089Ko?fSBaBG-tJ zMGocFn2~j(yjAt{o{ASpjjU5XdHOVNv4VdYr&nEjD7EG!*!0#SX4QY>=DvJ{<}^$6 z(fVh|f!)sHD9%#aEY7eVa6BXRreBfZv91*zy9xIp^Pg_Gsea6*mA-_GWgC3CP@UzT z$Y3h2GR9*3Cd!phYNQNQ(Y41H_qGfDw`DTv8uNjWBSs8z4619q3KS%IrBcI(5K|g6 za4>tl5_+;9(_<`qlm9YCv`wfX!DqOZ6dU#gb_$d}(FDOa*|NsfdK`vEXgcQEAm0xO zSIb#0Mye&NVYgMjZS4?r38Sbwfn;2bP9VvcoIvvJ2u>hXTXF))`;nYLdZVTyLS2o9 z)cTeTsr9kZkeaXG7Z1TRfw~%rMY}cVc3qwC$C;s9mF%V56tXQ+XV;gT7J^mP<43M4 zHdkz#9mTrh@nU$Pophrj3^ZUS9jcYiXNWx9a4)exLVG0jmNb;~mfZl)Py*M+V(;TZVj;(+ zj54vb_98SG(`$kTE)^-~!X7>T*umK3eWaA&vxC8GPSSVpu()X!+#25xmI-K6sv0}F zuUPOHd+i$X zf}q_~u~PMi9F~0JA?IT{C*ProH??(jr6QjSboe#*tWDKBZ1{^o zoE^yY%*bJnG><|$K1b{X*sabt9XB)Ub!p~NKQ_ONBXYiPdtvdz{wgM8RMc)r^|}V5 z2v*&2mDbWTiniik!?yACT^;H9Yn|SAzA1qXhdBDe1!?_$+%OIwRq}aoqhVXBK8l*U zjH!f!fy5LS0>UWI;Zeq9TpaHRTcqN>S)i&_Q0*72rY?Nql+La5h9G3lu(;HVRjLn- z0zEXr_N;ZS^l%?et>mgh06BD?G;(};vQmpdGY^fz+ERYhl zS?FwQ00J^LD6C7W1NM_B#4)*aQ-W`2J7b5w8KQZaGKd>isw7z;`~W1`8ksSRX-SK> ziYW}+P@spNCK!Y;$X0k>NHawGyRPv$XqrjVVZOcf;=J$^RQ-szD!n)9)W`k`DG-|roZ6J0*V zx-8q75;fTBMDr~8ehAnA_^O765M%C*lF56Tb(x|F5{!dM9}V zJ9p=P@3Oq_Ym(WuKdxyw6={%0f2h;C|M6<~2L>%xUlE>Q1f|{i9hR+#sE$}B1~%A_ zlKCXF5q2N3E*-U6g%6A0A?{L7{MXy>%qrnT zv$yUZDWB0{jqhTH32sB^qHtI^%siUk$$UYGD zF8{9`pi=S6)!kwVrnBn&cLbxFv00K&NTKH2-a+`fy4yH}5ol|tmqzl3+>+$XcX6^l zg`cA1tbKw=uvmH}x{;;WDgeUy;YhOxPE#piV*u`&L&ZeS3&ploJ86$B4(rBsB*F{J zuNJQpy0#^}-c^_@{h3 zBYv}6%f8j>JlZ$YexgnjDoiOiy)U&oo%b4@Lpyt>+jV@2$)>&-3tprMa__kT6k*;C z#^PVf46-&8*=*4YD?Y1;jae}&u=HD6UA+`{=``tWC2@mxCR;8;H?`>x6F7XX9ICKwe=wNuXR8H5vgn%I))*sbpz| z%DSnI9fWFE%Y^9~d`fexJ^C+#w5VRZ(PjdKPA4+UpJs|;l&yYrGJ3;x1Ab0EV%}AN z@pDkWw`sODmR0eemRkCuoPXI zwJ0W6`4t9oIP{!@>HFD@IrQx`YkDA_6`h~jx1*Iyd)*oRDrbB^YwyV4x}#vQ{!Ahh z1(5@mw*ft>JFPAya^-d~qn6ssLn8>Nr5zPRX3I zpU7J9WuP`r$K8bQi7(tgHo~4@qmOa#wxS^h=3_y>CNc!5cGfF?)f94kQoi5LPMOVd z($G`x#*t#-$2g<9g%Rc29{e0vwqINOseV2oDuf4YcGr+?xtJm_l(C5%M7Z(Gwh7$VP=ttr07>f3IMw0f1xLB+=9 zfQw>W4(23rIlRs9BP+AUikQaFsOL7!$ft1DkMlZsCx4^QM&~%(y$O!P?8tCfVtctc zzgpDZqulu!_-E=Ts8*iYD6@5=_*5G4a46o5j2KUcI(Xq1GHm}j_DsK*RDY|5@>yBw)!jV@VKmA>R$c!6>cM%d3RBx==DSs2gCjOqgRfe~{B;{wsumx=l~>S&ku> zQR-H&bel;o&{4@hZM{KjLC_`}iXpM+hoC*wjHw0$XNTh12%~4ec-$mVh(3pMy;TC& z2jo~xA2Vjv9j*BzMlFhU-M3{K$lNs<-jGhg7s9zwIosiMOHa0BK%~}r9QwJ*S32uS zS-`Z0$?3nwP@{5wiN-)nn7n5B1-8bYwH_3`3gfElqIg9%X9;GrNkd~DYp>a9KPSs> zG!TvtnMBH#>}C!~;7-+`(aqNbs!b0lIr{~MAY8w+ZXkbUY|J+uU*Q+c=Axtl;pU=e ziKt0>IWNw(3AElSL2yye%c>W8r|VP;H_~SH+YLV!5&A(b`Yy3-!h*J&g+^BDALz~& zug1w=qg!pg*r(PJAa^XA%~!d@&&;6fPJ@<6%-LKI3&pEjiE?q zq*vzERMw1&2f_UM2D(kL?~!JK)0=@#|9#-}`Nxu+!ZPgaP*Xy1Q3z*u?N2?7gl`|IEm|C8~tKnr_Bm##vlcd14rFIi<-Gj_j23z%2**{U5*2i| zp{!`~u<^iT%DfoPP)9$=@OlVee1?cc6j_z9esXdr&jxapsk5I{t55r#GZHv5~7qoS+q*WB;~I!b|FS*7U4#Io|M$y|><;A9}^qTz#d!k~FGQd{zAc$xw@uh6Bq5YhmpX@2w5=$P|lKnM#Qhmf;ZW=na1 z!=58otAWwyrPD}>7lO+Xpq_ahZUqhH;VolI77_CQW>kpkb9t44@QyFwS6Ss(P) zAU%GSEnOR1W^VoyGrr5QytW3^inP?EQzaks;!x79lZv5-w%Y|%S|v7cc;o>P2)-Sq z^|=ggPH{svcSm-1v6hBI^9V_8df$*al47pei6bnn#MG(s$wnM0$%UlqoNlbt zN&5Zzy$#)V>Xb0rLy36xJwwhvZ!+I6#Tizdv3k8}&{OJt@&P!3>6_0Hc6*u`s#;oW zbn2&79?PB`NT^lUw*bkLDV6WOU6j}C9)>4=yLOE4Skwgx6MD$@*=!|U;>;JhG1(?` z7IW(*N;elP7uj3M&B|@Nx2Nqc6vt1yM=ou7xt6lE@`NvBzj3mMiLM*hQHEax*LBrf zi$h}{Hs{5E^bGcuPir6O>2v?l(8tzum<`yr`6%Eq_@>{tBkq*`N1kZG&!ZeeicVs;1&tQ zr7KXQgH>C?(0D(RN{=`C1NQndjUt{F0ihzpw2i`p=ukbqoR|R&v>w@-89SSTa@FuT zO;fc6e$)jsaHQ+?4}x@c#`|rLlOmi$q)7+%?b`h~*3NdKw&x%9y=R1nlE?%KA=Dt; zGm#+05}j{pEIMyVn3ThyegGeSud=U1+b7ib;%??pIGFLkusR&Tts52CHHLxoT1oM?^-F$6ktDX6Y_! z8mwAjr6!J^Ua94`uH7ieUX2T|s`HR5D4mRXHPTGWG7_a)>aCElUCiTmjo)AMG1qx$ zw{=RU_lxOtmcQO|!fjja*iB9d8nFmV`ES~H`Bnu$M<{MVytHhhKOLYyZ57H9nJz(1 zl;2+mc7H`|N>Uz-c*1b?Y0LvdSM_~M?9wL-&y{) zYSlgpUrib5>9<0(dAVU5OO|i7CVZ90s!ms^$8o;;f*QPFXL>HPF?b&{0$ylz&G{4I zlTGD!m(Y_3=gU62=gDFvQ--`Ee2}mlhF#*FuzYRJy@1#PB`l*0-)j1cH2Tq$_lXCT zd2U#Y7XShH=5Q98|CUz)XAh=3MJaprrza{V6vrFOK&Q{{edzG;R1@1A4B+!kL=d+A z7uzk&m~M+K{|5%3iFaiL@CM|0@y;VP+{Vor7GQFO0|Mv?>X{SqlR80PtO7=_N;ZE2 zuI;tE;->v>w7Aqn1)|z(^R$G!Bz%9=e#~Lh%DzbVlVtnLY@Aj1^!hbI2D=z7gUOVT z`CMoj4HZ&`{#Zj#U2U#CE5V&x9>mPeVT%dG7L7c`h~$9-_W0P0kwG1nrUZhQjAN@)^UXsycgZQD%RHald9lZ4IMDl)p)VJ;Dc zVVnJyYLT|c9Os7l0gD?&z`!x#IYLO^pU}~Ks2G8nYQ->kQwPO%3JTiykFG>tS|#q( zbu=1QEAX?+aRcyWg|gG&rFv4W{rnB%#46b#Ga`@?zX!_8sQf+6 zqqEyUgZ*tPr)_3ju^!2EMA3V|Anvp}X}OA})5n@(xnqoPdDt+W|Ys@@lT%!`YJf6u>C$gS!>BAjVv5>D}Ca>++i|hv-nFewM1< z0{tDu^sLi?!oBO4bt&K^{V?G(?XZ~m$1$0=+nw*~BSTd?*iyK-PcB5lN+UE!Gqc`{ zTBq=Ex)H^SH&zNuiP}WIYjpoPe+R#z=yzpYvYsT$^KA*UFt7qUZjlF8A-sDM2X_z1 zQy@_8Fq%Y;5EYjhQZ-*OL00;yZ_VFtV&rdBmBG6AQViMIj`Ucuk*r&=$__ zL4dqCe^=JE&su2vZRltCSc1u2s*XWavSlb)?w1DLD{UT61VIxcFkFeJ1yd9N6o0#^ zj^Cnb7e4FMhTSCK4$fZGPH;L~x0iOqZ1`#7{k7_@a#VLQK?*gKEHUh1-!dPGPc9WQ zv*~sxr#I)AzYV`)#uMu)UO`x->i$smG`9e8*nC2TS<-0LM$&t@Dw9TmWwmF2RjJG5 zjY;;`@03j`;Ucji(|3Ew3eJzT4!q1Kvdp#0viu|aA{S)4xFAjqg_rduI!Pr#+Z?5Z z%!yqQdIy)n?nhAMxJ94N&SgYhqVHsV5066G$Mt8FKeMFPGRxgc&C0K^%4ShOl{wu9 zj>-NwN+IvTb1pPD|GY5=Q@F3@{3mu>UlnCJP64eS2KRN{-!O16^3-C0GoiHM3@pBE zsT@Kb=kimXujc$2X;E=v)=cV#H}#Y|SxvC}v7WyrSWFm#Qycnvq-Y$j9Z58BhvIq_A)%v0RBBe*ypT@So zH@iRpK(yOZvL7#K({F>5ClkRM13>**FRv&1SFyv*uL4iphB}#1$(Gwd^l8Q6qT{1B zX&tanFGF<{ShDV*!+=SC45wE|>c)dr|1d0dI3|1k9NbMOTx_OGdU)r2zp~AMu>v8f`L}wQNO)A-Y@3|Gv7ltkbABXdq^=0eE;hdJfu`De{`aFzNnq zRgy{q`6^=Ildk3A-*CgW*z5}=YVGZ?cyyEEO2gZ+S!DnmKj|>}bam5A$quUW{z0A3R{AY6WE- zV!w!jYkL{#4hfuBrB&RuXAjsAFY~f_04enbnmc=9H{(R{G?SctwN;VD`C4d%)Q~=8Yp>Dl5VNo-$v7xa9DOA@GPan&wq1rW5iBnDn9P z8R&%nKAn(6KTcP%yQ)&T`!$vIcRE#>WC~8iJa04MI;v1LBsl`_KWzGRRnpCMIU4om zW~ThAR2@a8=yOaFAULIW_b(?fu2H`XqhcXq$oFQ8&Ow;iCDKJ=MOuZmqkux9Yg7Tg&-K6+TfIrzh~eaf z-UPAYGq+N5RW}EwF{9}mH}pl}aTqU(dSN{m;lKbvqL1?km8hWYHh-GnsSCqKk&^pp zw2iT?hbFvBGih23OWmPn;@_>ZK?+O9%YLw-0Z4!`j=f-?Vze zJwt1w_qPAyS+8<~n1yFK_dk>xUYZwY{7g}QGqzCuVXtTT90@dRs%qgzHqWoY=4sch zE3U8D0&~TJ(ba>B(B~88ayV(k45O^br!m}cKM+auexU)5y^3rQ4i~*T>Fzge`{-i$ z?RM-gW~YWrb-szXH)cs912|7Z5DZF3z%_@>-P~V{_vE{PMLKJV{~`=g^u1~G{FVc( zIarg3=Fq7&H6!=~2_&e%xT{FCC?bZ0BFxYtO>U-8+bU`dJ z!|h_391M1k0|x)ZxOE^u+fAeMBGb)AxrxKbo=2m;O2O;PA^Vx--{72_yk7l${B3{!|cn2f?|c4s$Gdlvynms$+cUwQzb*=bPX)RAnNb-{#k3rDhQ zLPv)MXCG2qX5_Ck>3r=v)a_|?j1RJ-7kEB>d^DTgC#E3qEuwkD@e9_68bR?ey_0pH z^%6gFHg;4G4jWMDsf=dmg76y`f_bTYOMA9Fyk1Z~oYu2*4}9Hqd$tpD0Gwzy4FYD* z663d2UfP~532P-*yA&Un&MyrwA4xG$1gwgR{=(kSg8)5x7(!_%(poW+RU>R#Ug#Kz zqBl=;JDzE#^K{OnQ8&6tH8e{Cg?zxtZIcRL_)#5XUIx^ zpL!)pzA0`i#lp$3@!G>|!bQsy8IA+R5|L&>ip$aXE;C_Fip5dXR%I^w*;Tvt*aY!w zNqUKbX|Mqo|8Qt*;%y%>8fQIiu}z9UNYsnOC3P?LZJ_a7aQoP@{Bv$Nf!Ta;;m!t5 zAyql=aaX;H1F7EJu6o%$sV+YFKvmbsI#)gu?dLrF&V9*d4~=hU18(n-N_*qK-Nh2z zJ7dieI^%-l#g@6y>Olx)9lEuh(KF9pzfql2rR(;#i@o0%Xp23!@S3DnVqQ&59)s|F z9qA6On938GC-Gp_RO`H~`54>gL`%YjtZG9v1@OT?6S8(@d)8a|lMO(K!QyVLNxMKp zED=aSg6=D=R^v9h(9i?)cF1zRzufCqOAEDoke876IB}Qzk=xr2M0{?GTd6Ypg<$#y zba-qCnF;fnU3A}RLcirqq@1XlQx!o2=tZ!y?Z#uoDW0plxH@JV6Cmvku^(N%<9k)V zn5 z>ObUiz}*js1w?f)Wfrk#|J_c)Tup%T-zXtq*3R$*Nd$(DVQZHjB7lk%XL zaL|?A*@+|B2?EC!HbzT#xs@qkr8_8+o;{&Aa>cP!L&E%-1vKiD6GQM@TX+F7yTYV% zXWLsT55+!|&oqFE>iEZYMN^OORsEN;0ByREr3ZDp#kP<7Ev5+d%IeXo>GiZnjiQ0< zGTW3cd6Ikig9eMlZ$6VRL5jmHzU^nZan-m_Fv#~ohe-ow?r?Hljh7iAPBokwb5e{KbYmcT!L@CnlX0J zTZ7({d;>^IS`ISaHoYQNycmeZO5q{N%*jxi=BxKrN)7)+F;{Mba(tJ)_`O46oY__QGYei*7Ii`^d!h z(mGSiZS2H0aBNkw3OT<}Xz{#b2(lHQJb0QIKvy+8L>lUB;bY}^mjb?%{l-2WduB7? zetvgPq`SL1%*YC)UGKRK!=zn~@{zI55v!0y3B0xGO8G=~jyj}KUfM6U_!vLF0rj! zxj1NP;o5OSFNMM1qRcDwhnA?L;{M5xzS?AORM^<JktvvYqII@3!}^yN<*wW(f=`?0}*8+x+Mf;SKLk>Kr2~JHbe7(xoK1S@nOC! z;=#m#FfBxn@~LV?TfRcn`LDg1_ z*6_Rck)mofyi4JswuU$2sHd9LLlTV4te=U8vG51g59e9lN1f;CCZ6BRWjUeym7fL5t=8cQeKOc)D%&)>^i?Fm01|kgW3UKx zk$2qtINA(y7g6U))O<$D7k6YYPSHG{YC0G@ShUl_r9nL&L>}J58W9Rnt>*{DmI?0# za{*P@FJ04fnZJJ8VE0@%X>)OG(X$^3eICBUs5CjpjtQ8BaY{)A;v_#!uV>_QEU4sw zFVNwvTl7_No!v>iyv|-Y@Q;OL6p8pD@>T4}X%R(oWxg@M4N|4o1%Tj3ZKr$kMnlx`SbG*Ob}<}*ghw{dr#Lx!^j%=(MN*3iGa zDJ`bW)rsM4G}p$pDdHdGD8^72%U(RF=p7570%ZZ(M%WC`@o@qP;;IS>Zn(A>6!H}= z8fs zVlh3j2=2AI!aOPB)0c_t)FIXo6-WAYI&fC+;w$u!i`QkmGV`Y;jS{yCfS&~s$<%jr z**eS?SI)TzfYsuVP0r(WlM|QW6HE^pZ-Q0Sa$xwahE*P$c=0 z^n-BaFT6g$BzciNoeY6IjC4LFB4IX}or{N=ctLh*^Oct^#%*Dib&+{)HoM;_Ok9QD z4n!BOqFc)dUdT_t-iahZpXe_)gC5A3EiDlDIcndy=iCZ#CcxMg@Mkg3iA)MuQ@PE+ zWlnR8dE!n76skpM;!+&vYd+oZ%Fr>`0_)vIsGL9G((b36Dsz9^1CaufCG4wfU7WBO zM-Xw#GSOO$MSmyMosWZiSU0e8%bMq*&ly^Aa}rvFum*)?^~+JnpFt$you=cOoyaGF%%&cWv%JSdP zZ)xbfqg29u7SQe{I9CW_`N;Ji7Gus#MwEVFC}rF!8fKQS=PzEv{;;X^P>x#rO+~jG zzn>3L(iToCpGlEwC5yGR)GG6%pRi?~|6q3Bi*zWiWVcaYczbCt;y-Pc4tjBF4rRvb6i zZ7>=MB&CL3`5n~9-L%AxyV2HDoL}NvhkLW?{nGhU4p9UbD7%#|aJMkeCxoqzjwT_w~2S%sByCnWQU zy)3G&)E_NH z19@v``WOLn z>oyGcUea@Z&$8ZFQG+zP;YZcRz3Js^?^?fM{WPt!s#XbuhyqpAt&l3$8v!viQe2>n z_DRf#mPySFs9rEz6*!Zl(Y}d_l6jKXX$I|NYcxsHw`7vU$K(OO=CppAz_%)$r5{zH zZoT++W&!UM>9EUCzwm_=CsnXI5={w{iV`Z6ZjFNr8RENC+*yZi5>s;Mbn{0WX0zQ{ zQi*~^yJstQnZaYdesn5ZQT{u1Er~MS<@czxbE#ZjTG%>q$gJ=F!W?B?_-uL(|HHae*WHEAkm)%j-G=(D zNaw3tjZHgkt6}4|VIyL5zE!vRkErt0%-gqK72*1-&O!YVsGf^g-o19ib=O4|hAG?L zwHSP&rYKsz0!3C=Jn&4>>6RaqrZ1sv(4s4piwGZkjWeueS%e-5X*#D=CDh1zMV&_;_YPvdb;-aJ7{D}$C(hP;mYJcQi=4M>1+nX@b0M2PYTmwMD2fvkpVIW=;*<4p7 zm@C~iF7Toqt7Hd1aI%G(&A&98cOz-LbLd=$Gg4VFO$NNLUZP`v!F6zN)~3Ncsqb2(eg!VmhLSp*mvQqOv!PMR)N8`I^K(`{YJY*gdeUM0 z=_8w!%eG^d3q-UBZSS4qTT+fWW-(yPkLIeE(_bM=t56|nL5-hTJ$qnhG*w#xrO(9N zK&P#TzUA?diBD#Bx~Nv;io5DPuFSnN`^?OR_Ek9;m!~pmwI(axC$UdlCF4B4!CMvG zHH#&;oQGXlO)K`BnFhtOFK{sI8ApgKH~kElr!U6uWE%(@{r*&Kj&s&%`_yUHL7wlZ z->e5!UP$x#p#opRgtVW+UcxqnmMIpNcHw+{kR3l*KD&Le7=w}z8_H+XLkSF<^Uv0o zu?B{u01Po^9qg=tf+F-KfI*_6XE>P20YtX&E!rZ*$I|qh;DcjY$(C{m7?Czi%hy=6 zH~B%Jtv7-XH%k(Pu>xO(c30UWTqX1tbl%8S|_V=gV)ANd{QzCpun(3rbHyzS^T{Xc{A9ZkIbo%zHeJg$dfB+jNVexWyu19rb zR5K@VQVRWpQGy#*7p|QO7w({Ua?qGJNXaGXBl_HJJR~@65A8*T+7`e8Vo}6ATcjz) z&Ckxqjiq6lHjlC~Uuc~TcS4GXCCS3dBC0rflw|qF?1lq)uV|Jqujjy_Ly#2n@?WRg z*Trjyl@YxTO)6j}Y)|AVjMr7^Wv5=~Jpd7w9o8uH&bQw2zV!}hlSRVJ8N`B!>>=qu z?6V^UDZa-V@1XH!)UUE9eV5@~6*zy#eoZD}#h6UIi%gVfL45o@xN>MZ;fEZjGnC?g zak{3anv&`(uDt@M*b13ys+{!*+!R!;reiuYMtJq=O>Y>EYW7vtVDR616wi^j$Nst8 zBp#6g!kXs$quQ4eAt&Rlrvzk0h4I-KZ(b@-V@{}Zmd zKe9KvREK|}Rv5@~hv-0YT``t)84ocsy~h((g%(4Ax+5oW5zZV4j;ULIJLjq`YrRRl zN?M);+oRQ<36mhEX~bleETA|`f=>jhV&Kd|Qfo=Z^bDiM%-~^AbQ@nlZdxCTRU`XX zUV7+F9X>+M%0%Dvc%kVKgb`zTs$K#V3e(eDcq14Hl`S&6*##-4OOygEMzUiUT$-#E zz#zM}BB~8UbsuHXN&uunJW*YxprAblu+&WAV4ILy0LvoQ1BP(nIxn=0WQ+by`bS}# z`D#Z0O5m~6nC4sJq94xb+&bp@Ska_AEJs_|EH2M5mzbcbSo0LDP~|4+)P?r(rx52j zlN!*6n?t)EaaRl0p=EMr_# zH^gIm%4I5EXo&z0BoUuPjbe-o&eZoPZ$n#%tY?wAe4sW7-cGsvz7)Af+w z!Sq}H1sXdB6FA%{s)>EFM}%W{w#bxCozpMG$3dx-IOURXFgm&^`a3(!J|3gTk6Q7f zmy-dPTHt8H6^o@Ajq7#cP_W&v!JOxOoJ+%cUKKqXf-UQk(BVw(Y+QwP#PmL(##EcA zan}w38XGVMS)o5p$hnERghL>>%0A*TgY#dhYDgGsmnsCVMd69=fyjpKk1nk)iZ=8` zCE+nuqHuGx86PHnv#Eq2cC<Gxv_1epNUSdnH!{E26pUDj;v}XBNeQ-{0(#(`TRf}-6Lo-E0C_iO^M0Pc zwWUZ4k;2gX%u2ys;6rQRy)kv+o<1{!4hA~j_umRSj%)@ko0jv>`@VpPXEBCk*gq^m zMUDgjrW!Lo_U|0}`H8W{u``0SA`y+wQ>YxY_2q(b9*I#}U@CReQfxEq2qDGL)6Ug` z6^9R^hCYt>*E~qiPO_pA0SSDhRi|BQ9;1$l9@VMC&d)Z-V(ZqJ_SH+FsTx2U-n zsH-oC@y+{8IS~X@JqcpH1a*yg8JHU3?Hu3G!jbYnw8LS(uM>V~EP6?QpU^E$A=kpg z$Cln<-|3NWx4*!v7CHY=|KO<+=S=*U#6AmBq4MAQ%SCTLdd;gvEfd}(Vj;=eh~;5F zT{krRyN{qRe~$q>Te<-Uf_uqbGIBcw)!b*xBuSZ|WZ9W|L{NDmGXG?Ha)*W%5V8R~ z2aHJkj)8%ze~7>UrfvUea&QJ|lBk^q2X_(~Bx#b7LQ`d1$ydTmkASU#ZsEcw)~>>~1ATFEY_LBRwxiPa)3SnGhO9iw`*m8E5j zXAlX@k0QVZy^eJZiYfq*5I< zk(0rhqJhhPc1*rN&*Re>yVigwNt|mP^I0Z|w->HsJ)I!bWGsCv>Ok-p&7s0xTOz10 z8{(2MN}dHOP5vQb;}Y%p7+Uz$7u z6DdoECWIdOD*Z+A!hV1Z@l-W0w?*S`^OUB=6BvjLyO=}WT;^_DMa%c(%&^~0= z)kSm$*7M+auM(GEI~&uGowfqnc;W%1Fijp0G_WR0)N-b1RVQYpl|8wOvz&S^^%{=$ zcfhC6v|*;cHF%P#8Js5#fTp`{yKv1+aCC|spKSH=Jl#P+a z*cx_vZjL;1w=^pa%hO?><=CU}W}SKYtoFXVANDAZ-n@LeJ&L{hQS=SzF*#EABc?t3 zr=rh_dEvdhFUuz^rT(wdduK?m&oljfv|6e^AGe+!98>+{1J=l4y<+Wp&Z6DB<;?>epuKeFdvOjm z=Q3U_T$cc^0dcfh`q8Pnf6NxI*tsAwJNnJD-7$csF4+aHGb*!Py0te()ai0=31Y1( zzKaMm$>l_R$UBvjd!O59b%v`-XuNfHc7*e*8sY17m~g4pvcObrAKHaF){_sUeErpY z#1}Gm#^5k5!X=H-64sB1=M@(8!Nm!c9&-WMk&sMj9?8)fVdRnp9%y3Hgu+TgI+0E# zC2#OI<&%>=gD^O=@blG9{GX=M`^y&|lcPy$LWP|VjQKFg^)XhO}4KX2a^-kyq* z;c!#wu)2FdGTF-DNZ4Fd_LjSVIA^^;C;X3&c*6fP?3y|yjVd^}=l0d-Iyk6m?tlj+ zEeg(j!kl;|$IJm105&d4U_(o?9iK5~Gc48x2=ApS*>b(I&sm;)ZAXeMQa@zzD0x5Fgf_oYz-A7o(Z^H#-kE zV2vY+NG|$xn+oX=UKKcWc1LvQ#g#aUha1@5&%Wr%M^}~dz4>JP(O)XY^*Wf3e%~IY zVz7rGWUA0!NAgN~ZA_&nmVr(&$G!SB(qlz;>V0fzU|>8}Gm5aYLZ%gbs1)rzIl*}1 z&ti0B;9$&F!JmJh749CgJl62g$iaNS-tcrtJ)_DnaIgm(-O*t+)Wdi0ZTApUW1sii zXB9e_zV6pYOXN~G}qd{FZ`S+q~&Ln?f*rw=n@Ps9?j+B6ycb1FR9V>Mdoo@(MG zduGt5v}a(TC(hKty3y*cjq5krGsYx%4g1G^-6zM=#7y?2w1Yi)F<~RCex&QE0Mi?% za+23tYG1xrWd`>4z{R%()$2fhaGg@edd3gt6SjC`xKYkWcX_J1r(!Hs+lOW3h|M-*q_xkR#y>}um19xFn5g}ox}IIq+0w5&3o ze+By@0WaKsXHrraLH~CEn7{=zd)%A6%rYQT;F?0|--)LWC~++75C&Dgz$huSI*>gd zwyLF{*OB8gkxt0{fDmI8((_`d0t^zHRWz3xZq9#Bk`OH7rSclyz^tJKDC|>O$e?8d zy3>xaW^uwe4s(bqU)JNub~BJk9LVO;%D|W+h^Q)gqwuOj3xNPE#Y7lP37%a@DxVJC z&W-Lxi@vb5)Yrpqu@G;3@vgPf;SvK9X^7}X;W}}Vl80C0y)FN;p$y2ymt(QgkzIxY z`HM#O7DJObQz-_E(eT=m<`RRA`I0Z9XFY@~sOx0hR)jN$$}QZM`#W`8{_OYnwybK` z)?b#96?ufqk~{A_N1IpQbI;mMQi%gok7)DB+<$*vW^1zyFyyrSd45&KGLL}xcHnb{ z`2l<3Haa72Qlnj6PyE9X;o7CAEv4yfi<3TVNxbyOJk^BhFPo)K@`9_%SG3zMFUcC0 z3&S{tH>F*V6CeqchwE9 zMt${ayh<|!JyKm>%IfvXt)qGQ{OQ$ytI$ZTWDfjxYAfv-qmScc`W*1Dsabj1wQH%13FbGqbx9C!v9_xkgcQ6@suYSV3ao>zqi&Z;W z8-=|dt^WE2@fPdqFRW(ost?opHgn(YlMlCHv8@ht?xywK$7v-B|612Z;WhaHpM3y@ zjia#RKWzZH9|K!w+YmkgI~7N(+UMT;@6hMjtBxbF?$qkGe$BA1zRBVivWEO1_};ck ztgqJVnX9%^_9t(EYO%F*d}e|Cn*WFJ*`ljZw1Pj~$G0H)bNjtTL<^3^Kbxo)w5oNV zWckNzfkza2WSEmC<1rLy5PazJ-=j>phzbjb#H%fz+_lSSVB=59l&{73yZOhJ5AS7* z$rNtFR+3L{vnP#>_d}e3u4~!Ua_*0!{z?EPmoJxsHQ{EcMZD1VaL;}a@9HIo>KM-l8Bm+wSLY~AGRjiQj>pH?1`iVuoV?O0+Ex`p1Vw2UEQ~2 zXC6yDH8&PAlJqz{N{FdfdbK9!IIKBAUv_JCa0B;(JmAC>6b36N+5LLQ4tGkoMVMph zaQvV*N@KGjCU%cOup3^b2qi(d=Ep#rg2f89cvoAhTs*386&+BC+6~CZ(U!2DB zVwpNv9{U_9ci>1yl>_Bv}$ayvBJM>tk7~FZ6W^Phzs%I#+qynj#ksxr`P1jNcqF1 zh-yELReW>#*Gu!IF=v~ryr-pb!~Oa621UvHFn_+GWnU{F zSHw{qwelgrYOqpq$mLtTwbShpvy?wRy}2Wgue{v*5fKwZ2)M)4ieK@mMf(-8?nvq6 z<-eJssn~p+%7y`*=WR7Co+m}bAd*cs$nsV839*My)R$sgcJAsBAGm3r;n(VBvhX&_ zM{Y5Kr-)IO2dov_AqiKnPUN%})1;N_7tb*z_!QpX83t)hMv{;V%zOPBAElETal<@0 z!?gZk-RR;1MXWJxrC4J;6yA%5m7KH|3-5-{jL(xb8)xhjvF&I=;CuXI>73@B`6nYD zh8)2WvIEca`HZf|Vierw=_XEj#88fgrNQV%N^-h*%{4S_47{nhCNGxmD*7g~m%!oT zZcK=pR90T!fT``DhN;216Ker?2QNgS*j@WRJDxUC>?|h0|MIsPjyAcU@B+={r7)g{ zDlol>`rC~n5Ez|YM<(11)=YbuC}}NW7{A<8k+idFQ*gRavn>CLP_q|;P5giM-UL9a ztG@f6=Q-T#9cE#M8TP~s30X+O3}lZEki}>+kj=OZM2&8Ayy>XX4V< zw?d+I?F^LoJ_=!5UtCy7 zt}%+?c=9s)CG(te42!DjPy3I`n*x~`@>wXX2h4}AA>1`0pQ-Gjv_I=)6ZB9C!ewST z=)#oiBMG@QX?TZIe%qk@u8x%78o(AvPP-F;Ow-IL?fbS$RNZbvm$_Z}~MTB^=1NzEu@Vfs0LY1x05 zNgjuAKFK7b+%Ss1dX9^=NH*U#Ns`SY&#h#09J7F}Yu0XBw{gRUm~ZAJ^37+c42;H5 zCmKmFh z5@*$zeeBEGtG~_vOW*!B4{qx&t|G>CAos!k?A4Y3CGDXl8^lMqd%XYR42SRT05vO? zwr2Ts{l3>ZNaE${E|7xFiX&sW&hLK5D{b>iAMipq6bg6x-3PtOR38>fl@EGh>=H+dUjL9++2U1x z-wR`xR{PzsR{=>{moW8yHa&`yG`dIce%|$H^c=-b|5E2@bdSbewMTxIRr5uCgD>j4 zyoE1%;kaw{4Eiw|dT=&6SCH~_;PZ3u$hcq($uXhd}u)bN3DJ^3pGQ;T|u%%kSRlclUag4|<^o4hskX^~n!;l`UT7_r1_P ziCI3YGVE2vdW9S-W&6hOjOvIh;e?QNeYnP(D2>;xcRxS7HF~yU&wu%|HM(2lF5)B4 zb`c*Ry@+qnip7>!*-HBJ_dmrVK7($JhAnV|*x{!HuCe{{H%3GHxFGecdowPiOOR24 z^e4tll6U5_UK+RE&#^P3x80b|y!W}BnTLHy&m0Flta*AG#N{+$8osat{_gKxL?urKaWe1sQqcbaI#UehIDq(VW&_gl>O4*i7s z?dC1vMM>cX0`br^nDlp|>lizx)Y?4;Trmra5(hPb}Wz%jC&Dr>s?NRa&CKC^am(di>>Pu$ZRj>UP z7Fwji-cEJS+!v>}mrV20G;Gz5kIb}lnd#Y&yQ#=%6#HW0rvWv~_SN-v|=!oX4`Ter|UX8@ry-e24oUp2&U?}DG-=JFTK;BdAhAI z=<4o!J<5lN1P${%07bbKBdGVAGZ}Dvky;@~q<+pHzotR%8m}24H*9ysS+G?l>Z*^6 zDEgifvH~uvtD~6d^azA1(a+^c;l}i9K0V6gSzZe0`iLiDs~~2*Fd9HrvL}*74_RJ_ zSRsNSn{jEr8Q0`nBQ|IoyE5Haj(YpPD%}>wG;HvWZ}W#(Fj$>|{QUMxzv^V^HZOhZ zN_U;Ck}XISU)g*{v=X*(KIp4$h^6aG{bgrzDMAXEBM>C}h1RR9EFx5#0FOHo+S2Ra z%DJ`K(3_0%Ytz3NU_nbiNts1X)!yoF3}$nzlXHmBe;i$Qn?@=s>7 zr<*odFcZ5L$kdVc}B~qgv0w*v>G$f87k6Q zV|u61I@Uhtw^&7bz=}+@#?B*0JyG}?P=E}k;r8Mc(5f$#t#MeV+^UV?UbHMwHWZ&l zls2FA14>K)+0>(W<0eUyC6S9zb6jL_+lC>~OicprjL?qqwh_UjwVA~(;c`@wR6VQh zsAULK+wE$W7bZV)KQg^VwDq&Gk;N+i04Tl*FnDb~?pM*(dTEzrq*O?3z z8ctqa-BSEKSpftoTdM{_dO1?Kg{!cJ35#r`oBBpQwj7CJ%V1Su?Q-)~dD4d4I`@#geOqbO=B+CfZK}$(NZ!_YtYCWoOart&zk@hb^0YEGlqGKe?cSnB z0-hMSrT^DMjbk%YlC4hP4G@CbX17}W66HRDmuX8T%kcp6i>J*}C@kD!-f4t+i{Zkd zd0LGvYk+#9YRg_r9MGtw3S zc5Lznx?873VC7XyhiboI9JJ+$^?ixK;{67Tk3ElI@%oosJf6p^$Ep4=2zyn&yA>d; zhP?6Pi@2M@4}T-n$WJqR(wE_pqt?N6D8eHsQVx7&fb2aGxmM?Q^-N5-hZ#a#5zkLS zsmGI3+T17HoWVhme7f1gmTrB2`ZxCKGXg?CpFcke2ydPsg!t#bP#_%ZFH(uAF0^pV zwO2kTK$yE`GQg+7g+zI@fHu_3^|p?5$9Lk?v$d<&uUO|u3j{XSC47aYqeiP+(eK79 zKCyJ|n6MXBxKKW(hW;x4G1d6-nS$mc{UL@T9E~bZ08Is4UFeW0MeM?ZA`tqC%p0}r zPxXS~*8GLpgARsI^}?txyl-dziDw4pUytoSv)Xw`+BkgCIL7NfiyakT4U?lI_p{oL z`O7Ww<>e5Hr;xT(`+Tx!TMi2M8?(@+6y#zxC{D{#sAH%HD(xA)5y>34Eo!HE55Ohz3`l>0A1Q!tcDl>hA5iwLlh9}u(fH2eVWEP$hd z;A}&jozM)S<{zIQAUG;O&IZz5Y~H+%Aj@FW8)NQ^l}Po=Au#@nL*)iWe;Ydx`Yf%f zS+ylztk}F>BpXE=ZoiWltqNtvO*PPt&qP$ya*?5UC;E=lTy~Tb5StC(yN;qtdS zK9$VoO5lxW>IWDRguzF@3lLUpGAN!_Df^C!JHqGg}h1&@Ifn zpw!)-{(<*PWRx(sjJKt5L+Dhuk-I>!XfksuV_9s2vOlfSuy%Dz2o<*VAP^LHja=?P zDx+)EABdBmSSA$SYAp3{STLA}LF6Zdq8bIw6}wId{{LV?sAnI|*Uo9%JI|@aM=Zu| z@}z&}91oECbK`g_sjMRJ!^Z&nRV(hMi~M^EKB#(cY_|MUF-^|3*I#+Hzda_c&iH%G z-{l3+>X^9i)f==r>yOsPMRL|j-AXD_z7cm?zJaPNUsulRa#4;Zt-$wq+q>A~F%W5t zqP92P?ptHFZwS#;OH9TjC&pgW83EwuCsICW_gYZWJtnQE9O$=l_C$68to<_mV@E7Y zvkSf5MFV?1pN};2Ru{#^0jdm?)dNsv?iFjXtmpvE5>25;wM!n*Slg9YAUGDtMRh>i z-12A_-ax_#Yc*^^=b#h{hJX~C)JBouWa^E7g=9Cj=cSQCsw|lrjm|a&q|$SUd{Yb# zB*Y3}hv`F#KyR8-r4sd%hfO9+2@^|}0m#*3;DI~)VnT{Sa=p5OkA(f`4>_K#cf>Sr z3@sz+FxC!hm|1*CTS@~h@-RrlMKP!Iaj=s|k??5!2=I`#lqY3=6#Zcva0}!pIj@I( zu&eFC^ip!BYzBI1MdM7!4CB8sp-DZyBDL8?T@c7P5R-^rJ(EEFR$+Igb+Mo!!n~L| zn^aNZ%@?Le?FF2AL5f(LWF}kRV%V?=AtrVlYCx^2$`20geI)i&O@*z*Rn_FFt!217 zXNN4Gc0+M~LsI)=jekZ=;gJXSI}9xO$k097MQ_U#lal_FRFuIcsn2DjeK@DI%X+&( zLx0>xPM0iM;uGoq5?sJBNE`|MlTP5qMP_UCMqMA>yDA6dQ%r>kfNL1IF-0}c;_CG0 z(sdGXQ{E$lDeUl{cqh$6F+FU5P}kSh)z(FVq9oj#bq~{JRmH959QAbEW>CX<0LFS9Q0a1(106fH zS!4S-5F6>0_TMA@%7JJ@@e)DJZRp|aLu+vbhbQ55?Q>h?s8#%D{b3I@hdYm2cAqmN z04`JPPTyr=d*93m#K&UM7L7?_htKyWNuzByNi98S+e2>B!k(YclcuDwxVx=Q*@ie` z0}-iQz^I)OJ&N6xMaf=41~TT!mOwNY@TMkZfoKYyCmD8Q7wZ|6sYD68Vm)mX&k&l~rg`e?I`Cs*sFck8lccbm_zsO-5nW-<;*r`9t6ep^ z)|Ahakflk|?)dmCLRo~Hm{}98uE$i>; zBr<^^huZY}X;1OeMm}Gh)6mJ;Zbn6n^b`U~_*9Ic*@fLZU5C%A3MG3zPpIsAusA-= zfByYkC1zTPQhTn9a}C)f&C2S-CW>c%lX~I1dFLV? zgGKVA`#{zKDibnPC=PHGzsGd~4kk@7_vu@`2W?dUBNdMr>+lm}9sd4VAgUPc>KB@H z_Lj|SP7q|4>3-OrNNPjxLg0>3OHlHB&Nw?h+Ns7^V@UX0Hm=yZ{-#YER&QEycZ?uj zogAc0{G;Bf;5Tj@llAWdTb&sp+!NuEN<#VS40H7ua#|qRB6>GuTe!VXkHhH#Ct--< znMU7&KWft-ILi!1xZ@(~tGT4N!X6d|dlB&i0#)I96H#5y@wT-kxL%s%@EsD9v<3dY2w> z`$ev=udYnQSG=ccIv7Twa zM&B4x5Iy)Sz7O@JkNsvFyf{}Vcac3w(uXvi%!W+U!b+RsGd$#9^zWwbZq?BTVIb6t z+VC2}fA1V7V$Qi;3NV_z+Lc(yIz+UYs+FKHmFq69-yF*|A)X?MSbE23Zi*)AK}ux_ zy#d@-&K}5$ook~SG#hQ8MR%xJ7Fg-wGTR|j&O#RC(3T_7aJ=%>dydqM>xl*|`RCe)dWaV&=vy>8NRLx6bR z%i{;zG8s)Q>X?jI1RFF(bVGW8zw zpy!V2XJ*6IBckhpQ|y56Wh8o;d`q`6Y|W}eM)|DJz$1iA%yT}SgEj%Xbep*zPsQky zExTx@Nd|CG>hs}&WRS<6(qDx;)H}uWO=htgi!CAs`5VMB7t@bda}Y#aU`E30EWHf5 z?8OsVY;LL+6e=j&!9JK7mOuoL(BP>((& z4d1DW+&1)od51pk(39@=(D;q;uWX2;NwYS`lJX{Sa_qVYt-zOc>1xl@!PmeY#x^p{ z*}Pczv0X|KH`lN z^*7up_AAttC)d6@A~+%?Fi4Zo_H|*oc4v6u*h+l8C9*=ETLm4JGemWmaYv3s8x6Mm zh#BcItnOASPd!w=%uHCTSserN+3$i8G z4l#!ENe>-Rwilzy=!D)>%oBR+_3@>LYHh>HyDVun*Ou8Mx0hhfa_OOe)a)f_YjnC0 zJ0Bz6Lk8du{<4^NO7zGOvd1q8rKP09MzE{of~a>M!_Z(}>X^Q&qq zVthJd3~f;%80br6efC2zMDcufxRvcDQHIH6h5%9_=&ey$vM?I%^t#vsy55B-4|94+ zFTd1KY21wB%NH5OM7q-$Nu^9*j>w(=S<7T?1AnR&YHSZ8M)@zE{6w+htrS^eJ*CQok@$!1;v5YrU#OS z|EoGWu90lY0Zd)5HGc&nvq8v+0aIC3&*gxkq=)m=2FAIk7uw(s+igKe#AYeR;@Jyc zwAr01Yo4}vbHb{X~(K89{_^lS?tJ8E9cYY=W%0P=c16M!A=h zRv1)gYdyzpV|qhG>qImtqxeW+rd<-;so&vGkktiUdE)L!&WI)`h)^wbyGZYI$oM$H zb*3SHwr+2Ya=RmC$c|#ch~_T*zAVN@a*v2YI<_Q2I=ABeH)T%YZ&|Gq`k8@Egsic!r5sH(g4iN0~)+|S| zGZ2}DFVf&`A*0me#P+sm>!>+e+uGM{X)AA@sPpP~L7q>k==$ZJSEE#JWd$-KsZHB9 zmj3@U%+IUw&af(7Gg67DV&=-V&RkS<&D?C-yn?2Vt8~%-vFjni*{M`KEr#Ls?o`>_sE5xB6PY1b2aDqxm zv@ez#`jiH2kz8xF!`9fYn;EtW9fdR9_mivI!MNX+$L)d3C*)msr;2ruF0Ee zLnO@-XhA385j%96IzdYxu}ksJeh$J0saLb%02YL`XsXa(x04f>B!Qh^Zl0kWxGrg0 zCWP#1IpU$6%o>(MMc8~uP4$suL;1Ya*vzm3d=^e?=X*oKq@5JKUUy;Upx>j8x|eV` zRKA+%W(!D7*sl0n9df`qQ2=~3r?POS6P9C|z=o_^a@S7#MpP}0%Y3f9eTV_QgiwxyH>?tQFiYkFVXd!( zT!NGAZB-2`;yp4*TL&dFV=6SC(DU7l0@OMi5b!>ikIe&*>?L>2zWluKqcgnYja~l6 z!d-j!?v<01kTZ}Y*RTRHRncdTDgjtr!xwq?T zR5{)__S%vu0D(Z!`&gXkCv@}Ydy=VFYHZthuFpbPH1vVS#nCj4(Dygnu?aC%zT~tx z`SpWd-ReBs>l>=xT~fZr@j1Dk-YlifTCCpG%et_{B}tbJ#zp$O1CNkbAS}XXH(aMV z$u+i|(~MaXh66TD(=SWvE=VS4Q^Z1LFY-atbXmYMGVWz{jiPqE09dOPs zVnn2=*mj6`csK$7E6$_oRYnQc5;fXM$RTx9VVu`ylZ~#M)j41zCfV%7aF)C}vTFs1 zH*nPmDRKo6JU_=L2@2l#?c9?{3V&hx&-xYH89uVJ(|p=bL(ZZdD%Z5rGqSfRz;7Ck z)fCDfA)4~F^p#)%XKEXS;T=>F>!ALLx)KcPmyKoiGM^#BAJiUSIktnSO*|#y9=8iE zR>7$mxhVL=t9!%`_atV2xthKMf|8uM8d`EWisajJAnnd3x3zV)QDlS#jUkaw_wR3q z^b%NS3_|vtM$Qo*;UM$FgYb4JDRmOs+l{8h7Fd6T)=Wj8%(Tk`do9VwDW2CwMPdtP#VHaS@Ip<|MQQjf8Ko9$!5GW!z&DRt*sTb~j%$-Z?bE-+oAyUL5PR zgiaPXd}+rBp<|;AF?^7@Z6>`H(y!Ojo^k>y3f8FWC`F{zW_%}6?m>DpPbe3r!>@Y$n zAgXRRI0U+oQ)sJpK#8j%U5to4e2E_NdyG=VvZeF^D<~4Xvz^{+mB`m{SG%GO`X;O9kh$@Y@g>Y8)Ax`#3cMMa=;k;0$tUA3C2BeA#cmvUA ze`Rm7=m11v{Kr(8b~wy(vhPT479(+rnvh1LFO~h+u5OFYP)O%SaXeJN+QjNE4V|Qp zQ}yV*@MgP#V6_u_W&}&E5pa+jG35QTfyfZ+VXdNM1M>w1f`KEt;Ma@=_&sb$xzXs% zYP)ef6MF4`14I~hAARt^ z^RO#B3k$V(!dji-I`R36k*~!1;SIA6?CH2+%FFE_i(mXxeW^8Pm2JMPfSjNKFC+p zQb_mRuJ$t zsIN4jA1Nek9KOv*JaIAGR8^(Y%nn9Fr~~;vKCs;`L{I@J^@K>Cx`9q zu=a^G8@ts1 zWyx6nts%&^y)2G@`3YMsgHR)8eY(1oVgsOS5yCcp&1O+se))jbsn0CCHy@3p=9Y+; zWIQLTTjJSb`gTLRTJ%eFKNuy0N@CfFvC2^)L?p|oj-nMO2-AEjdeiUm5-YaMcC8Cs z?J!YcZVOaA&q0oL+Jdo+##5L5IyJUOZc6(rZaagrMMHdSC=CnBruI?jxvRx><8hD^ zo#e7fxuT5WnEUDni{eLwMLemE?d>fQ#u$j9#&q9M1hE5#F%WGJ-VZuQ+;AGmLsa*q zutoE>Z@^`-OajRp)V!X zkHc*qS|uxsbR4!|n9PcV!(I)7fH`5qbPXn~#VniGCmLhtI%)8AzBYn(@mSLAoO6B8 z{{0rHsCc<;SZrz=T(Z@A=)P!I(w-YtMKh+!&KtGz^dOJqHENf2d|`ap%U)jp)Xy=%u{oRbKDyOidzva22lcXuae zo}bJVgA18*c$X=sh1Psd*w;otb}%wn=US%F_*;#xgv0rYyx1X?O!v$~5l1A-QN ziI6D~ed^@A6?}a+;w)#bG8a=i1Y~c{*Iy&=@u?e*sn!F^fV#C?m@=)nNJo8u-GFyagkt8pG>tn`-6Bm^r5}nJ?_`St%hmK-Srl^qLtn8evzN zMwkdT5G*wc+P92TMH6c67@@KBFdIaBgNqxPrl6dJ<6nQX50m{y5*k88EfQgnVPIiE#&1sgBPW||t66zSB- zZah5n6*jGgUf3n(`+x2{nq17?MZ+9v*=ZI>=bZFMMyy;gkSypoaqc-_4=TwvP=Mh2 zRlzWJ8Tu<2A(50QaMjALSCgC-weH6NoIZ6LewRG^3eZBzRJfGM?heZ93fZqe8 zPkk6T0g-}0Pq5vQbA{}%#RQl!Ptqg`?E&irsBlrdIO3!|D+XtPZ3jq9GLBg=1(HKF zBek5DW;3~uA?)eVmIRDADBPRCSU8zgltzT@~lI?B()9jOoIGeM+&V zI6o{re87wCO7uufM@SA7z5Kg7`v>e}NN}Kl6j5j{%a2G)c0l2aFn7ZW!6~|#md=RU z)8iEaW{HL_8P_95AK=jTmEs7sIjv7FQ<9PL&6(-JMc5YdsLi@w7c(Ku^wqeT2u4Vwd+>h zvTbuIe^M<)sR%ll)29=uxLBj@pIoewBwulZ5#eReodUKnPc64ffB@i;_SDw04VK#{ z0Km4@cIj{K?}a1J@9)%!xz{n@YQ%=gagVt+RfooEC|pOPVtMz#YWiKa+HQ@9}-=%zV!3W+0B7 zKmOUSb4LKRb0Z%*7ES9y2}U%Fmbd+qIMnw<)}W_s)aFKREB!wEw&O58DmEy;fvJ! z)k)!jpWnfAv?;gaZimir{`P4Bdi=J&m@2>n(fXCvd zMzKUOSf|~wbFZUE#rEV*ekSxKFW1kZ&0TM-SP*&^%xUAQZKzs8%)4nx!!Wg_fGCM~mhkTjV< zlh_&1s$_AZmoOMWlZhdlY#>^`m`v((sU<8RFG|ik8C!Z7Trt^Z`AzVku(d=*p$TQ& z@!tDF$mBxJW4!$b7@Q@oQ*7oYLcOcEXQhKOImYBRw`)$Yl+fHxL^chD*th?X>^7DT zh!FPRn; zFcl{b3rP+ed=U?)wMh|;zWc4#o%--9eA*@JT8e}LJJJ+?39&s-n59rNa=3-OHS5r0 zVhF+uOVw`)zCwHZ-UDtJ5d+QN=0Ufx_pwCP;@I%~14cEe4)iK|O$0Ida9_?RPO<%h z_qr78?3_tpJ}Hx$8I_ESr(tN&XVTxoSDY3*AO3AQPp}7?!iea0)bxEaj^w_;*k?fsto1i>JKyh}| zg(g1fGU6=2$X-f=!R9cy{9SSKg>@;k)`?QB#yy{mhC#^p1jFfwrX8I)njTDU;yGwq zf4lsQYEN#|U7O!^`B^0q#iR5{6P1gI*D#XR^snA7#J^?)-`Ikmmk5|9$-##+WHAqlF5`|>C8_n?7|13<5Z z_tr4XJ?gro`PKc&|qKCHfe4AHWOUXavqDtFi0! z3P++@!JVIr{+H$Yquqv`nat)J%!sXsewWF1QKdjmQWh6f!r?@*r@n9iCFq>&mLzFI z#9YhxgH_o^)x z5ED_!(*(&I$9u#n_mf83w2#t!`J-!BuU+4>q3X60jC1Yk6~^g9y2e)5m*(~22`lcN zl8WI4M6q>U0swlgA#fGSSBL^mpu3~93H2mFu*fuiU6!@*{`fR_6=}_v-Cc#sPFw?+ zHKEz1Se&>@n{)pJ2eI?YIaf8vH}%u$DprU%?k4C!w_iUv z%4*rwDtugjlvHTKF2nrTVp!iM*i(h|m>`kG1Wf0odIUG)HLLC&GeSU7va*i!UhgrO z)QMj8sHmA6D9?OxKbNw|O%$7-QS~P+l5`x|ckGzqwhHre@ZfIsg7lYRNa`+Rwlmkk)|!BvLsgVJnSha}a>hzPigSybM5A!9^Ol#~ssq`&JO+y?N*ntH zh4YJy+D?!+`3)_<>v>*$KbfR`MT=$Ixg@KWnB1u0gvkSx*=*4@A88V5@*KFXY^mlkp zWfCX%!@GXPrn`DKJ|{M4PlGH$Oux*CqSYvFjHH1_qh$xf13w=snSzZW#S(9}hv2z+~Kscp{e#kwB;TW}1oU~#? zU^Z5pUO>)tZ5j9jg#F1BF$?Z2-9SDn@zVVA7lgTtT_5I^oC`Ao=8)PmDFM24)ujV- z+pL0^1Lv2p72K9=q=bE%vJVqNQBiRCKH{(oQPPaRZzfDXb}r z_Ec)hS?~CnMb6WxhMsj{=3d*?bG_h(GmlR+P{dQ|x^>jyd%XdvhOVSGzFzneO}SOY z%E_x9PtL~RjcQm(O~p%3lr2r&LxvD*>i9p#3l8l5wRFU;W14Am|wgS0|5VJ%hl)uNa zNi_6!pGzx?-U6-QsLh!ZnQks3`aI|iMl79{KJJKdP zMAO8<5T0no!a}hYTO|cpC}jI&P4421#L-1?9+@z~tH{o1(11?C+>99uFLrAI=`b?2 z$x!pciiN9krQNoXavU(5kE=CBsM^EbBCnO$M-(PT)axY4fF+XdAbS)Mz$A6&@Q&Oz zYIe@(Lp(Zpia)L1t^EvfVQ$(RKl9Uk@~QMX#wIL!uO!F&?8d#P^Pm``y{BbusJLYk zRY$>5cXZ*{mB)6`BiY3cGE~-v$*lNax5vtTqbuh`OJkqY$>H+M1*pecJv?Ug2XbOU zQ%rg>PF#qQdpo03qdqGunoxpt36mTui0`;qc0NqI^*C&e=U#R^mNYvf7aD9x-KjG| z(C|KixxJhzPsAVIWJi@&R4Xjs#afh*I=(7pL=?>C2<;nHv3^giN^(_oBD+6%0f+5T zw3t&ENSa-RFQfO4mk1~Kho`N1OXjXEfg=Ve@T_+dh_X*AT4M0zkql-)S~rM>s;`fEp!cO2!C{?Q6?vMQ;C@&$hf>DA!1Pwz9ht=u++Ey7&>DHIAKR|0 zMH1-q{)A1iM_n^w$E}r2Q!hdV-tK?Ppw{-VmBkWrAo`<2U zC0w3=XZPn!45t{TEN)4>|I0-uGq`pM__v~2!OeaoU(Rz83|OCWNYXFli>t!J_M>Gl zQj<~eghiO{*0WKYM=-6pxR^Tn@+u5qEn%wczNcik1tX*j1B+zI}9+?4hvH}hUhr+>9@~Z=wEwKr- zDesGTZ)t>_%w;BWvt;UUDYI#iFhaP$7LkgPkur7N6Z!dua66-`>!7vJ)?Q@_y>^eC z1lSoP^K3ZE`%G0s8Rx|>a>7idVS~;X5$jJeth(5`s>r362$Ed>Q}@S$!HbSaotHGq zmYFRKo@~Q%RVddDjD<0ZQdA(Kmf~yzH062rtDQFiQV}160VD59CK&GBe?p7+9!PjD z%@v3S3&BI)L*~_d*dTs$X~EtoHF(5EkpU64>0=Ife2!Ueghhb(=er7yB7GJsV2(O= zF7|3u@YakQ81h$bekY-{)#0_z?wYukh7P?WzxZ_1m|AvSjD}0nE?o6`6HQt9fzC`XddGV7}=7eTUjTAjdaqK!^fEF*@3w5@@l8nw{)H z+XZ!hrknY3gF7>f3A6w$)K2GkD7MJR!vaWr8WQLEAW*5$ZAKpFBr&}!lf;n6 zWjYx0cyuTuD(0b#c=n%1rcx$Q>Gk-e?UkE0t%$^JnQ5T%3F4EQ7eb2GIw{KeXuu+K z@NBBZ%Q2GzrNf(QP+XXeRAVJj7)}+~gc1p7g}TUw`^WX}nDi}6HM?KXLE`Zc*GI!#e8xL!Ni75MI;{eef|E(^2b87wT|Dx^sjh#+|1(45eX6H4uKA zE$ig&Y4)LJq@6FMRx9ehaE^6&9ax1vkckkAQ^vSckgt<|hSvYq-Z{H3nI6{TKp<3r zPt*DKizZjoS#qta(3cVS{JMAcS>eV#3S&wlss3Y8Q*GL2;f#wSt{q5D=YulXcDwW? zd~~KrUWu44;Rf1T2JLTf%!N5~xX09Pc~Gio@rOKN2$0wi)qqe4-kt}%kbY96Ha2U_ z(`N9e1T|VY9mJIttRqj|I!ZWmOjhH75Xtl%N#k~UB8pkq-Opp?gQt^&Ngc)p7VDfP z(5ceVBA`GT09P?-X%zAuG7>|679zrs*@${83hdn~pg_iZjw|}Ob-xklIpZX6GLiOf zBZ8;5?%Vv<*9FSW)tB@2C@1UTr5G z@GkQn%~?}+Lo%tyBt3P5HeXGlw=R17&g5AsC(~Sf6#a0&-K)vQp-1IqFf@Yuw%Thc~o^ zR3V=@C+(soc&Af(*wUyv?52JoBy$;G0=VgAqiMU60w$ACldsolEy{eGDMFh2Ed+_% zZNEBFm1OL-w(RV7999y^szMsl&)=x6dxm|+#4Nfe1|vBDi@V=8+$6C9=JYC_V_ti1 zs(RSonk@$T0qddD@~*QNE;Z9GcD;{?90cXwOpwiyM`#7L;ijcyxq!)S2fF$TqVfZO zJT0VspseHAKi6OkxSxfEO>+LJxYb1rI8ijJuN}O5P zAI*1#JEyQGskaIGMd)ynQ7{Xvaw7`DBr|4&4vVG=Tlbh8LT<;B0sw$%mn@HJ!_Bxg z(ZKJ?+)Sz>fmR_P!=v$=LGNmu%UL6Kb%`0$*lc^%>10?&(r&XBW{yOTAWDPTL-xQE zh-&H3@LFl;##Pl|^FrSoZlb zRFXS1Izs)kE4gv)qXZt3+6()65L??t=A@WiaM&pPVm(CR zFf>)D*>X|>@n;GBP^F%W!Lvt;W>2nhb7`On5m!q0UM36aUrsGPC56aCdTb^JE@&O! z+Ca}v9=L(0=01Q{u3|@Ug5dxL4ks86R0v!%9e8@W&jpPAb0_3^_{NcUxm#;(`mesq z0ohvhGPf)R6kcccJEcJgF03BSd}Vv1R(1k|`Nfg`&pt`gO)E;JRh!mdzoNAAzfH7{ z6ToKFBpBpW5&pg>PP9L%Vj0HgDXO8b2K{JKoPRFd!@Gz*WT*|bqH_>+VjLG5GEoeJ z`tW}9VQWo0LC1vH8J6)cUYNBr>|j7@`?Ve5Qw2DxZFLW|B>kMI4z+7SZw{nM;iE*b zDO`waISBBNcA{LBl||kb;yMHd5Ry8-OP)s{YlM4f88)>h`u#HLV8P$Na0Rf$O`s73PiPSFf=vt3A6? z+fHgXTGZ&Q&tk%=Tbp66?SZz|0^`#YzFfl*4_);qtTz-)mk$5%6TB^b>H?0i%zkZw zC2R`cWX)^S`&hJOI)@n9bP%J4|4r>CR<|4SRmo4|YcGV+YoNBJKnqRk?zfaBD zbfY~b6+1aU4_o>Btvt3~F8wg2Nm#EBeH%8hDZFRre%%m121NHedU|twMn^wh$dwp} z1=>uV0NYHg(TD?*I-83CsId_`5Q~*Rsfgere2Os_Vm9p_CH?4n{zkbLG&2T^PE@-E zR%7}$BL`cFzZ?FdroE4?BKTJ@udtAGLKHW2tCT_m!*e0qm~jCf6hV00HiC5iI^Jcj zR7=#dnQuz!KO*Buv2a=++@Q{sfy4QQLSZoN?n2l3;0fcwwZbQ^G7<-80AOIqH`Z2@0u zJ8nB})du(WgdkUp_DXw#`^F#*uY@EyWpgq|^h>zdod=@f6RBk+5lF?L=v`BJD7s_Vbuu#a|c?r&^ltQ7yPg^Z_;&XBIY7!ozHajOQ@k@ z^Zb@~{~}6iF?h@8NruW(#TD14PjV^9XO8^h%|88Mn{m`)nrsfKVr04~VGK%K2>OV>P8taGT5Y;j@(?f@=#&E(&2$E+XnOaT09=I1sVvn%+{SKwm`^qUj^ggulDeJBiiS`u7mUod*}%5J9;i_R3`c}?mz7N^G&TW;$l%yr+iDmhxxPCe~0rK;B+CW&t`tX>Y>d_do6l?B}u;YwmHK!4Txsf5LnRy0J=pDuKXX}NgVNn z(Bc+lEbL;wd~VBg{CG-gA@=MpTsP0A#X7P=g=25rQ%YWHuoWKW!OeEbJVCg)$~Swt zww}%K=wH_vHo>H6D&&cv6=>vM{gse|nXrvIWFkhUp)NFlpgXjoq!tz&)_1lib4g05 ziMP~^%=Q+8p;-zJ;|5O_2chn_RqcPYl{f zYC_i6aQXsVYc#17zm&AR5o}W1UOaQMAk(TBvEElF=sNUM;B+0}|k89%Nm6 zPcqa7G`c{qVjnLtF){`TZT9s^POsz&YE5+ke=CF@{UB5%x!5U(ZNu3n5oC%m zmOROAIbjkEa75jDEP!YBoR}NdPX0b5yzE42-vJVlXMApCgh{O4ibdyZw9_jcaWY-Xc5j!Y_Y`vfs%#4FReCY)_iw}_db{816Yr2)-L4+A za39@i>;UiRK(~(p$Znw&qd`c!Z?+%&dV)1K%Lb{rPlf|%u`RAjm~zw}uvgR#EUT?I z%c4n7WKkdi@_y=6{Yu{T3#~Hlq4ujsN1nkWH&rX;rfSu1O@_SJ@k_6~)?m37P|g{y zrLq%G=NP$e6M`t!pC&^o1VdLWo>0TvPf?@aYY6&g+b*0QkIx7u1E>;;bNvXjnHWqO zH8#0x7GabgCam}wNz0>Anf%S%UQcyIyIsY!a|#E7$5n)z%FT;kArG2a22mIS0-13G zd536G$mcJ#%H#;0O;dsW)@JGf`Hsp4BcLy40$Q^!3h2B$Q_^{y0xWjcuBgKvi9toW z%3P6!aB3_ zpu=4MQUf-hAi}K@*jCNP2@ZtS7Rcit%hiYYm?OFpiO4I(NX&k6KXTQCnwd!w4eff< zM;+cV=Y{1Eyh*qJo}|{JFHTg61cb(OOaEwl3qrM%YHm3pn!La%l>A5=jOh8XMcagI zB^2W>pxV`%^>UaiJ9;~MhS8#hdFx3o6D7JvU6U?%sX}cM&Gqg6 zg#q{r=aZbI6;lE~iV96E zA=aruu?JzZ8!mS5VGL=aw+qrDK2h|rgfpU)1(O@^Sd7=;6aWS!HdQbui_*J%3}y(S z8L?e2EEu{?af?^DiYBNROH+b`Of`Q#?uOJON!eB#yw#%e1%z>Lp zTd<}1V$J@1uJT1-(u6|mHK8nxi4ge6`wgE3{7ZG_2rY`>56~vxwG|3TStQ;G5*yl+ zNQ6XRX{1wPDNq<6OAXhczwy-)=6l9QzCxy*V11g3KTb^?_`~m&XknOV>@@{ zn9ivm5GHSXx*l5Gf=UlDY)43^^@Q7Ex~h9fS*3%!i4E<*swp#Nsg{9gM` zsriEpD$Qauk))Ib(#p19hhlwk8oqwtpf#4U*Ho@!M{s|h{o3B+4AKooP5SA!KR^Xg#HYKNCf6zp)eRm<9c{OX&bDMfuuTa@?qV~Rr81}VFW)x9t`I4&uhB!kkV{1 zN=LfQYNH4NrV)!RHIAUo33(B19%~vR+!Ehm)kUBRg&(6T)|zJssDN%I*N}&T*?Hn= zyx3-8ni+bUAkRatBHZVN-S%)gugyr8X2&FA;0UGR)nv<67g)?#OBYb{m}Y5^mi|m+ zFm%OCr{Fxj$6rN$CHbW0Rh$rn zr@1^T>uRrAtW8PH$2(J2-|2x)o)%^wYLB76LT`6+C9jE2@KFn5=~OOSa7R}Pv_G9`d$S9kGjm~67+yZ3l2J%9-^z8TrkfhTOa&P0ZIj@qXX+Hv{- zR=}%wQP33rJdt9iMVg4P+N}!V}y)ixhp_yEr3kFToXI zt^_dhI%bxm_nk=|zfi-%iyf&8gRm!Tv9D^24Owr7kRzgnvDer8L_X;ekZlsi65m!h z_XEVmsqX`ChV9~JLL0l9)}~60fYxOSSfx?@sdbaAI`S23rS@4bYJ0R}uQzI2Z1b*N zdRg*m*=_3m8N83y4+nS@a+knAT~6a9pl;~|Dbnmu6dk5D9C^d2Sz^I2X2I!k-J6pc zJCeEgvsCpsCDo=%Q(cXY*xzBU1&~MVR3AQUvc`PT75X`2`RcI>M3ygO%zC7u!cD!v zq97teb(N%l0AH^G1_`M&zs-F%8};Z8bncvyGHNATX{GC3_o(OCSxIEp}v zhD}G}7FH?HVY6SZ+g6>SfH`~&kf9&*v(AC|oYWpu zxNJ>2~a*$b~g|fUdL98(RITl zb@Z4jN={@SR6j}C5ZbVOL@#gn;dE$WMykMKKLC3k4WGLY{P~wPWS*WKSgw(>xmdDhww8%UtRe*i%^Gh8**v*h2cQIl<{E!|53Z_pc&Fq+}8!~5=o(QXZI z#WLayX0+1wvw0DxS)Wpw1*Llf&dbpo(hejf_)i zYWkp^TQgXU{7|ez_@3=C>>u9ANuloJC*3Su6ejjFhiGi&>vlfmX@er7I2f|UG*v9& zR0mbCljyZ1{lb6(SF@M@8m9`vblATA)EhFHpR|G+)IH^P@?|KVVa;eS9%J36y%<2} z%fG&(FaQY7)b&=D9YbDvW}3Bc6$*!4gUK`_)$n4Atc32sIwRF3E%;Yg);VlQEBrk>H8MpRN9Ys??zd%i8$j{50$ZXfHC2;r#UDezl)|hIcc)BIfJD6^27z{Fd|y%i`g6lD1kUt! zvO+ShpwoqT_Zlz&y7bWA16;8eK6hW9GpEd^gMv7J#gOb1Lz0FEUeIl?RV39FyXYuH zQy9maY(+U*Cvw=>VMKsmBU($5jOE*Qk95t6StDg}#pM_MAS@KxXvi=Pd6AQY1m^`? zuGx>8&oRO}@mP|@FEyB)XAKeO{enu1C0z;hYhhm9iA!nDL9b5J9%gQJPH1r9~-L zTJAjQUKL_3#h}xy%*kC2;VmR=H|X-n`7>$@A!_Ub+}ZdMQj`TiO%iSS5wlx?nVqey zPfQ-3)0(Jz>D zW$K)UBQ?1J3(;L|h%#Lf?jQocL=e6+Tr%%G>V0MVa%1eSq*~aDk1Fq2s@K(aX|^5d zs(h6rr_1`rKGYFpnqB2RMr>i)CYo@LnD51U^zp5QJPXg^vNR1^?NNQW9z3M^mQj7} zKI7(HwzhthY^_20AgHJ@VF)B65fL5NtBl_RPwGO*0AEq0^|HHT8~xo52N>u(fn%bx zEc-)hF*{&X_0WAN8M|&|T`^(5{%Ai0Y|J&Iu5atfN2rP;E{|Bu$An1aaxiYAE(80H z+y9`5=UsxQFw5GFaHjeznVe~ljqBS2HK1KWN8K`%3p1aio=MdnRYH4Dtm+7nbUDg%+^+k_UuWnl1?*E!jYo7Z(3G2hG`{k4?b6QVFfez zRmyKLG{Ey{BozCtbf=b$;;1}Z-21DMy#mCJAfuDVTHQ(k>zsBsVTU%xgr9=Eha6~Dd8s?{mjv!7aa47Q0G2M z{bi+XV=oqPZY5KWgbjvn?=u_!7h5XNKL1t zA$RS-;=|QCxm5<^C|hNO|Gcqr{sZA~#%O%XsW+eAoTFN^bW5%#!-eL?jjPt*a!btM zdCTTC?nrRmO;@5+TeUd`@F^>u(5v0DYE;Gy*Dk&OZtOz-CK&j#*Idp;OzjR4BLry# ztjU&05-p*?lmx?4DOFUZc)JD+gp>4FvfZ#o!ls3^c;@unHz_7+kO0Iz6Tu@M3B!(@ zux*exP$MgDg|<0KG$$+5uF{QzCD|qzTFEw88(HnK|=W>goBVkwwCJhlouHtZYfB`Vb<7AlNaRSleoGqp&&>?>kqVu$S4sqyz3{m)Tk zW6pz@X3Gge-YY*pwK^1=-1o2**rB5*T(~)G8-^U3gtzkCm{NX~F>j}))M7g*t*f9C zZou(rcs)$5t7Z(PDx8mGK}^f*i{~rgeK^Ow4{J$c$vq2SN7iQ|5UUjvPFdeXjB81} zryp+Rt4(~>EuoD7E+rRhId3IQnh*K7hJ%TxdMrWp29ZqR3pM2vPp?e~f4mbujjKcy z97ZoH#R8KKP8_zw-sHBS!H;CIg5u4T=1+{~bdfGMA>BU2Yw!qmiUP2@OATUL%jc&T zO51_mbUal3Ej^ilEKG$`jQBlA{;2z2yX)6q`$HE-S6Hh@m|2c`i_kNp?)81NFy6v| zZhRw7U_zxyny@H-UJ7J7qrYO*CZwOx-w*50L9bcv>A&RP(8Dfg6kw;hD`MD4>^_L= zK@uy3hGB%wlSho?W@6Mpx=_aDjnMLXIW!s}ZN0Oru#Fh5deW^wW(HhR48JHHKyGBO z)r&mzX?d@%r23s;HYop3O{5)WN99~!#Rx?ph39spA;=ckg}qu#%+u#FuJ#*CJVESb zf;AIAmegIp$PM*F^h~=Wqp*He6Y-BQXqGP5Urb%>#%Yi&U7|a&K;X3aL^m2BbhkAo zNIoFkqP%h9T;O%s*NEBkzSa+7)NANrV~!n^&jvwPV*#iaY?kR_!2Zwt+lD_eaIJ!h{zwv+i2`w+QR zBeQSqw@%`J6M!=aWje{;dbOd%qsUgozqqwgPN>%6LtT$pP~m2T2AYuh5Qj)uLGoI< zjbVV{;D$ro4T+}^GGv&~W>(}C+z{|5M#|lv%$BSS9XSGU;g}g+s9!V`0TPd8EmUEt zxtU-)-r-E)qpXOb+3#Y9O4<=-VMka~WFp{><3yDT>1?a&`w-Sj05gGbB362;-!9Ni zPco0BdxLD8SB@m-NrUr)Ab?y()1ev}h=VlTo- zXHq+Cg}X&H#S*yeLA(Oo4$Td)+D{K+3tKTSy}PZ}E)u6Te3PM3p4z|K*nipGnK*KK}$A zQplwV#rfzJZYAxnEvbCCII`pxOPbVd%eIVnJsMq&>{>* zkQZS(gke%(v%I$0spDD0T6@%)lt6K#F)_+LJwV)T&k;^&PCUgk!eU*cLBO}s+2g0{ ze`v6Aib8QEvG!G5RLog8E%Fs^NH?IgrDas4lBxL#HwirjH|S*CQl#m{N$WBsQyzJw znHA{iWZyCKpRYkLZAY|d4g5Pt`m;_G1q%idbi#)%m6`AVYZCv^2gx_-MR2wnQozGB zd}GH^sW$^I3VsOWyy0=td_1wV^LXbY@NPh|Ulg2u8k#!s~nrf10y*Jpv z7DJV^?13;Drk{+{=n^n|xM0{&62y}8qDavWx7aZ?MLct_kqxF=z9PZ=Ie8G=)(E%! zNwm-`#S8OL1<`i0x28{BBAh{L$o0gfum0- z?K4SX`{qk4@>qbQq+s`Bf%(WZWF(f-h!! zx%6fX1~(h}&WVUv+jNsx(|^@4gEM|z_C9Ht8M>bAx9X-%$R+)b#Z}M+oh`uwvGr{Q z@ByPZ;1+kT{kpkakkH6eODO_Hl0Gm11LkZEJ$a2t*Le7_Yt%wKp|zTR!l|3#9_gm} z#D2ST(Wzvt=ry~r*+*uT?FWrCV|cbl2lKSz+^9Ao%#rqOYla%*a`bKL9W#Db5AoV= zC9a0J#>Q}aSFu515hlsHb_Jq_=W&RHj^53iI&ycJ4RG_DH?OO(_0PGz?Q@ms>uWnb? z5T4)O+tag3rp8>a+7heXA(06McWhqa7n|~ndoP}Uxfki`wkvLh))U?G zuPncEDbg1nM2hrfj$+KsI3Cg;vr|EX3t^`@X@vhGhoNwuI(u^0Ae2=u9fk^U@$js& z5=i7~f%;-sB%kuhSwt0XY*sp)YZboe{8Qve&3fq zVi=dmLX*K-E~CP8u6&K*07%%&Pkwz381ZI4coS&-CFz%wo4CFap;B%72|EDlLP?29 zh^PM|^h@}(L(4Z{*b$Y8%WYuD>~PnccDVU{WB7|Q3&0dG*)nS9gcU1nt!XlH#Vg5NM9O$=Khseg6;6jHfYBZ;FA9lTP zSOwY89R6MLzxyE9p)S79@SE`?nVD-MGsdO{j(MQW_8h%R`hGtML)Kpw^SGX z#EKrQE>br5=CG@}=uJ@S&EZYeMe@gP#>SzlUl_Vj^ponMw^-4StBZckik_@4`b{hP z=jx(|t>_=Ci{5TU->)wEZ7ce2bE^l>ZtY;}?Rp_{{>RTq8I zipc#?Y3nLgT2xhVjS5~|RdB5eE^AM30f=Gcrll`Vn#pHPB$phnzGDmjI})&mUxodE zQv1z9l#&gUgC9Ez5YGm|KU4Sv21r&7U=tHh1XPSd|8|coNn2Ui8Ya#7{^~co^EXu= zbYic8QvCHW(J0@R?l5J~6LhD=dBs9lawvULSgt>57hk^5G2TdWf!J3+LF$z)aGo}> zTb`J3CES$_rcZLNK(%@_pCo;-CGC`^IxGOC5P~6m0wFpwk!jZ3Lil8HPuRBqEortj zj>0V?BrS{MavvD7WBSQC8Y{BDH387ddm!<(+qvoB=81T7EbYmL(~c*ShF0)j?E`t8 z-6;@22pDSJP`U;2oeXWd$5r<<^30PiSjaw zaPKlMP1A2zO_L`3@569;mi#0#6Gs2GrVptmv*rAAGqPQ0cC%>*@)>yIAd}a+FPYLB zZ3_lWU_;2QIxIA3VFqt2eUN*!l5O`0vWuA%%YYJVXdTZpn9{>)_FW^SCo

PQegYIVgwI%I*Dxi>WPLvO4H0DtHw~TNwv~K$ zH^@YCtC&)v&uW$=IG9f-KxQ1XG0LeD*)l7{`xo5(xKCw-R_u4+Q&^y8DRfB;|R z3V?^bxBbb~O=QUC=B4)WdJ0~V6n>>My_c?tawea%Kvd!Tt+z2#7GW%0{Bn(hSmDa_ zhOuu%tm=AMHgtR=+=efU4|KYrgK68$)MZAeHE?XoRK{T+_s)v?^VOpFTCT!2D431D zqgx{`N3-JA5~d1cJnYNlJFyHaN1tgGe%DCZLT`GPe`Faer>7XtJZQ};Ho6LM6~_2? zp3zCux*plB?vt1rU?;Z|J(Qrt;-rftw0OoMf3(x++#a)@SObe0YHsK6FOK~`xs^n2 z1R<_CPZ0E9CNxFOhfLJ+&7aj$C6|9}-uCk}U8%{l1({TZRT$4gC0{4F-SRq_l%t#? zb@N7J<&&zoA}s3YQ1(nj9?ISpe1$R}$^NC{?;P(|#V6+P3?FZa0{J+7tBP~FVv{l$ zRY_aa>bA|d@sV|FH|LG#(iVp?(xsMjrt+~UZQ)tPfTa@k^aPJ*tVcHVZd$2qs=S>0 zKlAn&`9eiLz_am17FA7YR<~_lXZe`8t`<%pdGLIy5-e<9wJFLNur4aCAQzS7HvGH$ z?iG^e@a`+uW9W2a&-JTTZ0_BpZt|}x-4=2oO$!x!)~<^=VZE=E($%#aR$68*D!c-R zbbo*2rgC99XH@6yy=&K%=B-`7NMCSC$2Wf$NypbQmq?De4kLl{v=gY5TqqLr?aPI* z_KWKyj$9#p>5ausYKK2XI>LjP2KqZ(XQ-5FBOaX%HWc=4GJTXJpOAK+7hXgFf0-GG zhDKsLWZ@n=nVRe*#p~e3QmsH+xP~a;;l`mFB%=<LENXm;891)FQoU<=ToV13P*yN_cORYU5Yj5L`iueIWQvq z6^Oy@svKz}#{S1oOFq4rzdD6ROa=m8#i~`r8pl>!GV?MGl?k9uZ6Goe^wTU?ksK)# z0Wk79)U!vH5QQr3rAOF_ByW^C3@%)K+;g}tYqexST>6P4t7~RjWJAY6ok6VI#oUBD zA!uhpUuSy>KgMDa7pcW;#>LQVkB!B+YYG`L*({diy-OpK7UT!uz9>4E>E}LQXi*jJ zz5!8TmadGuFsMIJZ~RPvrV_O&YYo%t^+$*Ml3=S=6P?{_1SN*(g0`d3-=;)Hp9e`L z&8j~Wa}P`92&SgxlcXuhs7A^MtR>B5?5mf4hC!uc?WJWLdqL4Kz;XuaZ` zsW3;R3VTiZ-6Z)wt~zR+n$+0Z7wV{hN)BH|f@ve*`ZAeV=BO{Wt&k+VE{VHiBV%HF7Q2~S8Csn6le0w_fno+>wRDc$;eGp zsjwvDU%Mfk*U@#J^{hR)2;THXYB>!TC?1Z8sFxw>WYRhZ9iTx>DQ zeqs|OL#hB9tneiP@>$#nfduj}_O^^Yl)333f8b%}6uW`Ca1v=93gB`d> zU1(jJmmahE`%=~X9r6j>$EfW{l(*bIEEUOhFpt;)UG{>kIr0hblfe%joPahVPR(sd zmXK#LkLTN5Ja9ONdkdlKj9?+0D}8!+WXI9+)K@R+> zL{?>!ExAhAE}Uy?)WzZ1leC3dFf{nun+}%biflioM!b!3r`l$a9Yemt_Fzk&S1*sT z4=5r`sYOBS))dQu?_yx6TMvLTg-FvG%oN!k3vb&A5@PH0MRO`dlR!=QH}W%z|0kV@ zY+?SQJaIEQ{jgk;ybF!Hb+$X1gYf@cwJ{sx80;>yn|&tH9U}-N2^yd;p);ZZdNL<0 zVnrX&wkNTrcSaUKm#8yG2?L5Z4sT#Y5)SZEM6jG9F|H%%isJ@sg5RA4_QIu8Lx)1+ zr{NYIt=bjY=?D)R$UBD(CFe#%dWBtyNA#;o*|WL2QmxQNh7;2)4k$h;4G?8@VQJPs zDD6wQwC`~WE<@nWoPYyHc9?r9F2W$D@ijqRL@4e{meN;r+CU>#Y!wV&!84>Td-T>ZkG>D6 zG)nZ7H@1KwT&l+Ar?=P}ZyWW-{O}Kk=Mderkx;TBdk~32Be7HS_s8vF^>8kww?vcG z-nz~97T*`d{O99aGQOipO@;GYDaI=@bmCvPZM4+H^gq9(w9Ku;(cN|% zmIs?xmC9kpDrOIndxw=SM+JqGKY@FXU*i)wA5X1k$i35<(cHT+@_K(P$8P=HvI46G z_)l^7Ygeyb-?O3WcKr$&8|dA&t5>Wnt=%B*mtHa2@%ekIMy|ecMTbt{@2@SDWC6jy z)$2CMQHSa$W$k%Z&7P0X=9dL3)E=9sxth`6ymHMdSsvIZBG1n&Iq%M8E~l~X#kA3k z!FligKZ5t3SZE1zM%V)!2Ya!uo@xl^Ey#JnUdST5`axgd;vXR?H|9Z_gV5qp=5qs4 zB=Rjvi}xY0_w9zd&(2EO0~Yp5sAWrb2xh7&tdP0DPBlP&AQ2;+FGJAL%B?0IWHZkv zhiQsRlkI5XK`&eFL&@21OlozwtbrDjMQ3!an+(rLEReHFsLPo}@MQ~vl>TP4yeppD zVit=x>*&oEO+ASGRGVDJ2~N`uk>@$=lxSDjNy^}M9fJS0Gf9!Z0=g6W>_d1#PlgtD`;yRy4plbO{I zA)I7oW>uv+D>Ek_^%yS*W(K_2?8Xcauh+q9c-YtmjWBCt8%b*j);MMW$3`q0Vi&Lt z>k*D%7h4)>4Xig}{rjJD@0VXz_h=*mT8LQ1s4KtkyN`3vJ@?%6y5~BxQkiFo9=v1W z{`uRVoqxCfa8*|PC{AV)AI1#r*OvT*AbE0qyrTUD@qn4QFK)Y65ipqO_k2u>jigVq zo1%i*Ed7BYM-xxRdwUa-)JyD;4E3W3WiL;q3|Hgs{&uo=1PsA7O?CP^SUO&g+BSiES?{8*y2g}3K^$$gF4=@uC< z9O>7}hrxINI`@Zjb8=|DiM$-2et`)%cHbM7*n$RMbE3c0$&EYgYs4y#-t&=$EOI4+HoJPln;WLT!)@eNQp=MUUI6C z8sYb`*WFG3cfAyZV2m%hpZv(NM?E;%3@~UE~BdYqkO3S_>*_D2yz$-=i%<|&ns zz)cG(A_`r2;5CaJ$6j-bvLW~}DkWV~_%CY*>75>DTbsY{=auX#wuTfY>xYN-C`MHD z`?aVdvgMHuJ(#LM6})Ty*t_phYtW;tSy~auwZ|96WYxg~7A93O#J6c)XT(?)${|^vk@goIx;MgHC0Y#q<3e{JDMp_y_X8MkG&#vUk13Mi%p36Ks3c zRGgS6L5ztNc-yxt@Rrr8i(H%^oq{(*v5`ccJ2v-1%84k*MRri)J)EONM*<3rq4z@d z7HFIMA818j9ut_y?lCasO+Nl~{)b;S)WoYbB+^2^rs?>>fv-cqdX7wLf<{@Zkncg; zH*hqE4D`o7aL4>xjy-U@T(h6PpkyWoO6=lLvK)T(7-lpmR1Uw}=HL7{m)LMM12!w} zS0{=;NAUgp{7*plTC@IDMU}l=@(%$g{TA zS=4qB?JFm^LFeuG1_>DkQj$KCgY3vJ6ODi2Ryhs-Inu@#7mfdHlJJcs-kDHf$=;cG zOA~=_B<&(arGhMy@2nupFrxU%w~YA8hctMU-|;>?b3P$}Me$X|{#?U*r=sZ>5l9g= zZxn-y$jBhFa_DAb)PCe4mtyt%!888*wd7L?n<0`l6;^37M6bR~hFu5}_NxrF3VN95 z{NO5dwXiQ@`h*Nma8`MtccSsb0?=il`5Vt8I614E(=#V$sY;V`NS5+9 zXa#dk$J65zC$Jq0JDg*jqUWxPI~zW0k@&~1Sax<&;ohFVroKN4%D5iGP_}R%IMe1S z-X-|#Y773FNel=F8-C;|HmM)Wr~!M3d*f@v?nv=e4Rf~P6(q-w#-68v>B1+3b$ zlpVL_-lx=X#>cdy=gxAwXzp(yYk~d)PuJ#FpBNWBYXN$s3_}0?xS@^|Ljp&nrL39g zeMTiP?;Cy07JSqTqBz{BmSm)dj_A{%!gHJFW3hj@yaAuWlw+E4StUDE$_L z%^%D$hSS)3Kgz5rmhT=4axcQ0P*%gw_j98{?mO(D(mx?bDc|9EpF~-VkvPwb)!`Df z3h$sV_3AgQ`2}?9`q?k~^@pT?fFmvQQ=$&(Y`VJ+V6=9`2gv{DJZU~xUqD3S&NN?q zZ_{rVaKc}lO&D6`?3N~DhlT-*hI0A8Z;KfhwVs4DdrLxV`|Cp$J?8SM`tM%;EdlrK>i0hS-5U!y7#lYY z$%w+YuD;#Hw_9QeqSA|L2*)AanZGy}UPbx)Pd@?zO(xI%^W-HaVNQVvcJTcsoFMxB z4Uo;Jw11dVYx^Abo806js{i=3`v3VARR6E0)qm$JsLs*z2>fq;S=Dt5XQTuq1u!R) zCoD4mT>(q}_JFsK;Id0ReJj)j!M*7uo0n~XY?f60L1^uGj)?b5C%LwQtdtl%ZVQJz zblL`0O?bsYB5W$xtcMclt)C?4jEsJx&shnDwchkHZ9afk1$8WUtCTq)qTz?wlJz^*jFSZhhi1dhLlfMMxzs`U>8TM|iH*e-=+bI33JgS1TUmlMz16r%U6 zs2oc7R9++rh%Uf4gB7X8lW6W zB0N_6`o4cORQ;pZs`}zbsLMbPG#tav?*M}2fliW%a?y2bfvMc`!oJrZtIdR zky^^#9F9p`_VJ+I{3X0t1ns5W*mW)CIt?fy$IRYYJ!cd{<4{(P9Km}nRVTzYrrOQm ze@pKm-wqM?T9rEYYnDqra9ah&5g8Symv269&u`Xg^=%lDcEB@|&9Oq<_IEC@B`BGW zSd$F3V)rsZv1GSMaHEB?ZS~*rGbsGrc_(T<&WQ=zNuR&VWQa5$Pym5IAW13;^ye?x zO3?*AtOYhwHWw^Kf@ROl1)iku)85>@QGQvz^ON-RB7lZ|%p51dKyrueJoe#nGm;WZ zjsA0A`1)@9EAY%B_VoNa$vyQL5Imm$U%fSQM9R8nkyA7mvU*a%kCJ~q!D%vntOpz5 zI*_Y5KTzhi!i8Y=-sLLg4g{$oKj$!pXj`tkc@C+}=YQDRQ<765Tjy4&qMu;&*5|A# z(iQ6k899f>di;2{?tMl)u zPOVpPk#g*iA>~GG`{RjDl&TF(xst#-X@z3AM zjNLIm&mn1QkK{?%M0h3^g}E? zZ>9##@QcZ~ZezdkCVj&lo+dMn@YG7l>k#=)`&nnY+b+NJ6@21%In6ITj}rk}dzT$` z{8~>Ej5VIE-5K@|*x#EmfQ#S7zjJ?E?xx({70X0pX0ONW&65|>H@Ewn563qu|4R7E z@2`!&=h5}q&YsS%2AYps^Tn4fDAv;6$>c`1do7SlzD|fLuFU82IrhKX@bD85IkzC` zADP2rdh>Y%ViRU?}HunKSxbMo1En=4& zuE5~Q{4esF408FMZ1HxIUI&cn?_r7v8Jvt~%H!5eJm;$Na42^T&4|*qdaQh7*&jd7KZf)Vt>&@jq&%;f5Gvinu zvRCc-Mg2=zdjNL(YsntLusyudWTl(PQ?AF{Q=iZuYld_MTyp24^C?XTMZYaLAi{9~ zoEsFENI(B6Bc?aV&+e2s_v85}8ZezSqmmS~3W9b{r(SN#8?>(nvL#r1Es!l2{`D}E zKRUqt{qysmaqzSNwmnS;!8$);)9LwNoiG2Bz z^LvqPJ07GWnz37@*;q;p{^I+$Av~Y{jqKp<&v3gG%le}yPP`iA`rMu;2+?wTKP}-Q zdC$V;{MWtuYMP^82Q1zasMNCJs#lieDXjoi5n(WPpF}nUJyHZm)|?IkvAXar0FxG) zRT4uyWw|-**R!^CoM=L#MeD(WEhwr?W4RHFDffmknpj@^gZ_0W%h#aJYJdns!sl(N zPO(8!5++SK@jexJf^y$-9)#$o+xF(ajX!Xwg%Kx^gDL|2uzf$7@_6vCukxW0Eq6=<5MEM0o#{8#_%_Ap1g>aKg ze(ZH+#;=ZpyV#dl(^}?$-+E)nslPuL%g|qLNB8w(HaRwx^-`P7_k8ZAMBJUs5K;~F zW5;%KB$I{zS``04cnsVG1EI@H&vUa23lM^^S{E%Ns?-b_5Lj3ENq&#&4_l$%xj`AX zz?cn$vi~JzAF;B*2oOUOC%#K;2Z4irv=2hW(|-O@?C01V)c4y2x#p4&d{wQKjnVG? z+igyecA8&e+{H{FMz_uLrUj^* zCH@=gMZgvjZmY%hp8w`m^qw~cy+@2X>>1Jg<7&f+U$e}k>=!xtLc|z@R&B>*Pg(?S z?tQLyOIFQ|(OlSR^7}^gE=piG3awuy_$+1&^B!amkagS~jJjnn^oqvF+^-cmKUH-!Cpx)eCnHmhW<>C9#ANFC3bED9k zb$;@_(gg79-eV2i%Dy7+1{*_eNow5Z?+!Z;Khy(;G%Mg9I+ylz#B+|E^&XHMj9T1v zXIm(xJ$Tj)sU$_U(vlUq>2oV~D}Bhi)%z{;@bYWnGk2S@^)_5K%G|K+*Ie-7-s?Vu z@q3yVH<+e3t*FrtEo{B^5N^r+N`gBI`RYG6-2TB`Y}&cEaIM|lCWH~nGFBs(B4nV$ zQShbw_~X|qe9Ipn`x?00x1*-#lH*@h?)K&TU}6?Pv&KZuf;_+)Y_+vefj_m4uq=*HS0UG`WGAi?>wp`!9rP{aJWb)}xZ;H#fG_M2if_IO2ZE@~v8$MqsHi z3KwxWn|k9P!=@e#Y|29|Q2V6Nt{~>UAzVoO6DHc`@{;Rw7xJgv=q;m$tP%Gh-ER?g z!SeXDw*F%uxJ$pqr7TQT1`hin^MU=41%#`mC}h8W7`mUci@4`ZDR(}?wa5~vaS~7T zXF&|-rXO;>EN@B@&RuRZHrLI~FWI76AkU3J(j8+`UkOXmY4=<4-13ryPWpKKe<3J< zqrGr3!e4XpYjgD%H&*_-Ex2zYNI@LSjO)^jKA_0`UnS<$1)cBXukONr%H-cSEu0Xx z-v23U8u5oEe4uoT1bA2;>ij22WbJvGXy%YO8<&n@bPR}B1*CTUGKQ*g&ACR$r0Bu) zD$rzwv0~U?`=Z&fc&@);aNqtO5b92tGgxab%)g6&<><208P92y-)37!?u-w`*(KKz zOq+a3KNpP4+Ch9(%B?<@R?`y+Ze)A{Jjco%j3ieOdQ9?W*8S`Da5J64|?b+Gr(5CL}(vpIZDK zaW(d6qsvLN=Aw7)6uED<#&a4q+v^i{$c6}j+{mm8cevvB8Qb*c7OsXn&(mj9U4EPO zmrMRO{N#(9yT3ZBi{~i$^I)Q1WpyPL_O^#Q0R~dP2q$GnyH4uM+Mlxw(3#z5|G%iU zESTj63T4iTvQ%KbvyJF_@eAZx&iDRni1uHJ0MYklI{8v6y?t5<#m8HYPRY6Q;kFo-#Gxm(}| zd?KdH7wR&`j9c&o;X#Ba{$2aSV&6MK+1oLBY5V{wJ}u*qb3#j}k98PNJV&wS9*CB$ zdv6HGkbwRy3_n6gzbKF8@%(uVyWKCbkKeU&Bp`FhUuyynjsI%`6|pk+i0m)t)V&!b z@;{9^BF;>_Z9Z0E`=KZY5GZN^EPuyV_s{)hS>3bQh5iaI^DlEzzrGZdUFtC(6m#aQ z{sc}pGd3K~&;2#1_abIuXy}%<{F%29{wcnX`9i({Z5FzmBlj&Hu4#J$GK5}fL(HL@ z%&mv0dAy>&w4V*@f;GfO#ucbr*2poAXugd~^0wNp7B1#wzejRnNup8#$)BL{NH-w` zqxq)z$=#UviKup*bJXmaUyJ3Cx7}Aw2pQ|!6qLYe)r1;2wIcaT}% z;yQjb1eb0{FL!Rj6%}fMQWlHyjs8eJ9}iMsjCQM-lreY_H`zEZdRC?yvH_T}#_ue{ z#iFPi*cWQ-H=@aYf(?4>*zIh$KV{Kn%de-|%$i9s0nEObZp_&O<=NW?aps=dZZ=PK z9(weV`v=YY&G>Tvc5ia((UT9Jd>|&upKUfK-Ai<)x!NA?MKfYbu~J7o9~dKuDi5@a z8gRXTIh5qHEFV$1304s5(`xqUwKWqoCw9wFjvl9}>{(lB)E6U6)8&VwHG*#DWH?Qx z3K$<}6)^P|UDA9!;*z$0H>>UOc$%hN2kG0raSbC9`#t~5u60o0Y1gQEW9{cPPlZ!s zs`L053zKosd?JUS&?PLp-mxZVW8Be^cKr`EWB%9&a`Opm5BfD@yRCLRh#MDt%o+5~ zUzH)_=gBeibGABIP%q@itX=K5w_rP$8j`zh{IU|CKSQFCU1*=B`R1@RUHW(zNf%V` znUJiBJn-U0$8agnu#pqKY_x&HMjX05{lK9PC%Ksu%ks$GX3KJ&vxs!X9l@rT2q4TQ zxr1YG*CMuuh3y5LBDpv6${V}aEFuELir`R*o)x^oW1Ru@UO&$jATQ=$fp@AUaO4c} zwx8cxRd@%IC;R@zF?=CG;L`vXwd0bkB~pb%J?@o zCBf&Js`30S3w_%D>-h^7VyH2>L`Mo=1M3SffBYGafCK0!mGUMxdQMqQG`M^DamRBZ zJR`HNYIXPmUuNwMADh4R7tGplJdETsvX0)AV|M=}^}$;R#X|1;@xUL)q9CYEPFKRP z7qqZ!TYJBli3Cl{aSb|tPTq3uuk5RuD^t#uo8bk0FaVzxKrCuCcT@0ei+*pCl!BS$ zUOP%6W!XzCY}O&DP3=irY9Q#tF86Ty^;g|odcQLj&UaCX0=LL-JICpF-=Zgw z`+dA23gcaNcdCRM(crO{$bn4SzAy=&^OrsuvLuu9^$?xnQ`dVhh zbPxYZcIMeG(rx;3d$a1s!KQYBxF54qq#LfbX*Z|&_L|*rDaRJl!oGN>}}pSPm8|A4VN~KY`E6%kqvj6Tjhp3Emfu#!i>yfo8pc4VBe*+ zi&FXMRvQhvR{ymOl+?RnCez#5eShB$YQuLXihjY_En}Mrf|!W-aYybu;ShX5KFwXR zpEw9*g}mwt;_XVIa{Pj-<=!`^%fX%rvCO~3sR$R9FFqc$!rXs6_Z)O>{P(upmYO3G zl)ZW8Zt}HZH&Z0Xf*;2x-0Bu>!ln-EqBi`IxgWFr!r18@`M)KT;~mQPFn`zGYKa(1 z0-5pp~?*uRO5ZC#1mLGHi!$kS9t zanJvxF{NM><=L6%*Xp(qrB|h+eUzLq14p`%Y@{y55VwJH{teF<__|Bez~8!Z!5qLy z3`)$Qa?Td-A%q5wIe*)+cYwJ+H6@4veJsw~M1#-g{wRX}*p;V0flTyJ6NwQ94ll)AqA>>J*f%3(@qKKY_t5wb2*|G@63J361xx> z;R?&LIbTjZCiucWmHU(L{^Pr(~_TybW(qNa>w`U0L-zZIc3 zpF2Ny@?)roxjjxQp7@0JEu}xS^8e#UwmwSX+}>9Hxh*yNZ5Wf063oM>-@OGlFoh$i%OU!G4GDr=jR`IQ`+F-%^>LgJd(}$IAlf8 zw${X}qAd=^y~{2I;+~{194rbzV{+iT@0@>E zehmA0&Os9t*t1A@_=;~9nBkW%W{&FIJPW1Gq)Kgd?`m%%ihRrro>vFX;y z7MpI3K!4rVnDO#`l?~Kirsc}_Mz%&16*4&uCX@JBs+&U5p( z>PU^>SMI*?zY4##m?E72c7EToz_IS;{3)z%zmD5|{#35{(a*ul-nR7^zgy!keC}U< z?)&FYe((ILpCfC}$A9+c<{$Xk`BVSh&;G3a{h6OVb_*+p8DjFj{>u5n zOKfVd3Zgfixv1&pn&r+BG55xz>J80BzB*|wP4PdKfM?xFne{s(*ZN{kzJ5MQj|50o z5EqwxV9_YrZGOo3G&{>F{or8E*8Dr9hUaeA-stzenFaY3OIN=9@{6vtx%DU4b$8`4 zcGBa)#G}9$tg-SlN5h6`io9TN@jL4mt{_LSoxUOHtR!cVaAVdT-^)Btmb|(az$s&_ zN6R12`@Kxcsle8*Lyo5;dVTCwC7C#|h`u}jdw%ZymTmoaA%~dTIDf&nHpLmO-~v9L zH;asA`8xIEpMRE^={LNeZa(z=G>lon?oqK7eP;{1= zWq4UJ<;I-TS=@8?rYtVXoWTe7bw`N)YTmM-LsQSiw5P1|H}V^U9)f>E>E>_FedA*% zNr%_a+Kndlg)f+*Wo|k%2Hvg1Eiwbo711Xj953lsDC~lV~gg$8MC6Lp}8ffAkRye z77Rb6%TG_v*DwS>mRHXA-#Ye9o*QQF>eC@9)MxVJg;!BPEX?_gRg2LgFIu$7Er=7j z+>CD=wrXH%VM8Yt;TGpKv-CVCNR20vbed(}5=yG=9FoJa9zz9-toiWXd>lBRQ zy4GFBZIzKL)LM+mYW90uo$XVd2OoXJL`L47fzW)?(lF1+ zp&>3tYjZAHH25X;b4IMBSR^yPrR2zOCr9QRK{YT+-tG_wIc|jH(qO80KVacr?b)5! zh?fG7N{SHY*ZuuLye!*suXKJu?DQ~rCzi^ezFBSO=RN;?j3R5Qc z>)(wq=uPJCyzscHabz14%}LwHi2;PMs`;C9b%{c`-%Pk_I`pQ3|N6T>;TPmBc);X^ z`M04iak&CUP2?F)kS_p*e%TLs{$qhtcjZq$ojE99hUtvQ3@%te3|12f+yCBD3TFe(%+`LiT?Lz(`PP^UZd9hANGP-DycNbWJZ(;e_g(tQz+>4!B&gn1Q znSc7^$z#XZ0P6Mr)>eI-)XQu2VY|_)55~i!ZtR>5uJ=e?se`yhKtCr*eYDdbjyES; zyqVyMdNkBLQ$JmYSHcqO))FP^N<+#qm)`aX`)AVAe%WrFpc*@_wX52e(%`9nFI!ec z;&x5Xjo~1vAwb4dsM3ZHle%uR>-D9W#}6x=9zT=Oq*os_#ybW|0Ife616qCJ13LZ4 z^!I~jQjpud7Gs|b>&iup@Gr$cEAmtGuyWZ{h2b+!NwP^)k; z?6_PlsqMSf0CGs#CpDDib3~R8O?8$d3eE{S>&Z`nq;uKmF++4C=-8 zTW4jNP@yIay16?@Ky>?HoRoWm$@tu^8WVm_CyjBxqjJ4*zne5RN8$$cdQZ*mws&{? zd*F>$cA%$nb%3=JJhO+4Xo>0Ox|WqKaMu~cCrbYT{L0~lphY9d5^T^88(l|_Dr&HtWF z$$Y7%!J+q~vgQZO47!bGTR-_f>tv(XY4%%ft6HSZ^+t;iwSKbF7&mv!rYpjcE|+i* z&89KA&ZsxpO%`ET0tb8?w79?qB7}+V4-G#3j@YunC9CayT4sDc=1m`Mx!PoZgMEY4 zNv}EP_MhEBV<-q$`$cW4{HoN3d@~sLMmmFp`Ls`1mQ^d11WUU=ni%o zYO^y~MgYJpeR&7oJsN-&ec$Xhde<=dx5CI8T@Cfpx&9CpSFKXU3zvImCtI-k@sR)G zRM2u`I5w;&=i6h$pQ^wyY{wajx}YgmRnw-RGpG$49l~9+aP->y%`lha{w4}%QVZm5 zfEO#v=eP#fdJ#w)gE;w@0u2rs*@2C+w+$;{o`t+xUl2PSyIM3<+B!xu+#6F|c zv=x+AO`B53aV{B@#%D7+C8DG-95xO`CBy!qKLATZFa3$O{0EpSvw)LArBb+BFV{*d z^~F-PR$04RKew@3wE3lta}WX3OtygWDl}_>wzdI^I?Etb3tkPeAb6uPu!|+G3l6pP zjpf>}!c^KMAAqLy4{#_(wq-Er1+}J4*^I7j>HV1mG;>;t4DA3LZ2N{kEiY5GgiYPo#Kzy zYT7=llg*TL1AW?ib&eF<9=GkY>j~_8TfM!yM9^fXKZw-hqysy(qRiUjWOtx-FcObd zO9led0^yTjV+_wmgeb2+Qd}xjsx-wG$o5qp@d`3x6B{KvF6Eck^@6f25*9fBANMK6 z=LYY`Lh*KctQIy8^(JZc$LJ3enxja!1OH&LStGQ{a<~53TYE`M@~!%OXxb-R)Ha%n zx9)pld7Vyc{Uy54yc@J8VW?`XNh1zm3QSLBtuxklBU$eE5mD4gc|CnSND6Gk`-_Nk zVPG@m4088`+j?cKwpL#$Tp^!~oiO)SI2NR-NgW|5X*YNJ$)K*GB~?UQ%C8}QV=#liwpj6%_AbK2y40;r zN##~^)J27Wts%wOHe`!%9a0=?-%&eSMQD?1DcKq}wrNcwr7p+QG^#zDVuPwY3UIYs z>43}USJsnmdk^JmZ89!Nd8$vMzBh$b{h183#TE*-eV7s&&MhX}u#BfWHI1zOWcXNxXD&(~ohiJr7&{2?BEK967Bor}j^VJ^*DmCv zW_uEivW$?qwwSH8;>9`~r*x%MoN4uPwO%b%E|rTV$$IGa4RB3Ym3DJ41-*2Bo%Izb z`f_KyQy3#gY)W@aY?Hi<7Rbu-3EFK8pe}@Io47ds^7^GmrW3>k_g&30;{Rq-!lcfy zw5Fo>XxwMw+6I)gg|rp0&>3L2Xg9Bo5KrR!^^NsJsy|~r3#AAzC$CD4wM-e<#?|?LB>WE=yp5&7}ff< zOW2piZ4iQ+dt1;%3PENjyM4sGdi`McTCWdz_nTt?Ev~HFKAVMMrBtmJ&X>+^RH1yA zx+@L3Dh-Eym=;w;H8Wsutd_6T7tdD;D{0TAD%jKNbG8zecX=J0%+4<>(N5FMG$?Wv zv6Lz{PqZ3&=twkQE$EFfFSLaHG&_bsYg9LKTr3vX1HzNhDC)rm9-Mo(F}mjE)(gdp zB~}Px?2Z_Pty-TM)3&`a8>jeziAA8;@PRrs8TO10jiVfySq5H8kyBU_c{7OiS>@a>XxkUAc%#TPcx{vW?mN1$_HB zREp^rZ$}6oMd5-i;Rx2tTEBrU2ZZk1Hj!;#z-HJ_&$mG@v4-4clMHhiwV#}{d*}!e zBbDlIDPw0*oWtz3W8xND3idNhJG~j8Y|^GYos|Ylox+ul#|N_5Uk4X~ zpQrFti%?O--wMC8=r}8#D1PMIh-E+SCk!<KuVkoX;l1@YUzoG6K-u;Du(-6bda<-vw^dJ*+5-B$)`&(eeTs8x z$p(qcK;E@&mmNDZOA@%5Ph$dxv<@4n#5jOK7gN?cio(=fxrrp8SvOcJ zi!0a>D78^phEXA=*a_7_v)N`cq$cZpq;1sRg1&-fH=1 zbRsitP4$gM#pb3g%1g)h`)QQ`XL@EQJZqZ0aCqSlLP}+|eB6>^8;)khg1!^%hf&;!1;kFK7apPpX zJ8*H_7_c>lNR9&rQJa!UEf5(CcctH&blb^($23V5^_sTuq*5e{g<7EwzbPX2)XS^o znk&iy4heslrBssEPzq%W#g>diz)Qs5aryX*LaW7U?zI}j)*?3B01A?mCKWSOZ-j*} zl#TM0?QlMR7B@rOlzU@b-|SwquC{F0(+*Ln`;+aRv~B6g!E*xQ)#`RCL>j6RQ;;%Oz?~B_bgC1fFA^}Eo{UXwZ_~Qs65&O z{y3--)!VlJF{;CnY~FS3{Jm}1mZ#p^YP9wcEj3mrIeu^t_ihph8XE#%hi%(o5UU;t zE$j2j3Vdve6Pp`sHwXtKQAkydA|RmJAejx$_mO(hOf@G_g^*`KZneJ9y^rw)WC%w- zz11b}-HD1N6JW}W&G96QQKvr{Robl%61a4vtrq?-q{@vRohQ3kN+H__tMub$m5e-!?SJT`(A@4dHhrv`Ov$Ef z^!2d_5F!{#1F}WH!cMjT=vva)LsJTUM9N%82+4L+ZMUx_<9cg=^5WZqI0yRKRsu3|l@j`2<>0_&^E*h^g^Ot#;MB3I)BXbZ(BUmHJ|PtD)*=%^PEEQjY7f zyPV83Wj_V34K`g2Nmq+DT?-QLWT8z5X#KM;L~IPI#w>{@Oo>!FeyFHx?2aaOZGIxH z^ejkTV~2bLJWamY-9Y{JSWkUtY8sdz_ZE|eI#70dJDNay^cSTy#3fpX) z{@IC(g&aH{nnEq}DEaBK%?MSW5#O z6Aa#2J$tGl-Qh6jGPVa6gug&px|StR0XoC%>QfC^+SKBt(ZygQWXtE2PR4XKX%$M> z=#E6`h>v=J(Y4?!od$*kO{C28W(UQf`h{u%5Pu5`N-Dx=Gxhv>CAc1Bh^$NQDPjVAR(X zi$)9?z!g^bo1wnMHZWipaYUlhUc=U! zoj%EH$+--(wEYrxWrdiG0I;UnUOBlT{c75fpN*q2&P=(*esi)bOROuQ8?~kS*{k*1 z+Qri9EJrVfz1{%=tGh;L)}(y{jRbPE>D+y{6<%^!#oFK8nH4WE zi&cXmzSggn5u+lc&Mkd`X%=ieVi8Dn-f}wTguP+9YY%aT3mKhRQr)iXi#7?7keO=){7~HXYhx-H zF;H!6%9TbqEo}m0t=;XiwAdp%#)P5qVPRV&5+zJ9Bx+Grm>x-NP>-x}S!aoVLDyxJ zO_O8A3AH8kVRAN$G{@GMl`1QjvofVQ16kGTjZK&xOhU@J#aa4`lg=tl?ayM!NNi#{ z0#DY_xNQn)wtYwdlPOa^bQX-Si`vztMsIs#kQC+BlMz3VmY#z>L=rnvcfV)fE$F_T zU7IF#h$7ZAC$&s<)vjP>eSL)lv|oZYByqh!aPqNO-C@6p%R=2EfJ$bZIr!zvEbLX+ zSM&H-i|Zi5pfMgFN@`=b7}1+qCkJ(`lu6A^mG*C(dV63J<%8P_&TWZ&;l3BC@I=yt zCvc(Q+-`r{Uw}xg2$u=1WojFnauT$MLp0TRTa4*ba`8it8?|$fO1-kj@le~2p>$#s z7d|+Cjp_VLUOJ|@@NhX!)&>0cp$BRnmHpJoIvITO8+H5d@;^_K_6EJ49opr3y0O*=Y7h^}|8u zfO(89hrox)rn*H!wY6xbT<>n9QeCUmQ3Wn5Xo9#Af4y8PRO-v+)sjEgN>^%0VYOPW zFBU2nv4&nvJ1}I3Z^RzgEw;uAFPG0R)rwaOtJ9Abo{~PsEd}7TQNZx@Cj&yYSShia zPFtKu67KCOSwBxfBbXSeeZDmIZm|-^&N^2KOSL?;X z^72`X^v+Mgg_BQ|=?#P|WTn+b!w;;&Eq_^jE|nL-Tv!_nt}}p}BBUehxEXrnO<`y) zu2Hm%hS%uM5bRl07c;{^%3B13*w`*F$vP>G!69e94}8Au^V#JMy0t}ElD3+Hz|PgJ z^-H~$;vg^@N6?@KU$Xn179!bZe~geGM(LEXv05!$DkWnIWUFC#QBE zsw1AIj8C7OqdcSblwC4%95Q)e4oGQ+;UDX23@YrD!I5n4GN&q`9`dT(6YQ zm)8P?UM(#zvyi4^$-ZFKK*?$6u9=Gb3`Ef5BBtEEtWy_`tfN3A_0_^kDcNaT9A=i- zR@RsxD4~f>eGJ^D#KeBIJQ3E2gG{>)co0LN7Aqty5E~qOG1~7@REfC+c_7T0G#zLC zv21@rz*&|LOgx}X6@tA}qn#qh5n|7AxyCku&14y2!g*l)5;;bIMgpx?M;0GTYv75B z@Yj-j^VS2FWnKo5g_IfYuMNexZ(xTa`Lo7#?e*$fWyPB@W;PvyEjW8LDn65?jI=l4 zU~?)W+FP7-1fsUn-fc7O0n}on*Jo#k(IY!wPAgyTw6>?pRjli8ff`Hbs6TW^_9#3p zx3{K~?Ii&r#w5%(5$tTQI0b$>&ak;#B zo`qiA>Ej?_4TWx2+P#T{kaRxi7gm)0%s7d@-tJ-)fOm<3!O3Pygkcbex(&|(gDI$) zUV_e&s7LT#>ra`5UM&tA`!kK&ewgivO6uI(wy*&`qEpJjLPty4P1%~1RWmyhY-8yf~KzR@&tJ(|o6rZI6&`J-b#BRlzvfV-y6 z3-P+ssqybAkp3947{}pnXOQQw9R3PeOqTUetiZ;Wu0H`RJ|vhaGefzQ)9Y+K$T+O~ zOkG&qL9~(keD zoMw}1vrp)d>e%<$+F+NJNqKPWJ@0uJo>r*c{#;tVJkwdEeTBTg96>4QzIghJr{*%tMLG`3(jt+ONyHR_5 z&=3GCt2kKJDg*%u0vUXy4aC-Y>1M%l&$>5ns%TGztB0~>BMKoiHFvaX>2$g9!K((q zcGvto&%?Hc}KqLA6U9VVIY(u!ujPKP2EAC^YoamGv@V3IM*bdbYf}SU9_E zPnFVgipPtk%IeD6#%e9a1~R6#Fa@NtE0-G0tglteR|>`D%ovT$3-I6suMIo?H4=eF zJxT(?2qmi47t59ERbqfeKhO@JWW3g2NU?`oLqA=Drt~V(@TEkGCI(M^1QraDPE@Ar zQb_GBRn}J5h$GsLvp*d`z@#<`ujjLyMX=AE^;g{}FXC$ChzjH{JT8`Mh2m1OVR!%Xh&`xMmE%K@7;=oon`$yu zVFhnNt*^qAsSv`q(c9IEo8qfU4AnW&i^~t_(-(`aAuq8(P*O771yxv-8g9*!U)j5?+hX*1%;{i{%qRFB zB1x)=34||CmBCHkR4+HoA&l5xSH@R zZ=tOv0@Lj|v6wsL)6SWt)PGmO8rbR1dZ0&%tbwpvncx^Lys!wn8YSzU0i4+G3JhQS zL-&2^QH#eHh*{4vZS=86%Ji!pb>?;4j+wLT9pPc$^d>zVd!};I!D@i1y0cjv9uibN z1&MjYU^r9QcUxILS#jPZo7GH_*$PmHZ=N${*s}bsmi3ySouprr2h#ra?S{Crt#_uq zf?TQQ>benbZ3jx4TM$$qS04n^BrF@LdDpx-JR$t(wUMJ_Jz{t>PEy+OxvD0LhZ`-gi`>Bv6vGJQw12c~(&E@j(0TV3Rw7f`@S z#!Xe?N3+R4>*GU62OzB_x(mQIVe_`flW0Kj)m^qaX9pSAP1QT!4mOEqom>n2<4p(? zVaTDbM&sg;VjGa(9Un~!S{H%{*YqsN7(EZZ^--A6wzz>IqqaNX(bz?J%~Y4{uy1%a z&nYhXSPfl>9j}ImkOJ{#RA}Y+(D4F-zQ^bmiY>AuU*a9skQLlRKcq4)o|+=p^&5o6 z{uDDD$c?cv<0~x31_8*3D`sL;!A6tgO4zp*;hDAx4X|UZ!(D5kF$By3i^5_zVh0gc z23jFF2Pp)PrI;G>Nfr@d9fp=h6gU0^bHZ}(lg5O~#hd}MCV@$I+nJUuN<*a#2UaFD z8-ZEuJ1h~%VCB<}u`PDUA72$jUz+dfNPYjv%UWM^8=C=<*_QOldq0vWj18b6_iUZ5&X9p))R;2OF0hFMje&hCsuZUb(qC^^ur=CLA8KixVs_f74!D zZB-sIdw#B9PtNG#&ZKwEZOm%X9)mL&tBqB)ckPxjB9(#Fg;yz)vfjc=GibvYAwE19 z<{nC0ZnvDnXI>Z^)3fm!4>>Ecp?BKSm*8*OC1nM`1qb7&AYP?bw|)8Ypu{MMX{OzMEf^*vi3M&N+Ub?dlLEBHY z5XjiFLOX(mp6HQO|0;!;T!RcyOyzaA4AJh~QUQra>0-4PaufN`eV~R()CC`~fR~d> zVCc6kKlYzNeK713A?t10QI)l8I)_J@Fm8PcbA`#woTXMgb^wf%!OT`7LrHYGWm`@W zU_XSpIOd8Od(~5T<19^3h_=yE2JHG>Hf@7O8%qW{VM~*&n1T>%-B(~#Q#7gyDgc=J zKE`RgMOlkEvBt3U1$f4E)#=$xGJ+MIXKKZhVj3WaUT`$=&l#)WT{)y#%rom#N>bOg zzIx68VjH(lQ|LvpK9E+RSY}rAx;AJqV+j8P#E zG`c}O_Qw|orK2~PwwrB%QDszGB*qKYgylfAOmM%uXOXGyZDt)3j?*D(jZkaf&>Mrs zrZ{~EkQBg~$_-Xfk?vMl)4O8PS(D8VE5uAKEVaA+nXkqf8JN^j9hN4Xyx1VX_H4g} zjfxs!SoYgEvuqS@Oirr1y56M+a{)qi3_!dBW@eABogY|L<3B1ZnTuv^rgb zS5}sRqJ|7o=6D4y@YA%6@;U;5aRS7+_K1mS@oD55SyP^TKi=WOIEO`;#>KPKI)cIM zlBU8n$D&hWcm~=%!z)cAZ5oB`H;Aub!a>*~u{-_k(V~)q_^#~l3mUMDpA!}YyuX$$ z9_r3i@P-h^IYXokL97{i!!Qv_Gu&(&sVHosfPbm7O=(GG%LxfnKw<0_$o=3MS3|-B zZEs>(dGJijJ;Z}Ld_BD4472Hr9?0QWX)-@5|Hwmj&Ul2%$pP}y{^yMUdC>n5p`_Ey zk8tA87PD8QzfKQWT#i zmV*{G+G(7og#L(8OAGP{6}ZsWxUMj{q^BIT)KVG1RWvH8QS^jVM0iYm+Oo0OGu%W< zr4`b59)z+jbhh+;+MQ{VtQ>g2QsE3P-NM7C&(w`tvoC!3@y&yeK2#5bimy~l0#`Co zG@^3m*bmRy5?WTZV(ki~&2DN(?_+I!DPg6qV=^cqX`4H>hJIeJCl_gY1~@AiYpP$h zdGXA{gj_-)OBf-`j?5ED}NTYz1bhgmq(+H?k~t`|Z(tJO~AlA%F{QEPaoeNYc{ z92?g-j6mWGL1Hf;Vm~mO{W9&!kYxc!@w<8saMtT=k3^_&P7HmTzSYeQpvqRYP7O>E z=*;M^pUau)7RdIZDcJ-HzYHioVxf{XqGqAn%UP5QByU(>Y2pU(iMou$^j(t%IU)_> zjU#NPGwcpH-=p==pRkji$LcV$Sf_!`x3Uy)@m7}C*VdMy^+s1NVvrg*yw^FaL;wC$ zjiwd6o#`{y7ZRQfaYcu9aMty8hX)&ZfXv!UThWLt$(_`x3rjv)470r!n8G~S8+#6- z(xaqp0>V~%+sw8)$t`0MvD^ht%oM6i7`ja2^P_D^b%TSj)oSwL9TxQ#7@&oKK5s$O z5e9l;$!5028%D2nJqtnmV1N{Xsy?w?HaKcC@EP=>+J&V+U1~}Wce*51iP2sWGpbbm& zpvJ)^oS0(%Ig=kiUo~R;#_vkoo3!?=UGSwsJ{lEMKb+OC(gO0ytmTl2>G5&(`hW5E>6*i`x=mWYFou%rdNX>0Jp?97Kp zjUfEIurxDa;jK3n9;_h}v^Yn|jAHg(1ZVbb`V_iR*XcWJ%ln$XlU)W;*D)u2$6&;B z><@Ytt147iPuB~pSL^Tq`%Qd>Y{&&g!wW3cdVOV)jaH&UY4yAUp)kW#kZV>Sj@phI2O;bQs)YqNn$%_+%Mcd2e50(}qVjSZ&+#rsqwX+v2 zu%+JWa}X8h5D}2@yg}WZJysgu1EE~tI?jxD9|m+03hJL(&u)FvlEPL&O6&^^KTr5}DmkU=F+NXD#dc@Su)?uC4E@{-(fI?2EZB9I`T0oV~ zg4(1x=;#tQv3+_{m0 z{;XuxP=hbAg;I&GV%`LAX$04^+-6C~%(<}v|B9_bDN%~M*yRuz%!=RXZ7GabSUXb( zp51|3#7qKoJ%m?;n&c@wH^Ick!AXnex07Y|&3M{Va4poSU6S~jO(xThJGg}Jt>h`y zuvVpHv&z*q3aR~-RuX;toy zK;p=az_M`Flcx-%IL7!_FxO*2;a~>a?Bqmt&%82QjqHb_N@!ayHJ>lzGnLX4h?eKp zv__>WH%2{_;|3XFaCTy$E?-hTJArV?ytBp$UFW!gi_V8=Ndn~(G0t#=<0i$&=&EJg=&hOQ9thRiFpjW%e>}3AQI^0|a*MLw-EoWg!0djG z^1wcAr%P<`2n7sO`|A3|V)easc533i*+qyt07=2nuUVWHs9asQk6r_)SE+WXw7dp8 zr;hfyfO?xhvcK5yils`ezFsKX?qqLZ^CcoN*H)`X>e&War{ZF@KNKftw++)z=CoB%A{2VXUX=*b5t1G=xd7BX>8}BsctZ_AEM9jRDOPySL;g zV;v49`&NrE1#kv4ldZ zVYk2DA#J?H&XUO08yYp7okeXf5mE05oE2UDUfSR%J|!fmG1W`hqvXJB(0leO9>*~N89Kj9fvX4qcJl8SIkfoMnD{E&B`p3n!( z$;^V7Xzi~J?NY%e$_XyZ8d9mRx_+@xRKqIssD<*>g^kFZt(lZPq&TyQjtCSp=XYkr zA_x((y~?ol3?j6&I_xSw2cp9A*$qq!yxEdeu5?p63$T^0Nm!s3cw}Xnwj3!YM>0p& z-^d^uAf;>Pbp({F)eROkF?Y&LRCe5Cnwim-vVwHdX*?XzoFdMcXsS{H^|YZWai{W# z?~t}EXXMySEn_y?3kOKf+QmeFS#nFeX3okQo{ws=d>%zp&*|#L3*svy6w&f#;Big` zY1kJ6w=}?9vUWD1fMfS;_OhpKbB&a^=fKxoX+^4{Q3+6GmSf#yX0nqU*w7h6R zc10p#JH`Few%nDY$cU^Ss~mSZ(wjXYN>3XoBcwiQqQqK(lf68#OJJM|9zy;i^qS*S zIZ()**}sNt5u9{5ob6XZexlfBa>>*y#ebN%X(bFY_Y-+tnb|@+p-b}!nH24wOvNk8 zW9rQbAZ(J`?K9zpxoC0U7;N@0F+6hi$^UE5uC_Q%prcD>2)8ek*#J@QTD3O{%t8~k zHzxGk+la&fVP@>|UisL|471aOX01lVG)N1mu{=5{ZoGSq9 z+g&MdHlg-!dJ5aIFeM82s8`3Wa&NX9Gz!459!=p|ju}oC+nbZ^0#XiRuquXJ#Z05y z3ZJ&qOP94LkRmbNdLZlrS(7!bkRtq>Hj*hU1}Wi2A(e`uTyZh-j+45&eE^2jTy)rFD^YS`NADg}uFOINe zq9-B+kkWb`TC|W@A=BdCgTqu#R|yvih1YL}VsU=@oe6a^+^9^|+y$907SG}b@#Na= zTE&&owt57nv_Axns$QkhQ||0nn{JrbSDtJ+Glzmmzo!va8Hkyc2AkroIE{98%#776&u%e@C(OQ)zD@30WXo)DF^QMW_2 ztu))B)AZs5jY7czcGHBl-5Isuk^`)KxNvA&HWbcj;vxPZY#M-)`lg#S_=4i9O9=e_d47slD z$M86&qIJUs8hjnAnpwQ4g=}ak#}`LqL5nurz@tiQ?0_Vk9&M87zq9R`P_&1!V=pOU zp1sU`3Y_ZiY!gcWN>UIlR$KA1f*qm~h+vHEd&~Q_wm0R4^t|1)K~5s^4PuH7jNNNi zGWE6FOLf)U>B@Q8l=;N*Nbqd^nxbUY4HqF8ZadoyOmB2ne_KlxfBjbYIwr7D?6WYJsdLRU=-uCXej|amr5M~F6Bs=g<-3KgMJDe$3 z9nG}Y5aOYO#uR@lucWv9QRtl@(~))1hThJU)%ZtvfJ*?NQWk&@DA>`U2xkmqwUy;G z_>A8kuci>TiQ+lRJpv>W{*Ud-7Tdlys;Y7==qyHg&3yVwPSEBA1STeZvGpGeLus6- zeMz)^3glXUl^j1r2byaglBc+i)8b%Gup(8hxjnpc97lD!!9YSUh%&p-wRm#q%kM}L zD-zE|{KTwd5iQky{JMTx1oM#{(6Cb~;}((D913ZeO{_88-pg>owI1|;Ez>WjFiKMD zS9I(n84&%9xkuye2oa%`)A0vE3f}I6+C<=D33@oZ{Qzm^TBlFY?m?X%Wufu#V8;sk zAZzN-0*394Z$#dNqJm{_8G$z2t^y7$Gmc`?BNpM2-NT4>Dp^aiaT@z^L#n;I%p};B zLv(I6M67tXj@<%D-hc+07L+m2ceXhjQMPW{k?r%AT&k-4JjyL)Ayg()#P_zj!t#~( z#OMkpZ3QF-2CCrmfNdATwbHh;$70oSdq8G04wFerV*^*L*?~zY&AFdx5k6;u(?%lzFG;4dEJjr8aEOe2MgmZFHTpX`&g>GP^R$H& zk`xM9nC(hZh#5m|-FqMGO8l@x0`&%})gdwp2QdsCsI225|0Pc1hL}*Elt_p$$x5MC zT&klE6_6!WI@$FQhfqvR#rhHWq|dcxvAa;vt5z?Ut%Y;v*k-kF#wPKbc?s6TRoYeq zp-~nlLCDtg6B}zB7x5u9M$JwqygyecFNgQ>^OGEdh%;dzfdmB&*KH>bZLq2$1XUgB zPS(0DNi_uLT7OHWD|)5K0@Xcj|8jD~KAz)zln!`-PYH6~uz#wQ)=PyH(k6P64CekV zqF^;bI&fwcAHgBYu=ASuPH-X{#0gkcmIa@rwcgs09osGuAZ*SehYTdgeHiD+76exy z4Zyh6Ho$2Gc$6!CnHvLQUnAph%$^}?#N|FMMFp6!XH%)!Y^b4)o>EIo^wrWL=oIQy zv>Ia%YUqc4KQWm<}T8xp04^H1?^QNEWAP|x1l zkWho{SLa>XH%Rq%XGJV;nYFeK(GZ;IiOnLNQnt77P^nhYe=%{Bgekl#uB@$Q+Xh!_ zZuvWl*ndsTnpYXt8O9W+iw=$Ng|7mxJn}bN;Y@|8Z4N282?YTqI}o4OG-nZ~U6~VyRFh(h z)iq8Zkvn#>@Ov@qiH4 zF*q37{3)~_Ei0kksyvlTYwPt|X&DR8%qtvYwGB$7_6q7K8SCgFX-;k!03ljr@yo+z z0Z~VCxnsC;R9SHOA00R<~YO|C-q;YwZF_Xqy)cw_cY6+ z9n0AZdpI~0A(6bh0X$3%F9;sy$R4bdQh0|HY8JcI5UNWi8hEM92Mc(%1~M-x&9*t# zfl%_J%)*XtCoiHwM8kq(1{qYfd2!RpEDmQ%s^>Tfnc1o?kMx%gi8AEdNY%bYqkwD@XMJpN=SXD4Ths>qY2b^ zmV3u&fcG$3*;i<=M}&)PyNb^tZ~@=e8pcFfL}iS`X?WV)xxv=u-&ddg&V5ngI&^}}zb9S^?j21fy z5ATdE(%j@TkTr-7)d(Ke1;ZFBK)qo$HeePSHBRig=yXz*v(ve}wsw)5CoE8CLl-pE z*P*60v)kflT-5}yye-tD(cSLjc;DIOa=w0(sDWg0$!4cD?v8Y=CS3_hssp{6l^aet zY#1q|gLB(u5lz=}q6~FW2X=jq4jbAR3T1~`8|Eew)R>9)5C6H11iXQo>+%zM8X`J4K~>%$dsd{ znqd`-HMEp4Z3O0`C+=;_JUyAntx`T$E)sNRtFc_Nm7w8OkXOx=!X+rJXbICAqyu8K z-Gai8-bjlv9Whz!-L>9B^-2Mb(zYtww1e0BN{NNINMj+b0&xh}v6bn>i$>f}9DF9q zM{#`x1FzZInO2lKq=-mS24fsR zUv@1~$|{>o5qAhO!#Xcf*CWvgn=k}xhFSCA8E)T~$vT&|LDjAL z;*#+c!mj}a6Jp>e@|;c7)s&+v%a?BEkrE^-2_R?jE**)}thN=UJBFAkZ=*YOlW;>R zY(loU7FGm)wi}1(qBXW`5rgIu4@{iY8tdyJU{fmqB(jZY#TdVEY6r14i6Kfd@YV`> z^*HQ^X^3=ZVWVJg#^_OCTQPD(4k93n1b;$m1TFZcOlQ+O?Q^!CofFtq9(oUBl*Hy_ z7orJ#YsPtFw5XcC-}#Lt``qH5w0567oy2Xwx^Y%}mo|xQgo?gRCYGk{l!i&35k?Ag3 z0?gLHRu|Mez%VAJBEOh#YV^mz_8Q$zOGk^{vc0(ELv`mnw*b5P6#gn*#;)?XItwAu z0m&m~Id1APPO_Uzmb_XDjUe^4u<3JS(nDC}M#oxiHn_08WLPycYcp%LgA5W{5hh48 zqR)G09)v8p*l8FD+ylonUo77!If%I7{H$iyji2T*k*{t}WZU$wcd=(g6mbCGc9<7f z@@q{N&LVaWzqD!=TWRwtlkoLuqb&^V@W0499E%yWXDoyvqGfDLddXFf1tB+8?8J;lmu!60j)wLQIcvU={ z6+sk)OeLYopj3pOe6NDrk)&0!qKIfqdb@)6{A`axTeTY4uATg<1Y9El0vz@i&Te7? zzzEpluf_4CP$F(BCj@e!(Tn;&Lg0F3i&yN{94)*+{0ZdN>Fq=tKg^I%XW8^ORx$*) z+aQ{-yX}e8#ftYWhSBCR-QFu}#7M-UqaQF)cK1aXyqVz@LzmfY1e6Ur628S07}Hhq z6y0hz-F}S9Bxk0<-he9hoo*SyN~IwPlj8hSiV0FaVivl1O&_PLRuPGc!{J|J_MC$A zy(BiJmF9#8Q?hKnw4)}}55lS390>E*IKYTlZvv_D{xB}>CL9&wf?am8FwcTcC%j|3 zazV+0jU?&r-w*U*t3MFCH;Ui#GA>?t5cq+jMO-^Az5$_2?HKGc>KpN?Gw#a2c z@(bL|5{KNq9)(q#DGzBAmW@|i)3!b9t6?cCeNHtmt&VJ8;_f?y9~Yun8)6I0#37TZ zF^{Ty7>kNgT*LE0a#&KXLP{{qs0U01p;V6*t%Z$Ll;?tqk$+KaH(v19d6LQYv?WH# z67(%Wha?;unK9dVd5EyEJzSAaX9;Y28OS^3d|Vp}c@ zObOk%fEBbzxMb58vNl_nQAK+r_6uB{QHh8YrD}9?<$S~i9aajrgnog1I)N@y2L}wr3jSBx=8R9 zkNTWpLJV~amd+8Lpeu8saIsQex1*%7aX}~662_*5X#g9u*DfI&gu@}09nnXukrtRX z_ORszgh{q(M(Jh?kE6AAWMx77rb)($HHkZH{hN{s0)qoDVRDd*)OV~P{j|if7+Vn4 zl=On$6RS5jbvpC3pVKo5MTbUegsd9ffr0^7U79F|fvryQvm56i_7%zP%o2C?1>P;G zJrm_<{2<-+>J8;?=vs2EprT7nnl4-0o2QSyiW!Y>#oA1r-*NyGV-R=*>=Xt5?9C)!R3zn8w=LS?Aogh$8BS99Xx}0Df42fxe@DAzP3WBjrp*}0cvQ?POFJ| z-Xqz})7C{D+PkG^inU+U5to!sZId*nk=2;kL`jTm2DsMl;Ivgc-|kI!rnGh26OLM# zm<_m-T?dd^$LI}B^1_*?JIMAy>P;7^$sNJwV<$!8`V{%NMj`k72pbntMq_(dv!x># z;W}m0(@aV^Fzc1bqA@Yk%TQb*u1>@0beoIXdbEj(i#Y*Bdu5c24C#?xgQQ#@t;6xm z5G_|1>jHKptt{CzoD2DAeSM6XLEmvh7P|}-ILe5s($O`$#ChXLT%68=M1zXrYo$TE z`XGcrVA`OiN+zX6ZhEfNu0}?sp$17;W?tg1Wc(Phi6FK~%m@J#ncZ15&Cp3^5VWa? z7o!j3UXiBV%%(oNoy{TFqj=1*UKmA1L~Ef(4LGo9vHDT87WmT4l3pF@ka21Kn6xh* zyIMbsjeeMY8?kNc92tfnN?#@Vu)mvAdBk-=kG4jHN=9Ux7SzTFe_|LW_MxM z-G59mer>PHven#CuEBa;^$1Kyg!YIz&PkJ!k0`+Umg70pwGfXIKIRzbVI4{^vLk4I zOH93v`)!4@oXS#)yDN>csVu9P_@bsW>g0TpK}aX7nP;zAU$yF04P((Q3{_cIiD%5Gt(=h7 z$11fHkUt;eavu(+sedsq~DfDWqxx?Nad&E?P^&RK9+>oL5 zCGItt0=s4x_;M>spU?!K9LxUzvNUVDT`&wgV#-1KjK{(UYP009~^x_UVH_iRS;)*Lvk@rXmTrt09`AV_b>gaBe zg46N9Lek&htki>+WG=C2K!Pcex|n+*vue8{d`6v(Cki{GMRaMoJonlaD0~qPRJk0w zEAHskwDsi%@ne4SHQS?{q9#hOFEbi*LOZ4}kPyVy2oWddQ1#dHas_lu+a|lmcoHz#SwC0tQLbZy;TX92#@E9QB9U!R!b4ib0TD9{Ut+9wrLnId2Vh=l9Ec%j%2e2k3u!liJMG^x z|HS@joKR#0g7Crz#s#V2*)T)&ydwoHFigI-k!ck#1GCSBPiB6Gff;Kj>;%t-HUw&Q z4iFf2kzsIK?l$~RPp*8H<}3A=4O$_8>j)Hf+SwbR8%CLFETVu@#Y`ubdHQR49za8) zyR@igjab8)k0Mf%b(Lv~G1)6dlj+ew=99uc6kFz>%o^_o$i)sv&$$2M2@B)O!lo?k z;n^-89eC27O|g3m)5>(N=B;=Av)WHAAM`rhk1mB}T5hk-H#ADbEEt!wT1r*VF-Ma|Iv>}@x{K7MZ&vk}~X|j)z5^>+IrtLPd zye9Z<6(wLha|!l8fs`e%+x1J7f z33PQ7W?g|;pTMV-1veDKiBrLe&Asq4&oFi_x!v95eiuOpj{;1D0CXLPj}-5vLbYVe zMFt-?gsCoP4za=FROXgR-5qWQQFRT6LBX@r>q@Z`TZ$dy{FsILVFB$eNxhyFtS_h!b;9>!wAa+Qz@UX`Ggh-qcR zuUw6fk~K8t@mbSXz0AGrhAEqN`b)Q1pmRhrF9IPnx`CMrfr6NPgFU=mTwB4rXexPl zQ>fsS5k1)yq{I+tfi@-X>$}E{K_c6l*(S~vkV|5(wKd{*4cO4UF2XTnf_-4d<&1S5 zy=_2BDRU!)a?5LlMVsI7Y$pRnb?k%8pi|yjHQcEh|zBX!{ zXWM3!bQ<+(v9$)aq-7cT-~>;JECN|TLfse4ps)ngMpu+tx*9Y}d3+l6kR?(dU( z7pViozB2w2`vNeTK1+njU@mDMo(ryDGI={fX@9WK(7=9YY%3XSmKmT}JCd#k`}D6J z{JfUA>aj$l0v2BdoM@wvWE9j1Z5vdy?Sp={$sdYY9Bl;;5G^xGeTsLvdxlf%WmPQF zpH;#h=~&=cJNlt;WJ%p))7W4!ZkvT$n3JBo-Q&^P)(R{cy%m@S;0Tqpzixj=l;id& z3q3TqfeVxtG89wAO0Hz=3hLvqhfUeEydndcIvuo9n&7H6qM_S6Hd;jq5i5*2vD$_j zrZuf6S!&Qe!v(j~k7|~v<>~FR-mqSyk9uxj@4`-db}}$RcV58abhAx{gPxuy1iMvC zrz_WXX54A6-_TANM7E`ALg3lAhMbw3kGZRcIZR)b6m~-laYzchJKDCR-&6aAnO!M9 zf^a<%@bqCo+WA%+yS$Eo~L|5x4w3_y|g1&02E`0;FbecztF!+CIk_krF1DMcs~vowB{Vdr-%< z4x?=o9*}G-md$pK5YX!EVQgu29!gf%RQms??M>jMD6ci{>Y*KmB@q>uASwbXF6e+e zDk6fYpcVt&jYr>lpkYkh;u^;#iA&NLjq$39MvW5XCd6HnsBzz-+^C63G%@aR z{ht3h^;W&zGv?m=-S4X(hv%tNXM2}=tGc_oM{hvonI>-&?`#+COq;y#lwBt4XU?iK z`1!m!ijvINo4mT4&{K!U&C;K=*Bj)XyS)>JP*)$2n+D_w^c9i+di!W}wa3S2acACy(L`Fx^rsBTg0g^B)>frsOW!e^Dt z*CKGl!Ir}!9ISW!jz09nA#=3HM`#*pei>+9)G+;~VogsS>o_a#AP&Zn33(66h7QLqTwXAP+C!;qr!_Qpm-cr|HJvx;4&lZR4smU$$_eLjd;cp{u z!MCeMF3`_-9L#fF^S3xcV>|1xgAX3L-R4_v-fp`i=N&xq=p*JXJaMExgx^AMxax4S zn{FVc^SO&2Lz>t;h-_!KS85g2)%kKj%9PkgX@-<+esTZKA^WR(CWS8M8E6VGz;z1x;=K) zA70fv{R{MLf}VTS1y{u}*}3-Uc1VSZ=*_sp^sc0Sb%WvW zYN}*g8cxiozK+gMHs5>;|Cdk4k@Jr`IGcbO@JqIH4m@ana=1=X|6HNyx$zTpGU$t5 z`BX85o(FGKY}u^XO0Qjx*N>eRcAQ*1`jQ-Skbcx!Z^HY}m}*^|XFu>bsmSlIb+q6W z-jgQs_g?qfXTny+P(^(|%KN^s-%mgGq`LJ++~tpW=+~>y51bk zPCx4b{i)+A6DRGWXW-4Kh`Gm>TC2{wj?ten zKX9&o-`!rC>!BWfmaePD;YaAF!qtyjROoqgAFuzDlft=Bl%FjGTgB(?c0PAJ&hdKh zu`<=KfQ8$xyX>tC9Wyx5<5udHg)GE+fjLW8hC^p@;pWnp4|?G_o-fAe!W5oeueN zb!}cCUCF2a-oLiiSY^c>NN#%csQ9{Ij=b2>pKSMH^sL^HT}N#@#4dJ2MjpfJIMS!! z$nDyt;2vTpu8HDYoHBmckdgjxpV31`2ARVLay%NZt0mXSAtUF^J$9tcosrpFkjEY; zWxB_%`d^QT>#H+7v}Sg5N77p(8?^SjRrZH_b~^lsL-d+gBY&7(P<-KGp6C_X!Ms4! zP0NW|Vs)#kuY>v(K+V+}JJ+6(w#${)TU`NppvT^4q!+R~B3bHtvU_EdzZj8S_L{KU zE_;n?*BYyv)yBJ@rqR?NfYV^vBFR~ir;?Lu@b_|c#@UVEmPwNA+ma*)OG-(qJ=;ow zB&&#yk+dZ3b?_)jDXE?&_>t4=1k0R0DR^CiafqPZXnS9rFujsKpIf}?+9@R+K*eYk zIMKCa`IS?E(B}A-$a}6YVm~DMq9kfYl3XUm4b93V87I{ONlVgY*l8wH^?$xq#J(<3 zxWxju$U8{gm29;}lFX5)I}Q^pa;gKiVe#bZNz&@--hx5hEs|sp*({dOXW$tU%o+im%I`}(@`g4ML+ka@Y4#<@y6m&hi%?Tcm_`J=!z_E&Z9O7*F!JAmFkIrGjenL##YMPpDff=$7K!SYp-zxwlH%^N{Nph+DzAI@><|VBsBtzks zOIFgpc4O14rT$T53cs!=)3;VuqXt;xBmYPntr(HEEf|O92}>pQrf;woMP1z@x7WcD z67@DfLX8NpmuvSI%y9}_WwZt?ckOQkPdf$vX|x8s<62;VTBx{d3${0!P7q9S8Y*tY z;d1kGrUKNVu`eGaBqjWD;fomuUz4aIz+W;o$w`HIh~Ep+%l;RkH%Pz)1`m*wlFHEn zZ)_EK#I=MQVpUgx4J5sig`IVXx26)Zl#&TD&dQ#ZYfC|^9J$g=vkni+q?Bg<@tIfp zwv-gqD`}fqtOL1PSGy3P6e){ytaMoxpdsoVQqrr6dR!DWs2gfUnT>r&m6Yzu0yIP| zt5+Cub$-+VK^vEvpv)#o5flafQP7qWUCoH9)VX=7g*qy=#l|O_Z$;D{vj9<49n?AU zpE~0nk>~*MlthDDszcs1eLi9y?F=b@WCyA@37&NdVBRY^zB4b-&%cnNEjeB*!_ZNK z>mEq_fK;iI=?<1U^@gfW?@+e0h<;WvnncOq-Xp21BB9DBP z@8;1z^5`FVsBYhwLx0uYza(@Lc(f{SJRO3y;kbTDa*RZMWH?`3=D-6+E5Hk`1qLdn zPDJ1HXcc(PwZL%m&BulItS9wW650c9FKKR1%P=W7 z_XEI|5;f=$5T9O2S6e<~{B%`hopOKblO$97Vmzu2o-65{v>nnlqjhlo$J%)=RSfvpb9K7 zngZ9j7NG2``em*K?r|+Z(YkOHwRc$$Q*d-W@g>6Rq=r87q8@Nfi;x08GFl_4$E_7{ zy-z%DarIQlwPn49Ii_0*#ySms;^RmIzc10Cw1w#K(6{j5;dr5{yw!TG%kX}2b;JXL z-#KlxPoR{}i~y=v07&N;Z=WuV$RE13g84Bhk`rX=`pw>fQ->ne*x3 z4<%|OkR_W=%d%wCqh!-*#3W1HUI!VoXd;AreOg3zAKvylI7gzT<4A#bWtA4a?^<%K zYq6?d+)p=a*x!^eVL-j?BO=g(G@W)y5;>G{D49bI$Q+20Z|&MUR6-!|Cz7af%#g#S zy3Ev-%LO+&4H1gv5WAx#t-86?3)4FMcr%^`oDv;^FP8L{X;)k8&^kM$ZqrMtR?~#| zp5M#rD3q|O9QKo_Uf{b%tJHYC)7boGjnk778VYV~Ci&@HG=qcxaKkd#%VVu1Sko!+ z6^TNX!HrxUviVuX-V1VnNm8_my*DMgxB>(%4iamGq&J;F53)m@g-Q1uLF28XV08!Z znWq6-6r+?(1IXB0uMez`*;&<&rNA0Srva3rIKWV&9l(Z0rvcu5O#^b8a$Rg`Q=m?2 z-TK}jr2C_JMb&qzqwbOD_8a)8(dbps5Gi;!m=TM&@zPB(;}n=>w4svMW&W8&Ckn8# zSxgNvRF0tL* zj~i|+uAu?4LS}-OWF}yierA+DkF0)_d)QvgTE@kMroAE2mFQoB2?``iX=ghHE;gD1 z%~@m|!iEIR;deD}>!J&sh7zL}b)^!OP=dN7zjhSb*wlt4D>@_>mQcMVQAYs;i^>a@ ztLgS=1G`140Xs<;HE=Ii1N&s^;N^(#+GdmjI~uJ3nSIk>Vn4==sz8>@5Qm1jtM0R* zr>ITrU=91-B)zp(uQx9lTxVxbJJtbEXnrhIt%azq)vV*%2g`Jnd8S15?D@*7J21Vd zy07s?8O!aRlDj49e&7|O`G{*z+ib~&67{0t#o}7YfJ-v9Am3(-W#(lNn^KaWqGUZn za*Bir3Sy?!SpWC1ttlO;!Sy8?{h@-boB}KpSb*edTI2L?)}Ezg^~ri;R7T*25{(To zB2&vP-#(Q2Kr^WUcytT7pKMN)=)g&WE1Uw?OO)v75H6fHdUIlrk_pYeOZ)+e{DBvY zR)N=D3#?{Q^Wh*a(c(C80uU4YSfZwVDpZsfHb`U0sIb#Wh8NeT+^8I*g{kbk_p=y0!?WMM5g~O93oe zlCQ-U$vcxu$vW=2u3!VF!GzQ1PqJt+&-Oa#CiwtkI(xTLa+-vh4qhy2I@V&_bMg5 z_a;XQ>~FLJ9O_!&OxIp1xXUT9%xD^-F-2FF%8hFn-)R>4)WdR=RAWt@epBGad5jP% zNtUQXmP_bY@ImjOzY6~46!=Jj1^BtEix3_J51F)qZW4{(LsI^+yI+VgdqOEWNTSXG zzGt)wT;W>aVb=n`b1m=}*M>;owVF-KB#H*y&*X}hEjJw@?Ve^-ohsPhXbODIwME2j zq!{nVbEV(w=w@-~t|Y1en;NYG(_NdJC$GpfJ6%{3}R!i)cWoG`JjeqdYz-=4@guA zP`3IyfGqNiBKu0xu4V>#KhuAx_A+%9s7mxH(Cj=BHf>U3M{_`oqPttqak2_H!)pP4 zV6+O8HR{gTG0k+z7M z)HB(9)8eDHVbVh}lZwt;3>H^y*UT`z4w&4-1}j8dYGF zLoeH*DzLh*@X6Z3VYZl8fekWsvo|iSZU(d&O#uR_X~DUvm9upNaGl)@bQvxaZ#u^? z`L3IkK{qKn!b&-=$%vR*5^m_(9_x^`Flm@*Cub&F>whoZ_c!QwQB`gYob*!Zck`{uHu9yq-YVjO612~O9C1t1FApRDe1@|Z3xVI z8MgmW?N3=}S?ykL_4^9-vPG>HQL9u<$!ce)yy^7N(}P8i&)7}2-km8`;6n$5)G^+l zmyr%rUdBwP)l|VzPVWonLqzNj>Rm&gVvn@w#u!StTYdB^bsHwSh#n<{{df)vr;)$xg@ z%;%5pXr%nU`v*(yX}d-8u|%`2w=}DnO$AubXub@p)!MF=JSd@=pu5&^#lG?0WE&Zr zCTW;+C{H(K{0hTvyEwGF9ZI=-ImRh)tc2L$iLTcFwkc~5+nk}gEJ<(z@0F;RfR%?? zYk>hqQ($`u#^6|216L1sHF$$WF@PsBHTZ(7f!8y2C@8M&%&ZEMP{x-mNtN6iOHhN` zm^uZ#j4IF^xFuu|#({};iiBw392KMw_Lg-*I^c`#zSXsgnvX*djS8pTebQ=8QK|@Eprz8v(_!o(a241x^ z71DfYGzEyM^Ay-$f**LWsZ-!mqtSUEa#Qyhj|9A6v_{?3tQJwW$4@EyLe~a&@FDp; z<{^Nmj21T=46gOnVXECAebsBw2qAOV#!Z;iDOkZQN?KAL+lRa8}0g z=;x{WH+txrsK|YET%7^zVYC7eL0Vv4tEgKS5$kRF^9=&J2^?o$RlJsDYVdkfrvTOH zYzBynV{=iH6?8v|(gXWT=rVAg@vdb_1wdhkw( zPMy01f6mn4ho(+}buDZq&IYgR5CK#Ou+(T3;E{7_0r#y2U%gUMFn`oP4p1>qLBl>uMX9` zz_)AzlaE(eD2B=kCuY+B*g52!CC51uWdj&iU5jq(47J)$DAsm@C)Hy9YH)c#C1TlV zr7E%7#G4Up)S?ilmyr-j2MD;5nWsIN=kp{Bj5RF>`Sol`YQd}UI`Z4HU{*Gp}Q}| z`J1d5DDVyU0M<8;N(dhhW$;$R^^oyf5{`ncR$jGDu#*HexUZ>GfXBt7mjq>NS#uct zxwivxh?AF+!=zatiNX|Xf8J#xcYcCR9?=)0FU0&Osiusy^TEN{DO>=SgJ>)<*ntPm(Am~G|xalEk zK%Tqa)Qba-G+F_^=i18z4?6vw;1Q?5KP5^t1zbxh^={Tz1iKqeLxO-`Q^Ds+)Lwx4 zwU_`|xf4RUvItJic#EC|jUHnClRYz9SzQmUPOt}8E2j#6?i9FP!kqzlm&De---`70 z^uQpadCFp9hUDK-7Bbm)GRd{AMbcBfkns{#40sJSYN)#wAf1*W;CYEffxPE>fD%j} zQWkTuMTu9Dv?jey-(#hu4&P3q8MM7%|L72WwjD}=6O1-5Zpy$TvRC^f48X6AR)KpY z>Y}6-@~r7o;J=LKq4Z9l6xg&R;~G|Ay~dSxshOt$QCpJZTSD|!qPGqU*G3(q1P|5x zD6bY<-9tPtQU3x1EpBCX!G=at;Aq!|uG8(N6ubNJpj3ZKfn!TDrJ>@t6!$Yr(E;=} zlZ8=zuS@HW-RleC!96AWNmT3Af*(5tK2vs0b)ZdwWiVJ!H(CLH>{{R-t_41FEwHX8 zr6Q~+cuE&oQH8aQi85Rk9-?-+EWTqF(L&Dg?JZa|g6?*zs|&XV3-WC)(Uch13fV%^ zuwssrV((y)l_ZPVQqAqIK2@pmt``=)!icG*?L!E2v7P37O@mUO-$hzg-+K!Op;&$e&XuT2AzNZW}|JlO6=MISuRoI z0NSd{3XNk0G!w{a5}D8>mQ~Y39(FxI6Xi(k_uJKyzh6`)-wZ0V2yyp8~X3 zCYxprG?UO4doqRLi6tBq(y-r3=oN4yRn(G9s)yE~r!lmmCE2MCK5e|c4kpUol8mj> zgdL5y*FoxSNha38-)4G{BC!v}hS8Xv=|R4Qg)g|&_@p}ctnsmRkkP{?G==5&|NS;b zqd&&hL)}XpCURfcfjl75XaLU|tpaP=LMeO5Ac;(X2}Y|Gt!BTG*l0kWkjMmh)@T)& ztVi+91hS7rCcq&^tJe!2l9&nP_oh#Qr;S#DcO_;5`NZ_8L2m+9OM;ChW&#;y`V`p4 zXcgF3VkVFSO`igDj8=hjC1wKQD>f<@xXNf1xL0B(kOxhl0&Ci7lCOu&1I7^W$qN$# zyg{PX4fxMY4c=|)6kxz)!En81eO{r@z2hnusuMh8e1(orf`7-8e?K7@{+47yz1uX{ zSaq}{JJ!1mK11D->|F0Q9QQ+QQ&d zA(QM7tD_1~qXGe(=U9MzCq!z1LUhW7daz)O8DFUZ@6h7C)ROhho$3;W2&K@=CuiZf zK_CXrg7;*j*ug|JSQL1lydIG#1+bn~Sp)d?khFl;UL(*65?xb@0D=8fmE9$g3viFo zD)78(fj-ulD$u{NT_McTBHVqQAY77hfp6KVIZb=njXW?{qP8s&yy+D9NMg&4Fx%RN zbY%1xX#ABeeF%|Y!q9*djBi;7-7N*EYz_TtPsK$T zZm%zq9YuVRtq$3yDU)p!u%UzkK-#H>5%eslz!efKz$KDsa%hkJWKHjJfZsSOC-0Qf z{5)+m>WGaxzQAZ|Y&5meC>f*->v}?9d!to=+zr+JQ)B+G?&JQL?ADQ*abG07BjZ-7 zHAx1x@xgb=0|4t8t!^wh(JAgMFzPnoBBP92w(TIrlxC&(k4RQX zbO89wXqC^!*Qc!F?9yKHx6HzRy8)YFl7=60kb$=0658FkW!iGk_F742p*E%>qCiL6 zygb-SrbW|}`6qWEP7nW)QRz9oJi$rmVT8uS`{FC@f2pPSsP$y;$g%&Lq#t*XsA6Ch zv#G8s7~0+ZQ(2T<4Pd40EHu&fmRh^XM6c_G-E;>op~h9^{9{S?F^W9Okw-c5C`Snr z?6>y}ZP+jKsBK?h(?7DwU(VVfnnQ0z@@V=Y2=Sj<VS&!YU(klQp(_i-0QS7@{%_k+l`% z8H-taPT*EGV1O#oSx6)3^XLL!&ONh^v3cod$HM+N&>V_@hsSq+Rl z@(=o&$7PJplvKi14xAy;FapOLt$kf^zH5QYTziFJnFK%Z8CO3i_-m#PT@rBlIDIW^ z7hJlMtAx*ucV699pCU`p|4X>8`4`J{bIBo|<131~kwtBMBj4YNVeruQ?Ko1H^6Oy*Co1jUa=VRwq!MS-f!FB-3_wUZN<*();W+^Gxi54 z+MFN<7K>%XZc&Dp7rJ3kHsBYQ-s1p6SO6rzsn#A0$1r*Ntu-qjGlelN}r?(VY&k ziP03Ox%Mc*2@+NY@UN~02JPtTkh)hO8Qz`eX|I!K4RcL_9VIMV;51hkiQ4NVy2#Z4 z$&`Oak+kt#Cf^H6_OV3E3b~Fj@7i$!f~hY6DvlQWqTuFIYvxmJuE`r;{daZf8Q84Z z%1I@}Q1LU#pEYDA_=!X&K-Q7mt=i^OY|!@l*g!%*f$vFlmFuhU>qt;{cbJelfLJQ? z^qxF|Cpb;E2V3y;Y{6wtfrpHC08dD0#)qH+t8{?a(d$bs_`~&qyQDRFFWKya4e}Cw z8EZ(po!(NAC=xK=Xb13Z3Arv8-frp?_@&Vf-~rbHFG(;4Uw8F~f=`@=ggmOPP5*79 z1G6Rc-|@l|B>E~(sSY8t`k1&+It{Vn?hZi<+(X8xIivt_HP3)=x)xaGTELr<0x!B2 zpb6>?;P0*t*`rBI(wBD9T$0Fm^jLkiC=m_i@Q6EGIVgnt$ogyv%>aLwaquaL61*=U z8YbX3GY;M=kqL0Ssr3oA@GglKw%aXCMe-~iVGR3`1e&lu;T<@6i#h34L^0C3RDul5woyR+y`LLOyd+Uww{615!2 zqE9D!yGNf+@juBp_;ZQO0Z;mGTM+t=ep)J_U%>|?iURlmPK^gJ^c2=~)ghh}xX$QQ zfb?p=ULpGCGlq=Ky>^*p?n=qg=3X}Sh|N zM3Z;qT#lT}IAB$OyX z<#>Q2)dHzQ3w(aZVR3jaa{#^dxr08Sk@8?k6h%BaRo9~L_@(Iz!4jt-4;JI3n&#>m zg0D7N$n;cAx^pE8eTm>Qr+EyKXNT%iERn_gf{&dR7T=QM+s#T24;iFK{Ul7)Z>*!Y z{Uq>->+0=Y3A}NOJj#(rIr3;4)yShQ@@R`ZicyV{9hBF$uz!7ReatCQ1A%)byxx6A z_+G~MAFSW4lAtfr6t9VWOf7ykb#_pKN6ovvPNctQ9DG-zWI%5ZI-SS(@3H=ox$wh` zgNgb|=0JbzwuRF{@507=qMM3lwOu7w?{YrtZP>DMv3^#fck~XaLtc_76W{~4a0+;t z3N;(5q$_ME#J8QHDu_O}oiEBoTp7%+hXl$M#h+b|;?J%}@n_eg_{DdS$rH7BK=9Bg z4Tx)qZ2Ctw`8yhJOC~JCN7lgZilJiCs&J9d4KN@N0j)72?RN}1ba*j71lZA|6Sv#`_W%Kik25(7QBPY>?RGoZ2KsC5+!R0UR* z@KO$3&3PH5ccgC%&C&N>X^r<(wdkp8)XDiklx?W!tN8mqD}@3Zuo$rRI<;+~EV>*3 zyBSS^sjdyxsJHsl$zG0qF~$e328^~bOo6Oxqp8rI&o5;OmGn_c-zdlXWMTj5%8(6Z z|Im0cht|WR=I3*)cV9gOVO>BpE)AiPeKcEJ+c$30xA=o&qzcvecZ67jG}_&jr0r3g z4}8YkRYkywzD)ew_7 zJvMBiGdQ-X?6&c!w4sOf*Ie{pF@5pRI;j60;#mjvk2gN{ ziGsc<_{b^I*3Ke;>q}$-kR*B=x`-PWPa`~3H7*R_3GUxhjnsDGntB98!hHhRx)$j= zI8l_)Vq;pD=X_ zkS1Eg6t&bY70w#8YXpcWS$!L_soras#J6LO)dkB2jBb%*{b)tndnD1?>)^f;r2`%} zTHSPWy?u<90W4GxmX8km!*!MUymCbqjZI87pJV6M?BaEpZO z-~*;kfoC!`IBXP-RbZq9Yw#gg1Mg;P@Do#~z`)UN4GxwlJFrQn21mIXIM8SnI731j z@O)FJMZfZ4_=L^$oS{S!pAjJTEcdXL>Nlxp@AHlhK4D!8`;JFybUNioB5;XB(*^iR zrUq{@bqc&<@xmO_OezG-cRQ=sN)!#1x=uzHmBUq2XL6p=?I(d5cjExoJva(q0cHOr~Jt z_?X^}pR%Ek@EyX3Gv0fI`beS#jSjZ=sg4Za*ai})7_I$7@PTXJ+C-NUiAEY&NApNc z43V-mtLUoak1B%)Zmd8drRaVCqN4UXm2JI|sf*(D_OnV!Eop@^_O+yyp9uculu|r@ zCFBn{RpDk@$Q1b0qtk4nDnHQ(6+LW`&yo;CNcE@4nd-qaEl>)aYw87t7mDjG$yXOc zNT!{47srhWsqFwYPykUwA$EX@Xi+?x{=KfECQ5oC>rk+44XQRL^O36pr%0>;LLbE{ z5Le*cn9s6&;mXEyJLNes%L#s4q6q-_cvcz1$6X6hn9eA&FUYckR3g8ST^6BTN@Tgn zL`bGTF}20QW;grWjL-aSB6~k{Ss!@gi!;DxY}Q(RfWBL#V4`JfRXrjtp{KxSC8`aWtgp1{ zRGT9BiBsTqqbcx&Yk?PC3!J1|vgiygQt9a=MSa5)^pWKtce+Dxx6?le-gdgN!i=?0 z=^ldpoQ7yV>Y-ro5NclG(E*Y*e|+j~joOG&55Z-2EzPx2#Y3NCUQ z%JOsY{Z(}5uLHbZ2S=IFRNy<3{JF;=`7@HA4I0*~=~A#nLGF=gLK(g!u1N{JoT)=r z$H<|K;~&hS3Sl>aD_?~h- zQ37w?BL8yaUyl6Ck$=>E-SW3Z{%w(eTjbx?n4iiomS|9K6||{%(f0&>ReQtw)94uX zM#*az3y=cD)2qA?mNy)JDAiBg0vK!kvvB&}Lh8k&s9O)5Wx3JstQsa+A1<8!Q{n9y z4{g(M6iq8`W1^dgP-cc@72t!_UI#bw0;YfzrhrjhQ@)_CDbzJyB6A=saSA2g=4v3T zb_#g6sXId9EOb3p?(ZRltI4W)wF~=G9i^#TqOunDKU9GiO3)Y47xpLm2{z>x_6L3X zEy#yoi$ud~K)zY+--m9mg9EHLsz8UO)dzDzpWVeM>FlF3yn^;RJ>ZkRXkXJ~-eE+T zYU@hWhX8HUbPK&NEpewyq$Mnk>uEkVv?2tj=O#$#XV6==Z~*Azzc2-lkth`~Pz9(H zQ?Tc{{43%MQ~F_^S?fD5LhqA>1EQJx1;rNwRCEs|hO)uC`{?Q;QCS9kDXaN;*ur6+ zM)W#~%z?hY7nYZ*tKjG%%hkUgkG% zAh@!}n91L!M`rpBG2Zv|4_Z31$N zl9FH85Cs+)t%iir-9LG&Iy%RVvAE1>QPGu3aieDo%5c)sEm=7p$AKBIM58~$FJ?S@*^9r-!-_*VM#S3hv*&rkhwTW`t9ss zx~pKSQ-JLJ9+AZe&2xNN@6-QD(wd|fmpd*l!{4<1itWQcm$W6?@A_o%#raU_*I1?h zyCgc7UHNAz<40GmnR#F8&Q8NzlkhQBTl=6o{7^~ni>PkIfB6;boOqP(ujT25*b4cWc|B%@~-tpQ!Gy;y+A0QkAl z+UMC%c(L64zKwqi0Fm=!6cwty=BGDpX=pI#4?PbnY zfbdv^O(SLT`D<2G1G;B^PZF9I%D^l{g%kFR8=!+x3Y{t;LrXHhjWGL3;AYqG-|E^^ zX91&)R)H-gJ$#2S87KYW5~TnxGFkzylHgH%SCC#kO7b;{G639^w%C`}L>ji6*^`F? z14||9!71Q_t_J=f@g%ShBp5XW%6C4=QU&&fHj{-Use5S^;QZhdpodC}P${9P1&dILKiAi~hUT(__qD)FBr5)X!5=bpa1g3%R+08NGpYja+m#d! z#mUcQkK>49z98_JMG+x3p}y&6fO}L4`lM?CoSSZZw601yX-%79hG&Y)2>5oU4oMs% zhcb?x=1>DN2VYY%uTK>JU=P&xt-_{hJ;5rg!h+(VD`n)+5Y%Jiw2_B4oM=u}Aa0Sz zs)krm4`@WAD*sQRG;NaquBq6#)&IJwdi|_ct!)iVfenq;0P5EC0CsaNKniJ#Ru^Za zX5k3kbnIz&Bh{&bxlXM<|F1Mws@)~wUI%L=>_@hu;V7f4zYEt>h z2G{u94yJ^8#m)XE_`vDE1bx*gIrkR~avFRB7QWTOw_5mC3*Tz+@tfSmdaMZ1@BvHK z^Rx3h;fx{9bBBz)FS}kkE*D^JqZMGNYk>n@8~aX@s_GWN{*tn;dh6ALQ7PG8x-k;H z8#OR!!JiJ%_XO7`W#u1&t%e#67R>d3Z^1MeD94Q?y8j&rZYog|LXa5W9imSpB{~dj zYnD}DC!;ms0@nhUxE8qDwQ)30oq6uA<9nD*3S^#*=Ikxi{mmY_ztIW;Op$258=mB9 z;FL^#j&QkNszmEe9aQ%nkcl)8I1shq^$_&ALr%MDs zbqXvsS_8a-O2`+Z{#1&BwOibDE5VLVfvjy)Xv9UX{=R@hGyv4H!s#^Sppf`EOp@d+ zOxBknNjSd>wc1;0^qS$i<-m3Im(JNg09|CV+kCWqza=fBkuSpaa@VK?2 zx1uhpg|6Wx&c`y&dbx*A3>LIN7pcOcTMW0T78b>so^{e%iZRUFNW#sW0{C)|it}Br z&Py~hcAQpu2_1X1@aq`|PnW3CNe^31hYs<>z)?mk072w*so+|tz@0`bz+J9QvaOUX z$&{)yzdko;8!q!$|3acZ1Bk};B8fIkmP&Ne0GUZ-ptD(fw@Fm#FFBy$idtGqdQ$TK zrtCPhhgK%e+PT8R?3S)8IaYXE#(ybXq{d*=wB;X%Jf;I%D;_-$9&R;MfFq2i0GYHn zhD4&|`L;w9@RaTKkW%WVjJ_MbL86$wBx`vJ;3lIr;C9yn{!1q{U~8)(rG`x{aSdoU zngVoz#-pgLMrGf11AroBP}G=Da>Zm*!t8&mfSu<48Dv#d0k16uynm|Hw!{s99~n&n zudQ0tR&DOJzguxt{;bPt5E@L^)SEB{ZdKJ(v6j;O(%EmjH;%gPQRtogRn9E_6H5{j8AAsBeD zsZ)SpQCqc_4Nr3@uPX(Jn)lmW?GP9AU_CA&x~H?qDX@dl8nCy-U&p}~`vKroi60Q@ zwt27)U@wVI10V$JsKZY61Ny&VbJwZBsS9zzMqTFvfS2L~XDp<#Eu{9nmZ$Z%TqRh5J4oaR9Pq6DO{JOOk;dEW;7Jmh z0N*lo*G&E#V7o-qc4n3)g0&QE1CI;*QleoUSifI{;I>0#!r4xUXFDO1W<K&XJTJyURB@+ z61@|&R%lB!;X{zuWb&bTq#p}S=fhM#46a2>oDMU#=BB*a;67oW_pmc*f(#Tigl($?E<`swW9p$h|D?a z9;WmqPik&Rqy~N^VHxbcE!UAJ%rFK1V6+OnCh?OQHuNbA23#U(Jj)wTgU4k4yo7s2 z@MVeS5mDBYD{64KM9l(b8LcfAoG!rvyvWs|Xm{zJ-A~~Vhm((Z1XEVx;1Zv;A)uZb z&>OES>78)Z0o-o13f%2l;1$=_^qJ!k_VHu4#iIxqv(XBEgM`!|Z_+E#i-Omk0&Nz( z0<38?1vYjqu%po$Fv(~NoaS2KI-?b;e#hy%0zN+_GssUrDl;&~Xa(@bG_U-+>m{qF zsvIJElm$(JZy2orUO)=`$g~aTOjRvA(i?f2;4-J7cbZq9F*qgHHQt9qN!%bCer;wt&et+L5>uS6o%1B>R{+5k{ILYr9f$9;Tn*ftslng68h9^L zgP*z@7+Cfo;9!YT0(`zfY;apw1O9C$2CsBAa8srR?{GEn zXr>0AaW(LdObveEYG7rXkzIys`izXazhTYmqrE*PT5f@_OH^#ze+d8NYG6(EKWcC@ ziL8OWGc~xt)xepVx~H7v+sXphfGl5`eD}B-$nupz|9gSD=W*8ppSTuS)ta0F6e?S4t+*B-p|nwo|5x!c3*xgP-T$Pd8o^8>&G`2pBdegJqTKLC5p4*-A855V5@1HcFQ z0oY0-tSW%V;=L-^>V5!NGd}>^zz+bMg}sUmr6u`A$Z6sPs{Usy0pPplYx!pSyI(O9^PkF z1(%p{1t4M;m?z1x0QZr!CjH<3eC4DLKOj2>9_7dW$uUoZU%WNv}%*XR;88~C%)%1!HO>PmEj3)~^;mCS3e zKOpjy>w#y29`c&&fjtPNg)%U`d!fT;S(~dkk652J zS0@S%b$Yqr9;eR>_8V>nM+*49g=|Btav%{B{SOkR4fv`=V+ZuHq%~lG(G>7fYDFov zqLf-uO06iRR+RF8UL2#!|9_>-+rN2N0ExA~vYKEG?+U=XqEd84rRa(ZUGYmBl?q+) zveQ=ue{uSE!8=Yr6nyHmWvCWciKcab!75JI5UlNVh+qS!n+UdW%EuksI~^<7)#>hn zy_|LkYEEYg4s<$4aFo+|f`v{O2|AsgE;!ri1%iv6eoydyr#}?@*y)XepEFa_woxUyj!09KzFzb?5K|iMh1gkq8Bv{YsZ~=d(R^7L` zU`wal33hTiUNFh&6v0%dRl)vFXA2H>dZgf3rwarpIbAF`&FQxU=R3Vf@Li`@3a)Z` zt>6ZyHw%95^iILAoZc&V$mt^jewRq4KP&iy(?1IS?DP%6Kb^iW_}FQp^L!;cTClCt9R<5MwOE_OlM)tkbREOisJucG9Gr zb_Y7;w7bzMWuG9yn7Wrrw6sz8=T52RaS0X_(^~=$ON)LSUCGEFT_{_^(PUR0=%KJU z?|+xUgApiO;&G-}E!+4ut>AfTktw-Tic_aI>D1gm#s7JU+WdlGW$Wp5fWV{X_cOf| zjhyt1@-mu?U3BG$^E&^9Y+o?@^hLqTP649mLtEXj5@PALvnQ!p;o;DHj2 zE#Nt7AqN&A2|Q$hhcxh{$Bi4TofT9I5dpWh@+!nz=yZ|b45#M^E_F(hr<{`GP-{vL zCw6azrhJ`Jpm*e%w85M1*S{%?(wqDB5qp5O^di`5jQ^xR%+_$ zT@;Ky0=;{!Hzulus6$+M2n-LA;YqP+>aMK&h;96qVmHA;rzZ<8bXr(zX_jiNM8C^B z>yi@h#*7|5FKHc$ZWqay8uUYBSN{^s zPae@vk(7c>(xD5^A_+|cPnKx@0bJ)aM(+t)ZQN_X){?j%LMQ@VA>kP4-YMQ(mQaJ^ zC5oTt&&WYCJ3*pDXA3TOinCwv(joF2)#zJFj?wYVD+J_y*9(gX8};NCY{B!@&HpK( zKJaOYx)oSqGzC_&daAtzLnRo4o0&QVxEqO1@?ONY*OGr3qPzEOe!V3uD;)kKgh=2! ziL$iyfLBAxz`8LMQT8L-6Y|+*Vw@wzJ@bObuS_YTyc2M;E}vwvQAEZz{lj z?~H@{NE8*g%4j9&ww_CKzFfmLuq5)n@w90*=6n!i}egpSZoihSbw&YbqbJ5Cql@GMN=l*9Wq#t{z;f6;64&n4V-7R2AuC&;0D(Mx4E`4 z?BP=Kb6hlCaJExCFLT;x?t7=Mt(znXRe(216aaX`XbpJNwLm|MRRae06!t;c@au^R zvO@3|r+EI$X{aL1NggtMSwcU7{v==uw0KYU5)72YJ?Y+686B7Tf?t;?G4KPU)y8bt zpDG~|_zg2kfh9&8&KlWCIaq={xULzcz!;-V@qejDHy@W^4?ZDLJ-{1Ab9?H#TdGIh z0^lnuy3V)dvnBLUhYlPhAu4!;L{WirjaJVW+~71c7(7y{lT4jrahcO#5yFRk$9>n- z(b_)+{XH?TnbF!v!D!b4Te&t=;+1{2 zhTfKtH?hGrEno_?8*S*!<+6TO!bArDXnbA>nPFsAj;zX9zv15HMwiH=E%IoKJlb-P zd<{dhLU$Z%tm+kk8%orZ!1hMdF@h;h0sn*dU54K>bq%;gLaV|S#*H6)DA}?0I_?K# z96U;*aX3fN^g|JNQ_UV`Q6=YDPD6aVa%Ven4sv-Ls-&AMVQ4_2C|wkc%wBl&>bGQo zUSdgT68Ne_zQ7A=QQT5hV&6x*S;u}M;TVXUT!Oc*4yAhVmp(Ma7I@tbg$@h)|1Ys9 zP2V9_Sx;DL(}3qBy^{GS)u|Jqw?O~H?>pEZet$>%`i2$okwo^V)FB^BTJ_bO)~yED z;k_8_WE#*{BD<685N>PDZtKBy_-Yc_0fQv6`+6O+w#4kV99)MFlgJL(L?XLIb;za? zv)g8H9X?7TJ77DB>^kd^?ImV6YH%ICt3-Cdo)XzDu0tkE%x?7HI((W$cEElT*_~L2 z>@P99?FQH32TNoJ94V3ADRszE60=jkz~@V32P~4v?&Lb;WQp0SU*M-nWCxrhk=;pk z$hi`;+jejrez8P$z~vIzeZ3C3LSlC6Kls%W*#Xx}WVfgexj|xf>Oc6;B(ejRN@Ukr zhx|ffcIrR)Jrdag4@+dXxDNS^#O&06@Fyg)1D==2?!-Fe1&P_I|NhPV{<2qvk$}o2T63N3~XoWt|>Ew zrx@20qr!(X4n8W;_uqieGj-2h{SW0CYR2gXg3X-*gjYsjfoo3?oa7X^-Dri>o-Pe3 zcwI*{d}#oVq0(UE8jn#el!5J~E7buK^&9ZA(F*XUYk`&eSc$EIo79emR}y)AXB@p{;Syd_bRi}kk6)ek{+XbI|rx<+i-2xDgvG)QE`g|e0{H>lX|-P;RSDGm&C?c_^~8<48;lottaS5aoM3}4H%B( zvSagfj2-@fXKu{S>5^!4NkNw!X6o80f^(dP?qTM1x{`c2B2UOgkSjdj=h z*5t*uJXe8ENn>>w@2ItCoG(zo<3_8%ldcUB0}fC>43nryzzs&Lz%8!jF`>a8CiqCB zJ8e}X(f8C0JH_>)rZB9arA~pl5?M?Ezv0~Q9OKPb zpIa4^AMsHf;3yesy5fs{G;_V25mJt^11UDAIt4s@^Y`T+Rm^8SJn*^E8o(u5NgG?a zwGNCmn-nqAPcv&^F+nCz`}I^S-7R0QMjd@ak$0WIa8u}33%h0r}X!A z!1J;#d=G8(sHLQ^M`u3dQGYM;ibZrvdZUZdON)Ip(rHy8J zm^Iy&7QLCGXp!$K?hCACG%bAdb;G~-hUY&dbQVZKTuedtZMuk27v}~G<;~d?gmWg) z^Kjx6Tkue8f`e$V7cER-g?X(ouNCIeiotR2>5&4il1c*5O^SP6Cv~oE)1SF@n^!Kvv#$R^GbStL=4gghZaeB#EM5(+Q#HEmcvR!sJ`%Q<+?8)x4#O7;^9( ziDCj--YYHd4j%K$P6$b46y>@yI-l}HDuRuC@x9!A-YNGBe(&^2!OKp8_l$M`S+Ct} zby5&@GEB2o0vx2hDyPT`BR82plwb&cE|DQXV4XV*MjVz>Nhehv#8Z4veHx~&fduA{F9Y6@E8%@LZ5Y>@G<%9 zB;&9jvWESv9fBtBMNQteA9>sU7kb~-(+YVQ%Yy zo9F95$u7ODaPitxXf^4Ji&cYqNj?;XI$E<8QCqm4E6kG4DesspwW_8JMZ1H3^ZGXO93OmOZ#Ip@jXhZ42d@ITBU1#WY7bT6l03X_ha z6dt(MXf&;g;s@x^SP6l_$!3}Y(XU)(Cm(R68B~FzjW(Q;+e<|lC7vpn+1;W@T`=Bf zU`A5}n4M0*krMUH0>Pz5Q^4O3r~tRS7I?&H1$e@>z#Faw-ghnF-~O!t{L)u6TwWF> z?I%%5Z6P`Q2I+8s7Y*?DLp*=_icCCd-Zjkb#%+#vpOP@t;71ZoMBr1SDX^U!r3EG# zO@XPd1-SmGc3^>PKho;Z#|keNI34*vZxnp0go43uNR%14N}~R-*JL*uUyy)zWP0$G zOb^mB>_Np4Uts7j<-1aFaHa=$Fy57d<1;-tIn#sR%=F;7nI60;(}PPhJ;?WD$P4nm z1NDIVa;)jWzhrvwUlKJJ7^5E6lmw<2O@RYk3(RsY!23?J{juN?r@(VYQ(%Q_fxoyG zc-yrA3BS379E8WHcYaqM6SSYMytRi*XsXcy;add`Fq#7MUEAQOom4ByEQyi5M+r^a@*fvv#zHod(4l5)w0{A&n&8)frd(lR7zT-R5Y~pV~>zqjXn0Zt_j(ivM zLyr!uXPz}+Ll4pzoxOc^V38lBid&sNAm9@VmC4tw-*HOLH5&7By3uhDE8QuwVm1=T zJ4H_m%ADTdHEGc+#lr9&hZyBw8E?CprQyD4fa2kSwn=9yAQmYXYFrf~3VRMx%e&(rz zQZ`N7``W)yMsy-bLv=GnfhSujHDIw(`*q4CuBGW~D4cAmf(i%$^0AcE07a>1#d2&$CssKe_$ht#vp%{;jPK7|CfX{>)R5N zg11Z56ySG8Q(&A8SOusVO@Rj_s$@F&u&V)oKVhnYx~HE@{G3h+G%;lL%PPJzFex)?_FO1F)k_j_wS=qQ6NyaxflZLNil z&^!FPbx zHHF!jMVtcOB+;A){>u|h0qGA7s)A(O%~JS>C=G=S(cyN9k^^HT%9x+|+Re9d$~;3N zQ^1$iD!^yN(gJ)YuG_0X3 zpBnj3jr<#0b+}??AIDR-f4-h~jXK`8--~=^qtIRleT7MZ^(AWQFu}GGre|E=0O{5= zlN7+Lr;go7L8nU8eI0`RodP~tYrrM04dJ!-1>5Os>H`Z2#ejd4C^Fzr>rMk!kw^=S zmtf4V)gGR4@ED0qfNy1Lkmrr12CmE0;7?o)JeaA$$6OuN%Do_xZ8}akU|pkCU_(i- zi?!~y!JJNfJ-DkwP5bibgwSGZSFM{I76Z<6+j{a zOs&HRq60;&rVGCg>z8SCV=AG0!P6x=BLPCF-9@BYh}1lbWSIPHb$wJRk;g^~`WuPn z9Y09DnGJ7scflN|*t3-#8veg;pkCof$N|1BQA}Vp3tt6BcqU-7Yk?WA1y)lg-6$?! z3|ZgOrT|r_eW4gL3Hck#p^)z=5`}5`M}Xq~&%X zBrE3Ez6#u&NW(@N@5M?_!DJCa=}8bp-^5y$uMI14G@Hd=(3EA?lpVd~Ws4zX;#E#h z8SN9fEN3ZUkhgZ%2N#D*3U%}%ke05xnodheOR`-ZoUYDQcih++JX;!!^Z|Be)X+@X zl*Z`5B@%Twu$xVf4*pmoF{KR=!6T%a?`q&wNki5o88<*rO-Qur#g19WakSHq4gl}X zIQU!RW9n}Sd+7;SMHsN|s(Oz`(vpm6SY|_L9?So$*|yg~9&1<0z+j^_fGE;lCs^tf z__fhm2<7uPUNYvNM7ekJb@HQcMYB&J-d3FH2I~;(#k{tlw3NU5@`?@5W`>v$fdYEm+ z;?{-9(0CAT?yncY63w0R--YjGys*K7KQ1SW>}IYw_CIG672yDhW)*OY1zcdr!^LXT zl1|7|64?Mh`?5C=yiZ~_kcYDauL?hv$R5~q<;(`My@b92r-cKM{jvk#Vc`Je*z5qf zARK_4ksSb+hXauNvIF45;Q-``>;U+FH~{%LI{s3xU>AS3@4!hf`>6!w1k!dK>jY654%~Pn;M?}wUh*OPQg>>Ls{WMleBoD(?jn9is z8m-D$XI5o!Q}@n$*IlEyZIMS?7Geh#)wi@*?8E_dIJ?o!aMgcNnhT@80kCRsUB1SFOGFT5FHBt4u*1TGNm^zu@he;w{~<&MVg0zEKC}Vwvc&EJEDW~oxXerMBFq1z+`@XHH!NrY zo5H*#6*M-g1dovOpHTW}u-s}%P3VKVzb0%3GvL!+TadQzaOlrZ>Q5_U*B!coCCmjNdyw(TEg z7esr6xS_^Li7hp%!{r~j-2NAcdN^aGCFk!6#4P*`vXJ8A5c9~pM`ZX)P?4jus3qn0 z<#H>#k^7tVaqNNYO5#r-YC(7)*oJU2R*-u4|HX+FZimcQ+U>;WlJDh^8se)VN+2vI zBT@hEM45ddZs~~A1FxM3o;6E8I&C=%F-UsJn%6{HSses zFEoVoiMQsDVVA|^*DURGTRDRM&KZ${xG{{i`3*>$;$0BySV3cyPIwF1)eyDcd2*tu zI?`uCY5tPi03y4vVLL%px8BI0JXK zZ{F|*65|%%mdpq~BSLQyZc0+&*GYOG&=-E1!kWpY@QNfgkfRe@Mr?_`MZP=3L_=lo ztDyj;27A?3tTYt(RK^0xSxVdoBHRAJA&C`^40c%Xc3>`G2=9X8nHQOpL*5Yn672B* z025L`!luCv&jRKqsjyR$ma&l~+YCx zQCemq_kLmqr(02BA|8XRlp-5DqPS24uus-Dx3*fMDa_(SCyagcxMbIN^b?yNl$^y zDxM2rT=-HU9ydeH3}1*0O`*sDmp1%$Z0nQaw;wE%_%aAz!pXr73mQc#__kq{#fy_z z_+qfbf-X@m-Aqiq3&;A}12Vh#y5Q%v#1kPh3Gal~>sjORejb|IVOsx|Tk!U@b=SCi z+N}PT0i+V;6{)A|>CCr5*bves_U41I4<~6EPQo7}^in+P!UMq$3ueipPt%^af_DfD zYlydkY$$QNq$a$k5Q}d};xYpEdcH^}zX39*_>buH?S8;srqtK-(b_jZGW{JY-W!UI z2Z1!++x6TtQNukw%Sl=ZX<9r7is$uZJ_1n?;p0$wY8Dy!hbZ!#4a3b7an(O%87x(b zlfG!w8K`X&sw)DWK={35Z(yIqE&(K@f*1BD_8i{Zl3AMMZNo6P(n}tMj9r}Ct@5+B zunLHLj^?vdzM6Orgv-)2R^l zB|Wy@P~AU-+4ad}=?|z7i(obkXSWQjk7RM=Yqxze>3%)VxJH+k_-IaAl zDpF+^RH?Ed5iYChwVRil z?hb=ACLRS*0AbrOHl(|q!q||oORx>$14&w%%FQa%^v5Ahi_Z&tP3?UMQY@xGn?imW zXWQgQ*dy4c&|Q?$_kP&-8|WGpi;tiS`eQKdC61XrMzjXXVDktK%VKL-G>8d3^IBsC zQ>+27G#xUB=yJZ!9NE83{qbon_qGkmvO-c8K`ixYfl@IW0sJz@+Wz}#nO|m0wSFeT zYayMA-%3ituYw&lZJfbHgli!uFt4ug3CiGSgD)ufCU{`Mm;Oq;qR3AlE3?CzdnX9i z%x_6-nWwvlD8INJ2a&_y2{9`iAZploQ1o(+r4x7KL4cZSDaylC(Sg2e?Wxi6p}j*G_7}8-pD>5I6}^qs-ks&`UW* zX0`HbNNw?6h+u>h)0yQ6;L}r_WG)9j6{qDx!e`SNy0CFvqZtx54Ynbq%REEE@+1{5 z3U)}iB1wgBC21MiSj}ac@p3pxr31YwkZvj%D4`4QPg3CnNh&OhQZy|^dg!z%d?2I^ z;a5?hrtnwDIuZX7;)al-?CQ`jBv?;Hh~rSe1r4k>v|W?fvQR}c#Gt9*a1`6>8U2s6S4VR1-!cCZa0`56+5b%>x#x>4y7wseTG!aVRt)J*6Qas`vMqmPU@ zYq&J`^CI&3mg&?o9Xm~X%XI3Q4*jp%GM&kp4%2wGWja$bohg-u+y?lb1+g?yDSa_+ zPKTN}*stCWAomP|eLn!*|o_ha<7%-{7E z8bhqMG75XV7XJj%NrXQK+YnwAriZk)Z(@Z*f^7&_CuwC@?hK~i$01Aa?e(WY@}CE% zV>Pdplrzgw%W~AR9JFA*WjX3uj(V1(-OK3X9or{~?QaoZe@jf)yBb3Ad_ZN9J2eqs z4AHED4j3(!9}fSN>Elsp*=)58!>2%9BdZMLL(FhjrpZq5Hg+5c4<)H^T1?bU;hbO_ zR|0#7)wZj$biSnLJCH3Znu|-E*Nv3fO(^q6LK#bM9A0CO%2ZZIE`vpFr3Vw$yBO|9~rrdk||D z4PmR$$Yuv*J$=;wvmkVY%^*7c!OsDopTugpk-OM_O93B;`1x-_Z%b~qq$+F$ZRkai zWj*s=HoLqEvL>%Oo%POjTBd4yqvA5j7%C>eZk0yLIC^{49e@bAJ?bhcEnlkkv{myu zidVS(a&602X-1YK5qiS|)gt)XG%^ZFJv%TFE#fzXMnkwi*p7PM2+?*rbSSmBmno8I4YTVn439!_j&xjm)EGUJojT^$9x zk+^;+H-t@t9ohoeE=dJnoyMFiXxx02la7+=@IK7*^&U$g921#`zg%QSTIFru?^27v zcsPL!y3vJb@m=4D2SPQL4Jq*l+Oci&Aa49SZc6b;#D6ww^PKR<+n%n}} zj-k>J%*d#(Ubo6%FE-uzE4&uO}g(h^f+x8TTYsQ`M%viRjnG zUxiXbP+xJSTyfVknfSXe{)OprENcpzKKAO4|{`xrWIEfE3UFVpzUWzt|6f`J*oJU+G+d{pRN0Q3NaOGoAALoRr;mT^qSkYQP#C2Igzf{!1(sAB+rEE0%7+N~d z=x>PzgOx?%cZ2V5iNAoTS7ADlsUkiPLM$9yh{bd{pdnZ!wMFivgQpvSb5ppB#Qh4n zcm#w+;ph;rSR}qPiG`C3v1rw3QM?c$r%=?zqO!bCP#4AVM(ytU_*_)*kZ^Ud4dGQ$ z8$(vo>5vhKpA2zB@E3ZFjqYCDI{x5XGO&Hmc?b4m(MNosgIubq&YhnIm~D46O`aB) z0$0@5;Y{jLh$^Sa(pHTdZ`|6yxM(Q88N!&bcAVJ_3EDtfnX39l_mt12D@^WLm=u>J zlfsm+GpwE0Ko(JaeTW+e1Kw()SbTR93l9}y(ZY0**a^%U=g z2(N?qK;_+BC~wLCcPKUm^GuJ^ms;PXo(bg{4j&`gWZJB|-*Lf&_Q9vOXF0lOK-4e) z)7Bx)YJEA$g)Wtpwhmpo&l7Ak-7Lp-dQs!nu;~yb=c_MB5d6`RDMC0LN;-1=Q~(LW z+n|&ncSIz_t3Qu!C&*F^l9!Pn20BW`Oo|Q^kE=ryGAxO>Ul&wcZFd{V2QQ z;S-1OSh#<Y zw?SDk_~<->uR;7=p7l3&iyK*TdsZFP`JxEULXml4J9&}280zq%$_Jo4DGx>kEiL#;6MB>Q3vIlSxprihFK9C#0eZ$aObqUy-) zy3m*7=Ju$#6}9i6{c~vS2~_R0`2+r$k*B{UUJl_*cvkow5@rY65DrgLVI)a~^g!Xz zC9v0rbV#@}*oI&%^ybnn=G&Vgq_BBH1l|kk94Cc`f^7)N!>}GK8wynstBD=OV!IMH zy{WA!_((N*1T9%Dr78I;#CDCQ_Diqd$-_&5G|SvH$5?@IX%bgo2(Rrf!Cu$4jQ#gO z_95|Hi0T)v4t7ZRcCZ8A1?~*CA*>e02ZZNA6l1aY;t)5yo$BDkq8l4~#im;g>sFjZ z68RU3-XlQ>f~FLgwp1@Hpu(0GYq4DW2)kcb#Fz7cA3zg(mX5THG#%rb!h@w;=1~ZJ zLC9EtA6HW!f@7h3FGPs>{Kw zE*Dvs$v5gUsbYu6sto2mj2Iy`$N$(;WLz`w6SYy*;&u>9!a%T1{ukT!;I7apBl9Tp zD>HpCp~;6qS3-1)p09#` zD|qj3a^h0nxn((OS&mwkBWAuTSC*rm<)~*l+6RV|E6XuC%P~32(X~j)a!ko`Ov!Rg zsUniga!k!~OwDreSYX;x(|7XkX4i3T8;aH<7m76X^+GIq^&GMA*AOpVG97b!K#0Ex zd>LAe-~Ib$)n&hvQmQbPF8Kis@gPJ7OvIMob*aE;ZYHPEh|X}yXiav#lzVgFKu9f7 zCm0p9uUM?n-4F|#LW;v_*T46%e?CO_7OVhV*8677vl7yfZ3y41Qe;yfTY5lN!~+n= zMyz9P#k6o2Y5oSWI<2>?-Z!)5&P4JM!XjWvVg(PLltDNeVp*_Qyd=cK!ly%gRN!Y5 zU;77`>T1Bc+8)BRuxqe`djJDTDlCRDy~Lt?C5g*g8#U-tx%%-?%shfE&Y;wpwqR}S zv_u#dQoA=dD%xVy0Jdc=gm5RMvAlH2Ozi3^yT^~_-hulcpe!_lS_9Ful6Z4q>(LrZ zn8~h(oDIZ3LS2z$Dz!?bYo&P_`Ob~JjZ1-R5_>D~>%u}aTlb=lpSqZdG^32%TX&tBqZLOgs0@R~5%{hDA?eh^AS!fxShKu~|2g%GFo z=xU!wDPHi})p*ec{N)gJS6VESG`o4&YHk5+m)ISET@qV5D>IZ8B%V#?kB8lcplyqm zs|;*QC=jI=-X3grgjj~)_>^8|qx*Di?|d#7I3TN6ycwb_!Y#ozgkL79a8Hs7|4dS0 z!Zs0y@T_2)!ptP?a@pR!W-Fdg+B*3b_kk#ku;Fu3dBqjM_qPJ|MLkRa8^QD23Ak?| z7Y{1rrJt@sGx6Mr}g{mw1?il;;L2}78Pd063v!8QaPBQ5=N-$SE4 z!}?n9@OuTqT@Y}V- z(SE@&!MiObw|hkcF(5oLspG=2}Fd#oK3=&FgMtSFk@4tL%RZd2iv$5_)d}v ze+;%M_^oPmh0`{VX!iOnctwQUKJzJ~x(T1RC-=e+A#Z#Ye*$raxqReMtS%1+jWSzr z$@Cmpg_p(jXYV6x0TWfW*dwG=tZ3|)8# zZod!N6k__yYD4%@h>r^V8GO`*jA62K{z&DD7rht3MM9U8v38@-XJYL`5Cs)32(~F) zm!!gHXQ(hN*bi`U!HC}eIy2BPZ?39L(HsUpru^(UNN zh{a2jSlECnP+Qz8YNa8ZT!_WP=ON+CP)d-~?<)E?HPdr2WPcTpfGDzX6lRI|lo6Q} zPD9Y0>Y~p^hmOo!A@T}EX-^r!PHfeOZc2&w^0>J0x+p~D28!YTe^&`r%>Pl$+4 zACdVjgj1pLb9(ssJ$9ng$Y>O$(sszh9RJ9;%1w{{U}C2eKL}w<_^)7_!mpE5_#K3Y zOGac?i|_`8g;2<4_78bHn?E7C(6E(r5)>*j=Ri0TQv6Xj6Jo?S1RI1dB&?I9f=!g2 z!R2Lp76DmN7De>)7^v!b5u{jr6NF}etyek&r4Hj@uhKE)%(jJC$pSbj1t6RnY(x0b z>K15N_;IieVL?5lzX$dvj*br6i*W5oZ_hOpzu5Ho7-a2<6O&D0H}X)RD@J5qoeT&? zL9b{RwA0$}3TtBV0b8LjRnOHUGHXSQ4WY1>f5s+{txh1uCa#fU6E-I&6**7bCK(en zrnt1w8QJ=UEpbk=CG4Iu%@_BE=q^HGYkp}fj=0RaKVFZK4xuLO$Fhs+7TywULwIMB zmU-horgEpiFOvBikfjs<9{h^HNy(D%qF{%Fc}XfPOj2PuNrhvRRCsri3g<(elkY}I zW+jC@D5LlxM9G9AU&lIUIr1};itrH#(;mLl);=n^`(NDadwaUySNKh^gTkL6y4FP_ zG8atI<$qjb^3MEH!$2`pCU~r{N?l%#Nj*W$z*KNl~6grD-9zfw*_#vJr-H+PLM6BJK!v z%DH0s3{IdSDy38|C%N?zzW}nsi!ThdhL9eB8a@p67)Xt=a=)%f6ZeN`XTfar!o_1{ zFU@>qO-?)^vIy^*93cwt4z?luBT36VVgu3QO5^;*mKteoIUj?^gzcgC0v}1N@KK1! z=wE4bK9bCFaHtInW=3tYxzA5xp~#KPv~_!Hs{i58ZwiHesg9>6(ju}_s(Zy_xUW>I zd|Cgvlu7Z-NfBwO*@4Sx2H)35NqT+=ZnIY6mw;y%{LjJkcEJ@rkHfFeFje2j2zDs= z4x{X3c59j4ns$#*c59g})~}sgmcO3muV?w|S$>Xiom-ZFa+ZIx`436{C!2rm6o0$9 zN-J6ZDOvt0=076kpOX3S=q&W6cC9Ymu*$J?!z#zp4NFg*XwL6Pdn}!5TkIRYmQEG5 z#0BOohNV-lMP~c(i{wqHM~h;txTghKiay&>$Dq{5!THiYE9U2jR@DA4Clb zn!|zcX-Mrd4ocFs9mkM94^m5f1ftp=1)hsL#o{gyHg^RUCw3no-7?=8fjuQjg%!aL z3!j2=|CRIi;6Q&E748kTsoOOpdqYT;nx!RlO9NG<97mS_hIAup$x0D@05tHL0pHSx6}ZU~nJ zJNy7pi?zhCuq&jpI5|o%?1KXf6I+GJgg`{srr^xD5tLO|IiTK)#@)EkrmpTQ?28(< z;z|eVlpf0b<$gk~rO(*&Xb`15I~7<+1s)O(&HUx%IUqtD60+C!d^$;mF9+KY){O!W zm7!(J+B~8rjt@#P2q}i9wQHH_2o~8V>E-EvO<*oGUmFEpv zi+R-XgRtcrFMMg<(zu|rBHk zWqxbE$h7cV%ly_dzqQP7E%QtCV{e(?dgiyD`K@Pu>zUtr=C_{tt!I9z`LVam@8rzy zab!^{@u*ZPAyr4SyE@W?eert9$wdLgnW+H6 zLBTc!#}Xk4HZ!w|FrDZumY6PeH3frKTsByW+W$~-?Iz8*)fKDN33OV-JS5Brwjm4$ z+uR>G5Q>)|%Dg$`jk}2B;RtC+_-n8Y;ZZ2GW&WAu!px}krfu>1U>ibemZo6Gq~UCe zwIRwa*c@R_#u6j9v^xdc6uMf=@)xDpa8Ks}ih)(m#&nSdonK}esL8xn?-R5&r%At6Q5ZmqIPyqkJ|2LP9ofb=EZ zrjUL_Y5WHEZ%LudLp)vERwx_}S)by`!5C0RJn@1;E`Fwvi&qzN@!N%5GzRYl zD}&H}>6)b2KFR+Zq3A5&-4LbuE$}#`SgfIs7%sN54CcNIQcb)cVjdB+P#7|E?wgd3 zZA47@;|n+NL+JZe@95C;!7cn3QK}*3Wo;U5KalU z-O(ybzhSKH$NZut@$G5K5v~gHiuoU5X1NAZMZ6IjqpI-0raeCntFq`*!zc^sm2E@9 zg-I%$AJ&GtoqQvSlhM)tKTgiiCL@OVg~STQ;$^=0rz95E#vV;DUwl^BZaAf;!(DuN zcaK7&bXHCCf1pfIGSe~T9X-O(vnWVzC zNm@F>5ZgV#zrysOuyg1P3rnCpz@(poN|PLqnIZIP38oq0b7Z09=ZwgFy(|A1-U|KB zAL=74{`q75bcjL=KC$ThDb9rO^YDp>!5j^tBY31!M?3)vozmV|=p1GRiw8p-YlUnw z`g4*Bj|JNhva3M5NAVj%6Vh7ewgtO8L&PX}X^F-w^^un91l+OlQ&YS<&qmk<-mZtb z@b+Mv!aI{xNC7s5dWuR&4x2&>uo~(7_KfZylLh{_w`aj|i{Ff;SZ${ee&*=6rGA&WV`v`seG=En|P_&MZ{NlM-I9r@KL%JMFu9_avll@pmsZU?8)PDr~dnl_1 za>RjKv3|tViw5Ch!%94>brFa;;S*4I-{GD+p8XHw!jfP!=j?ZF4V<3?Z()TL&9G+Q1C2H1Xfv(7`di|qDYu{t%nQZmW!pUmQIC(-Wh%*6M-^5Y11hRP z?JaDV2j)-6ABFmO;LMj8&qK$@Ewi3LYO&o0-V0d{@nMLP3R|H?tqDE@i&RK+NmpH# zIc-R@ZV~#!W!Ai>5C~hDp~F?P)JGax@ox=mtpkCh%hGG6!v2X2_aZtG)cou#hZ4{0GP~i(5qh7!nSI zxKXV)9=1F&c2?YRg3ReDWnxR_0f^oqJeK6WEt$uYT<}B*OA}f$vmx}Ig||QQk}*|Xq9%Twm7ic}rKh&84L=WB=S~8DAWEZ5!E;E$~!y$avR>WHq?}3<|%rPk{FPojq zY=wSZye0ITrH8zZqBg!ly3tQ!GCr$!huQW1X)X7E3awqq4(laxvrXd~f_`&#G_!3A zyz5LWSbPnHSK)Pq7>F&}1a5O^F61B-9e%6R5mwatrnlU&Gpnll%!6D$DkK0pH=Vk|Kz?oLaomaW4Om$HWRjQ=Hyde_rWcuzhLUr z*&A#!YeszN0=1bfEgX_s#%~qfpIC?9FyY~5U*M~Wy$L8TlWju>PW`!YChT9MKR5mk z3~_Ly!}tlGD--J-+*24#OjOf=qk|nj0r*K`?*(4YsX4<~cr{dG-kH&oyF3yGzW}Vs zwajd`!`TyTR^3mav@);BzB&pxI0Sq%qPDAnLp!29}f?LGZJ zOYD8XOQL{-y8<6h>?eRngB`|e4-Y|;t>Gn{8-iW%9bn5;q#c13!47{I_-C*KzUz02 z#N_g#sZ(jJ*&A%ODPN^(m4(Iplh`c#m!VYlx~#wI(=^WqE=}we!0agdz;l3fHa)Ns z_RmS`VfnRD;DP;suO#-{Kym3{Yoa+R3cTPn;8%&gAJ`=ocu(NsU{L;0B0pJ=*$v$agBlnVWER zu!Dlu>wN!+q0K=;`@7?S3lr3lOzd6Yq=49TFZa#NyQOHQW!(htwAL z4)Kt%s1R4C6Q_f3CQEhkW{Bz$G>WCVR*UR#V{NZO``E}hAdEmRnCd%EYssIMl7vqL zJ1FP^^NTe9Vu(4n40KfWzPp{ZQD$A8!^Vom43jE<$AZH%xMwhIaM3ey9i{>hKuk$2$f%-D3iK* z!_OkTHo8Vbczv)<;b92vn@^PapBPMyIybLuyru>lGk`OL9TH|vRywdFF#j3B`mKwF zaYxvYFWO%GOr=e~1O6tKiG;KaSRU+<@K-1bAoKT-FA$ER$*nQ*BxqL8(e%qXhxN=^ z+OuOdrMoseoG`X}=|^^)-cs>n(CqP*SG<{ZT+&waQHTPR{g_anUekBy`UnEMJnbmF z4Wg81jL2M{Q=PFd%r<`i@=-TB&f&yl=%>BOEZvIn6y6 zsadt~egqDKmyEDzoptVCPQ7EbDsSYecEb#rrzLw&*>LWZ%rkj%sPs9lBjzr@U1?9* z@3hWJ>$3hIELC1$nqcONtJ($5lRBDo=8CJ^N>$ajY}vJAun$ZFCd9BF@L5y8*2(JR z-N45ZEBrRtA;EoLYrx&K5N4{;d$Dv%DJ3vOV1e=o*& z^LF62xKC~PKHzULz6bvW{4>UPa~%ft#xbY|X9KfhP%n56@VpqYjh6tsC04i&!u8E3 z%3L4vrZ5nrZAf@6M9;suqvtF9e9{q|q!~cnW9upI7Y8GAT@0mF`>^1tisws!U)TJ7 z*FgOLVi(PNpGE#-s)0uVf9s?&ZUbJK`kC;LU#%YND)6D;$gv$o?zs=C(3xZ;V>tB z5qgFTi)v<8^wp$s1MpyC1EQ-ASH}@ARy^(PQgW_I2j$2lEDv^p;AsoNo--mdD_XB9 zc;=%7x!O_4eF+&Z!511HzWLS7#u!9!@Ux+@^@DBDZqgynE zuLe8#P2iU3Awxd^ejQz5!S8`vqd}Xu18HHfplZ;8r`?*7@pAsJk=jv6%fyE8nvgby zgCHv8{1KVrJ50hP=q0xL(?06AH1TPO&V3b--Xh$1JQ&el8i!CrKga*ETxc(a^fSlAy281=O4s zdqGS3=Cn*W7UE1nIBz^X6Rv>P@mcjg*H?2^G@t{pp*&rk85aI~95v++rZhs}8Gf=a zgx-t^<-dpMlEPXH4m^!gQ$9PT5dm+HnzLdN#NuyGOZnyylepl~6ceM=l)oXR5y6Vx z$i5h2VKk?u+#78%A-EjG#3(i8AA$I&^Sr(l^T|z3azMj^;ugfP7d(3$Lrd{JDQUO9 zXbP%v#X}lU{3nR^5b8_~80gkgJQJG2O=5k~4pbuRr#UU9TS4R(JOYeXQtEwl6mGA+ zXaj3-#jQ~X$oGdZAh`S(OHKKu5XKvQ(FoSy(w;djrC)?FApBrVC8fWGFukxZ8o=sf zWkC^?{{_N;;OX^PYRb1rX^Z-z1*|}p=$KHx6=W>{3&v4Xeh@?rFYdD|TZNq5V?pr| z5Eg_p$JSDO8AL5C>9Zq89a;-YuY$-gxJ086nG!GF!Hx0f;+y-TCr3rHNVF58*<%VO&L1ZiT1`x=b{fHOYAwR!q1H z!iw;h@$^jajUDT7Ei;-dDtyK7w4r=;2pht>()B|k1G_jfR0*KoQ1TP?ssb|8$5Y>LO5_-MN^igRK`@y zA8DM%yll!b5CcQ-l0W{&P&DPk(4qgnN^_myVcMfaR+lkIV%m=gb^7TP787VpJJD-b zyxR%Ll*=LF7w#Na(Ujk$R2-xZXO~Kg1XJ#Z7y-iX##Jat|0J}h-Su6G-Vca|0>(?lI~@7)?%?z9(4eiGkPhW<$3D% zVjVkb!c1MrwM1onRF`sEPm6{)Ok3LRQ++V7QeR_?7Yi#>c7#~p3X8^7H04bYJrf7f zDeX=%m|7;h1)}-|f7uvQ&x8vh+J^DheOxr z%alDK%m{~%t7yt{h)zi)>6q-y8^>f5-U%@Tginm8XTldCip0c|7Szlz#d6G)FF{OX z!nNZnn&P#attYOk8~yuc3>Pe%Q)f-}G;FUb%PP90)8weplNN$>vMQu>*55J4=KOnW z=ih8@yyG?$PCdc_H z_o;W!r{QE(S)O_TuH~M1&U<=3S3Sx6TVj2xMpo4!|MxCbs!1iAU*^P$q)O_Z3LN`y zhL}b?V~mxHOOAAwX39YjOH9G{FpjNg$_Jo%^;I3s#yMkLMK!Ien~XCjc{O8<^NBGI zSjCxYRynJ3x2m+K7RuAGw5lvmwZ}f$Wl85D>}j;?s)BxMHMWW#@_%}t`Zuq~{>|q8 z|K(lh3GdSz8`TWbG4rmX*Z%v4#;AGi|BiLszqud(o6Y_I!{XmOEaD2-n8T!d$>A#E zqYzgxxX2Pe;>0yLFJre%_$0)7MEJ~jdM4Ze&0lR*%d;_0+E$nhVX)Y5M#T`Q8V>vT_b9ki+nernD6ls&H^!z$|csRi}qE^huiBU$BD z-v4B|R$+S;Nl&dhpSqz{MQa&xwo0RZ`c?>ul=V!a4o(_d2gBr(d}IZKP$& z41Rj}S5bv6 zQ$7JvH^S$~RlJ#$AEs0;)m1+{*;%;XhLj&cm=PWuSJ9M7+y+UZIFV0{RNayhDRHl4 zV=6FxT*c>+@=_@M^b~CrKYB1>%xRf058^jb;lT0qOjrgH%R|HxO=R81%_S{Uj)AZu zoI0-J`J`NyQVAscal|3qGUYQ6?Ie6{T*W&``E^PqlJo;%RIWdMwMI%1s``9Q*Ry#jg&}NNjEH5wf>6GGGP#+tp#sG$H-_s z6W$AP=TrMCuP4@rbLW%t(;;d_I2*!7hnkm3TGx?q3xo|X07dIqtw&%(`F9}-BlzGI zHagV2O{8VQYTRSX-Du^S%_`*)td`={<1XBW@EizFxt13TTgrDzX+#jGFmqglTN33j zhA4@!4@49lYX0uiGQqF15XBwXh`EK@v>=M#24O-tW^66R-X=_dxdCtA$es}NDJ?$| zMdQS+udDpGWLuXNscQMG16NrO}UorxoT*%J>uPk`+q2O2atg{}s zPC(`rw+wzo&z|6$3tl`r_@ztk;w3u|Lh5h40c`-u=Ydn6F}E!KS{DCg<1b>KET#|L zG_&w0pO3f*e{vRnZ9T#&!k?UlU(3R;W#LcG!k=t0{sgi9FH6EtqTP{aLDxS=6h+15 zl~vEYwJRd8gd55COd_T08>9ij*6}?%{0|DRfvCwPmx5Op{6uQk*wF5Zt9ZQVwzlPl zmJNiiw4m*zp_BC?q(b3japq)ksdObZ`SlT!XA=RgcBi( za)4+n(qR`{=p!S%L18Jx>s_Xc_N~HD3-%HS7hePJ33m7xBL7enVpQ`?;R%>uK#qyk z7!Mm3z3ZA<*#3K49nk~LIs&wNx5g@`T7 zw-=JVq0NZ6uW#<``s4Fv`x=41xtmSud3@TYvh!yr;5{g47F(II)7%15o6vJL$9q94 zgYL9VvXhL;beJs-#N*36^<273Z&7)D+jKoQ%}!;yUYdsKF#S3*Yap4fXQuZ@dSKi1 zC!+lJtZ@Z)nc3RGH%I% z>~@>%!o3)f{2}1c1%EDhalwB9{8_>O8SL9N>6i9Kul^MtJZZ{uGFTEa;rh zrtd8wSmD)Byq(%O^pCcn`;g0gJLH4Hvj`*PZU4Q!JTP%6#wFf=baQ)WsymO=H>=P1 z>t^Z3-g#7;YDYlx$4Z_1*UdJ2c(eNByno2QX=4~bWi~2>2Hiie?g_jyHs2!3DU9UH z(xg%oC4PGr_GFIWy<+v2%q|(UN)1jM(8# zyD;m_jGehHnMY>((u}3o_q2ZSV&)|%?a7_?l8B&Phb0qp^xlN~_Kmf);?`qNgL&z! z*jawu+L)Z*U!=&K$lFd(TYlWG7`+LKJTm&6)br8y!Nq;OhC=DCjp28H{4U!lRPI0a zJum~C#?C{>TAU-FTcpT*b8eAx>I>U`??3hl{N8_T+h56q-(&FmZVp+5cK5NTz&sKa z%#L;X-mQw1_rv^j$71Ij&u{y^`-%MCJ&xb^;ddp63;f=7tc>4XX6KaSY}n7vDNdvn)pH_vMQYwhkKJ=?ZWc|=`{=R1gDKoT`b2IY9mnl2 zar=SPyr&%J@E%Fcd)KiafcbQ4-cyb{a*Ljx8QT|a-49dvJ>`k2`IOPsT-5isHsfRk z>g#E)tPQWMeE=6^RM@UYX4&| zkC)oi23KY)hjs@DW|Pf1xI(3!-xAY$TUPrw5YykXxIRTpH%43oD{Bi@){Z5n zOCzr2XCGpEYs5t&Mcsjzc8R#s{sY7`ai=Gat20XW=&r}mavy`rSl`CH@FA$&KWHNc zFI4Uy%78i-D)*11jn9SpdQvP0(AQ3Z%Ke?_^7})j{v3wheo$G5&fb@2ZTMmO%jsDg z9!I}@V^&xDGJG0Y8}7g`-Yjdwsr0P*Q0ebhdiYkfW4ZqY2HJVihN;iIsTlBO`dDK= zueX=2TOQY%9@mPg{=3JPI=wRK$XIbs3y>qlOupl;EH@WLEWV?|p(;8;%Xe1FJ5iMH zx|F}By+5%f|2K$(=ERnavsqG}*phc5P5ZT$yc2rbU#%tYfhFztwdDWa-e0{X?*VUh zUQ}{i-?r0R?s$M>@;;*)m9a4S3gwbGxd@bB7k<>T#DrU*-N#7mUX_f_zKTUjgt71X zoKQfX_?A3j)JKJ3;@cp?7?n6GjIlJvTN_0figfV4Q7$&|6B8*XqqrwJnwILD479~#@TZ{_B#FHSx7?n6GjIlIU8OA{~xY-IKjQ)}*jQ&w!n0O3C z7^4zLg)x@KD#Mt=T2ms7xg}2+b4P_?;*Jnuj7l68##kETh0#-P4X(rf6!J9fEmJs6 zgXGTxzg+P5fSa$Kf8d zCJNsQcHj*d(wIjO(K4YSd@9%h;c_U>9WCa>@H(Ey&LFmW;1OVrNE6X4BQerQl0aL!N~_ z7E3jJ68WVN7b1nrAz$7s8a&6ro<5noBUauXC-WWE%pV}a5Q^elkQJwCabC81VMk^!h-)~) z$fS^8J@Q4E^nR>{P!#8aCs!O=oakRMA~T6tup<;9UGd~XB3o~~CHi}*ZiT9Dr^u!ONY9k{Wc1`A;j&;C z2t}v9YGfL*yaFN?q3F~XjmWG8QJq2&<5f>KMuIZV{|0^}+tU=PIH$^{S%X(%$lM!! zU|8@a^3<8IJ+Vfe$-FS)Zwf^(zHVesy6)l8iyK1Gi!T|G**|*muu#N*-II-<*zYFb zU#HlGD)tR!)AYxWrZRpChzk4~a6@8+qHA6~vW))t-sqYQq3D_yjL5tz`oXYJ#CY{n zi19%Jn@2R%uTaG}UDo~@9n|^S-in&ADA)yp@0tr0nU6YGgZc%gUkhG_R*+CI+BG1q5M z`ǹ*~y4Fy~t+mGWfNY`n%QF~GiRPNP-;ax4hi3bN^|nQFM=sRxD$GU z_%ygLJvO~YVMy@GWNA?T0tkb`rO*?`w>=G%zBD`}90ir;vg-V0+J4Mp4Fb{gd_`ZYEk0Z~J@Gqz|C-39Y#3!r{ZPIf@-W=?7HHU8yJ3sO? z1s~h(>p7ARGp8kgV|4CTWQbdZH`$p=hDo9R-Sy%9j*C4bl_U_uLZ(p zkT3r|60`DiB56P<`ttm~zMb2>ms<|{Ueey1V=iAJ{j12;6#fOd{xnYcdUU?VX93?6 z$w(J&gGw#=pGH#SXnK?HWkyT55Gu9gFNvgvV843-*E;%UtzA`K6>5nc?HTJpO`QsW-r;b5D>1X{Gzl79xo4Ezb;i@^>H z-+#OjL#bJF`)tyABF&RrujTN*w;`4N0c-=M1|{BUc^H0`;EAO2^4*vtK} z+u>(^-%Q=qaYMK>TiTrxM}QylVz=aYz8IqY1lO@Rr}#5ij2C5O59j>PoU@lZXSc)oqU3x-oDWUzCyj(ROqEpSfW#cf)Rn8(y|;RZhnZ(avmD%k2fPV_aSVQLr5uct@nc zw+2IM_cX$O2CSb(!DoR75-YewTpaH#n_;P^8B?@)+|ZdtN4@6Ju{%a|+s&RerT*e+ zY3fV8taT)#=yNfk8apv8j!r}4pMb}By0|d*>C5>Hm%l@t778vkydEl=fptUmnLlJG zc5R3rY-jAxs%*$5y-N}8i7uVeCC}cLyvx0`KcOY>@-^*GY{^@1X}{KzclDq4S8K_8 za+CJ^TJoN|rTx`g^6!UOdI}b0^>}aNtn4>;rh)mCNt(cXF1`v{%eBK;XW8g~iF675 zn)sEZUmH(NKXp9)he(&u-%xxc>2Elm{u>#I68h7{w?f1-eN2736C1x`pr1Yov<#lp6vgGX z9!#!sB>P<|rRo_p^Y0<8`5N?Pko=BorFWsr9}0gOB>#Kx(SqNUD?NKa%E#I=+qKMg zEwf$AY}Yc|wahm4F?!2v*E8Go%yvDqUC(USGuw=zVxy;aZZ}aYK9)}D>f#O%1EStn zpEtdgyZj;vH$l{}@N>vKPd1XRQVmv-bcVs6k$f9sA`M6mYQ3OAv1rV~sa=Dph~Y`s zbP>a-n%48Ya51Ed9cXx_2TOKMVy^|vjI=xKvOb5&czxJtnDOnAu_2rat=?0g$Gwu% zTkc#0t$|>fUx}FB^2THxcm>J!dl;e)1iN56t2^F0oMr6}rrIyV`XNR8DdZ`Z-=vUt zATX<2)YnDC141z*7K!hN${bk(FIq?lcDFK3-V)If7L_F{)4GdQ45vk9F-kqVX{y`y zB~gpv)!F+XN8KcD9Pf>DR;$Lo7Ch3xgdJu7l!hdNOw>`7eROQ*8oX z^k!RRUfVsUtkyD${$c*aZU zn~>IydnuQnAo&$LbDupVe+T%lf`8vUKJ5W1|2??g%MxGO%Q3TE%WT&&+qKMgEwf$A zY`2?i9NYEGc0IFQ&urH-+x5(LK8dy8nOpj~iF)}i#C#<*Q`OYP1EDmxE}!1Y{r6E% z8$dLguuZDACmq%!^P)QQu*zr(G^lS!P)%X|6jV)o14OJ@IJHSt3{Se+ix|49UB5?! zgCQN95oH{*y44?JI%Q#s-jvX5sQ1^z3cHYnuMsUjf)5qhGG~Q}hHy)k)HCk(bE3Hi z@@%oreS-3KV+MlJT@-;13Pp!rYy_W)2nL0sZ!flw?1D=&8i?Lu?IEdHgFV^Szbijp zLU#U3z;8ib0m-&ZrBFHZgPg{el8xGuQ9oL$atJgyu1fb$ zm!AM^)lP)hn^Sh?wN|?7KA1d!*S|p=9)y1xgqHzYaw&viK_47Vgm(nHP|!nCmwR7I z5G-s;$Q_r(GPu%cc|2Ltsx-^MyN)M4FK6uy*{Q{op|0b}dR;2-9<6dcqV;x9R_21k zP}k7NRBDyV7(?SuZ2b;0qCjkALt_HFlc0{Fq2QTGSPhNJOUKZ-uWi4-rG4{_8XA8m zL8^vEDOttPP~~6He|Bh$Q7l_|3B|Y%vf8G+g3rZ3^6jmAorUgMNxvq37@}_o7X~{d zTnD9f7R=pA{!5_nRIB4fZ}z^-YpwL!Jv5FZ@2O#Cq40i)E`7yFOD=^lEa=097O*Df z8A*a3lDgamDM7HXDIs@U7Auxoh0$_oG_s*l2Hrh1u+=}6*$%QMXLFu9ACf->{8Yhz z6}+k7OZO#a`DhBjFvujhL8)o3AxO@ zNnVC#(`d%L9Kg+)G=@rzPW17Yy~AZg7zlPicpZe7yMrle>wv7Z2V|u^AS>+wm4jYF zaMQ9D7?4W=%Vz7H0cvn!Pd$}!egxgn@VSXCZD~ghV%_i)-$SciC`t|MXY^p@ha zvLxoM$U~CigP>976dpfzp8rB@F=+U#G_^iTVu=uE126t&H8}mGDAV}_qy;dTwoc`@zg0Qw?7cf+crHZy3PnXP$}2YUFDG@6q$u2lBd;>* zbI9TjCv#*S*+D(9Yk$bT?2q36{t@d#*jeqWlw%{MJ~Jdg4$b}8#o`HOOe zwz-0_Y9)aQ4_-Pnx&_&0QH|AkxDaQgQSHi zSxD8gVxef&@c2%>Z`O=fRZS}vT3yCerpXuezOb}h2AKABk}7OPU9`x|5Q2v3@paJ= zqZqKc6^k<=#6sbweLmAMhVtW4@TFUBqoEK>O3&EcOV^J?6b<1qs2(4%XfVheF0X`C z6q^v$C%g`-6y3AEtmj)m3xQ%;7V}$K&xisvgtZ|~^!DoG!-p+*)`7wxzaq?RxtEHb z_xKfimDQSIl+bD(CU%R)B1^ag!f`{il!%3Y1UoEjA5jhp7Jy|{UJlD+VB{Msny#gs z0XZDbgZg^XJ@NMVtF!&GI?D8ND3|+LpFt>bYf_%Gx99nEsaH-^y6q@?(WyPrnK-dl>+uGs zUqJQZ5rdU;A7JkpC{5yfy6JI%mHivC|GXrdQpmR0i~YlrY{Nn}qx8EzPdJ^hvcBSG z|6T9DtNFKbhA~~tG`kgrIALXN#r^*Ko&O&4-^2cU)PMi*-|`bz)>h6?-``NjvuT>N zac;BQaj7&TSE?LmA(omvley{;Q;Af!S)NLXsNg5s+U@gGG$&EZ^&Xx#p=Yj~>)s~N zT7`tiAcm0lE1L^VQO+wG;>nIkQTkG7{jLlq$z#n4{N^rCEhoc`thXs@1a+ zJyDk*KmF;{-+`;qW1)HvLx2IXa;|&FL6elk%(HT?`y2H2^i0kM`^vdWHip*8q=l7! zBo+q3L6$7e2O7yF~;u)O{bsxOgJ{VwP6>pUj0%Wgb+2U4FmbylA7UrmBeY zBZ0cpAfmF@#Wd$}V*F!=+Fyl;s_LiJwBN3w+>82mK-5(`PpX%(qf+-LP!Ux%x{Ys4 z4{DF_BUMLK)vz2hkNO{k@~Emgq=+v&YN~raG%BiU&N03$huXXF!`L`cRZ~EgM}5Dy zJ$6*p%tm}3yJo1{gjNw%%!KF{^Pt*Kf2Ntqr1BYPjP>3WI^T~VS7;MykcS}oX;j1Z zko-QN-;I>--m?6)EPpM_U(52h&nTKLg@WH##GA(kO#SNzV;?A7lit~H1ue;GjLqn`O_pJ`Sd?st^(^H|PvyI*)}=xIFb zd7hOB$^oz`+^M`$vW!(lx$ z&*}}Sl9xkkCF!=)3%N2a^BqRDC#~08rj#{NwodM7yD=SwbPPu!AJb8!l#W<2$Cf+V zc1%Yh9m7$`$8;1ar6X#r!_jI~T~=|E%8El)Iw>mCYC~GOSSznI{ zW^r45bC40dKQ!w>?z(_2Mf4zd_sK-`pwe!Mr(*Nd(9~%CBYCKA>RG+@$EPjr*_?Px zSsMfEb*0kxOg3q&lsvNiW>w}Q*(3v9zvl>&{b98*UZj^XlpVx<$e?}&0w%l7UlMJ?Iu(uVoCL@xfO`miX zM=Ax|D?;=a8KYq~+NIFVjxN;< zmggz?=`fpVgIP`V2VycG2ArE%;m6P#9D3srS!=obvrP1%TFc!(WTLaUkD1-aLX@iY z%v#Ice`X>wy1N<;P)?R;&0u#c+XRoUilmqZ1r%a}v`+J5gwMzXgYL$I& zcAiwURQ*gUmHoxJ3_T)gZ-0hclXUB}P|fNzsWqtDV<0=N_)UnPmxON>;?f??5?gQ2 zex#&K{Vnk%$iS9SP#f0$_hhn_$lO0Olc~3o{p6)u&-V5xy&fWrZr3J#7_z0sD?6%sS|>3r6PETr?T!Oj3grxD&BY*RQPN%>!FSAY*g`P|3P z36+$JOIxaio7njQWN6}T5N?E-(PM|;vQ7Vk5IVws!43)^hw!=>D7JnkUDwB*v1HP& zSawHuAoTlN;vl3S;KE?LVp*F2*NGq-f{!8a3z@J-l9qumy;It6K%Jpv(ymZGgzm>e zzrQ732oZ|#=U}@+xe`~OgU}J~4R%QQO_K7z*ls1Zso3ZYC6jiA@*DL31ldC3pCQ}` zPSBLNw9N0A2+x8#ZD-Oh+Xte1cz{%M|H7%k+EKG@3O3eG zCWRLT+Z0}sq?vBPE&z@GE#OfF??L0Df(N>`B1bLDQOk0)OI&8#31(-AatdZ=xSIQ& zi8b@ZiRFK6)N{6N06z<|Ma1VoSQGj~d{p2LiLZ$%$fZlFAeSzwf?T=;m28_w?YJnh zBE)Y;Z4C>z6yi)9Hp@^q!_ASQDHIv1Q}~IeApI(Y^{R5((rmKt$%O5Dy^`Zw0jCR! zE&M&$rr;qMDgU!=H~7vzX<{L52a#%deNr|J{r;9X6T+ZyM6m5XNg0aGetarqi-?y( zH0ou*-Gx|mwT3C-Pr-JT${{e4bc9a@+tf-@&klonDbmXz4F65gJ0NONco)=J?lX{l zIZ4~)X1Ca^OMkH=NZ}bc!IHyhonT|0+aO7&0lOx)$lWuMV@*2Jd_5TvoZ)%7O1&lX zy(H&#^ECc(Yf&Wj>~7Ii_bhT=U0Pwtm$Q%9PQ#117ykT!n<``gfH2$SQw=F)`=K%b1nhHzrA&5MDnAl?|Y@W++RZAD{4}U16#p}VZL--VKDa2*fkn;odzmGu-;ZFl!ite~{ zVRv=xN&zx+9-|Ux847%`nFP1P4u@c^XDO=5{lwC%D@p

z&C?IoMq z`+Ed5C=`{v*T*V*d)*0dfRu6{3SQL7UfTX#lz31mO1xKD;xxgRdnLXIAKPKe=|X%- z*lh@hhIr}xs#JrP>VXjVx5N}h)YeYX1pTe5u!A;I(K7R`#B>3^zcp4RxKd}4LNs~T zd^h`4dp4}RgEDOsL)-R4V@4@W_*y2+H$&98a9Xg<(}6RSv{F9_feENq!V3_r$3)b5 z_{gN$B$Y`i<5=6nSbGLJa3N@zlTl#{$ZoYQxK|Q;D*D=B8^Rfo8lMHf7-Coc<7_{| zQF^4kA$ZZ5KBDot5M~y>1U$Up#S3N~iwJs@rxsZP+WS+CZ=%gkAMz!upZW*c^C%V)q0Li5ly0)AJbpYBGbE1Y!SRn+F0X zCAL$Y1ry?3BB>!95bUsECd@1cQr@;Jnz`p99NhrXm4q9i(e3aMHM3Qb@*;4zf`23E z?^&zNQOk1FvK(1$TbRs8J}?zsp3KSoUbEph!A zf9+PQOm9u%4iFU}91?6(7rw=V7S+Qx5DLOh!M1Av^^VOe055=?VZ?MQ-w@seF*yq> zAg5m4oSGsN?hSTO_>!K6Ou{0vI7*Nx5o(5XchsO^ z6BJOEu;?Q*5reD(qbTTu77DTmV!+5ZU=U;%9~Bfq5tSu?C?c{MH~4+t=hUgX-I+n3 z<-cFOa`O4qsdLYA@2z#JyZ<4_JuYV-M`mL&JOgMhPqhA#QyMRGTDASE6xgW8 zE2T~mQgNpuHE_Jqavra7&4j0(jp7HTXVP7mW(YbnH8q<6muTO1}$c1_s&+j#Fx(*k9*wh(7AXxyPm5?m>HB)E6rAFJpBN8mYXHA^} ze=%AfoYOqXjqiA&75KbFxdFVhq5X;6ZjfLB-eKwtz%S}3)E)na+SbjeNn0CZGMB0^6nsnN#kUcnPrZFa=YZoR3J7d#XPmN+b-?&v zEiWp|lkKR}pM&Q}6bZOhhZ?;-e(@;eClcua4&A1Qa5*VGz-6TAA+uc%+@h>a5Ba56 z0=yJ@$jW{q1?ViZuX?RNr}qw(*apav5(Ng%4L#%n*8{hP9`Xy<1FNgY%@4%C4KxGz zhA`7ZPL{|&z}M259&)+sfty1QVJKx^jc9+)$TF(d7BXnV+n<9BwQY#uQ;$!$FiO|T zfSmxOXEaZyclQu;3w<@m`g1CKvjjcZGTxtqhf0(*@F7#rGdx;cxh)ul`0do#^zkag zXEkrD9dx`xUQ!KQP*VeVj8B)vqmXkXY#38v-}UidJPNr*q6~pzUMwC>t4=GWI^UZV zq3GiDurX0q_ZGpyXC;dF0^m~>m}6PA$j*0N@78S>zFQ-D6JD=>K;^yMeNJvqX90=tVDK zWtG0Rm0w;qD2rEEC}tZ8a|e8@xoiS^8qEOi8MTvKX4CPX7ODvlP6+_7H`)X?bS?qUkr3SG}PT*?UGz@d>yjvtqePF%=TZBj$vK%*_-P>o%^_FPYv!)}*o zf&xD*H^BTttOfkE+@R(i%br@(r7M6Dhl7soT5*%1#AHUdNvyw1WFLug1`adY2F@|s z0={ZA19nnK@UEzihEmz`am|h|NQeM_O`=)>Ud>mCrGnydXVJ#szofp`EHVING7gjQ zf4lbJ7bW-yCwUWKFQct}1+!fnjlEMe5!B#UMPu+uiIM|`twoc@JSpqyifK~u5KYDa zkvfy}^!Tgp65IRx^T&i+TC9N_e4Fw9{0QMy1&{nHV9;m=;6hqn z`oxoL!-3+L3(5RQ(p%d;2M?1!CNFrThXDA}Xw<~OF}%ug`|^6U^lRiCIplRt#RgV0 ze=Wct!)1U+X#w-hAOp@Z+9C$G{z>*ROb5uLXWnm_7b(t2Qk+qxn9e~i#Xcy}2mJMg ziB-xg$m0%{ZpS@SzlQCT64l)JrJ_GBfk(rbbg>@zuCiT!PWvyok2zlxaxjsPIUw&t z@kmn8cGt7O16>XHW$D-~kPB&91B)bbG7G%V)GdGyHxkGLiR} zh*r_E@m%5OLuy1>I~)p z)nm#+o0oM5&5vbM8#o|ICaqr1(!`p%{N(zOx@^ApHy1t6I5oHY$0J=k)y}aEEnq*% zq}uT})xIp^4LauQEUEe8ScSh$z=PP1O!Qz)sv}L^tb9~AiDh&r?<5aBL;0xin+1PZ z$h|*$J|xL^{26tigvR$^?i^2>%`lCZNa3 z{&gJv0Z(q;Y#xUIf=;R(eUsIDOsqi8lIRzD^;HCeP~Vk~%?Le1Qfz`!HIFt4e?`I7 zV#0;v)vgkK!3{tPeWcL0Nk6p{Jk}$Th9@G6B$ru{OSP4BW=WJ?CSz!k-7K>6ef`*3 z4~qM~p8l1WpFypb6GSOm<2Om>Ci?SYAEYi(&^7w{_zn%y*heBupa?jVfW_GcC}Ph{ zVwV?!I?ztAY$Sb53~-i2XBhhF0tpiUWLjyC0Jj+(1|F6$Fknm_aCN04C*T@aF=M41686e4>1Ik*s@d+-X(h~oh$sa zJ-5>vcEXRYf_@+ef1}pefWJ3Bkb{3*)%ArtrQf}*)2A9FDt#9CmlciAB-)5YK6d8y z!lw#;rK0iKQQ6PjMG^M4XvfYxOgK{T9}7LBV`si!87#0Yj-45?f3OSbHo#4hw2THLp&jk@ z>Kr;rlq4Aw(dPsVi72DOh=^V)U_eAkk?{~^NdC)dM^cL1@FV~-S7~9v>{+NrS4%V= z2Q3!fU`~?T6(-bxLQ1sv7>vb+P7$bxI}XvAnRUz7Adk<^yx_^(>pzdA6fm& zlSOq^Q?=69qAK3`7PCJGFOX>e0g5wEmV_U72RuWzXL>W>Dx)ocABfQRl}!d0I-dd- zowNp6bW+EgjBnpSx1ACta*p7OPCH9?i+Q%Gb({c8b>fwRZyU{kM_t?9R!_y&)SvDp ziUBM#+6G>;7CWqdz2az*QzSA0E;m{}Cxl}I=f%+tW)4Q318O+{!=2S=Z{9S zYB)mUxV8-W5pxdt;AIje0Q}I@^9&ylm%oLhkfp^2LuF|jdPQDkDQCbM5|RP8l$Z@< zK%xM^zD8Ru0mYI+B&UxTDG0TuS~aW<>b`9S-CuDhy^HY4f=9~=m&tO~)h!yZ!KUAXr)4Ol2)X9us7sCzFiN1YZ^rQB1Zpa2ym)$nR9 z3CC_dLu1eQvx~=)+Sr5*qvdArB6<3O1<3eP(|HnVEf!s<=@OY}H%o{B5?Kj_&opo} z-0xL7I!om1RKb{2;KxSWz|UP9ZDPW+&d+|_BVn+>U-=~_Fxj4iwt*=|GhooQZx`I* zG~5>ZL3y`|>rG^WYw&Gm-UMi^jDh1NSb(1}K9GawNHk}G8%?bpS?Dp#e)HJFiu4{& z95~8o^Gv~4opz;I+gNIT9E8B&yUZ*DPBYq~@kLIfakWFzoFFs@&oIL#Ks!|yv9TZr zch!})j?LQS*=E4$*0@dMFB#1MZ(E*mdo0FRZ2M5;=1L;<)h2!Y>J{uEh;6L4q|+y+ zzz(|N*h4~|;E+V=1IHR|9w+#`(+CzgOX{|5%7A%B+W?K^rfOSeA8iAFtTXJx#aR|y zVQpHr8iE}pI}HtXbZSsf(7`vsWV_bi(Z~FBUE5_$UbY?Cgjl)9D<)Tbq09I zHt@Uz3-BKjRS9^=c7#arzM?`|5@Hi?w7KAoP5}byNPCBXVq^;tMB4BcCz@FAE@VYB zZvsRr0xl3GWAId0171@Tpa3kYLYfhx!YlMR;TC(ckO8~t23n~N3g$Tdl;BH7GvG$o zhJ)_hUH`Zqx*Q;HLe7?2hby%dV>q7n+>%JB85l3$AU>GGGH!kImUcxV5VR z;%JARW2l5_85ukB(%v^D?AGAb67>@BeOJ%vY%o{a1#SeKY)118zb>vb*5dN)=*Ne< z^_RGpBm@WhHn0%D>JmjhJVN;R(%`Y80rsw>JHnpxE^hikiYT;x#f`c2nQ($L_6%8REHs5)@ zhQy-v=cB^2BuWDKwq%@6s&a5fCIdw#;6|3o*bK5dr^pJtNFvX`WfFP5Y!pJqs&xh! zS%GARKFyF!$r3$Cic}Ff`KN4iOc~{Z)`9US^l8#O2hbb1*ACeAb#? zLb{iR&XH7BDaH}>UdjN5RO7W|bi8h|4fNAy#gqc4N|XRVo@SFK9Gzwx#v5VV5c#J= ztf#@g*giqhk4UfppOPpp@Li3x3cpeCL!%kM_)8mwh(=mTC-Em9-^F~|jMc+lgI|vZ z@FEwv)W=rTQ^o#l15oV5VPZCJHO>Km5$oRT87rL5lTaY|DTxXUr_8A6OXXuO=rwpO zsg1gI@hEXHvX!tZO9_P`zDFg52hWlyJTTekIq({z8SpmO0>iEaPI4`9hHHT@x)xvx z=;}8zOU8mUu28te9{D=KkDaE8{#2@8x*GVs(RNtS1GA+f6)K4^@UU?_L{^`$#u?xl zCTW#tyQ&!`nZ-e+{2^ul-GfQUvA*j}QEG6=ra_&mc86?*UliOf$F%y$axtog2% z)4}NySpfT*dY<8-#>WQ1c@mkZ;c|yk8g4k)~_ zR=kA=yunPy3b()l8GKGM!GO(I3SY5YGr&JL*)ouOe@C@P>}ZM70FEs;!2H7piSqJjAzo1GQ`@0X() z5}5(~(b#7kY}hvdv&s#f9;)`kY5U=v_B85v!J#waP}*WBX)%<>*hx@$MTJFS8TyHMnJ5{?bv zvl1l?tYvLlz=qx&;5*j3(vfZLCZ%zgXA1mK!jOY}Zb19!T#(m1#A#uRoE6LZy3>1y z-JZ4po@-629XFCg{AXP=;L8$)zff?o({P|Eqa_?VUZT6#TP0Kn{#2sYeUo*~A`#s~ z@E)gp^YbT-X24ah1#Xbw;!fcMt_GGG&47QnHgZvwwvYu<CK#A`SNfkQ3@i zirt}#KTyWE-9)xTg?ljmC#@$h;f_9P$TSIkqQ<{7s^RC-AbQu5bO@Fo&&X zcjm{A=8)ATI`{w^7;OQ3Qe3m7Cx;wmD+;lqQsuLpem+i9OZaB8-cBMT;4ManfVUeR z2KF$T0sFi50KuWI1&(no@FSz`p9n}G3GN-D*;kavRHDFDtVK3i;5B8DITn$thOg-0 z?)Eh7Q+FM!m(SpI4!`K64qPvfp5k|@OfjDCh;fQqenFx=AGpS7i&FT~A8CP?TpMjV z2R*com*_f|7elB6^iMC@=Va;)>l<}O_D*0U9>at=xS+`Sxq^Q6y<<_mFV;UY;75|fPIV(1DQlS+Dwqk zahs!uiF`t$qYhAq84zegdqdHyV7ej>yY`H%oj>DCxCCN8&&9Z@COpRSBEU}i^=I} z_tN$fYdZ`SCWEO-$}zvi%!h!B!##u$obHEm*e7(vvdEBgB|16*cZMGFjOzg+n|*|P zrMawYTt(+23Um$lPl;v{P*-$y1#pMaHu-R&BLiSVqZvSQ(gK%A@CK5b)WGwF8sw9G zQUj|P&43TO7C6kc0QJcB->W99mamH|Fu4KNR~4Lzz&ow5CWSp)sKFI1?+ljIlid)NrEJ+@FId zdp&@6bh_&+_PKi2kbK~6u|0Zd-6*)-pF$-0iS8ohUcLcn8*RN`z=Mmfj{BX0@*#4m zfz@Q8zB@ei_?$Z6pAwnydiGj2RXcmXHe1_y#vmKuJfp3z3Vz@;9BNI=Tjb*d5_%C# z?yEj#?yK1o4GjnMKhH=M2AFHK3G8n)15P*E1is>0;9}SE6yQ47>i=@NNu$%N`k97c z!@H#1UVB^y92*ollwQh5q`ZLEDg|6*Ms46bMoW7YrUm=cB-n#zxe@Sfqvhb^e{;>L zH%qVvxtq}(Gf)1XXJLGA8JsOqj^_!!==65MgHD$UUU2$%!D=3Qbpf|zYBo(U-D!lV zTMkWYwcMz1L;p>QngTvcnlFj2V8fUJlRHOL?rr&?tVSf127XE+KY-toxAEhR%j0Wg zH7N2fi5dWVNx0_$_c1;;7u?Ue{`aNFZl}19>Nwu?%vXv}OQh9>K)IOyG)q4N3X`Zn z;iF;Km^>h3Kcr^>?R4n5aLrUQYOl*Jz!TEnK_VgbAnCN^ z*ADQI10=L1*p0CP@&kz)03`7*uSKp^ZnsNt2L4>4_P`YDq&DzcqZzQBYk^%{n+fK+ z7C6|oz)7wJPH}B?1EbG}DBVR97j9AZnQwo>(}`v&9;6k`i^+S)*U=LAW-=d;z;_Z} zSny~^*m8*(VIRubTI$`kSyw3lPSp*-4A%nwoU{de%(cLejN133J?#{DQDPUx5c1MK zL~0*5+6K;WE$}&sSwqM=+2ho{TrSWGUpA|8ZS+B|mMBqRk%XfJxY+pE;7W3}y7`tp zWL@)J9<+J1{4;sKU!pgC?XmF-1&^Q_n`((pD|afMaQjg7=OA~N>i*f_UnDAoUi^q9 zq(3hS=^jkLWfEOe1EhyK(&YIA>C$=VtHITK1kxczr%n}B_l@Qd23~rAu4QI}7aFe~ zX_RG^AIeHgA${+Zf&5S6f0mFC=pCeYdzAEk5+Z<}=s=z(N*0VYHsCl}Oo~j>`2QEa zm69zxyh>A7LJr_b63rRlL8HxI3nooLo9utIeXlkgXf_$}fYDZEo}Q{}pVHRiwYhJK zUTwzZREsM0Y(*PBCz(`R>E#@9rCWYm@cqz3?sPrjejj=-iU0SKs_hn`R0p%znaUqQVQv*ATtYo;+s2H;uM{MXm+j z;Exi4t&CK&_dAgIEeFK?lIg3}w6``j2iGw-8E(h}brhIRGITV(%97DR zMED(vI^V#&v`!TKr#l4r$}O(az+9r^<-$=SO_S)T6bXw)Ol_0bneI81Or=4oc>baN zy1u{gQw5*Erk2=*Nr~?+d?|U%PLPNKACr(Vc%t#Kxn(o^+P>n`v!SeJIhwU3Z;;C7 zF6508xd!$QJ%sNWke(~4gPa1_NbH0fqmWNt!dmT0WA6hM$&D2za(cPJnxiHi2i1wt<(7W&lxi6pJ9qe#wR& zE1qhj3T}Deb`NBoSDkBQRxB@S%j!BAC<|Z@qb-2jL1_VhHJ}A7b8R&D@*a?rt+j!0 zAci(wq6HhGNrh9?jBjmI6o9XY(GK??f|FefoFehR{KL3Y?${|SZ@O33M)x-i%r)C4 zz&FqMyCX1e0n~i}!F&UZ2zmfe1?svGPeTk5BAO4`SDSnDp=j=Zz=#CBr}X!%Nx&xrp<#w|{Dfu=e*$`&TX&Ivj<&~x^Q|~F29ivcc)9&n{EwWr-53!q$ zygYqTc;MYeTfp9~1+H@~aJ_3IKalUZI@;C1DH81ssYS_uqis*RDX@b*RcQe`8qI(& zx)%77Yk})r8?Jh4^Na0itPZUL_)=*n=!A20k#UCvSKzPgq9X&|Z5J(LGr?iI>d1iN zFYx6-Awu!;{GYuwu(q{m0qc8X!2KlWA#eR!HCWHv0{#c?Ca|+>fs>4uQ^8yAEv0`? zdj{~;@SIt|*~Y8acWBVB%a^Z9C>Ok1lDrV3&#JQ-@K1juE~zkHTfg zx!&y* zXc^6bgIyb*Ku$37sDJlp7Ca+S_RkB7za2K@cdA4ky}jU2r@(O%WjhD_l&jAXe9354 zUD0Ei)U$jOaIn!~AoVlfEh51v739wozm_n^z(*t+N#HS~O@KdFNK4kMN-&P3x+kXx z2}@N?gY7JVCP2B;0%yAxz?-xk85Sjm4)j@fiP-HDLW3{cmi9{8y1hh+0z44q${0M* z_&^SxD3J+IAa5(w_X_{&YG4H$xq+PXkw3(118y1~J=E|~T8PJ+)26mA6nHBognj-*Jx%($1fDL5&6LDuO4vjevF`Zk(zAXp zOuXM8@9ZM*PsnD#0@JpE%O#vZz@Hl*8w4LN^u0=LH;K9)*xP6Zkd)?Em0Rak;(l`Q zX?Iu$aVYahS2M4+C!6J^p_{KhJzd{855JWr?4#T-s3>>apMw{g+w2yBN67H#9a<$6 zt?}0Fp~vcI0yNdI0mrh+zzV(6Y`jV-!(CELU+vku&eU-N2b2=)(K6Ppk^ZAK=`d0{ zD~DOv2|BDD!=B`5$8%5y5M0~%*dWNrqbHX)O5ocHx0k3!;BBTJ8w5!glgJ^RvO2Wd z(jD3-S39bmU@}aSUt5x+C7$l`qJf_~1vXaN+KGV8jSk@+QLg~2OD5^{*&MQgt>_&? z$QBYA0bWhDb0t06V}Vz3-=0|YKObwHD^UjlXBce(t0*@={=wF?gj-cZXEgUV!@$ed zybVP2;k;@-+}WJQe218F1+ddGVOC{7l-eI5lZIzeS#%|Imu!A*9y8!K5{4M$JyhM~ zRiCW%G3K+QWX|YE1xjLegh*#ak6B(}*43{nRN9VvT$~lAWfhevb%wgqCPxcbenU<) zGGSTahU$nndw;C~?rQuf!`;Lusp>w+UbZrJP~W~HACxHa8sVopNNlYw_)!n7k%vQ# z3x07!FNQmLI0&}~gni`>H>hQj9JUj!>hYzgmT0@KVA-;lMEAA;nag1v#JSX!7g%MV zCHB_N?YlZK(<8KxNYt|cKM$v#2R@@47@zYI!I2jJvw*{Zw`is*ndu<9t3c! zo?SE=UaO8r^I@5sEn%*K=Sh?saIw)AKs1}ckZ09pT3Ip*;YCaxL4YDs_2nf!)iJ1G z|6a6RJ;378Jw!ejE60d@HddYySw%4|4}$;GR~C<+rTelXlWKqS+D}pPr%6;Fz|&3s zh78g|<2>kwo&R${MtO_+PGWmA8~r^Hanr0~2m*cd+ED3&%J^;1zc^yfk=PVk_@bi;qZbWmM$Tu@a>f zX9;_679T3U5ia220Ui$E-R=F&+ae3^{VymB6$%syEglVbN@($D__LL6hf$OcXpxU- zv=@!m$q_G#@nqg_J=z9}%4Sxc+TlsX%&c6MS4z5`NEVXe?-Go}+{)h!{QXpd9(-7$ zk^xGV?-@y)84(Bb@V=rN#6lR{N0|M^?d=N4krM4;Q35vMTk7#$hhxX?D$X*GZJ_9& z>3HW63*JGhP(cKmCD9=YU`naB>HjKdcRgN0_GtzDlEu!ttMSiNWaBy3p~HHLorS%G zS$MpVy#!9G>?Lsa6mo_~AB@w!p0uwg?dwVVaw1spB!~Nyhy2&TKU*~|ph&HjxVB#O z$5XBFtWKRMG22ecwtO0t%BEsY!621o7Nw)!JC|+@2Ym&e(kFrbpH`M)e`9Z9(v6*DW+EF#18(R6hWKyj$CxVR#4x!*_*lWgaWWrkZlSEn zo(AJqA?GoVN@PsZq=?Q1vw{#@6gXbO>;Z`{HSmPd450g@1=hA4rsg0$DK+48s=7>6 zAX~=EKqbs3g)JoTHwlaVqU-a;3zh$OB&*fNl4;ksF*^QkmFkbF^=*u9iA0Br(*Bs* z#zig$d?N(&WwqL|J=IL^+c@UXsvY`{rl}h^8?}oArxLOq(iEn_t z+-n7atmxxu?4)l+yY}Hh@<$n*exY5pw>0Tx)y!CP0`Q&IsJT; zq_?({^)fxpVFA3__|7@#T;C8S{;=tH$wB&`w%~6qyZ#*fgYlhnX3091+s^qG!fgu< z9%g)(9Gq9^L9b<(@(!R+2TNZfD_z>n?2A-vC1To21ho~S;?Y(LKOOLTt(_*(6#)LX z)EJ5~eI8H|q5%H2{}{-bwAK9Q8UO!y*+4Bh(d*0)93^2K$>ejcrp{ZORy{s8lOAta zuEW4O5*m{Cn_Ues*HMGBT@5hNQG+MA8eo>A2G4gjz!XOf{?65abfyNku>Kha1`9Rl zKbJlXoKvX5^Cc=6SXijR#jXbKF4Um+eR(ysqMpqA64ODa*_aHXnDaZ&qKwg|HeBtP z2FWQ|moSsG+x^=ML&g50%!!PM5*ZQw|Lu^ZJz4dV?M~iH&8nB0^wKNtWZG_v4P1}D zW2LuOqZEEQIxz~!ct zWmwv1qJ>E^=TuW+Ggrjk27wS*hnK2Bb@MAd%jYFt!r08)#4%-`WVZiB0*^xyT$^nv z?s{W2@w0PY`Pt?F{GeUMtujBlRz*D8c56RP9Br2sewsMC7JF*1y$|P!Pf}ND@mmi^ zxUE()_b`)mPL^8Ui~m9AQc?~==&H1V2}&DCN*gFkqit2$ zfR*6oIA6YmfpJUV9dj!1GqrxiL)_2Q19^3(t}0X7TF%jfr5{Q(p@E;<()-3_M}94Lm8K)o>2mRz9>x0pYIm!9MZ7CDA1%5Jp4e#AG}9$rK>i zin{yNmF32HL~gLE;2W3GOOwc;#g0z5p zZUfg!m|UQL8%24bieME!wL-_cQb+1eM%PWiF-9|h-=&lm__S+*TU`s><67WV%3QWn z1Uoscg4Jqs74BFGm4kfLUlnwl_$S!M>Y$sHR~DG!h{9RTQZppVv=@u zxcR*6r+|fx&SU99u+O;F8sL~jM<1YQpnk5FDbjByAs9F;>8cQuH@Qh2bd!z>G1=Zt z8lanWREWvD-DEO|Nq2?V?BV(;U}4i$Ay&J()fynb`>G0oqCrQ6MXfq&Z!1x4fWHIV z0v^x-$d4Z|{~);i&gx`2oan%!)N4DMyJ6sOMw>vm8_r={D|byVAl!8xSa8G#5p}cx zFjB9~s0OH;&6L&qtU(4)ff~#N`53iswgJ8@M5O|cxfbB(EOpOv@hGW1A(06{(KrD; z<8ki4c?0W%682T_2#MMQzc5$r@QMX)DJHp2u}b1}Yb(4z>?4t_Ci~Z$n+)(P>?ZIA zi9U4QlS6ius6X+pu^~SBzQrjpXtW9VYro~rsv}miyi==(auBOEfsYx@fN!}L;O0aj zt`*$pT7WxpX@S4HHvCfDH?)Ft_2(4Y(-=O1&E&*JXCGhGME~&gfJ7+*g;PtaaO&3a zzna`6ewRe)(d1#L0IlUHqKQhGETq1r*<`>QCH(Cl>^DCC-)D8%vz4A0OH`xbKH>@w z98{>mqg{QBV1d(<1!p=1Zj#_5Srm6GY4>y^JZ4U@|B}K}y0BmA30|s3S?BQBqj%$JaUAtWTVy+YV0Sl4=9(N_c+x4by~b1H2kd4v14dj6eAcy}7ku3*@N1(j z;4#-GJtNwb@*v*;TxPTlEOKq9`75u@*OdK(gsQ=(C8`?e+tktrRyUdf`$#YbXS*8s zfYBCkfNO!XB^ZNWbM-}nZ#%tK@I9x%ZzULm&${|K!OKp8*Kg();ARpf3bYG#R9elY zt+XG%LxNk7=izEJOK_ag)_lR~PJz!EEl*3zZ$o_;QKDAi-tq3bKBFYTHTbMVM!<80 zIvP~@lsB|8jpg(WwBtyavf#}UodJNK7V3wEOHG{t&l_#NBtU2guCgHw+v^MZjW&TD zjb^}ZuH92`f>Yo`qZx3z(Kc|VgwnwCj8}Jk%AI%iJC-jgf%_zy?~zwQS5#|zX9MCn zw#e}f5_K5hiM93=-OsgvC)NT^lb8<(DfRKL?j}8Xtyru(?U26BM%u+BivCH#1y1h~ zAkqR$CFT$EwClrFAdaTmrVJQ0+OB-IapY~wKfXmbya@-sHap~VwEaZ0*`e(CPMfjGl}+_BCUd3oGuB9K8WGFq z6IKI?ruh$e;IVo%Snk3oTEC=r+gQ7dcK$)84A{-IO~60u-U4u}xrg5mOGG~+IKgQ+ zt)}>edY5;RE)vyIlRxjE5XL#pNro*Sc&h@9r(d80sUeQ}4@zzMZH4<-) z#9LQ)xo@)b@AGH^MWXe@bvX!a&Szf&MH+5!$T+5|pqGy~`ajsV4AiIVhEi74=x(F~|- z1f>O5Fq#33tF%ARu+}xK7zoxingR5ov=seWpEv-+E^Sq0Pe~b^jV-SxiF=C8D#a!# zzQMva3EQv$&GSmH&C=DlBs!7v0kLw6)dnsxngJfRU4?DOaO&Ja*rz3;z~7B#z*d$_ z8}P!j7;V``I#sRY;uEnynL7Q+)ag&Aj^0WriX`{&7E|X!?W}9);Td}qKG#^?`GD}u zS3BQc?b(~h+vAe74^z$c7mz%8x? ze&kwUJ9WI80oxnR0ERu|v_Ml-;JmAhI@K3w_;X^IsE;=bzP{-lSi={BiwK-=FG(~S`9DNL)|*H!`A z6X40&vOK_#)4q|kZzSy-N&9lT=}ekr@D3k0ph%{kIIAbl#y@o@uDpGJUbWY!0n1|a zYu_3kKlN9gp;Dtii(w;^_gGRHfKv@GKA*86X&R`nG}1kSVWUmpJ+1}lOf`$}q7l7g zf>culwuNFHDq$4CyDfH$*h?&S3-BN8%z&dTN(=CSSrxDq0noeW`O6?u5xLQmy6OUG9iPTC1eUZANX$#WN%kh8*08jC}9?J z-N-c~oa;u;<#4VWxn_iO-N-c~oa;ue8R2(m(vUrz$+PJO&ST_WA#Njy+eqRzlDLf| zZX=1?Na8k}0{`T}yZUK%(RTrmJk}xOFsJMFF3< z9Y;R4{oBhH>Z#o&WDicap34A+Tu<~Dj?#@i>Lpu&^m&&79}GR@FxLb0s@c=8S4wOJ z!fvXP=;TjIOb;2e?#zH|Ll60$>wzz*Bh4OiiFYpWL3OU_A?*6{PfuSGddRh|2RI^_ zeauc_ZLHgo?OzY>_<_3fwHoo-}w7_ z^dI(-7Cf?oM^fm<5A0w_ciG2C{HY?8nC!$2O6=-tQ)UbU}!y8E2RGogp|nM}^j>@!VW?7_KlJ3s}FjU;a8xX12b z$x!h+s#t>s6vfw*B zFPce=yRF2)+e&nmt;EpVN{qd&M4q-%jedF(NRn09$dn#nyvQ1yq%P>I9jOoTu9w4C zvMycFcp%GTEI1GDI6uP=P)^)#*-=a9Y0lNA z*R)_r;2fBFU;*dp9sOeVMW9!R+eqRzlDLf|Zi8nAMcf8EP7$|}#BC&T%cETNJRq%@ zuTaq*02Ia7lO*a%67?jBdXhvvNy7dFP!wN}B$6F$;@Y>%tFYVURoLzFD(rT76;}GP z_U-bj_U-Zr+gp=;vDl97GrfB@%3_&DewOzG@Lr=CK$j@}NKG^{6D2XEpvAnHL5|x> zqy}~~ngI)33!Lg&fU(3yQI2R-BO1ksMlBN~buf_ZL10VS+nx_O*hzX`WPZxp~zQh*R~bN6p19vqa@!ZKT?T8tGunU4!6O2iKf)xn`+c6ji?7_i-H9nD1@&{W0&e3k?b9%NiMS;FF=KUkGEHW;O0Uv+VH zDX%hm=*X8O`kJOs->&OT;(bgK>#^_gr&oHvzs-#eUZY;$NrI1WuL68aUXx zy$R4u(pH@{OlN(s?o4B6DH0uBv58)MoZkB-zE3unp<(?GTwpW~RabLnZUf=4QfjuRC_IsNf=X;6o=bM0& zj1IrDYfpG%nc|Jg!>gV%L@KDebD;@Q*ajXb>C-1}j?*0i+`q0MBRbWjF49iox4SN~ zOVbu`jnNGFt!sftTnjvJbQpNq=(wGP*Zq7maEOFX;#W)IC;BGfLZid4?AjB4yG-$B z6$|mCnIEa76~=(kgeYtS`6N$t68toYraaN9CUxQceU3amDbWG34z6JhTEJS?U`&16 zxzOY$Z_)sNBGG3Hfx=S*q`B15)=RuZ8-61p5fDS=7xrm>+G4+~d7GL0Z)kf;)e&AH zY{9L6AX8uXFa8UO+ycLrsJPkVg{avNgrDxlg)6~f8))~H$U~*vSBkmaN;ZE^mE{sy z1FM?1=4yg{omM_zzsJ-g0@x|NIqL{Fa&_2ityoT1n_o-l9`H$gsMiFmSeq7Z_Lg7) zdgvs5eHWUno8AyOK(gGiN3%pBS97cN1#fb?tKc0@BPYjQ1Vqsxs4dvvXaatHe|pzjkbWRByIz{%{KtImm9jHRsn|z7*U4vD#|cX z@Sp)XbmI0yY5Sq1{ZP{W@My1Iv*qpbyRZ4~&q2bfc;JRY4H91JXf5oSFV)$m9s<5D zQG#WFPLtupq^iMu&@g?|rw4^A(|Bd*xtrP%WJy|nw4BrT^@%5=G7R?W616@1G>)xew0 zQ+A8s0jKzO|Ks&cuRn3RN6(X%O4KJnU00ww-rX(ulT)s>H z?{zKkvP8+xF1qYW& zR0FVvXE69W;Z6kyca_KlAbp&JGUD{Og><`Ifp3+exCxzM7=m$aLj zK{-z0|6mch0N$Y~J<*2;_cpU(V6ns|@iVG1RBc2g*M)1Ist+^> zsa0)(ubIpK9Q>oHTL95y0T6*61K0PU03EG9mp5B_tjXWJS)~lNvEJxMT-V*r- zt~A;Lu5&H$h-;(0{1ywIcu5gY;CwU8fZL2VfqPvG{KB=-9^6l=Bi#aUi*{F!LJvtHpT7N7j9ng zgM~jR_|NoyX0Ou1=PNBqPW2?GI$sc62zPt5N(`Uf0%1wI_T}7H^Qsvv9 zlQ(nCHdM*?=L|3%sm9TtX7gL=o;H03@WYTYiEcKN=x1Arj<%KPXpLF`x z*11E#wi5d)c?hGRmEIikpOO_Bj=oKLb5cFQ zR(OO~m`bWJW>mTDBI%h~3Ip6FDYvomi%QX(v+|TgU+6I@hj4%_%qQi{$&Dqp6~eqM zw=x^AuM~}(6{crt5l4waQ7^9xbpD!PVY&=SbO4?V&XuUj0|kc~%>bs1>SMB;BEcAB z@0BrA=8F7p;c9Ba2@_;CaAgYm=|_hdMQ0~R53a^ei@lKj8$C#B=woL`A9q%`C(|y1KVE&8nln(MP|dkB)~&`~q#Fe6Aev>;Q#6Q=%~dcx|g!yWcl8G`?46 z>^v*lFlT`O&hOD(6Ygwz#H-x!LMC2CFP9fQB?GMQ8&zK|kSR?x9jM)3Pg3!NOKj9fm@Jbd-PL2e;8(2n zVuDKL4i&OzQc8q&z-GDaB2%R-IMrVL?J?NGu1)n6K1xhL*uUnuyxI^@4qf`0iW@m5c~)e~>^#9KY_HqKp3;;oT*Yb4$p ziMK}LP1*XAj7_M7Ur@zgwW|Ab@EVDx0-zbp@DguBqZ#m7*8=?Nv1|bnkuAU%iAf7w z;9B5f*8;^~sw0Wyhfvhevh+*tFfb(E=RF=kO#4C{haDov#a^|~>1zE& zi4Jf;v4ibH#}zx+K0C@89j5+_qzzT~jS{8W*j=R_XQfwv%IGZ2TG*^wOKl#pcKtcH zR3g{FOGaD3>YVlU8^(hDjkbV8T??G%+G_-SZ9QEIPV!C%`08-E0LV|r`YO$&|C4LT z9TfN~3C_UH&GA?R^q+Cas(51!g5a{V2P)To^@h`#MTX#I63sgtd6!iU=%k}%&R4N3 zbD-$e8Pa{sk`Y_0u+jD~vXQPLcx6!g#p|=xx~3e%Aff5&iwSfChC=oBx(xO&8i8k;tlo?yw_>8^^W9f z_@kp50#{Q3l@={MhMl1&=xnC*a4Vy1~>(M@IewfrT__$><7mLzwNv!mSXVw|!Kd#}mB`gqg2kpD$iZ7(eVgDXP9GLL zE1@9|v-r$B9Nf|$Y;7gj%jrzPEQxhII+@u+KqOZ*q`4byi1~nz;8`GHXU5g((TW|EsYQ4;GTs( z3hl(d%lQ<$qRfEz8f^j}aV_uVM-I{)9V@m0~g zN>uNA1cVYL+SyL|UCWD{eoMgX$TGM^@I$Bf3;ZSR><^;Px%Oqjigw$Qy+*LEQ@*u( zTcGJmpc8n;JZ%m5d6gHuLO@e{gdD?PABR1 zh+q1YhqVP8INe$>%_;X!dpg}$@II%92tMlcKLnq0dbZ#^rxyvXaLO+W-stp)f}c74 zt>6i#&k6qSbVW^>)g(%X8N}DHiNR+kt4D#)C`C&NFZqf@?t$wi zU9Z^KfoZ<<=SXz#4_s%o4MdBsui(}e7M((CTTA2~*hb>+VN-nr@P4ChV6M>&INoSE z$Xc_daypFD4@h*F0_IBaKb*t7d0MWf+B>uXl`_Hx5&f{h%`>rN*;RZGiEM!VjJDn^v{v{dba}ZvpdhR*&r{2d;h@J(lpRmmzReMTB{ll(-;#k zn2qUD84e{;=A==E?B(+!%ABe(Z|k7#tNrc6>W=bE6&5#W`@IsC3H(s0>WK+}cWEPe zX`_wfhVr_XMAHbk#Apk+T+&%c`jC-elCEV19Z_=~#yGBk%OrZ#v2bX}|S5)wurZxopkqz_S z68aou^4PdUGPXiGyGyX*Lx;=-+YrgwN~C8iB1Rw5f) ziF77H-mc=9!DxeYlN!z+CBYGitt1J~A01UsT_Le8v(zPYo2?|-&L2&(oj)205{CRP z_Zc#O6mqpha~q%+&DBKt{&)2g)VCn5Z^39%--5Kh1*1uQ3r3Ur7NqqpSgyVm^_W9- zEEt8nU7{lzu!qqM@K?s0z<#a;K5DcH9PL_w_sZn~IK{QV7hMZn;9B4+*8*3&7P!T= z!0oODe&Jf+SFQz~aV_wiYXN`4*aY_QQCctxxm=>$07g#(`R|O;J2lr%lE@rj+Q|u% zZk9xpFYh?hXcnU*ZOlE<+cX95mB>R3lC&{IqA>wQWBSRK*~g$r3v8j3HBc8=DaGu& zU^FVwPCVf6 zq=;oBNfFCNk|LIkOi;wKvIyP(Y3Tpchd(OoI%OB??y7e4BiyN@5TAEha=nFf;`?c*r36HkGQzglj zlwUwagTOCnvRy496Y%>IWddwycb+X^n$ZlH@7hlZzUCCTL4phLHdAN7KaIA4Udtu} z_UcS5QsExqR>ghLQvg0`?c2bYjAnqxZ4+QObJYg$YJXTM{nd7o#cXTWtdtsO_11eN zT;`l9Jg?xXjd;%q(w`_%e*hz9HqUT@@v%d}lO>vv)yt#lt&e_ALarW>&^@5s>EAH0 zmeJPh1$?kog9UKksnq5?B;*sdQUm-(7d~*oqSaz~1hhu|`KyKa!*Z%{sNnO3?pVLT zIF7f{m$tniQO&^0HWp1jNxi-g%kF}Yxi;E>%Va#sEr5p6^4__p2M;?*RG0>&SW0a& zO=H`MdhU0sKLR{Q@MWjKrAAw~3x4U^Xrmgne5J6V3$VS}j9L!}{^YdNKGxP$djHQ- z?9ahIn^0p{jzCtDs84{?wf||nuN-+%WJm4FwgNd-LR65y71@Sx@5#klcd)|gP3H82 zx{^@an?@kV`PBtb1iNWuf?zk5=aqje*qvzwcP{7jS2~C)i#takk4jWOP*iqj8B9ZO z^Dk-xC#dh@k+aolPkIktZ1FeOm?+G}Bam%ufHL6Yp@$UDkb$BTE?zF*BCm^IF)zRs1tx9izUlt@q+i-k`c&1z1M(O`FvP10$E!kM*ttdRQXFr zAe10|bYx%0Fp~6a%|B)sQ;(CdM`nHfj@Q5T=EOzoF z4x_|d79d|Jq8$_rEEi1nx?)}x+S zr>41*SdY45J!*^fBDQ^~ZQLxft}JXl$->r?ENnf=!q$^4Y(2@s*8gP|t9NB#>q!>2 zo@8O`Nfx%AWMS(`7PkH`v)H*S3tLaJu=OMhTTimE^&|^hPqMJ}f0@P8Cw0yXTTimE z^&|^hPqMJ}Bnw+lvat16&Vmbrn3?d14v)z2hzgI0@Q4PFMSnQ#*b_qEeJElN*YV(1 zJNmGT+e&0$E0Kb&R5|qLk%Mg@iJK+10=Y+`ofr72gco$d`y{e?=0r$w4865Hh8Af? z>O~Q}wZ$V}xdXQHoEMHjc9BRA6tyf&Ygssw)Ut3Ssb!%ZOW&!zTg?G>bY-@1B&loR zNOZ1kiC)yV8Hk2(Lb8nQcm~@{S;o2jm%0FXShA8nVlvXVa;80TsXqX>CNT#RbKx4IytMwSY2rKouK1!v~O&bv&tdb{Bu(Oh$OZvKC7JI zZF@SR4UNeZN!a#nl(WjA+-yfhPLZr)wM?${PN{8_qu^H(%p!WIr^XND?x`cU)YZ8= z9?U~;|z9?{_u93HXZ5gHzm;Sm_V{Bl=O zqd)i3&UX)z$_MTG5g zaG}0E0tVJVf z(TQ>%FJo%x&bpY}w~lltd!y1)hu%5@xx;eI0Ma!*3HSMwzjXw%nnYCt#jbGcNR(nN zq8M9=a%?3EvX${lVyEofF?~QLDCfcD$|=%*&?eEgp7w(y5OP)8WXi`%l){4}5N1^} zaZH~i{oqKF^n)Y+2T3oTDCwo;%vTai(>`4~LZAND(_T6PVUjCtGX0<*X_k&aI0i|d zB)#;%k@N)p{M1A#Kb5BZRGRWrmU3};d}<`=(Wk6OFY%{^%6gOb_X_uLDz!W`O@bNE0X?l>#T5K@0eT(G0lEwZM(81(v!N z_=9T!z6o4sM4)Ljn=SZ|Q{bycTfmL31=i8=K+S+R7|novTw5L8+Hpuwm&5@w^{0tydRUqtvN3j7m4K@fHeZvt#7;bI7UlSJ9fFB72o&(-Wn zZ@P`PlW|g41OQc-JvrCrZACATXh#C>k@(9uu;bOk+5k+^$RSBM?!)EFOVeZ5sx1kV0)k3`Sb2UklU646Y6z^GEIPBR)DA@aA%Z zh%GdVCdIVCsAG`lDe6BYdME0A>vg;nm2BB(!Y#W`xMj!AE&4R9o~#{VPuIo_`LlPg zjhAQp|B?14@Ny05|NrT}eUr;vTtw_N2_dnxh<$5&5Yi&KHwZc;1VNL;E@}HZbi}^o z_F(KokBNPmwv4g6W8bxXo8ejpgW>=F)Y7N!k(uxJ`}^1H_4HHks;8c+Q>V^3b=J1O zfmKG<&MG54+m_~ZGz>wBwxC2?P=blI57Y4B?y&nLuWM{)dU-%+G-S8FT(`7s-HfqY(}L{~R%+bP z8Dryy&KMh4kn4UP)7P!}x{Gq#7NO)>90xD4hecm)vIVMN(>{$v>ED@>T~b$@XhG^F zL>AKh?ZH)QeMHI92iat)QD!B^JA7Za^iFu#6Jdl(U5KQk8DsB7KWUStu|4lD~FmK zqWBDS)x|$R>)#TTUP2$`;>mV|9JDDDv?&v`DHF6Q6SOH4v?&v`DHF6Q6SOH4w5iX~ z4BMl4(55!EX-C^nZEDk5F0MB9*nVmY+SC@bsV!(zThOMqpiON-o0^+KvOS45wFhl# z58Biow5dI4Q+v>+_MlDeL7UoxHnj(BVhL?XZX7=Szv;`G<1N>1#vOgeAxX{GBwd?_ z^fM;8AoaD0c1hWR$LoX)I!&J0W~I(D(JrYuHdRVXi061gbKM%Ok68<;AFPE`3&Rv| zQtA!L#hsGt*1+D-T1XvaEu^N|R4Mfw<>C(H4K|YO%RvRH*Q|xqdnQ_tQZG|Zs%AEh zcu(;E(!u|&^M9SE)uESg)bG-Dgnp3v*d))GB&{_?vQ!J}ft|`EX{|Lj>kSrA8tu zC_T<37o_$u(J@j-Bc^h+PU7$(b(V>ak-8RtG-J}eq&;R$q#k!B z8a6Fv*sw~_3n4U7YLH8oUehK^ZS9h!$J%762`0L$wsZS6u7Z@^UC)?wIq_?)MRE}3 zSRTJ&#*3Znj+c*bN6|`qM2H8s^^@l`|6@eQ2kBmO+Fy`5+zi0k&HDOm4Q|4z%>A*| zRdY5XsZ&g}AT=A|LoumtMXt2zQa9T4bhje6+jJ>if-oPJQRE>DnQleg)d(p)SxXN~ z?O~!_6Hsa_sm;a$KB!UhLHo2={o_LV5*VpclM%jJF|%8dsWx3oen~%}c{=F5N^8lF zFrEuiJ&4Yoq(3w9*?H+Md?;O7ZKbdCzRgPibx@O^MR@i0Thv+9p zm#!ncusOI}5q+jYM&1EQ3XGm}nd0j+`pm4P9x~A`sizS$Y80{WIdn>Wh_JS-2f5|R zc785JwEL8{Ce0^^Y;%=yBf{{I`UAom9oqd45nCW0HhLh&ggRy4MYLT=FKr#@d7SNS zbRA`yQ~5QaC6ceJkUl4%$}4mG>^elNU)sK3S9pu4z9NHb zS=k`lI)d%5ri(SwpD+c+NvXU(6L}*;$;@Ss$;=)=ImS3vKW3LY|fNANz> z%H4`v$IT6#A!5QsE=&C_lNS*dP)ap0&f=Jq|`2x?j1;1xn%JWLVskWUqSk; z{dY*v9oasKQIsd?TtxjStvkAUl<+?UnUAsN8EO5q10JQOA$;)k_-;k?*azuSXPflW zaovij3T`|{>Vfr^>lU7mU@E1`jf=SUaW1*fQG;xfS3=Zm>2;C$HJfC;LaJVo&Kk3V zluDVp6d7*Q<7%U*%4wcnZ&eM_|3v0jgDWHRJFIy|`ftX(AoT)5O*6X{(IWvYt<+~G zokO-Fs={~7y32J7zd|sTQsu@)+`_wEa-w63B%g$++0uHRcRtOQS;?AZr0r9&1u2y> zbtz)s4-IxAG=St?5Y-?(4w+94&6biq(3)qY^*2f^m6V?SrKVZkifnDurSx}7W{#tX zs_-2%e7SDn7z7tms@%9}Ru?Vpk`o>GD@du7sY{Ws zYny!#nVLBDQOUr4&f4n+^zYDuN_;%1^V`WUszNHZn+RLZ^n`Rii@W-nX6?b821=s}gXkLiwS zb*1OiuThl6PTy6cS#8qCA?!S*jyK6OGSYf1x|No*hfwrZla)MR$=41xr(OD3ghPZc z(C28O36C;Zy0DiN@8O8`C88!t_cLZ=r1~S8^GYvb;x-toJ3V^>zaK0vEp>{f&#G62XOWr}o3?O;pmi?t`&R9`$z}C5Sz}cgiW*^~Qo7&~oGdUdBJaIFm-x+J zZm5ofkp9fTOhV{d4)!rl3Q{MSX!GQQ4bp_KI8ACLOG_?2(3lmZY`Z$uuH#Lrrl>AF z!D*4s@Ay0D@%{K_xW2IH^J1;nlD|S&ZBi>!7kxHfdMHBjFx0v>suR`o5m|T_zLgw^ zDQ~|+nCq4f{_wA4%8yg|r)^Z~HAD+Fe^*m*pD!hfPib6(sP#{w z_11*qpP==56~+68phPApkqJsPTW?DSCE9`#Z9xf|Wh`ZsQZFQMokMA?JMev*kchl;OR#{Es!SgGG2+=s2q z>Q-!VlTnZw(9G}^rc6ajpU;uDLObq6G}feb+LMZQlj?EF(y!WN?@~G_nNdk=(!4C? z+kF{Xw;<{QUxDJj1}gIv^ywvPs4u zI^IXKY#J25Mfb-@@g33QT->|)Rf$YcA`_IL=fV)w(H4|w3rZvgPf(&gDA692V47ru z?;g+k*voQeiTLywdPRhuky^(j&n`;4g&rmMx{|3C^d;JLz$jH!Fde`>JJ%Vw@wIsU zI<>upkR`Ps9yqU&)44XP|2380@NDN-*Bw8m=ug&*lxtf-Zgd3}=TdUTx-oy1`kqae zvaO$8kXB9Y%!>OR9xXd4b$GNwxJ-qh`-lj_F z87G=3b%jlpnrl;~ezK`jKigD(O^9nBLNteH@JZ{Og<7T7N6d9BMK-qSo1+f2(b(62 zO~i39F7-F9_IaKEkm|iQ+o^vwQ{$uunVOqdq#!~DrT0?RZ_+ZPTfBXrJpkra5u0eEGqr%cM#HY7U`m|3>on#7dtp$C)Eg&_=C8JERHRu+~iHKZDs}MCv z*#g0#mb8(`-qu8F3c>1|>5_)>CDY6@?QB8jpsxKm{$Z%yuQ zzqSZ#ssQs4HCI|IkCIYvnrN5QTQ*hd3!5tSy-k%`#5Ac(YAM?~5`*wCah<~AT24N+ zQI%|;pE>C^xINGiNG+5ehTukOBbz)yT5Fk=F%flui58@ewW(4kA^4aeEx}mo9G8sp zA+-jvO%bY*vex5#wyk#u@YlmSw$W{}&k@;3|AgRAYEiatS~5yne_T#WwnFV_q6Miv zY^s$0k{sia(#M*3JkaU7C_|ccnCq6dUOMB3#3ocPizx{6dv75pO5Pahr*mX(R48s+ z)|}XJRf49wi6bWMzU7XedteJT(=D`LX;i`**6f8Dlp`YeT|~)I^ia zC(F=k7taukjoTNj8(xQc+_i@7Rwj~QE>5P{SiJ&JfmFjp$4J>FnNf%fH}?{_vcVLW zu?Cv-dnP_(?1$)25q4-&i@U}2zWR<`*{QHC&?WT+(qA`u#`2Gw0<|VFFN=#5+R3#R z%{Fod5nfE)}GI3lDVX*txIZU6D>&jL7+9SX(r1rRW#9ploswkjR9MsynliLb4eo@<`Bl+C7;+tEZ zELL2d>GO#O;Y|j{M|N=N{~?y7g>;|PN(lShsev)k{V^(8`!i6t+o;r^k)-_sq%Cbt zw1Et_(a_`Stlo{xm@RCD8e^lOg;r0R1*chBJp*ktw74612*Kj7sF!S%Ul(SeXCdVK zB%WI%x^^0}l;;l+SxA3mk_%Gu9E@mtCD7jC`3k?(FQq09;Hjo>+g33@->vaogsie$ zw_IQRA9IzX+iJM+&Gp+1pAo|G4TxGL{Vu}XM9Nm(DfO*Ql_%TQ=H!KoC2oo+Pimt1 zj=b+i1L{ZZI9Z!g{p^U9vd;RfWAE-b+G+>bo>HG6tj6)uc6YOaZl2InGc>f{P zx!S$~*Vfh1(xc7g_JY*0CfX@=s!f$T4be?J>5CDD-YYW|dBDO?GZlFhp)GHqbf-n$ zr4K+DQBwA%NL;9AZ4p;jvTEK8&uh?xRWdCJ4_7)Df_AUPAOH0CnXs2E#zREQ+RnMXmZ5 zf(I$J%Gh{!^Y6*4sO2t19;E+_;6Z9Dvp?;Wa@QK9j%3x~_r6(*oQYt41L}1X?Ueci zF(!)qV$-EgWsRA1MQ%dEW0P-YAN?B5(376jA*H=7<66pHACVenQoE#b2sKq;VX zO?pA9Xc{q2?Y!4UrS3ztCzP%ul&sErl!$FxbB~fTOQc5kIlI=0jRO|;p$tS1*1 z!!GmBO^%%o* z5ami=icnta4<^@SEb9c|qmbi#x+ znr)9CqxO9$-OGaHS<6}}y3?SuaK&{yYaKQ|#q;PxUHk;J9_~~6h3Fq$JoM?~fp2r8 z$@$I%zB7UEOyD~c_@;(mhrqYFCFOj#1-{z?-)({Kw!k+#d>hn@JTbyjcOi>JGdlV$ zc0@FAz?!S^JniD$dyu#{vM`U*gz5Sw=yUT)w@%efiC`w^HdQyRY}e`WQfdyiaVO-uwG!14Oibhc;3EJesUI}fq;-GTe4$hk zyHdj)(F`1`1>q*3B@5Hz7B;Vwvb3gSeS>(~cvAN$YM5xM1GHXLzsd1+8}J>M^uaFF zdm!q|6ZNHu`m%j>JN2x9^y3d+^>@IEt9$4gdF--Lc|6BP1afE1?|Sg$XkiaBlV435En}uce6*zof{(~Z*s2F(T2^r5=G2Cx__W4 zJ3&7FVg2+uHPa0|*|4s>NuLR7=w*1fH%Ujs=UWrY>`j7g!rs#JEuk_OK192^eNt!| zR}rTMUeo4AVbW`y8Z1Vf7&bgk?c?>cU$-i4Rzb4+;?zD>`3~q?l~3(cm0kQFs8Fj& z!|8;?Dq_u=E|Lwkc#}RA#umB=~jlcelDNOG3gwF80yqP@)RuiQfGmEYyGAB<#x+rDHE$ z-h^E_879cW+60ScE1ln>>ChTGoL{p-i~rQD(1y0mr&;z8p6K!a+$^&Y=0_d82|@=; z>Bb`~Not^p7If`fUw|idW7K-oMAVcGel&~y#8?%ibcSdy%{)QmH3aukXL8DA(tXk9 zHsuq{a{#&>rM{5<(R!8I)6_jqYJU?gNX<3w$EiyDH=0b&sb)!pfv^;6u!$B{N2vk9 z#^-B2iNe9_bovVhUXGg8t;pF(KQ8O^TW2}*dfj<&e_h&9f_KpT_>xP|J?Vom)KW;R zk=nkmLf?SUA5yNL=FLjBzRfmSN=rbW&6}l&+8+*BZbL94m!}&vnPrP?I}B}Wp55k` zSn0l{zbcUlN@Ri(_;I069rT_rK-Am!?Nhsvn9^$6%BE?#ZfP}>@pC##55Q_!q<1%c z(kXYlxJ8tnh|pD1XPW4*1|F5T4v=>|Uyi!YL<>^S*i@<4ZE6GcvyDo*zRLS0p|A38 zx$(#UlJx0czLG_mylc6%Ezdu}x;FM%J2+a5k+7;A!%~NuXmc^_`2QKTEg32+y^Ap_ zNLl;l?#H(5x3o#mjL|hxhf=Ha@1bwc?fNhdc#D=N$Ex@sZzQN$`Fy#^B?TPr1Yo>22%FsW0%wfo4POR zL=zn+b(T$)dcmf~EshTYT3IF>OXO^i?#hp>j@CLOG-Xyfp?W$cYg7!MChbQ z`euY8QcocykCYxug);HMH$*%T(Oo#Xm)-%vh13%!+9eO>W;Yhn{V0xwlpF`gA2R0~ zRv>jeqB^7xLYO)nf;!$r3sRTcR4Lc^QPPW2hYCu&YqnBrnB>_brME=zC$)=9mL6l0 z3sSbB!5K{ti60&r&S$6iH@K|$A2s_ASf{)C@~-`u{F!REyAjmddx(d+qOCZF+q>2UW_cp z^%&j>TW7foQd=ye%OLLUFdcaCB6S_I07mV<{PN4JWx9p8*j%Yw5#5xKo`;wt3EBl; zPn)l&c|@}Y+8K;Rs7vZx6W#SZlv+nBzb2&2)3r+M@UDE51DAV|KM@HEwloXQZ&{7+ zK0g~n8d1`D1XohKA<2Q3C2bAFne1qz{F;z5#gmC?ys#3M#AFDftzsRt8m{;O=nGtY zE_w*7Q0YWX0F_{a@noa&Hwft$b(ueaQe6J~i)Xjb$p|EE9I9=Ks@)FpMHJuJ@UF&% z;<}pHKZ4~#pmsKW`o?+>YVb{nXT={53ka5B5#mOOw2Zz81}2c?ddjE7ebz4;Hz(8C zXOVbCes*R~#`mPRh#P22sDXb&e7@peApPZ04g`7_m9 zVFCRH>nL6V_P1)PdYq_~`jrzZ-(XVJR`nNAslOtOzc%T|ZL*Z=CV7Hy1J#%OhuEM*7d?Dn`dWBjVcLTmNUhzd$Sh|qK?*P8KhYnr?3-;hla z{*Zwd2SEdO6@;U=T4DQPoN7M9rfOfHEdm2I;#C`!(#p~YPNqeJyA}T$Vd5P1Q-VP2 zZm1GQ^Mc1>{At1BZP~R4M7e>B<#!sq%xVin>kJ+^C^c~HFMe5kxzR%gcl&kiooZDt zfi#^8v~2$ur*U62rxEVB&}YqrgQHVDu{**nLdtf^n7C6q<4)=HV;bAPVXKZ|&19rM zKuDJQ#6-tPsX+{rxLv=R&0$1%8hH=FR!Tk0E5sSzl;HyYD$O2WNNH`^Y0+{f+4ptVdG60tfxQHfs<|MyC$!v(yuZ2Hyk)0V()Tw_jstEpVvZ3T5(2c~qU z)Zz$Vwwcwfi0#hcIE8J~rFPv~gL@*lm$EBUhm%CO4t^cMPD&lgbCv4Y=3rhO{@?Ye z8O!P>@4|Q4|G@N88 zJdWc&O~)&&xdWnMCizR#!h%MdU8T)cM@qChqOH&Wk>Xjz&kvZW3F#KQ!P+kVYWvgr z+5gwm8&&+tl;NhWkNjFYFN4T2M?n6)QSr5r=22FlCdCI$(N2gjqWC^Yvxs0yV4(P+ zp@E=;#6Cq@SnpHu3exl`P*21~L^>GwB8vYNX%-QvgW@8~L+YY91rrneoW^q>?Ye1A z68l9Q`FER>QG6|=zgUNEf$OGVHlV|qDZ-y(Dz2XKE)?J2Gx>_2WY|uC6xR-+pC&+5 zsrb2w4hJSd;JUQfe**&3t4hn=GaFDp^`X8EYxm?sjPnSCakaDr-MHNxq5P zhY=-9|HWAED&^WeK4|xNl1)gQzqwS+SZw!pN~z6MA+@K8c1qcv9wVh;#eqXgBZ#Sz zTBeaeRO%xW?Uecip^--GWSRY;Zx~TBZJ6JR_j%FM#BBR^Q=>HM-Mp^LM0b<2O*QS) zFvq};cIxq?m{bj54N_92-a}|#M*0hrT#)(_8K{ZYY;LA&8sMi1gIDTSo^I{nOsdr^ z)vi+NdQ#&B+?D(|wAk_WCMoo<)W1x$OG;&VZ#UDdvD>@pn~JFk_Flc#fgLru?lN($ z4;|{`HWo-RLH`_rkH|ESQuVUSoah=scb0hJixU z;3JV%X0seq6`hT+sY&`iH9Y~LzkZ#s>U+Ssh1 zu1!(eX=AIRF8s<-A$DZ`y4E@>NXY}6KA7Kr!$l_HdCipzMZKQGC&MNtvC z9H}EOBR(v?0Jjj3JTe;b;oil0MjUw>`5WTHHv_mQv4oW@+J_Pgd@hn*ng4i3eCXl2 z$`ad=j;wkKy6@9=3uVj6L z(>ynVRO#+&aLuZ|7|(CB96iXZ!SWojJjXDkhTMVpFm46*dPs3awg9AzJc{^m_)2^a z2WeTE)sFaZ9Ca33DbtT*1LDJiq_2(Sk+Fym`oPmKNREByrosL*N8jd=niFroDAz8} zM|zMq5g&dc?qwzRxH)7?q=1x=Gm!HTA68q6Jsna+N{A0V>s0A*ay>A9`4ir?U?0NDmUN#Ck>wNC~MTJ;-ZFaWI#^5v@xfwx*2AE4_w1 zw@Tl9rG1BNPWowx4`G_h_|S{5QucptgSW2?Vt8FTb$)a?nZnVPX8B>{gDwXk&kHo_bNWbThZq$V>gJmKp6}D zN#7X>^M5y(eT~aoF(|j)TI`S4#wT(P+iMkBd!5+tMWidgOuEn4_MXKiv{U&HkUV*^ z^)}v9H<9lIDPEdGd^oW`uO2#i44vZ`nh%bn=g=3!2H+FvMjEWU&w}-*yrYm3>vkaN zWu)e8T7v!ZL-VnbFWG3n?!%)TEAp%-eO!J`)=?h$6H-TpF5<21-wW!W1y@J5LVS31 zGsfQLv;#SF3;GlJHt%zJz;tUXd!T0_K76z-`)TA;WRdNBDlaiG79~~WVZ?`dL?m}2 z_xeQiVET3gCz>nyupg0wkrHW-1nKX$aOH^cdoq3gBr=G(ioWnZjj>xp>PVhGDIg`J zhV&rnqasp4oea?r-XGjNi zEPvs9=-6HT+d2752<2XXFDIj zF=Yr+VZ3Qy-NRTbu1ACn%({{+i}-LldGf7)Iph_Q=nX{20j*z^8H(*jf&IeRjY4EoLX`J>kpC%leuK2o zrZ&Wf#VKJ1UZfW}o^j>F1#FWKAr0h< zVEb%kzuV2WP@pY6$R;e`2~NuBE0MjZXCljRFj7O_aq<~@8|u;Dd;XE_;wr|55Bld4 z`5Zyt>2F0#h%9OtVxdI7&O~c^I4Ox8qe{=VK^`F;CAKWQ2K2BhndbMsS-$5T~ zJQVO#LMn**%KP;G^aq`$40)k#9abBB(4TS2PU#XKDz2_9X?a9-g!zwiJkgUTIyOjr z(5Gbvsc(>pPQ1-*SfXe9e9#?J;LAv> z+<&rDJ41iIe1ksI`$Re?(F;xzoxez`$hF9ihz~la(4&I>QNs}&FZBeV4-<(c{RNUAx2~$X3W+i2D5kq>AYI1|MX%IwHF%i0sZns>l-9Wsz|HNb;|PCMyc= zgSpX9D|xm(ddkM0?MNDMf@j+Um3usE3uVXlkZ0Qi*F5Z*t&TA7ub$aUDY!MxOKS#m zO=gQE^sHnX*b=daCFr7-LQ7=#w2f75y)6-YC54=4wlu=nzk6mYBh>ZrSwc(HVf4pO z+jg}?c8mObli70+dYf$byx%|L?cJWL$MX`#zWjz~j9qBEa83dulTx*XL z?0>w3%#l6_E#~3)IH5%|haj{>!4a4AmT1N3OWP&JDieMAi+WQ1sh&;KpLPjMcBFiH zsB`h-1(%;g=U5)C`4o>GZGhGVP4%$K?~3+89G1s?UMhC z(0+ZSI4a%`=LXsJFMp52e*L9be;>m>sQzz(!9jb|6kRRg#o$v|Uv_y0niH?E{F>xf zb>Z5C_Gn$A<$yPWive!|=L6PrbJ>8oejC+Q$obn<`2lzNEb`U8WU4 zQnb7)z-4%%V|_HU7v3H}%HLY{XL51hv7R=rotKJ+I@bRR*T}bl^$lMiu)YXbyED!| z1zzm-nDu~ipu$eHQsuId`*HH0c(QQ6Y!I8Jz!nHtlc4}3hibR zk`4F`^3C(+F8^IPKQFe|*Y8Tf`uH5K2mB3O4E+57H-hr))SJPKFL6&QDx)-hh9>fL z@nOSYf1wKyBLdz%VLt`llzgg7q@M7?=3AH&4kO_wYs;V7LN3#HGK^{YwQ;` ze@oMVM>)QN{A|G2!VSuM`&uIZ9=IIX>$Uhg^%tDKXJjAL{|da$KjZ#=3%>K0n02A7 zk9 zRi6!(R} z1pF90FJQgMb7R0Sz}0|XgD(oW0k0PDhwusk{~aD4@K^9T0e=sl6tG?yIy&GC6SYGF zUJ%YT4^r*sV&AF(40d3qCU75%AQ2H-`5OI1i5xm`$6H z^Tz8#A4l0H;4$#V0qY_`z9qKb8(u%)N$`#V>vgCFgZAqJ@E!r{Zwv|n9}jOAu-?R5 zBk-p;@Kz33e|xZ0z!$&^2YeZv3AhUX5ct0qo)qxSaBsl3!5;>!7xNl{zX#x#0)7O3 zD&QyJhXU?_?+W-O_?Cd*fUgPoUHGzqKZeH!{5d=zXx}&R-a-Bka3$b~Q?t_o)~VX@ z0qe6lM+CeW+!m~Vy>$3?*G<<_z#VW;zyp;ZlwS_^LEE#= z&#P<4^{=V&!(-O@OE%!?aB1B*e>nCX0dD};0^Ss^>Lk^K_GnAEHy87Ea3x?)?fGNR zIA5pY9RcgqzBg#Et~Zne-U)v`X!-U?@WBZ_M)mI;*Eb8!?-H{iBUue|b7uf%T&NH(?*t-j5UfGhDttZ7xd7eqk=**5Kh3GRqJ5!hdwjzqY-^ zYh22o9ummj%<+cffb2)XQ-b#H4d-u5NBg<<9Su(n^0(QU^%<~k80Mdj*Z)~?@u`?~ z^QoY_2PU*f7s1tluYgO>#`#ylwScdO^F49?EpSIrejezUyYCYDKPOm!{8*pd8s%xE>=&|^*iDnw-T`oxNpjZZuO)j;ni&tW zUl%SP(CR++yl^xMo(k*Ax$-B&6JR@E;CcaEh4U`|5;!}h)jY5z`zzs*fxkQ85rMyF z;lY7F{nuwB@R#P6Ku2J|tZoqm_9N^q0}}1^xxDOo>f&lH{cF7K0@n|2HSeaYJ-fo$ zYgk^kWARw=)R?=(SH!%BSd)BbznA!&n2X|5V%|@zlL}|Qzj%7g2f{vReH@{DP6Dzd zsy)-;Je+rYdcuBAg0D>Qb#R5dgu7E-%l}9s|LFw3nc&ah-pg9d7rs^g-*EQw7WaO0 zd$b6*WXkXz&i{&Vo{K=gbG)9rWdkx~zx-uWczUq?ZkNd4Il;TZm0Mb(=NONwKYVCJ z{`3%l58@LNd@7uKwk4YG%3lE2dRpASr?f{m!NuoWqQN+k|9j!1gZ4cRA0O}wun(&5 zUHFtB|C>bqk8lqcnRH!F{`H{27=1j(1g_^YE(!q;Aio%}xd|U|mi%(StHPCl*MO@5 z4~J_3ZwS`|-W=`;cpKOUE#FS?CBgFT4p(5B&G=k0nhKv0j`p`!t`pp!vjSyZJk}dcc}5oe{9^R}=z1G2u@S zu0$P~=vtK4*G-B1JH;zxqO)E8V{m1~xP1@O-a zn7Txl2dw)U*95#T_UT+~ule55deguJuJ}ZlfX)0r;ES>E2w3;$ zqJR%!d3yu@8vl)eXTYVv{s`;~0UrtH13nhc1w0e31bh-)3i?ai|M*~inf*h++Fmva zSmS$mz~_;_NWj`(oENb67bgd-`#(noto_Hq0UrbJ6Yy!Yw|Cum{hb3B13n+F1>@rq z*avM7dN{GMNhWG{DvE%(kxM%x}x$mv<|2bS5nTh`9%Ksa#?H0GE zMH8!WF)skm4f1t8rM`2Vukl>jCFZQoM+4UNmCEQiU)NVEx(HxGd!*|t`7tpsLVe{? zG3$CzKB!OU4s2Jogfxmo^zbxDv#r<( zzQN`1Z_kD+@Dnsz`8UGX1jom_;o=#Y=rqQu@;`xl&&)(;I(t31I_ia1a_szX1^D`) zydG-(S0!$r_J1!2yaxFX2fPk^YryNnmj}EFe0sooIBi^X4zwXa}6!3fS^8xGr{GS8X{rQ^$-Vc8l2mBTJCkH%*{KEo11l}`X zy@0ZPz(>LB27ElcV!$WDzX|v>_`7rC1H6|M#2>jU`afIo-tt;Ngt4Sa3DKftpC z)`{Wq0r!Is2)G>{6Yyg2W&tk+uM+SIa7Vy{VIQ=7Ik>`2JXX8ep03?ulYnN;I~vhV9hUj zb<^0D*L<}Ru#WH5fOWs35{yUPuc!sA`xCtZZw`0pOOwvO?pKrp*8Pe`z`9?NeK4vx?fQVSjXFHz&hU60@m@i9 z{!<9bkD~phVEJ~1%K>-7m4Nqzs{t3`TELUxdcX(4JpmsEHv-oAXm7wee=P<)9eW?N zzGuQ6^!J7Ii}v@ICGxLI@Sor*jre-I&Y#*-T%R+cJyL%(qL_6)m=E%`z6$~Cen~N4 zoe!1*Hs^x@>wK^hu+IOo0pFi!?-L1r32rRh>OO$Y`8qr`Sf1|__WgpFFVtU4BzV~b zuaw}S{{!#pR|Z=CM_}L3O*{gBC1AAwQT|rs>qTshV6Ct5@UTtk1jmQM`N6H`VR_}x zfUB#tnup%Sv*7gx#r7A%CE1gte7%hN&$7MVCcYi^&u{Dgw_Z5ahZKB$ufYC!@Dx|Q z-+}$}<$9AyAAo3M`&UqT^FXzGKAcZIL<4!i`j>;^`qqGNY-1xMsQ#_sd@0Qs(K|rx z(Oz)%!Bn&r`Qk(2+y$vf|L`R~3-&>~vbhPKC;Jmxc*e!rKM3c)OhvDA0-^Gag#9n# z`%>o1tIA)JMesrXhrzwew??NBSN`VW-b^&YaUo$}Oz?EsU)*9|Qc(F>aDACfw7qNJ zC2)baGS+wgu7(?Lv_wm~{^wO4U3T)i%3 zo^KHAqY#Z$i#b0OFTf-E9q(n#XAi|o!{rrP&HXX)Ft~V9i}~P*I1lGm<#}CK-}d4I zQ)c`rzZ0%;|6SK5#0SEKNon&EulRVl%o{vMy7Iq;ebDlB!}*`+AL6pV0d72+G9Sqm z-wEed$(Vn571!Y^{kyZXe+u?N{@zjfX&LjEsj~kTE}X&tLAddxR}yO9XUt!dDt`dn z@pTIyjIs5vqWpAA^fU7gtNc_rzjP+jBkAH}V6XD8!3`b? z-qP8B4R^eoG2bkbeM|5PjqDHHkRKPs3z1(RnKCcs%YGnS<;`q8VkRB}XOE4SZ!_g@ zmx-RGtnzn-8yB`jnh}U6!am6V3^>0hDE(iMZqawE1F~@>hYYTe1Gg6R!>D zrrGBk#Cj1wduhtt-xH5kdA9$}oc&&K;UAgi{`F9}dUhr{iVl+f>97xK-|ygFj<=^0 zSN<)D{6E8W-Ue;%-{2zaYl5?X4X$xN(%0WBdmgs<+2yB$SEN+ml5lC;l=;}P>Kmeb z{zv*OH$HQ4HXpC=ZQ-W0^FO#Kx+&>*jp8O4ks~cpZ^<4Ybfg|?MFS`6~l;0We zKgNmAYcZdcQ~CYiJoBrIoc+OYZ=E+6oxhXeju%^^t=)J%PxgzXIVZC9S79I2-rKVD ze>eYDL|pzKf(x&uqhFlAXW<(E*|4U|e;Y0xnKmCxk^R@oACxxdH{#4n_*R%1cGnqb-xboK%PtHWIIo>{Dzk7lYf~)JX|4G^M)7JCe#e9q+ zVSiqNuZ8R7wE3qj)&CIOSg<9Un6mz!l>L}g^o(oI3vkbidehP7zomQ^RNp_vJoNA9 zW6{d=Coc*5`PU+F$Aq-`xQyx>B;Ge;&WFUq;o8mi(|qDBVISmww*>DGmv`Vpb>zwZ z7`T`1SNI^8PD|wf4Y&`gmgkaywGRITXCwPQmF(|@8@v>CBYEOS1ACQ!TluTD z5>x&{(FckAf5X+^r<&&j?St7LaeQ3e*z6qaRL7^HxsJDndk^DF zs*WeX9c!hV^T8P^cw-CiWZ3d2!u3=6ps2IIK>04He|Oo9@w-+kI*hp5cdhcjiI1oE z!r2e)^(eFaaBgyZe)1CBdv+?)G*$T@s(d=r?BB1%E~vh?Rq@C5uaAh!ejr?9`?=5Y zV7T|8bfoLN${zvypz=Gxjg3?0exvetgM0R3`%YQ=32=d(`Igu!e+pb0lrhhTijRkD zQ!~x|!I^OWiF8!qxlrX_3fHNBh%0|1?1Spp#|(S9-f@ttZ%@{5y*r+dKTm$C($XBy z@4*d@hucwB{=b5A9NgwP)*n^muZj2n3&Dkd#^?J3)DRc6Jq`<4?b$-S0q;|~_KZp7 z9{_i7JQ|Og>Yo9ZS5HTJ?m~PLT;d|G-@eX+bH8MwSTTf)_MBkY5g z|86+@I@be;tNuseTrj_VN!;Lj1*|OPe~~EP!j7(EsZ4YKz9d{>|GkUzx2p2Fe!*j- zrhE?eLG^D4mwBk>udaPN!=KNK5nj&@yn1+<(g{yixBvXo8TUC?m120{I=XBW@qHjFZPAA^v_l<{}{M@O}aUr&VdW3wluFF zoTu`fzi#X7uY`-Q@~=#eZ-y)H=^vYHeRsoU_7~bL)!t{t+<)VdU&Ec8pA?72^UK%C zuXDby!l4%~_hQj$T;_;VH*pG!vzi|Aftm-Qz z@=r?eg>dezwD}KZ*fTcc&&_*h*F?t<#e!};ID=cBvA*`3nnJ0YrX--P{v%IEm5WaZCDX{Z(*or&Ofp3dQ#%>|cPh^pAE+%KuEv`6HJZ4F3XGFNyD8oXmz--6|95GMnt% zwIRBoqI_w|r=K4~H zZQoEh%l-K+DXZn%0QN!tc7V%QrJL8+^q&LeZ<$ZH<=Y3YT-VaP-ZCXo{w%n$c&qtD zy!>AxdzP0ey{YdexVT7bw4Ym^2UPyVmgfBBL9q*J&)*XKeuBS*^K7r%V5|Cmfa}|) zBR$70UU)d$*N^e>U@5rpo7U(aXTLV=gX-G>uB?`6&YwErj`r3lPoDf8lCVD!E)U2= zOu0<{oJ9UjaEamM`Bfc)J9M{md1J0FKj%m@3s@-Hgi1-1WHt{?j# z{+RsAGV%F^ZhUrhXPW)f0sA2PEL^^%C3=v!>R&sNzZION{+(R@E^vYUrQbhJfU6Ir z%zqxM{K0U?Vj1({J@MgiG$j)~@5-Mjc0u)@ukvrk$CJz8JoodqCQs#Wk^SkZ=KlQ8 zaEvCDr+P#QjGd*5rR-O;lYl{Q);&9>g^Y3vke>>%~KikrA7hJkG9evqq%kM9~IiCL>2K%7; zPfqZ;aPPwL_5CXo`L`wb;RL@37t8Vd8gP-x zo1b3|gBzQt%%51QKQ>9&?+oWN_W5Du?+F)MYhw|4>HSh0C7H=Ex4`#wuKC0%A$EPLy&4%lozkTYK|7tPE z=ObMGcff^ICc4J)lW?|?F&}MI`(A;g!7b4u?Y6z2E1&y4`#Srd;f@^lXWa5G%7Hh} z`SQgse-K>wyd`?r@!D{s!TYYxeq*?Jc&6E3qs1JL{d{!_?1TF6IJnCCRI}8+DT(um z^Aq-S;X3o{9o_ulI=Ju~u0Of@{{&~}rkeLh9)`;ov_$$&o%}zm`~_O0q0asTxKd6< zY;q?5d$>k_+~nG`uqKKwsJ*MerE^=F=i}?Z`JdCx`!8F<*)22XJ9VmWlgUD0) z@WQJ^Ko#U>w9}(EB~h?{G9{$e41%K?^J~=AEu+b-S&7R+$g4_V_f+= z;9lC+rVS@Yjj!dnb^e=XtO>&fnRxznc5ejxS1-zX7gsvC1$1pWq_* zL;d)E2(B|f_xq2R;qnuisLl1y`>+q{pYPzpr|IY?;#!^sH)s8Cnr_~2Ul#U3_Psk& z|DWUgIct;OaY6k2%_eX!*ISt;7=NST;`^EA^9p;x<+n1;>njJtS>{WuUSoeWTxWmb zuP2-Z`=I*gsC*C42f6Vu7w+L74{j$k{2U0^PK=L- zC&L}fXQKC<{l%~kYTs4jXXE?xe}MCwbA6Cx)&F3^{w26~^Z5Ck23+1c6|owP{U>mB zrF3(C_p{2c-_qRv7Ri&(^;{h`p3OPhqtG!>U)~}3fucNF8^&f$M_uV^8X3fZc0Z7IbLWh@~?>JlPkiNQYt#m z75bT4N=a>XvD0}?*^>qzgWV~uOruN?kSD7!L z>iB-Rba94n9@_jD;4;r^>AeBjzYBN#JKnzj4p;ccElwFt{!e1&4?3*LzI|)zTO!@O zpRfX4WitGfvtJLcpOQ9zXes;AaATXa`M$JxB3vj_f7<#x434;;%W5$GXTnv^7dCVG z=fJ&OtXtf1Rr$;x_Hp)qgzJ~bT!(#7|Gk{xk5r!L>o0Td?M>wWTlov7&HG|zdAFf| zCbmReGB@p85%xj;H-wATO!TDlw=JAwf4eeyD!+Haemd;G7o_}3BL6D5c37tQeAvCp z-!pz*?5}WTwRCg7_?q&$K7Y2W?>#ure8KbAV&+RaZBu<|PDD%Z#K*@);a=v8{`j;K zT-iRpzBx?H{_i*rpeny5+;|`!-(9c|>W_oqI@fb=B`*6jRG#Z6PddIB?zt}2+`fJ< z{yk5|yZ-y5_~3N&e(b}r5Ay#!T=`u(dY8ETzn94W0xq4JYR=#LGm-E8Bz~TB892Lt zCVJV`Hw>`265PT5!yljDSb_3Po~Jl} zW%4U4wKmUx&W3YCGSP`HzZ>r5`z-!=c?(<~&Gl)Qe=qFAqD0<;i>I_S@Be=eH#W*d zKf2}l1@74-ejfVwtp94TzinklS7p9d!k7AQDY!SEYM!4Dg|l0vo6j3>0T;MFd5W_i z3r8H^4s?7VTszx--&_8UgvSQ;m6cyeHMghPaGC32{(8`*aEa?pe)(^Ndl$+?EpB^% z2rh8_dKFjS^Ki$>ndpyhd;B|G*@E|{-SX?gW`UF0QO>>t_Ce!kl>~2);E^hS8Rx^; zYI*j6OH8hIa6Bnte-vC}|D>`#Ro)6&iP{cqtMA6Xvl^5-VX&x4DP#@Ck~hD)>T z_b}w|)r9>AaJd@a@A(1lW&c0X`Co{J7AMB%153k|)icfKUslzExS;;n0It0o?+>Qy_H{X2hOcn;pN%2ng2wmF zNoK+uV3s3+}l(zCM&slphN>?re$JrJ43jfD6~h_mB2Z*q;D*JkRxMXMZZ( z%f*#TX^ZNw!1a%KU%>I@aE1F1;~d`z7ylZckKG4nnSWPZ{tMz$;EIi@%8PfBt4C#w*9agPp%+U?0?9Yl=BPpN&#`H->wT%tYt6S>6%urT)uZ z{%&yLkaY9;*jDyO#WhpS=MndlKNsZxNVv-N{C$bb|Cw-Z8=kjye5La5N!+A{+7LG9fN zuJWf5uM<~$cUOKRzP>#bE_{}bxTI_Hk4}_74{or3{njndRdA^v_g@^}4p)8~&(9wg zKi|@9Uk{vrD${)5>UFr6>-*gDH1+kug%>jBFH_XMpWu#0JYQUZiCxcZ6n@%7wo;XLz=LHJgCc7>}eXPW1)2f!VSXYHnyKLhqb?KxfLZ{&KC>(5K! z+^RfJ=KAACxVRk0SC@YeT;4t1e7^Bf*a!K06K?#{5>0jXU&Hm|TbkFeQygeI{=j^_ z)wZVtZg4!9Nm;dT8Mtsvx_N(T1l+^=^4Gt%g!AX5qO7wY3;Uq@4}fc5ay`V=e{3TE zJh-uEynX!+uHc{BNT&W<;1b6hzkVN3dA8TJUH;!>A6&0_2hLuRGJig<_J0W%Z;sE` z%!xi_6?FVqofH33#Pw^}z7e_*;DXw}9o+G73*Usd?b!>?aegwv@ie%=^BpHUK0*1+ z&pI9dR?PEt>p1R)8=U|9>+?6lJ&$w$%jMq*cQF59H*1#vVYqS-&r`bf{{kFc-@=#v zZ2sGD;eeLr^ZH-FJ=bKS+gLa)e|lHyznAarx#b%GmmW!(Kig9NFxUqz?-mIj3zwOX zoKBwXCkOdi(q_Ru6EjiXaLze&@ej{(^8%aK65*IJjOi4DP+K#r&D7+P?{0-7FP7Y-Yk?9FO18#f}Z(kR}wPHLzs|owt5`6hG-n$)-ehA#lgnd@t6OUk|QuaeQC$RDN^ibMRfu@eXjIk#4?k&c0doz7XHf|20zFVX6qh-HdD*7#X;yvL~dpbJK)i(*wcE|Sv z4i{gUYCey53haaYUkNujxclSD&2W|XdxnrF|98O!o|pCaf1ZFVw8tM0Ux9m0i|?;} z4(m_sFY(LIjl`bqByZhb-pVdU4jzOj+>zb>4g#r+;vep}cFwI>>N;I!$xO`g8p z)QJa7TWi0=rcPRG{b<`GjyUWH$VNubm|mJOy=&s3(6qJ8$6bl5%zOg(JhiBtEP zG@WYpnKycfs{(y>CAg)?Q3V=^n3Ynr=9QC zV?YpThclzocDN$Kc{86F)BvFxwh&{)fDvQF0O+O!14;r~CAIhrT7m(C7Sy0e&_ak} zt+mgIIN_TOSJ!rYPMkPrf7jk;M`Se5*V|Q!8yp1LSBA5x4g*bBF(**9spf0=D?5sze>dt7#K(K|lj z_eo#hNBZvRyQ}XGzmMNW1CA0`j3r_Xpdgs1AUHS0trGf|?Ty#00BM$uJki$CZ@%xBlJ<=)dauP?R zz!7J1q$!hTJ<_bFY4dEC$GSY$Wd|oB$cadI(&3dSpdgR4-N_*vo*eQnCr59|Tg-j1 zs~$Li&4fFXBANw3?#NT1S`KY0atEG1;oEG^a^1)Oc((73h|k7or9gj{V zG$-oqM6*V5G23vCM^H+B>sl%C(Xp;Qmb@LC{OQ_bU3;u+k9BRISM@cE{-KV%Rc~+A z+gpv~t$KT_-rlOWx9Sc2#(m$ax3{|Xjjny8Yv1TvDd~~4^hj!YBt1Pc4nkcy3!|7u zA`bS&!M-@y7YF;|U|$^Ui-Ub}urChw#lgNf*cS);;$UAK?2Chaaj<{Lx%9=yzVx#X zo6I8|NnhjaYlMA`u&)vJ-*9$)8>e{G7mxblQC~dji${I&s4pJ%!5yzEP?N#cbPOYT zgu8Ncn6L7}%x_sYJIjl8QcZVvRH#)xPgcn)OUi?8beZqqjh^5f(8r0)VMj9175#gX zsE$V4(P%pwZAYW+Xq+95v!ii#G{TN%(Ur_}B{N;gOjk0~m9%t^NuRD{rYo80_Q|iV zB&XXam%GxzZl4m;?NdU!eQBbo-4mUAqI2)ij+5Fw$y-`40;d9wH_S?$v3EL)}17r+g=vSvq)X+mpUmRY_jXGIpAz1=`)HU@u2=@xFFB~eW` z!+iTP%31=~iQcE1v`AKGyUn~}-?;H8sS@Ws3^YtC0)g4=>p=w^aaTqcIk5!3*|~PP zF-n)oZdH{L#tQ+Sj7PqScc7#ECa)5BB6q1j{-MY|JxFgGombWNw#rtx9XE#$yUk;| zm=(#UT&85g`D`|EN5?=+;r?)ymuYz5CQTOV#$9)g{j?|t+ikj8&}T;c8j_mmyK{I9 z$z}iN$!4)iKYaMW)0mlg)BBj`ggU|ao^+!pjp|94deW<&G^!_!>Pe$|(53e&JZpww zOxM*GKjV$0^YnQO^n(4nq)dBVw{d)gjd?NG0sU6VU9?{G=Qv(IBpv)Lv(@Tux8yD_ z<4^xs7%~G&eMriO_(>x6C6zdiCpV|yXMA>hHJpvFuj2Ti+kq{8{RA}Q^%D?$+zAHx z)jQEpzkVGo@9QUE9$r0x!SPPLH%G7C>Gex6xYtj>UVMDWiq$sHDOXzqO7DR9(;_P7 z(GX|_-~@;UKnI8fAO}e1IQsR6xJVflOrruavY10%D#R4=H))Ya=b-WMW+*0c`*PGr zQ*KSq2W|@zxk<5$d4x&|DMPa_&Rwey!Qgn}8sa&fUf`_Ty4^0IL_Fn>oI#q(hwuoM zA>1Ej_dvwM1Y(lRA9X`_yV=VYI(&XP7~;UR6pEal2VgiFBDA3)gMC1g)6Kki+0s~W zL{tg?`)-%57K7rxw8QG+Cf%-H3{D^JAGUqq%HczjZEVj*bCKNv!&fjrG)UOHEz{+0 z<&Q;Q0jlE!JZM>E)vii)FC3)_wtz%%x+81f5vuM8vUh-4(FRD9-!%Rm8vaaX`QkPf z^j&a2s`oCTTnG~9Wn@AE3=EHYnG}yZD(`fgeB8*`Cu@#sl5JBR8v>YD>9krP{^Y@E zmOrK&L})Zz@6$@V(<2p z#rz@u!7g`U&7nUue*j(F=`u}<`GensG(w-)OR_Q^b^R%)6}UMEU~XGsif|V(9Q~+J z7Jfxdp{kD1Uk9k__J$%mN*Qus+uRC6EY4p1D#q}1rHj-;h3L8S-@m+26NGPIH8=N8 z;MQH;wrc=XFr_1K))iFk3aWMiRT0>2U|b=#k~WON9XZdp)9JYwcAl=bumLz?Vu;=a zI=W&&7yNM=h)WU5RuU6`2>VJSMB}U3>CM&PB8Jk&}Yc_+mVr)p4t0yZ>ikCBn;5d}BTBXh`Ynz!2f;H+zSD3#m%-h55U}qFrIpE-*j%Rl&qa z^vH#2c5hC-Xij~RXB$Po+hm?LhuPeZ(&a5+0rQ2kO|&=E5O5UV9iiNg)TJX*cSP%s zh}{vjJ0f>S^zMk@9Z|d^l6OS&j)>loP3{({)8Bfz8OiB40)8@;+Xrn}d@sB#s9G#;B>dc9N9k$Glh&h+_A8Ho^Ds{TSb{ z!OzI`%%fFycR!yKAI0(6&EWDhKD`>nG4`I{93LP+h_~~&BE&qndw%uk)^&!HyLG-; zWCSvwT)g1LyG8c&hnz1noL`hVa2bK+Yh5JhV)XUZ;Bq{~>GxN+@#(o6^ZDoohh~>U zKl=9<*Y99$uFuYYNt5?I(ksKL@ddl`m66R#_xu47n#2g=i{4;$@TR`LOpkR zCZYNjxMi894_WnanJ+Nrc?BNFRlWmIFJeSDO;vZ$fv^{JI ziJ|^LZ+ymZFum%;voWM&i==54K`yo*H_1Beh{%eD;fr&3fAjaIc!SLX5fd|>5K;OZ zLpIYYxlcRhz(%_wp(~2$A}Dw%^VQVcEn+9AM{B4Sqg5#t4H-?j0Sj)HMZP{hs`5K1 zSadV^FdEDTApHU^uHD7(AqDE&2{^_r^cs~_vHDoJZqLvmb+BfNGbS7oRSW9=4y-L+ zzRy@N0+#K@{6erndayJ64@q^A=YUD?5e(YEf#KxH(Ub6x0cQeZ5ECW~N$)D(ggrPa z(obV#WuK5ULiB>;NY%muF@mkq8z@u0Hs;rek>dr-kATK4Xhi144Fsn&5P%GhCAs%e zsY%8xU2hSl1{jl|bG!j1AY(|2-vHSdd%XZNZ7?d5j}TeFr+dgu8qNcRnXk9uk*|ix z0)dPT->>o^LcfSh4$oD?1SKG%>!~y2ZVV7`!17(T2>bMdL5>2Xb~N$_IYL9F(LG}5 zD%8pj1PJD^OtD7dFpVeeh~WUht!E(tuM-Th&jOMllKja?+f$3;L$e1Yf7^#!{6e~EJ zyn2@|=_KRv>@seacVJE_g0tif_87uqgSO;>aryc&d7-yc&SD9OFiHU_R%J9EUSa|p zEG)tNU5?`6?E6^ANom$$ezKx1%-{*Qr!|?682~$=1vs%bE3?N+_^Tm}Y3}exUO3)4 zO{XfEQHB-yXgL(Fh2;eZqtwy3`AC&9 z{CtI=;S);=AWu}kT&|F(3E7!#mNeo~HUH$42Tr-=es}b!yKk`+GE@WD8}P7YZ>E>CiTWQV+vF}=!6h(71-cA5j|d0_0ZDu}U&MD>%Q3S=iNCx| zwox7I&GOk-fqQVIcbf54T4c+YaB*dH4nuC1DBeh`canE?;QxbXwrCg!3*2dus#S4kJd zH~F4X@ze6Ar510b1aKq6W`p@0iNz)k7pF?}%nX`?p`tFZXtYk(>-?!@`MmidY?w}m z)AR=+dP6pxuElxDJh8 zm0m%Y>alKwzFoHz;c;m?Z6iH}p^o0?`TZ)L0iQFGgsZ=XLb@K@)M^Q(x0>bKXj_%^ zrE#F=SjC0Sqp972_48(t6V3vG9v0dmP$b=7hgCu$_nE9C3Ntp#Ifb#&tWH#{7g<2^!|2zLTS|F9gF%MYHdUT9R~^!k!3r@tY>p!H zX4ASsJP!?P`J$5kR`CM8dzHh;yBZBLV!p)i^KuJR()0)Qkn_BSRyFK2cT7`)F>dbD z(`Sr?NlQ0d0%Oj#mRIL-$_!9#)#}~J7AXhGfu%Rg3}P`upk7K(X{RZ4>7FmPU?eCg zF&$6NPj7%W%6X9~b4n^zRP5y<3Fvg_SK*<8*y`r@)1K|a(YFI({^}sapo2r7E0D>u2gJ{f+}R(@Zr(zXhOT< zh}e`w%pdlor2)Y)QnxMo&hknAk%=~lqzMKI0`v~m-AB!;nTfJx%oE^X`rOPHRzOy9 z`mn>*A2%8~^EeS!REt)`rr9^R$D)#RK+5qXT0fE(O}9u?Tgu&fSL_4@GykKy6B%<^ zd;$wk8lciAMr2`6yZ!mNq6?6o5QfYeR91lj5)k9wy&x!V>77Lh6fisLfLY` z1SS#AE~vyoXt)qi!&LULY#ouIlihYuodO0q|p4!e_8 z_XuLQWk~5dI=aYVA|076{p_@0vv4bZlr|HmW!`jwC8nx?Ia@`XhoWGBsP~|amM5^G zfOP^MIj`R`qq+&ruD=OYPpHVNn~y`{a(DOZAhtxhwv5SQl+Sl-7|)iervLGFg%0s{ zTkjfIP*8aiiRM>b~+8zNTG5n3G|H7zhq za3^3bYCmq7%weVv@?E^*hUH4d0Nmb|WI2=D4U$ygh){|j@=c1qB3o)5VRbaWhuSa% z_es;?u4pnFTyi``aOY9?o|m8OC>>^I=?G@IvuE~mlfu8}a~J$7Kc;m!k*%==HQ*ht zvh7`-6t5@6h6G!j&+8;r4$3d&6aRx2S6I)M^lIH$w_T(bpVT%b%Gd6-Z zB=9VEG_+CEm0KQaY71I5GUH&pJ%+17lIAJO@_E(rKQy88D_9nvSI^NhhrMshpxws; zkf;Up4f1h4&&f<30+vTa!eelUuyDwJg#U6ldZm8&#u1%vFEcyYXu*TV487A}%$MH7Gv$aFhVQENvH zlf!{aRE>v z@&yvHDu_T1tjO~gIWZHkl@WtdC0xA@BvWymOusP2&=4x)sf=k{K<5HOWX6-!1LIL6 zgsvET+#?^}Cj1&k9&`$s$$1k?IAS`R!?AZ`+IIpSx|Q%6!}Raz*hB8qI(z4%c!m}* zdPXP6N!5JQGt9hB^{l<@x>$p6LnV%gWb3}jVS>O_6d)avTp>_ zWeL5N1F2NMM-sg@LD>f?K4q>H-l5MRonS*$E9NvCjBBNdI?!vGh5_aNCI!^SXuJes zgqD$!m$H+3P470W~Xf+D?> z%njsFQq3g@MF8A8!x96g$f5euG;l=JQUYY z)Yn0S5LuL5?r$kN5W9JMP}3F6$uHJbbgq{*H45_%?@0U*XsU8jCA6`~a@gho>7jth zFL)ylzIt)eY^DWyP3C!U;eA_;L9|&;(L|mV*$bFHh@lHXnVy@RUXi}ZVi99t_}ufh z59<Zm9yacNmo~C346CFh2yo6=tC{#z+ShP~3SV zxe!!(P)*AMyIU+bneH;{#=8OaZ4tO2S%oQJ?lB7RxJpyyjPR8ufUwZeS_IX;x<=+D zR$RDL7qX?U_o*?A6StaF3xU3p{*T}?#K*|Gv@NF>eN4(b5wDpw(q#H~mNWhCTU#jL zWQSvC6DkE8x%^o(<_>I+c|It(TpvXXn#I)yXVl{O9x+7>Ctg%oBbT@`!$JU#c_=Y3 zE*T{`+lY)Ldu>dF6jRE^jA`h7+&EpT%1=`e)tL+*Drw1Pu&e?*1qofva$xf7rTTU7 z3j32IH3BW( zn{!~AMEs*KU@Qnoan2QUTmj$|3X6kG2;&5pf>AKcZUQ(bEhQ|=5*9NQs9vp<$|h^{ zBxXFgot?+;zK&OLu$e$@R@cG3#XF*+r5#X%z^U+e}Aj^;mUIxAH z`T>9zBs-DF7w7Ka`RwxIcB2%!Gb2 zuuup;b0kBsFpI(VUDu#0$lStP=n+iW6V4n9KSj8{x0kEN98@J9UBCMx*4hZ3 z%_TZ5Wul}_OxRKoxPpfe-@qvXadO}ih(?fi{kXS$p{$hiWR?(cmWF1<=`^D^#>mmT z@wE$)SdppR4_Al{_uy85)>xF_jfM}`A5kUXR~UW``PG-91!69Y-UI#YT1X##IKwzS zca|$EcR*;;9YkDm2{1b=q))t=r~frksMBp&>Av%<5n_T6R2a2Ou%T+DC^k9E>~v)) z5zw$be<`>$#*@$49DyS3ge+RuT&2|l((b4fkpB6O)mQ|N-#~G%mt5VW;jrSZ!D{=E z+^Isw6^@%`k$anYxT1(87M`3jV2?PKg%4%zcbO(1aXBbJwQ>X;g$oTO1z~XFfskq8 z1@wr;41P5nIS1%583>89%w%X3_27pXpn%xaP8lEKCNuKxVyBXPSiK&wfC4&hA5iFq z$5Zx`mn36LQLRgx%oIc1K+n8u5_X-AS#lwXX0l;??G4XWe!ZkqZ-#LG(pKD%AvY62w@5}1hq!Uhu-0CW6Zw6j8z(dn z)Kja$tO_^+mjD&Cv^h#aaRL2UkV7LA=v1BW#2mbV#-c+j&)Sg=nR%h-r88_H+CZee zUY*|DSp6uxjqWUM`PAoPVcoFW7P;$Ctp$AS*$1n3LHI6L9E$jWg$fQucuE1s^D#Wh zH=c2Eheuf5MYWYHj^s5Kr~uu-b_M`P)|Fad+o9xzIWig-td3PF7J9)MpHr5scuBJ8*~|HBseLsk?OlPN@?j3<0sq94 zB6~_yxoo8;!JVKmjW~fnm0y}+7G{*gYFn6dmEPx7W@KohF-+1IJ0Pdw2aKSH6p|Xd zm3jp<{``PANcj*S#!arLGsqpd!txBqDRl11Tj$t(7q~_3<&^tm{q6MJIdEL57esh4 z=}M4WPKKc_o`hhSfab~z(ALz#gIps>7A*nMwABuTNNjs(%`iMdvN3w(>Ti$>@}qTO ziiiHJdUT`rUa^FQ0r&xuK`4Z$WFzV7B(s_&8D~9t3nGOkn!|88w>!AR$CxnG9D$mD z^7JhNyA9q766zPav==Tood7h0%>W=^Z4VYnC*g`JZ3URJ#FgZd&?K6*+HA)EQ+(3aNPL)pP1#gf^mMQV!_ z8ZaXiUw)jGo88(wD2RYdD*NQYy!h0|({vD~*9O825G4k&MYV$ykgGRDF<|l(N#y8k zG%l$$s;s0e2(~yU${~#>N(sPk$y~N(&Yab|0p5q8XO833?}Mkq>&r`&oQL`GvkcD< zxZ69c?pO`;qbJKnSgyr*0-$^xD;GHjATJL75xcHhE^Y-KXeUtCe9Swfw0CYzVW?n- z@I8chKU0KA!Z<7>`3z``8@Dt}X{tbt9@7`UIO1h3K@vr&QPj=s?f|0U@n(qA=&!5{ z!y-S=UzkFK)_%3e0FivYPf}2~h7Y!e=ATs%Q+E4FxW;HeppjujfnpaGiUwkx@AkG+ z@y91>YcLoxFO6VHJX|a+J&h2oHDD8VoJn!PMI#aom2s04??dug_=YsM@Rb-?pxEe- zs{^b2K4hFN*@(fRbHGC57w6_XD8CpUhvbCnDn~w#PP=4<3M@$bNeDPPv6W`arEK8r z6<8_#?~qm*4a#|z;R#g2d@zQ9#m1{za)i7ti;EC?<;0pi1iQ8@o$?k{#<+R($+eXH zwUBm+u!z?dD1o=AfO}eY0i} zPYzGBNA!Rz-l9^@EKj)a>wPJgdq7KG3isLWEkHH5)f+9iK1j)9(gQSmweXM2X`YBe zL?%99g-NGB=Z&^A%7o1K00d$tVPUp~5EAo3E>ZZVM?f9C$5|Rnix5CSvZ!qJ7& zs8pir1IZRnsU9HR$hDQfQxOcHFt;QL_GGkGI+aEH(L-p3fmKmz*%sqIZ^lTMlDSt< z)9fb%Su}gb6fY+hc2uRQ}e!fDje(JJD1NI&;DxP!SR3fvlbCgv#Gl!ze5z9e2 zGCLas6Csv2lXjtiF$^zk-9$?N$C>O>0*VfWhMKa>{i| z67DSs8qGogalmBB>(v+d=K!os0`tDn`naYdbZY4hk27_#$-gnjbC0x?tDOYTsFI=> z8B@%ZAXQZ$)wM58K@dqH#2^@2){jqS1jIIMN}6mIH)i<`Px-$V$XE(V*xd_Upfae* zQ<86mr@$Wf@VJ$Pa1@XdCS+l3p+Z;=Xw}pp%G}G7>Sma0h*h~O>n@#dKU9cwmJT{k zpDArNJ{3<$oopYiY;oZg5LF_gwCc)6h7KbU&|-*Eq8gs83&@;zNQYz#K{6NN$bJ5u2YNkVFP1!1mJSWb`2`FA0<9+s27GaCYj3U2M@ z%q6zy;-1xL7OT9guZe55moAOJOcqag+eRpTJ(RzY_29Wx2Rp-J#w*gYY-X=ufjXn) z1mowEYnI;;8j|@YxBNN=nkcnYD6`jCDu^W>b7o6UoH>}1$;bACn*v77grvbT;x{Qg z7D`??T9i1KNHS$5Y*ec_qnh7;TAnn~(>(Q4BQ2gv_E8!{49C1_$STSgp8|-II|zMv zhO!vczpjn0VGHA(d$k549c1V%ke=nZ+bacpwSRDHP&9)mrljPPB*?wXH^qHJ5A;GWeJrRKsIeiW9wq_2S`@9bO+~X9=QwnU!S>!+Bxs>&HzyNebD4 zF;(QoOb~MDdiV;5;d}%Q&2u~8AZ|i)ZxJLa8za@`Z5wdoghq)?2nj03!$CkL)QJqL zf5z3(jpA{MwU}8>c;zx0Q!Kwa&258EdK?vxm|0X@VXTABU8|HF3$!-3OOA$Cle2NQ z0-(-nU*NGBIfbLF*HcI7-R^z>OMvI^xK?SfH;z}YhynO^Pgm9M$Z8d3<-Psj+AWP1 z7cojM(4l;}y}0M;>}%R?Z^o7sGk6jv#mw&0sEHtTNpNU`nPBw(f=_!Y{Z4$ZWbwTH zh!aYUSO~ne<*-=!9Rq`!JkULg8B}!b5)vjd)<3ZnHy_oI zk~*e3&M1m`d&t|V9J~O+Y|WBs7q5Vp9u0wA^G=2pALQA8Cqo7c?dULq<9g(Q>< z174HUOFUPADUZ&#Sd_&|gzx)qzt>M)v|JPOFIn9g*9NypnJ*~EU-j1UKizZFL=8QGB&7$#>+ig z_|uSNt#V+RK^SB!AfqipDS{(naqnWCeI3%jQ3VCs#Drs&e2v~Um3uTYcwqoiuCxg> zG_VVNzOKQKOJC@;oIl`wCgBL81B8!!(cA$|n|>es);(U2_yDl`(Qz1hfDaFAdcHE%y90vle;@EaJw^* ziPUd{27VJf^P8?G|6c0<-!EQK9^ucIM0f>ubcFX>^YfF>qX@4w*FXHJn24W0htL1` z`OkB<``_QQ&yW7hr|td{&i^rd*zRxR?;-K?8}FjJnzAF-@yyS`T1M? z!;0=7+wxx@pP#$?{>DE=U-;bM?;rW`@p^u6i|GHjcK`KXMiD)2sj(E0XzyJ7O+vg{4zJChGe7iZe**{*{Ztvd5`}h9>x7|Os z0i(ljN3(y<9sBpW`~5rk_3dUqLmPZn zf7YGEkMHmA1?_(P3%?NY^B4JtRNOz`?(bute~*Ry{JnqoS@e6q`B~iuo3b50{|KL7 z#E0#EhIT*uL)!floF^~X?)TB|_tB1jf7suTzog$9AC89Y{@}Mii~iuZtQ~gs&)@f7 zV9&RUeu_UF@#D|%Hws)M{P=c13EKVecR!1M_-{Xpe$-4i`rKXe+xX@EdEd|RxBLDG z?mZFFt-(R+wk9i$H#AT|L^{% z&!V?KlGJjyKKDO^Z65zOfAfz=zxm&|W&eC1-^PaD=9wRT`HRuZe{Lq?&;1G4&d=jp zf9;o}f6qVI3Be*1R(ZAOE? zGcf*c^h;2h@8S6W!U^(?Izk<9?h-{m{Ab^dJ_PUe_x